Differences

This shows you the differences between two versions of the page.

--- rocky_linux_9_migration_notes [2022/06/26 17:45] – juckins
+++ rocky_linux_9_migration_notes [2025/06/29 08:24] (current) – juckins
@@ Line 1: / Line 1: @@
 ==== Rocky Linux 9 Migration Notes ====
-//Below are CentOS 8 migration notes, so update/refine as appropriate.//
+__2025-06-25__
+Upgrade to Rocky Linux 9.6 initially failed on test VM with package errors.
-Check:  Does ssh'ing into a RL9 machine via ssh and xterm have slow logouts? The fix is to not include ssh -X or ssh -Y.
+  Trying these steps on a test VM:
-Consult [[virtualbox_for_centos_stream_notes|Virtual Box running CentOS8 Stream]] notes if dnf updates are slow
+  dnf remove vlc totem gstreamer1-plugins-bad-free gstreamer1-plugins-ugly-free
+  dnf update
+  dnf install vlc totem
-Fix php for phpmyadmin:
-  dnf install php-gd php-ldap php-mysqlnd php-pecl-mcrypt php-pecl-zip
-Also comment out the cookie validity setting in config.inc.php
+Then reinstall VBox Guest Additions.
-Secure the mariadb
+Got message ''/var/log/vboxadd-setup.log to find out what went wrong'' (Building the modules for [current] kernel failed).
-Fix php.ini from known good config
+Rebooted and then tried installing kernel-debug-devel but same problem.
-Configure $HOME/.vimrc as the following:
+Upgraded host computer's VirtualBox to version 7.1-7.1.10 (was running 7.1.4)
-  autocmd FileType * setlocal formatoptions-=c formatoptions-=r formatoptions-=o
+Now can upgrade from 9.5 to 9.6 on VirtualBox VMs but Xfce logs in for 1 second, a black screens appears, and then the sytem logs out.
-  # python3 -m pip install --upgrade pip
+<color #ed1c24>The fix is to choose a different window manager on the main login screen (upper right, choose "GNOME Classic on Wayland").  After logging in successfully, log out and then go back to the main screen and choose the "Xfce Session".</color>
-  # python3 -m pip install dictor
-  # python3 -m pip install wheel
-  # python3 -m pip install httplib2
-  # python3 -m pip install PyMySQL
-PyMySQL v0.9.3 has been upgraded to v1.0.2 and requires modification to "connect" statement.
+For my non-virtual, primary Rocky Linux 9 machine the upgrade from 9.5 to 9.6 worked without issue but upon reboot, I got the following error:
-Other fixes:
+''VirtualBox can't operate in VMX root mode. Please disable the KVM kernel extension, recompile your kernel and reboot (VERR_VMX_IN_VMX_ROOT_MODE).''
-  * Disable WiFi LAN connection with ''# nmcli radio wifi off''
+Using a [[https://www.google.com/search?q=VirtualBox+can%27t+operate+in+VMX+root+mode.+Please+disable+the+KVM+kernel+extension%2C+recompile+your+kernel+and+reboot+(VERR_VMX_IN_VMX_ROOT_MODE).&oq=VirtualBox+can%27t+operate+in+VMX+root+mode.+Please+disable+the+KVM+kernel+extension%2C+recompile+your+kernel+and+reboot+(VERR_VMX_IN_VMX_ROOT_MODE).&gs_lcrp=EgZjaHJvbWUyBggAEEUYOTIHCAEQIRiPAjIHCAIQIRiPAtIBCTYzNTVqMGoxNagCCLACAfEFCfv4GIhBFt3xBQn7-BiIQRbd&sourceid=chrome&ie=UTF-8|Google Search]], the temporary fix was to do the following {{ :0:virtualbox-vmx-problem.pdf|see PDF}}:
-  * [[https://unix.stackexchange.com/questions/152691/how-to-disable-beep-sound-in-linux-centos-7-command-line|Disable bell]]
-For migrating a system from a different OS, take note of this info first:
+  # lsmod | grep kvm
-  * Make a test user on CentOS7 and one on CentOS8
-    * Compare hidden files to see if anything changed between OSs
+Verified the following output:
-    * This allows for easy migrating of data for users' $HOME directories
-  * ensure all scripts make their own log file directory
-    * $log_dir = "/var/tmp/check_disk_space";
-    * mkdir ("$log_dir", 0755);
-    * should crons write to /tmp and then have a daily script that checks cron logs for errors?
+  kvm_intel             446464  0
+  kvm                  1404928  1 kvm_intel
-----
+Disabled the KVM temporarily:
+  # modprobe -r kvm_intel
+Verified nothing was returned with the following command:
+  # lsmod | grep kvm
+Was then able to start up the VMs using the VirtualBox GUI successfully.
