Christopher Juckins

SysAdmin Tips, Tricks and other Software Tools

User Tools

Site Tools

Trace:
rocky_linux_9_migration_notes

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Last revisionBoth sides next revision
rocky_linux_9_migration_notes [2023/01/21 10:30] juckinsrocky_linux_9_migration_notes [2024/01/10 20:52] juckins
Line 1: Line 1:
 ==== Rocky Linux 9 Migration Notes ==== ==== Rocky Linux 9 Migration Notes ====
  
-//Below notes have been combined from [[centos_8_migration_notes|CentOS 8 Migration Notes]] and [[centos_7_migration_notes|CentOS 7 Migration Notes]].//\\+NOTE 1: The fresh install instructions below were tested on Rocky Linux 9.3 
 + 
 +NOTE 2: Upgrading Rocky Linux 9.2 to 9.3 in late November 2023 resulted in ImageMagick errors.  Tried to remove ImageMagick*, then upgrade 9.2 to 9.3, and then reinstall ImageMagick* but the same error occurs. Fix was to disable /etc/yum.repos.d/epel-next.repo and then reinstall ImageMagick*. 
 + 
 +NOTE 3: To migrate from Rocky Linux 8.x to 9, [[https://www.starwindsoftware.com/blog/upgrade-from-rocky-linux-8-x-to-rocky-linux-9-0|try these steps]]. 
 + 
 +//The notes below have been combined from [[centos_8_migration_notes|CentOS 8 Migration Notes]] and [[centos_7_migration_notes|CentOS 7 Migration Notes]].//\\
 //It is based on the **[[https://www.xfce.org/|Xfce Desktop Environment]]**. MATE is available, see notes at bottom of the page.// //It is based on the **[[https://www.xfce.org/|Xfce Desktop Environment]]**. MATE is available, see notes at bottom of the page.//
  
 __Before Starting__ __Before Starting__
  
-  * Get inventory of users+  * Get inventory of users (see /home)
     * Become familiar with what each one does and the crons they run     * Become familiar with what each one does and the crons they run
-  * Make a test user on Rocky Linux 8 and one on Rocky Linux 9 
-    * Compare hidden files to see if anything changed between OSs 
-    * This allows for easy migrating of data for users' $HOME directories 
-    * Alternatively, just copy over the non-hidden files content first.  Then rsync other $HOME directories one-by-one 
- 
-  * Ensure all scripts make their own log file directory 
-    * ''$log_dir = "/var/tmp/check_disk_space";'' 
-    * ''mkdir ("$log_dir", 0755);'' 
-    * Should crons write to /tmp and then have a daily script that checks cron logs for errors? 
- 
   * Copy the following to external hard drive or other machine for restoration after upgrade   * Copy the following to external hard drive or other machine for restoration after upgrade
     * All users $HOME directories     * All users $HOME directories
     * Ensure crons are in each user's $HOME/crontab directory     * Ensure crons are in each user's $HOME/crontab directory
-    * Log files from /var/tmp/ 
-    * ''/etc/ssh/*key*''  
-      * Or, possibly the entire directory contents to prevent man-in-the-middle attack messages (testing needed) 
     * ''/etc/hosts''     * ''/etc/hosts''
     * ''/etc/samba/smb.conf''     * ''/etc/samba/smb.conf''
Line 33: Line 26:
  