-  * Get inventory of users
+Need to reboot machine and see if fix stays.  Otherwise, the permanent fix is the following:
-  * ///
-  * Check that PHP is working correctly, localhost/index.php tries to open a file
-    * check httpd.conf
-  * ///
-  * Clear all history from Firefox before testing phpmyadmin
-    * Check httpd logs for any errors, such as mod security
-    * uninstall [[https://phoenixnap.com/kb/setup-configure-modsecurity-on-apache|mod_security]] if necessary
-  * [[https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-using-firewalld-on-centos-8|Add https and http to firewall rules]]
-    * ''firewall-cmd --zone=public --add-service=http --permanent''
-    * ''firewall-cmd --zone=public --add-service=https --permanent''
-  * <color #ed1c24>MySQL / MariaDB Database and users</color>
-    * [[https://www.digitalocean.com/community/tutorials/how-to-reset-your-mysql-or-mariadb-root-password|Reset mysql root password]]
-    * [[https://www.tecmint.com/install-lamp-on-centos-8/|Notes for installing LAMP]] on CentOS 8
-    * [[https://www.digitalocean.com/community/tutorials/how-to-install-the-apache-web-server-on-centos-8]]
-    * [[https://www.tecmint.com/transfer-mysql-databases-from-old-to-new-server/|Migrate all databases with mysqldump]]
-      * Note that the restore of mysql does not use "--all-databases" option and is an error in link above
-    * [[https://www.linode.com/docs/databases/mysql/create-physical-backups-of-your-mariadb-or-mysql-databases/|Migrate with tar]]
-    * [[http://www.uptimemadeeasy.com/linux/mysql-migrate-users-server-server/|Migrate MySQL users to new machine]]
-      * They can be exported from phpmyadmin (but don't include root)
-  * export MySQL databases with mysqldump
-    * [[https://www.digitalocean.com/community/tutorials/how-to-migrate-a-mysql-database-between-two-servers|Migrate MySQL database to new server]]
-    * [[http://dev.mysql.com/doc/refman/5.7/en/copying-databases.html|Move MySQL databases to new server]]
-  * list of installed perl modules
-    * grep all .pl script and look for the "use " calls
-  * Copy the following to accessible location for restore after upgrade
-    * users' $HOME
-    * crons should be in each user's $HOME/crontab
-    * various processing log files from /var/tmp/
-    * /etc/ssh/*key* or possibly the entire directory contents (this may prevent man-in-the-middle attack messages but testing needed)
-    * /etc/hosts
-    * /etc/httpd/conf/httpd.conf
-    * Samba users, passwords, shares (for security cameras)
-      * /etc/samba/smb.conf
-      * /var/lib/samba/private/passdb.tbd
-      * /var/lib/samba/private/secrets.tbd
-      * Make sure service is running and will start at boot.
-      * Check output with: testparm -v
-  * nxclient-3.5.0-7.x86_64.rpm
-  * nxnode-3.5.0-9.x86_64.rpm
-  * nxserver-3.5.0-11.x86_64.rpm
-  * <del>skype-4.3.0.37-fedora.i586.rpm</del>
-  * verify services that should be installed/running in chkconfig
-  * Note firewall rules
-    * [[https://serverfault.com/questions/655851/is-there-a-simple-way-to-export-import-firewalld-settings|Export Firewall Rules to new server]]
-<color #ed1c24>**Below is copied from [[centos_7_migration_notes|CentOS 7 Migration Notes]] so modify as needed.**</color>
+  Create a file named kvm-blacklist.conf in /etc/modprobe.d/
-Must-Have functionality:
+Add the blacklist entry: Add the appropriate line to the file:
-  * Apache, MySQL, PHP, Perl
-  * [[https://www.cyberciti.biz/faq/how-to-protect-ssh-with-fail2ban-on-centos-8/|fail2ban]]
-    * edit /etc/fail2ban/jail.local to ban for longer than default of 1 hour
-    * Check logs: # cat /var/log/fail2ban.log
-    * Ensure service is running:
-      * ''# systemctl enable fail2ban''
-      * ''# systemctl restart fail2ban''
-  * [[gmail_as_a_relay_on_linux|Set up Gmail Relay and test]]
-  * Disable SELinux
-  * VSFTP (for security cameras)
-    * [[http://www.liquidweb.com/kb/how-to-install-and-configure-vsftpd-on-centos-7/|Config instructions]]
-    * [[https://www.benscobie.com/fixing-500-oops-vsftpd-refusing-to-run-with-writable-root-inside-chroot/|500 writeable root error]]
-    * As root: setsebool -P allow_ftpd_full_access on
-    * As root: systemctl restart vsftpd
-    * As root: systemctl enable vsftpd
-  * Samba
-    * [[samba_file_sharing|Samba File Sharing]]
-  * <del>Skype</del>
-  * Virtual Box
-  * Working crontabs for each user
-  * [[python_notes|Install Python 3]]
-Customize MATE Desktop displays
+  blacklist kvm_intel
-  * Adjust System > Preferences > Look and Feel > Appearance
-  * Under Fonts tab, set all to size 8
+-or-
-  * Click Details, set resolution to 96 dpi, Smoothing Grayscale, Hinting Slight, Subpixel order RGB
-  * Firefox has large bullets for password masking.  Theme setting?