   * Perform a minimal or basic install of Rocky Linux 9   * Perform a minimal or basic install of Rocky Linux 9
-  * Run the [[dnf_installer_bash_script_rocky_linux_9|Rocky Linux 9 bash setup script]] to get the usual extras, add-ons and other packages 
   * Backup ''/etc/selinux/config'' and change from enforcing to permissive. Reboot.   * Backup ''/etc/selinux/config'' and change from enforcing to permissive. Reboot.
 +  * Run the [[dnf_installer_bash_script_rocky_linux_9|Rocky Linux 9 bash setup script]] to get the usual extras, add-ons and other packages
 +  * Reboot target computer and login.
 +
   * Since Xfce will be installed by running the bash script noted above, you can copy in pre-existing configs from another machine that already has Xfce installed.   * Since Xfce will be installed by running the bash script noted above, you can copy in pre-existing configs from another machine that already has Xfce installed.
     * Copy files in ''~/.config/xfce4/'' from another pre-configured machine to this machine     * Copy files in ''~/.config/xfce4/'' from another pre-configured machine to this machine
-    * Reboot target computer and login.  +    * ''cd .config/xfce4; rsync -avzn --delete --progress . XX.XX.XX.XX:~/.config/xfce4/''     
-    * See {{:xfce.png?linkonly|Xfce Desktop image}} for suggested icons, placement, etc. +    * See {{:xfce.png?linkonly|Xfce Desktop image 1}} or {{:xfce_desktop_layout.png?linkonly|Xfce Desktop image 2}} for suggested icons, placement, etc. 
-  Disable screensaver +      [[https://itsfoss.com/install-themes-xfce-xubuntu/|Notes for installing additional Xfce themes]] 
-  * Skip custom java runtime installation (does not seem to be needed)+ 
 +  * Disable screensaver and power management
   * If necessary, disable WiFi LAN connection as root: ''nmcli radio wifi off''   * If necessary, disable WiFi LAN connection as root: ''nmcli radio wifi off''
   * [[https://unix.stackexchange.com/questions/152691/how-to-disable-beep-sound-in-linux-centos-7-command-line|Disable bell]]   * [[https://unix.stackexchange.com/questions/152691/how-to-disable-beep-sound-in-linux-centos-7-command-line|Disable bell]]
-  * [[python_notes|Run through Python/PIP configuration]] 
  
-  * [[https://www.linuxcapable.com/how-to-install-apache-httpd-on-rocky-linux-9/|Install Apache on Rocky Linux 9]] +  * Create necessary user accounts 
-  * Copy/merge in ''/etc/httpd/conf/httpd.conf'' from previous machine +    *  ''mate-user-admin'' is a graphical admin tool (old tool was system-config-users) 
-  * Run through [[php8.1_upgrade|Rocky Linux 9 PHP 8.1 Upgrade]]+  * Restore user's $HOME directories 
 +    * Copy over non-hidden files/directories first 
 +      * You can use rsync with the option to [[rsync_ignore_hidden_files|ignore hidden files]] 
 +    * Then rsync other hidden directories in each user's $HOME one-by-one, taking only what is needed 
 + 
 +  * [[https://www.linuxteck.com/how-to-install-apache-on-rocky-linux/|Install Apache on Rocky Linux 9]] 
 +  * Copy/merge in ''/etc/httpd/conf/httpd.conf'' (and all backup versions) from previous machine 
 +  * Test password-restricted pages 
 +  * Run through [[php8.2_on_rocky_linux_8|PHP 8.2 on Rocky Linux 9]]
   * Copy/merge in a known good ''/etc/php.ini'' file from previous machine   * Copy/merge in a known good ''/etc/php.ini'' file from previous machine
   * Ensure a php file loads correctly (localhost, 192.168.X.XX, 127.0.0.1)   * Ensure a php file loads correctly (localhost, 192.168.X.XX, 127.0.0.1)
   * Check httpd logs for any errors, such as mod security   * Check httpd logs for any errors, such as mod security
-    * Uninstall [[https://phoenixnap.com/kb/setup-configure-modsecurity-on-apache|mod_security]] if necessary+    * Uninstall [[https://phoenixnap.com/kb/setup-configure-modsecurity-on-apache|mod_security RPMs]] and restart apache if web pages cycle between Forbidden errors
  
   * Firewall configuration   * Firewall configuration
 +    * [[https://linuxhint.com/enable-disable-firewall-rocky-linux-9/|Enable-Disable Firewall]]
     * [[https://serverfault.com/questions/655851/is-there-a-simple-way-to-export-import-firewalld-settings|Export Firewall Rules to new server]]     * [[https://serverfault.com/questions/655851/is-there-a-simple-way-to-export-import-firewalld-settings|Export Firewall Rules to new server]]
       * Can also try ''firewall-config'' to clone rules from previous machine       * Can also try ''firewall-config'' to clone rules from previous machine
Line 66: Line 70:
         * ''systemctl restart fail2ban''         * ''systemctl restart fail2ban''
  