+  blacklist kvm_amd
-  * [[http://juckins.net/dokuwiki/lib/exe/fetch.php?media=centos7_desktop.png|Configure Desktop]]
-  * Set up gnome-terminal preferences
-    * General: Font Monospace 9, No terminal bell
-    * Colors: Use colors from system theme
-      * Or, black background with text color #d3d7cf (from GNOME Dark in RHEL9)
-    * Scrolling: unlimited
-    * Edit > Keyboard Shortcuts > Reset and Clear > F2
-  * Disable Vim auto-indent following [[vim_tips|Vi and Vim Tips]]
-Change setting on screensaver
+Reboot to apply the changes.
-  * System > Preferences > Look and Feel > Screensaver
-System Monitor (needs mate-system-monitor and mate-applets RPMs):
+__2024-11-25__
-  * Right-click top panel > Add to Panel
-  * In the "Find an item to add to the panel:" search box, enter "System Monitor" and click Add
-  * Moving display of current CPU usage should appear
-----
+Old news, but LibreOffice no longer supported by RedHat.  Get the latest LibreOffice from https://www.libreoffice.org/download/download-libreoffice/
-Database work:
+Unpack the tar and verify you see individual RPMs.  Then:
-  * Backup /etc/my.cnf
-    * Add this line under [mysqld]
-      * default-storage-engine=MyISAM
-  * Add other database users with phpMyAdmin GUI
-    * set username
-    * set password
-    * select "Grant all privileges on wildcard name (username\_%)."
-  * Dump all databases from source server to sql file then import on target server
-    * mysqldump -u USER -p'PASS' DATABASE > /tmp/DATABASE.sql
-    * Ensure database on target server exists; create if necessary
-      * Tables migrated should be MyISAM
-      * Default database engine is InnoDB as<color #ed1c24>Red Highlighted Text</color> of MySQL 5.5
-      * [[https://dev.mysql.com/doc/refman/5.6/en/innodb-default-se.html|Perform some tests and queries]]
-        * The exact number of rows of InnoDB tables cannot be shown
-        * Need to monitor /var</fc>/lib/mysql for growing logs
-        * <color #ed1c24>CHECK</color>: [[http://stackoverflow.com/questions/3927690/howto-clean-a-mysql-innodb-storage-engine/4056261#4056261|Manage and Cleanup InnoDB Infrastructure]]
-        * [[http://dba.stackexchange.com/questions/8982/what-is-the-best-way-to-reduce-the-size-of-ibdata-in-mysql|Similar Post 1]]
-        * [[http://pc-freak.net/blog/fix-mysql-ibdata-file-size-ibdata1-file-growing-large-preventing-ibdata1-eating-disk-space/|Similar Post 2]]
-        * [[https://dev.mysql.com/doc/refman/5.6/en/innodb-data-log-reconfiguration.html|dev.mysql info]]
-      * Alternatively, set MyISAM to default database engine
-      * systemctl start mariadb.service
-      * systemctl enable mariadb.service
-    * mysql DATABASE -h localhost -u USER -p'PASS' < /tmp/DATABASE.sql
-Setup ddclient:
+  dnf localinstall *.rpm
-  * https://sourceforge.net/p/ddclient/wiki/Home/
-  * dnf -y install ddclient
+You can then start an application like this:
-  * Use /etc/ddclient/* for configs from previous machine
-Setup duckdns:
+  libreoffice24.8 --calc test.csv
-  * crontab is <code>~/duckdns/duck.sh >/dev/null 2>&1</code>
+Make a .bashrc alias for shortcuts.
-Setup ydns:
+__2024-11-21__
-  * crontab is <code>~/ydns/updater.sh -V -u <snip> -p <snip> -H juckins.ydns.eu >>~/ydns/updater.log 2>&1</code>
-Firewall notes:
+Upgrade to Rocky Linux 9.5:
-  * Using firewall-config to close rules from previous machine
-rsync /var/www/html/
+Had to run the following due to package problems (which will break 'vlc')
-  * test pages for proper display
-  * check soft link to phpmy is correct and current
-Restore and test crons
+  dnf remove compat-ffmpeg4 ffmpeg-libs vlc
-  * check that each cron job runs and the specified log directory exists
+  dnf update
+  dnf install vlc gstreamer1-plugin-openh264
+Then security cameras running vlc and totem worked correctly.