-  * MySQL / MariaDB Database and users +  * MySQL / MariaDB Database - Installation 
-    * [[https://www.digitalocean.com/community/tutorials/how-to-install-mariadb-on-rocky-linux-9|Install MariaDB on Rocky Linux 9]] +    * [[https://www.digitalocean.com/community/tutorials/how-to-install-mariadb-on-rocky-linux-9|Install MariaDB on Rocky Linux 9]] and follow all steps to secure it, change default password, etc. 
-    * [[https://www.digitalocean.com/community/tutorials/how-to-reset-your-mysql-or-mariadb-root-password|Reset mysql root password]]+    * How to [[https://www.digitalocean.com/community/tutorials/how-to-reset-your-mysql-or-mariadb-root-password|reset mysql root password]] if needed 
 + 
 +  * Install [[https://www.phpmyadmin.net/|phpMyAdmin]] and use [[installing_phpmyadmin_tips|these tips]] 
 +    * Merge in config.inc.php from previous machine 
 +    * Clear local browser history, then test  
 +    * To create the phpmyadmin database, use the "Import" function and browse to the sql/create_tables.sql script (do this as root db user) 
 +    * To move over users, export from phpMyAdmin on old machine and cut-past into the Import function on new machine.   
 +      * If problematic, save to a .sql file locally and use the Import function. 
 + 
 +  * MySQL / MariaDB Database - Migrate databases 
 +    * [[http://www.uptimemadeeasy.com/linux/mysql-migrate-users-server-server/|Migrate MySQL users to new machine]] 
 +      * They can be exported from phpMyAdmin (but don't include root)
     * [[https://www.tecmint.com/transfer-mysql-databases-from-old-to-new-server/|Migrate all databases with mysqldump]]     * [[https://www.tecmint.com/transfer-mysql-databases-from-old-to-new-server/|Migrate all databases with mysqldump]]
       * Note that the restore of mysql does not use ''-all-databases'' option and is an error in link above       * Note that the restore of mysql does not use ''-all-databases'' option and is an error in link above
     * [[https://www.linode.com/docs/databases/mysql/create-physical-backups-of-your-mariadb-or-mysql-databases/|Migrate with tar]]     * [[https://www.linode.com/docs/databases/mysql/create-physical-backups-of-your-mariadb-or-mysql-databases/|Migrate with tar]]
-    * [[http://www.uptimemadeeasy.com/linux/mysql-migrate-users-server-server/|Migrate MySQL users to new machine]] 
-      * They can be exported from phpMyAdmin (but don't include root) 
     * Export MySQL databases with mysqldump     * Export MySQL databases with mysqldump
       * [[https://www.digitalocean.com/community/tutorials/how-to-migrate-a-mysql-database-between-two-servers|Migrate MySQL database to new server]]       * [[https://www.digitalocean.com/community/tutorials/how-to-migrate-a-mysql-database-between-two-servers|Migrate MySQL database to new server]]
       * [[http://dev.mysql.com/doc/refman/5.7/en/copying-databases.html|Move MySQL databases to new server]]       * [[http://dev.mysql.com/doc/refman/5.7/en/copying-databases.html|Move MySQL databases to new server]]
 +    * When done, check format of tables (MyISAM vs InnoDB vs Aria)
 +    * To change database engine, see [[https://phoenixnap.com/kb/myisam-vs-innodb|these notes]]
  
-  * Install [[https://www.phpmyadmin.net/|phpMyAdmin]] +  * [[python_notes|Run through Python/PIP configuration]] 
-    * Merge in configs from previous machine +    * For the non-root user needing itrun ''pip install dictor'' and ''pip install astral''
-    * Clear local browser historythen test  +
-    * May need to comment out the cookie validity setting in config.inc.php+
  
 +  * Install miniconda3 (see [[python_virtual_environments|Python Virtual Environments]])
 +
 +  * [[gmail_as_a_relay_on_linux|Set up Gmail Relay and test]]
   * Set up [[samba_file_sharing|Samba]] users, passwords, shares (for security cameras)   * Set up [[samba_file_sharing|Samba]] users, passwords, shares (for security cameras)
 +    * Credentials are stored in my secure password file
 +      * command will be: ''smbpasswd -a USER'' (then enter password at next prompt)
     * Make sure service is running and will start at boot.     * Make sure service is running and will start at boot.
     * Check output with: ''testparm -v''     * Check output with: ''testparm -v''
-  [[gmail_as_a_relay_on_linux|Set up Gmail Relay and test]]+    The security cameras will need to reformat their nas disk locations to store video files
   * VSFTP (for security cameras)   * VSFTP (for security cameras)
-    * [[http://www.liquidweb.com/kb/how-to-install-and-configure-vsftpd-on-centos-7/|Config instructions]]+    * [[https://wiki.crowncloud.net/?How_Install_VSFTPD_on_Rocky_Linux_9|Rocky Linux 9 instructions]] 
 +    * [[http://www.liquidweb.com/kb/how-to-install-and-configure-vsftpd-on-centos-7/|CentOS 7 instructions]]
     * [[https://www.benscobie.com/fixing-500-oops-vsftpd-refusing-to-run-with-writable-root-inside-chroot/|500 writeable root error]]     * [[https://www.benscobie.com/fixing-500-oops-vsftpd-refusing-to-run-with-writable-root-inside-chroot/|500 writeable root error]]
     * As root: ''setsebool -P allow_ftpd_full_access on''     * As root: ''setsebool -P allow_ftpd_full_access on''
Line 96: Line 115:
     * https://sourceforge.net/p/ddclient/wiki/Home/     * https://sourceforge.net/p/ddclient/wiki/Home/
     * ''dnf -y install ddclient''     * ''dnf -y install ddclient''
-    * Use ''/etc/ddclient/*'' for configs from previous machine+    * Use ''/etc/ddclient.conf'' for configs from previous machine
   * Setup duckdns updater cron   * Setup duckdns updater cron
   * Setup ydns updater cron   * Setup ydns updater cron
Line 105: Line 124:
     * Check that each cron job runs and the specified log directory exists     * Check that each cron job runs and the specified log directory exists
   * Check network connections and make sure active connection comes up at boot time   * Check network connections and make sure active connection comes up at boot time
-  * Install NoMachine Desktop 
   * Restore Thunderbird profile   * Restore Thunderbird profile
-  * Restore Firefox profile +  * [[https://www.virtualbox.org/wiki/Linux_Downloads|Install VirtualBox]] 
-  * Restore VirtualBox and all machines+    * Migrate/import VirtualBox machines [[https://4sysops.com/archives/move-virtualbox-vm-to-other-hosts/|using these notes]] 
 +    * I had to create and self-sign MOK (Machine Owner Key) certificates.  Info [[https://gist.github.com/reillysiemens/ac6bea1e6c7684d62f544bd79b2182a4|here]]. 
 +    * My Google Doc "Linux Replacement 2024" has some crude notes 
 +  * Restore Remmina profiles 
 +    * ''$HOME/.local/share/remmina'' and ''$HOME/.config/remmina''
   * Test ASMAD for processing end-to-end   * Test ASMAD for processing end-to-end
 +    * All perl scripts
 +      * Required modules should be included in the [[dnf_installer_bash_script_rocky_linux_9|dnf installer bash script]]
 +    * All python scripts
 +      * Check my amtrak_status "doc" directory for required python modules
   * Install [[clamav_antivirus|ClamAV]]   * Install [[clamav_antivirus|ClamAV]]
   * Install local printer   * Install local printer
 +    * Use http://localhost:631/admin and root username/password for credentials
 +    * If you don't use root credentials, then you need to modify /etc/cups/cups-files.conf and add my username to the SystemGroup line
 +    * Then restart cups ''systemctl restart cups''
 +    * Use AppSocket/HP JetDirect to add printer by IP address like <nowiki>''socket://XX.XX.XX.XX''</nowiki>
 +    * Choose driver ''Foomatic/hl1250 en''
 +    * Use option settings to make it the default printer and use 600x600 DPI quality
 +    * Test using enscript filename.txt (old a2ps command)
 +    * See if printer is default with ''lpstat -p -d'' and/or set it with ''lpoptions -d PRINTER_NAME''
 +    * ''lpstat -d'' should now show the new printer as the default
 +  * Local RPMs
 +    * perl-Math-Round
 +    * Slack
 +    * sunwait
 +      * Test with ''/usr/bin/sunwait -v sun down -0:01:00 33.640411N 84.419853W''
   * Check any remaining ''/etc/yum.repos.d/*'' configuration setup   * Check any remaining ''/etc/yum.repos.d/*'' configuration setup
-    * For example, Ookla Speedtest+    * For example, [[https://www.speedtest.net/apps/cli|Ookla Speedtest CLI]]
   * Mount /disk2 (see [[adding_a_second_hard_drive]])   * Mount /disk2 (see [[adding_a_second_hard_drive]])
   * Install [[https://github.com/pwsafe/pwsafe/releases?q=non-windows&expanded=true|PasswordSafe for Linux]]   * Install [[https://github.com/pwsafe/pwsafe/releases?q=non-windows&expanded=true|PasswordSafe for Linux]]
 +    * See repo at https://sourceforge.net/projects/passwordsafe/files/Linux/
     * Use this instead of [[https://gorilla.dp100.com/downloads/|Gorilla password manager]]     * Use this instead of [[https://gorilla.dp100.com/downloads/|Gorilla password manager]]
     * v1.16 works with ''dnf localinstall passwordsafe-fedora37-1.16.rpm''     * v1.16 works with ''dnf localinstall passwordsafe-fedora37-1.16.rpm''
 +    * Binary is /usr/bin/pwsafe
   * Add CPU graph and Weather Info to panel   * Add CPU graph and Weather Info to panel
-    * ''dnf install xfce4-cpugraph-plugin xfce4-weather-plugin'' +    * Packages are xfce4-cpugraph-plugin and xfce4-weather-plugin which are part of the bash install script noted near top of this page 
-    * Right-click top panel > Add to Panel+    * Right-click top panel > Add New Items
     * Add CPU Graph, Weather Info     * Add CPU Graph, Weather Info
 +  * Adjust top and bottom panels
 +    * Reverse positions
 +    * Make top panel 24px with icons at fixed 22px
 +    * Bottom panel 24px with icons at fixed 16px
 +    * Top panel has these buttons:
 +      * Show desktop, separator, calculator, xterm, gedit, chrome, chrome beta, firefox, app finder, file manager, screenshot, password safe, keepassxc, shortcut to security cams, VirtualBox, Remmina, XfreeRDP
 +    * Stop the Keyring popup GUI when starting Chrome (see [[https://unix.stackexchange.com/questions/718489/how-to-fix-login-keyring|this post]])
 +      * ''cd ~/.local/share/keyrings; mv login.keyring login.keyring.IGNORE'' 
 +      * Log out and log back in or reboot
  