-Backup /etc/selinux/config and change from enforcing to permissive
+__2024-05-13__
-Restore /etc/hosts from previous machine as needed
+Upgrade to Rocky Linux 9.4:
-Then, edit the network connections and make sure the "Ethernet" tab for the active connection, such as enp0s3, has the "Device" set to that interface.  Reboot to test.
+Had to run ''dnf remove gnome-applets'' to allow upgrade to proceed.
-Download sample .png, .gif, .jpg images and test /usr/bin/display for any errors
+After the upgrade the test Rocky Linux 9.3 VM would not start X with Xfce.  Tried a bunch of things like reinstalling all RPMs, getting list of matching RPMs against another VM that upgraded OK but X still would not start.  ''/var/log/messages'' just kept showing the X server was crashing.
-  * [[http://juckins.net/dokuwiki/lib/exe/fetch.php?media=sample.gif|GIF image]]
-  * [[http://juckins.net/dokuwiki/lib/exe/fetch.php?media=sample.jpg|JPG image]]
-  * [[http://juckins.net/dokuwiki/lib/exe/fetch.php?media=sample.png|PNG image]]
-[[http://www.if-not-true-then-false.com/2014/install-oracle-java-8-on-fedora-centos-rhel/|Install Oracle Java]] (note, this is not the default CentOS, it will not auto-update)
+Discovered that if you select the "Standard (Wayland display server)" option on the login page, let the system start its display and log out, then you can login with Xfce successfully.
-Install X2Go
+Very odd but that seems to be the workaround for this upgrade.
-Restore Thunderbird profile
+----
-Restore Firefox profile
+NOTE 1: The fresh install instructions below were tested on Rocky Linux 9.3
-Restore VirtualBox and all machines
+NOTE 2: Upgrading Rocky Linux 9.2 to 9.3 in late November 2023 resulted in ImageMagick errors.  Tried to remove ImageMagick*, then upgrade 9.2 to 9.3, and then reinstall ImageMagick* but the same error occurs. Fix was to disable /etc/yum.repos.d/epel-next.repo and then reinstall ImageMagick*.
-Test ASMAD for processing end-to-end
+NOTE 3: To migrate from Rocky Linux 8.x to 9, [[https://www.starwindsoftware.com/blog/upgrade-from-rocky-linux-8-x-to-rocky-linux-9-0|try these steps]].
-SSH issues
+//The notes below have been combined from [[centos_8_migration_notes|CentOS 8 Migration Notes]] and [[centos_7_migration_notes|CentOS 7 Migration Notes]].//\\
-  * Cannot ssh to yourself passwordlessly with default /etc/ssh/sshd_config
+//It is based on the **[[https://www.xfce.org/|Xfce Desktop Environment]]**. MATE is available, see notes at bottom of the page.//
-  * Comment out the following line, like this:
-  * #AuthorizedKeysFile	.ssh/authorized_keys
-  * This allows you to NX into the CentOS7 machine
-  * Update to openssh seems to require RSA keys now and authorized_keys file instead of DSA keys and authorized_keys2 file
-  * Set "PermitRootLogin no"
-  * <del>But MATE does not work, tried KDE with dnf group install "KDE Plasma Workspaces" and seems to work better but still no icons on the screen</del>
-  * <del>But need to configure custom desktop to use /etc/X11/xinit/Xsession mate-session</del>
-  * <del>Also tried /usr/bin/startxfce4 but still general odd behavior</del>
-  * Additional tips: http://ubuntuforums.org/archive/index.php/t-941530.html
-  * systemctl restart sshd.service
-  * User accounts at remove machines connecting to the new machine will need their $HOME/.ssh/known_hosts either rebuilt or offending entries removed
-Update GRUB and splash screen
+__Before Starting__
-  * My saved splash images with varying resolutions are in /root/downloads/splash
-  * <color #ed1c24>As of CentOS 7.2 cannot get custom splash image to appear at boot (with UEFI)</color>
-  * cd /etc/default
-  * cp grub grub.YYYYMMDD
-  * vi grub
-    * remove "rhgb quiet" from the GRUB_CMDLINE_LINUX call
-    * add "vga=0x317" to the GRUB_CMDLINE_LINUX call for better screen resolution (try 0x34b for 1920x1200x8 or 0x34c for 1920x1200x16, or vga=ask to see all available resolutions)
-    * comment out this line: GRUB_TERMINAL_OUTPUT="console"
-    * add this line: GRUB_BACKGROUND="/boot/grub2/splash.png"
-      * Ensure it is rw-r-r permissions