 __Post Installation__ __Post Installation__
  
 +  * In /root/bin on old/new machines, see final_sync_for_new_server.txt
   * As root, use ''alpine'' to check email from crons that indicate any errors or failures   * As root, use ''alpine'' to check email from crons that indicate any errors or failures
 +  * Cleanup old files in root, my $HOME
 +  * Fix date [[https://unix.stackexchange.com/questions/553679/set-clock-to-24-hour-format-for-all-users|to show 24 hour clock]]
 +    * Setting should be in .bashrc
  
 __Other Notes__ __Other Notes__
Line 136: Line 191:
     * In the "Find an item to add to the panel:" search box, enter "System Monitor" and click Add     * In the "Find an item to add to the panel:" search box, enter "System Monitor" and click Add
     * Moving display of current CPU usage should appear     * Moving display of current CPU usage should appear
 +
 +__Known issues__
 +  * SHA-1 security signing is not supported on RHEL9 ([[https://www.redhat.com/en/blog/rhel-security-sha-1-package-signatures-distrusted-rhel-9|see RedHat blog post]])
 +    * /etc/cron.daily/google-chrome fails because of this
 +      * Probably not a critical issue since Chrome can be updated via dnf
rocky_linux_9_migration_notes.txt · Last modified: 2024/01/11 11:21 by juckins