-      * [[http://192.168.1.14/dokuwiki/lib/exe/fetch.php?media=splash.png|Upload this image]] to the directory noted above
-  * For VM/BIOS-based installs, as root: grub2-mkconfig -o /boot/grub2/grub.cfg (Dell XPS 8930)
-  * For UEFI-based installs, as root: grub2-mkconfig -o /boot/efi/EFI/centos/grub.cfg
-  * More info at [[https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/System_Administrators_Guide/sec-Customizing_the_GRUB_2_Configuration_File.html|Customizing the Grub2 Config File]] and [[https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Desktop_Migration_and_Administration_Guide/GRUB.html|RHEL7 GRUB Guide]]
-  * [[https://www.centos.org/forums/viewtopic.php?t=49321|Change GRUB Menu Resolution]]
-  * [[https://www.centos.org/forums/viewtopic.php?t=50957|Change GRUB2 splash screen in CentOS 7]]
-  * [[http://www.tuxfixer.com/set-grub2-custom-splash-screen-on-rhel-7-centos-7-uefi-and-legacy-bios-iso-image/]]
-  * [[https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/desktop_migration_and_administration_guide/grub]]
-    * Tried part about making a special font
-    * Tried installing all grub2* rpms
-    * Tried 640x480 small splash image
-<code>
+  * Get inventory of users (see /home)
-GRUB_CMDLINE_LINUX_DEFAULT="video=1024x768"
+    * Become familiar with what each one does and the crons they run
-GRUB_GFXMODE=1024x768
+  * Copy the following to external hard drive or other machine for restoration after upgrade
-GRUB_GFXPAYLOAD_LINUX=keep
+    * All users $HOME directories
-</code>
+    * Ensure crons are in each user's $HOME/crontab directory
+    * ''/etc/hosts''
+    * ''/etc/samba/smb.conf''
+    * ''/var/lib/samba/private/passdb.tbd''
+    * ''/var/lib/samba/private/secrets.tbd''
+    * ''/etc/vsftpd/*''
-Set default GRUB entry
+__Installation__
-  * Download [[https://www.systutorials.com/3826/setting-default-entry-in-grub2-and-grub/|grub2-select.bash]]
-If GRUB2 no longer finds other OS to boot (such as Windows 10) use [[https://sourceforge.net/projects/boot-repair-cd/|SourceForge Boot Repair Disk]]
+  * Perform a minimal or basic install of Rocky Linux 9
+  * Backup ''/etc/selinux/config'' and change from enforcing to permissive. Reboot.
+  * Run the [[dnf_installer_bash_script_rocky_linux_9|Rocky Linux 9 bash setup script]] to get the usual extras, add-ons and other packages
+  * Reboot target computer and login.
-Install [[clamav_antivirus|ClamAV]]
+  * Since Xfce will be installed by running the bash script noted above, you can copy in pre-existing configs from another machine that already has Xfce installed.
+    * Log out of the target machine
+    * Copy files in ''~/.config/xfce4/'' from another pre-configured machine to the target machine
+    * ''cd .config/xfce4; rsync -avzn --delete --progress . XX.XX.XX.XX:~/.config/xfce4/''
+    * Copy files in ''~/.config/Thunar/'' from another pre-configured machine to the target machine
+    * ''cd .config/Thunar; rsync -avzn --delete --progress . XX.XX.XX.XX:~/.config/Thunar/''
+    * Reboot the target machine
+    * See {{:xfce.png?linkonly|Xfce Desktop image 1}} or {{:xfce_desktop_layout.png?linkonly|Xfce Desktop image 2}} for suggested icons, placement, etc.
+      * [[https://itsfoss.com/install-themes-xfce-xubuntu/|Notes for installing additional Xfce themes]]
-Set up local printer(s)
+  * Disable screensaver and power management
-  * Note that Brother has notes for the HL2170W at https://support.brother.com/g/b/downloadlist.aspx?c=us&lang=en&prod=hl2170w_all&os=127
+  * If necessary, disable WiFi LAN connection as root: ''nmcli radio wifi off''
-    * RPM #1: brhl2170wlpr-2.0.2-1.i386.rpm
+  * If necessary, keep WiFi LAN enabled but install Intel WiFi drivers if needed
-    * RPM #2: cupswrapperHL2170W-2.0.2-1.i386.rpm
+    * ''dnf install iwl6000g2b-firmware.noarch''
-    * Use 'lpstat' and 'lpq' to ensure it's a known destination printer
+    * Reboot and enable Wifi in task bar (the WiFi choice may be grayed out at first). Check that the wifi switch on the laptop needs to be turned on (keyboard toggle).
-  * [[https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/System_Administrators_Guide/sec-Printer_Configuration.html#sec-Starting_Print_Settings_Config|RHEL7 Print Settings]]
+    * http://linuxwireless.sipsolutions.net/en/users/Drivers/iwlwifi/
-  * dnf install cups
+    * https://www.intel.com/content/www/us/en/support/articles/000005511/wireless.html
-  * service cups start
+  * [[https://unix.stackexchange.com/questions/152691/how-to-disable-beep-sound-in-linux-centos-7-command-line|Disable bell]]
-  * systemctl enable cups
-  * Use System > Administration > Print Settings
-    * Add printer with Network JetDirect by IP address
-    * Default printer driver works OK
-  * Or use web browser:
-  * # dnf install httpd
-  * # /bin/systemctl start httpd.service
-  * # dnf install system-config-firewall
-  * # firewall-config (or System > Administration > Firewall)
-    * Allow http and https as rules
-    * Sometimes the firewall-config command will hang if trying to run via an SSH connection to a remote machine
-    * To add a port manually follow [[http://stackoverflow.com/questions/24729024/centos-7-open-firewall-port]]
-    * To close a port manually follow [[http://www.codero.com/knowledge-base/content/10/377/en/how-to-manage-firewall-rules-in-centos-7.html]]
-  * # systemctl enable httpd
-  * Go to http://localhost:631
-    * Go to Administration tab
-    * Enter credentials for user root
-    * Add printer with prompts
-Firewall Notes
+  * Create necessary user accounts
+    *  ''mate-user-admin'' is a graphical admin tool (old tool was system-config-users)
+  * Restore user's $HOME directories
+    * Copy over non-hidden files/directories first
+      * You can use rsync with the option to [[rsync_ignore_hidden_files|ignore hidden files]]
+    * Then rsync other hidden directories in each user's $HOME one-by-one, taking only what is needed
-  * Adding an allowed port at the command line (from [[http://stackoverflow.com/questions/24729024/centos-7-open-firewall-port]]
+  * [[https://www.linuxteck.com/how-to-install-apache-on-rocky-linux/|Install Apache on Rocky Linux 9]]
-  * Use this command to find your active zone(s):
+  * Copy/merge in ''/etc/httpd/conf/httpd.conf'' (and all backup versions) from previous machine
+  * Test password-restricted pages
+  * Run through [[php8.2_on_rocky_linux_8|PHP 8.2 on Rocky Linux 9]]
+  * Copy/merge in a known good ''/etc/php.ini'' file from previous machine
+  * Ensure a php file loads correctly (localhost, 192.168.X.XX, 127.0.0.1)
+  * Check httpd logs for any errors, such as mod security
+    * Uninstall [[https://phoenixnap.com/kb/setup-configure-modsecurity-on-apache|mod_security RPMs]] and restart apache if web pages cycle between Forbidden errors
-<code>
+  * Firewall configuration
-firewall-cmd --get-active-zones
+    * [[https://linuxhint.com/enable-disable-firewall-rocky-linux-9/|Enable-Disable Firewall]]
-</code>
+    * [[https://serverfault.com/questions/655851/is-there-a-simple-way-to-export-import-firewalld-settings|Export Firewall Rules to new server]]
+      * Can also try ''firewall-config'' to clone rules from previous machine
+    * [[https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-using-firewalld-on-centos-8|Add https and http to firewall rules]]
+      * ''firewall-cmd --zone=public --add-service=http --permanent''
+      * ''firewall-cmd --zone=public --add-service=https --permanent''
+    * [[https://www.cyberciti.biz/faq/how-to-protect-ssh-with-fail2ban-on-centos-8/|Configure fail2ban]]
+      * Edit ''/etc/fail2ban/jail.local'' to ban for longer than default of 1 hour
+      * Review ''/var/log/fail2ban.log'' output
+      * As root, ensure service is running:
+        * ''systemctl enable fail2ban''
+        * ''systemctl restart fail2ban''
-  * It will say either public, dmz, or something else. You should only apply to the zones required.
+  * MySQL / MariaDB Database - Installation
+    * [[https://www.digitalocean.com/community/tutorials/how-to-install-mariadb-on-rocky-linux-9|Install MariaDB on Rocky Linux 9]] and follow all steps to secure it, change default password, etc.
+    * How to [[https://www.digitalocean.com/community/tutorials/how-to-reset-your-mysql-or-mariadb-root-password|reset mysql root password]] if needed
-  * If you want to add a port such as 8080 to your public zone:
+  * Install [[https://www.phpmyadmin.net/|phpMyAdmin]] and use [[installing_phpmyadmin_tips|these tips]]
+    * Merge in config.inc.php from previous machine
+    * Clear local browser history, then test
+    * To create the phpmyadmin database, use the "Import" function and browse to the sql/create_tables.sql script (do this as root db user)
+    * To move over users, export from phpMyAdmin on old machine and cut-past into the Import function on new machine.
+      * If problematic, save to a .sql file locally and use the Import function.
-<code>
+  * MySQL / MariaDB Database - Migrate databases
-firewall-cmd --zone=public --add-port=8080/tcp --permanent
+    * [[http://www.uptimemadeeasy.com/linux/mysql-migrate-users-server-server/|Migrate MySQL users to new machine]]
-</code>
+      * They can be exported from phpMyAdmin (but don't include root)
+    * [[https://www.tecmint.com/transfer-mysql-databases-from-old-to-new-server/|Migrate all databases with mysqldump]]
+      * Note that the restore of mysql does not use ''-all-databases'' option and is an error in link above
+    * [[https://www.linode.com/docs/databases/mysql/create-physical-backups-of-your-mariadb-or-mysql-databases/|Migrate with tar]]
+    * Export MySQL databases with mysqldump
+      * [[https://www.digitalocean.com/community/tutorials/how-to-migrate-a-mysql-database-between-two-servers|Migrate MySQL database to new server]]
+      * [[http://dev.mysql.com/doc/refman/5.7/en/copying-databases.html|Move MySQL databases to new server]]
+    * When done, check format of tables (MyISAM vs InnoDB vs Aria)
+    * To change database engine, see [[https://phoenixnap.com/kb/myisam-vs-innodb|these notes]]
-  * Then remember to reload the firewall for changes to take effect.
+  * [[python_notes|Run through Python/PIP configuration]]
+    * For the non-root user needing it, run ''pip install dictor'' and ''pip install astral''
-<code>
+  * Install miniconda3 (see [[python_virtual_environments|Python Virtual Environments]])
-firewall-cmd --reload
-</code>
-Managing runlevel settings
+  * [[gmail_as_a_relay_on_linux|Set up Gmail Relay and test]]
+  * Set up [[samba_file_sharing|Samba]] users, passwords, shares (for security cameras)
-  * Switch to runlevel 5:
+    * Credentials are stored in my secure password file
-<code>
+      * command will be: ''smbpasswd -a USER'' (then enter password at next prompt)
-# systemctl isolate graphical.target
+    * Make sure service is running and will start at boot.
-</code>
+    * Check output with: ''testparm -v''
+    * The security cameras will need to reformat their nas disk locations to store video files
-  * Initiate runlevel 5 by default:
+  * VSFTP (for security cameras)
+    * [[https://wiki.crowncloud.net/?How_Install_VSFTPD_on_Rocky_Linux_9|Rocky Linux 9 instructions]]
+    * [[http://www.liquidweb.com/kb/how-to-install-and-configure-vsftpd-on-centos-7/|CentOS 7 instructions]]
+    * [[https://www.benscobie.com/fixing-500-oops-vsftpd-refusing-to-run-with-writable-root-inside-chroot/|500 writeable root error]]
+    * As root: ''setsebool -P allow_ftpd_full_access on''
+    * As root: ''systemctl restart vsftpd''
+    * As root: ''systemctl enable vsftpd''
+  * Setup ddclient:
+    * https://sourceforge.net/p/ddclient/wiki/Home/
+    * ''dnf -y install ddclient''
+    * Use ''/etc/ddclient.conf'' for configs from previous machine
+  * Setup duckdns updater cron
+  * Setup ydns updater cron
+  * Rsync over ''/var/www/html/''
+    * Test pages for proper display
+    * Check httpd logs for errors
+  * Restore and test crons for each user
+    * At the top of each user's cron file, add something like ''[email protected]'' so that emails sent to localhost are actually delivered to the sys admin
+      * Alternatively, look at /etc/aliases and have ''root'' send email to my actual email address
+    * Check that each cron job runs and the specified log directory exists
+    * Modify ''/etc/environment'' to include ''LC_TIME="en_GB.UTF-8"'' for 24-hour clock used by cron jobs
+  * Check network connections and make sure active connection comes up at boot time
+  * Restore Thunderbird profile
+  * [[https://www.virtualbox.org/wiki/Linux_Downloads|Install VirtualBox]]
+    * Migrate/import VirtualBox machines [[https://4sysops.com/archives/move-virtualbox-vm-to-other-hosts/|using these notes]]
+    * I had to create and self-sign MOK (Machine Owner Key) certificates.  Info [[https://gist.github.com/reillysiemens/ac6bea1e6c7684d62f544bd79b2182a4|here]].
+    * My Google Doc "Linux Replacement 2024" has some crude notes
+  * Restore Remmina profiles
+    * ''$HOME/.local/share/remmina'' and ''$HOME/.config/remmina''
+  * Test ASMAD for processing end-to-end
+    * All perl scripts
+      * Required modules should be included in the [[dnf_installer_bash_script_rocky_linux_9|dnf installer bash script]]
+    * All python scripts
+      * Check my amtrak_status "doc" directory for required python modules
+  * Install [[clamav_antivirus|ClamAV]]
+  * Install local printer
+    * Use http://localhost:631/admin and root username/password for credentials
+    * If you don't use root credentials, then you need to modify /etc/cups/cups-files.conf and add my username to the SystemGroup line
+    * Then restart cups ''systemctl restart cups''
+    * Use AppSocket/HP JetDirect to add printer by IP address like <nowiki>''socket://XX.XX.XX.XX''</nowiki>
+    * Choose driver ''Foomatic/hl1250 en''
+    * Use option settings to make it the default printer and use 600x600 DPI quality
+    * Test using enscript filename.txt (old a2ps command)
+    * **When using evince to print out PDFs, it seems you need to choose "Print to "LPR".**
+      * Otherwise the output does not fit the page.
+      * Note that Libre Office can print to the printer name "Brother_HL-2170W" without a problem.
+    * See if printer is default with ''lpstat -p -d'' and/or set it with ''lpoptions -d PRINTER_NAME''
+    * ''lpstat -d'' should now show the new printer as the default
+  * Local RPMs
+    * perl-Math-Round
+    * Slack
+    * sunwait
+      * Test with ''/usr/bin/sunwait -v sun down -0:01:00 33.640411N 84.419853W''
+  * Check any remaining ''/etc/yum.repos.d/*'' configuration setup
+    * For example, [[https://www.speedtest.net/apps/cli|Ookla Speedtest CLI]]
+      * If Ookla becomes a graphical output, might need to consider ''dnf install speedtest-cli''
+  * Mount /disk2 (see [[adding_a_second_hard_drive]])
+  * Install [[https://github.com/pwsafe/pwsafe/releases?q=non-windows&expanded=true|PasswordSafe for Linux]]
+    * See repo at https://sourceforge.net/projects/passwordsafe/files/Linux/
+    * Use this instead of [[https://gorilla.dp100.com/downloads/|Gorilla password manager]]
+    * v1.16 works with ''dnf localinstall passwordsafe-fedora37-1.16.rpm''
+    * Binary is /usr/bin/pwsafe
+  * Add CPU graph and Weather Info to panel
+    * Packages are xfce4-cpugraph-plugin and xfce4-weather-plugin which are part of the bash install script noted near top of this page
+    * Right-click top panel > Add New Items
+    * Add CPU Graph, Weather Info
+  * Adjust top and bottom panels
+    * Reverse positions
+    * Make top panel 24px with icons at fixed 22px
+    * Bottom panel 24px with icons at fixed 16px
+    * Top panel has these buttons:
+      * Show desktop, separator, calculator, xterm, gedit, chrome, chrome beta, firefox, app finder, file manager, screenshot, password safe, keepassxc, shortcut to security cams, VirtualBox, Remmina, XfreeRDP
+    * Stop the Keyring popup GUI when starting Chrome (see [[https://unix.stackexchange.com/questions/718489/how-to-fix-login-keyring|this post]])
+      * ''cd ~/.local/share/keyrings; mv login.keyring login.keyring.IGNORE''
+      * Log out and log back in or reboot
-<code>
+__Post Installation__
-# systemctl set-default graphical.target
-</code>
-  * Switch to runlevel 3:
+  * In /root/bin on old/new machines, see final_sync_for_new_server.txt
-<code>
+  * As root, use ''alpine'' to check email from crons that indicate any errors or failures
-# systemctl isolate multi-user.target
+  * Cleanup old files in root, my $HOME
-</code>
+  * Fix date [[https://unix.stackexchange.com/questions/553679/set-clock-to-24-hour-format-for-all-users|to show 24 hour clock]]
+    * Setting should be in .bashrc
+  * If you have slow dnf updates, add these 2 lines to '/etc/dnf/dnf.conf':
+    * ''fastestmirror=1''
+    * ''max_parallel_downloads=8''
-  * Initiate runlevel 3 by default:
+__Other Notes__
-<code>
+MATE is now available.  See [[https://docs.rockylinux.org/guides/desktop/mate_installation/|MATE Documentation]]
-# systemctl set-default multi-user.target
-</code>
-  * For other run-level info, see [[https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/System_Administrators_Guide/sect-Managing_Services_with_systemd-Targets.html#sect-Managing_Services_with_systemd-Targets-Change_Default|RHEL7 Working with Systemd Targets]]
+  * Add System Monitor to panel
+    * ''dnf -y install mate-system-monitor''
+    * Right-click top panel > Add to Panel
+    * In the "Find an item to add to the panel:" search box, enter "System Monitor" and click Add
+    * Moving display of current CPU usage should appear
-After machine has been running for a few days, don't forget to use "alpine" and check for local email from crons that indicate any errors or failures.
+__Known issues__
+  * SHA-1 security signing is not supported on RHEL9 ([[https://www.redhat.com/en/blog/rhel-security-sha-1-package-signatures-distrusted-rhel-9|see RedHat blog post]])
+    * /etc/cron.daily/google-chrome fails because of this
+      * Probably not a critical issue since Chrome can be updated via dnf