Christopher Juckins

SysAdmin Tips, Tricks and other Software Tools

User Tools

Site Tools


rocky_linux_9_migration_notes

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
rocky_linux_9_migration_notes [2022/06/26 17:45] juckinsrocky_linux_9_migration_notes [2024/01/11 11:21] (current) juckins
Line 1: Line 1:
 ==== Rocky Linux 9 Migration Notes ==== ==== Rocky Linux 9 Migration Notes ====
  
-//Below are CentOS 8 migration notes, so update/refine as appropriate.//+NOTE 1: The fresh install instructions below were tested on Rocky Linux 9.3
  
 +NOTE 2: Upgrading Rocky Linux 9.2 to 9.3 in late November 2023 resulted in ImageMagick errors.  Tried to remove ImageMagick*, then upgrade 9.2 to 9.3, and then reinstall ImageMagick* but the same error occurs. Fix was to disable /etc/yum.repos.d/epel-next.repo and then reinstall ImageMagick*.
  
-Check Does ssh'ing into a RL9 machine via ssh and xterm have slow logouts? The fix is to not include ssh -X or ssh -Y.+NOTE 3To migrate from Rocky Linux 8.x to 9, [[https://www.starwindsoftware.com/blog/upgrade-from-rocky-linux-8-x-to-rocky-linux-9-0|try these steps]].
  
-Consult [[virtualbox_for_centos_stream_notes|Virtual Box running CentOS8 Stream]] notes if dnf updates are slow+//The notes below have been combined from [[centos_8_migration_notes|CentOS 8 Migration Notes]] and [[centos_7_migration_notes|CentOS 7 Migration Notes]].//\\ 
 +//It is based on the **[[https://www.xfce.org/|Xfce Desktop Environment]]**. MATE is available, see notes at bottom of the page.//
  
 +__Before Starting__
  
-Fix php for phpmyadmin:+  * Get inventory of users (see /home) 
 +    * Become familiar with what each one does and the crons they run 
 +  * Copy the following to external hard drive or other machine for restoration after upgrade 
 +    * All users $HOME directories 
 +    * Ensure crons are in each user's $HOME/crontab directory 
 +    * ''/etc/hosts'' 
 +    * ''/etc/samba/smb.conf'' 
 +    * ''/var/lib/samba/private/passdb.tbd'' 
 +    * ''/var/lib/samba/private/secrets.tbd'' 
 +    * ''/etc/vsftpd/*''
  
-  dnf install php-gd php-ldap php-mysqlnd php-pecl-mcrypt php-pecl-zip +__Installation__
-   +
-Also comment out the cookie validity setting in config.inc.php+
  
-Secure the mariadb+  * Perform a minimal or basic install of Rocky Linux 9 
 +  * Backup ''/etc/selinux/config'' and change from enforcing to permissive. Reboot. 
 +  * Run the [[dnf_installer_bash_script_rocky_linux_9|Rocky Linux 9 bash setup script]] to get the usual extras, add-ons and other packages 
 +  * Reboot target computer and login.
  
-Fix php.ini from known good config+  * Since Xfce will be installed by running the bash script noted above, you can copy in pre-existing configs from another machine that already has Xfce installed. 
 +    * Copy files in ''~/.config/xfce4/'' from another pre-configured machine to this machine 
 +    * ''cd .config/xfce4; rsync -avzn --delete --progress . XX.XX.XX.XX:~/.config/xfce4/''     
 +    * See {{:xfce.png?linkonly|Xfce Desktop image 1}} or {{:xfce_desktop_layout.png?linkonly|Xfce Desktop image 2}} for suggested icons, placement, etc. 
 +      * [[https://itsfoss.com/install-themes-xfce-xubuntu/|Notes for installing additional Xfce themes]]
  
-Configure $HOME/.vimrc as the following:+  * Disable screensaver and power management 
 +  * If necessary, disable WiFi LAN connection as root''nmcli radio wifi off'' 
 +  * [[https://unix.stackexchange.com/questions/152691/how-to-disable-beep-sound-in-linux-centos-7-command-line|Disable bell]]
  
-  autocmd FileType setlocal formatoptions-=c formatoptions-=r formatoptions-=o+  * Create necessary user accounts 
 +    *  ''mate-user-admin'' is a graphical admin tool (old tool was system-config-users) 
 +  * Restore user's $HOME directories 
 +    * Copy over non-hidden files/directories first 
 +      * You can use rsync with the option to [[rsync_ignore_hidden_files|ignore hidden files]] 
 +    * Then rsync other hidden directories in each user's $HOME one-by-one, taking only what is needed
  
-  # python3 -m pip install --upgrade pip +  * [[https://www.linuxteck.com/how-to-install-apache-on-rocky-linux/|Install Apache on Rocky Linux 9]] 
-  # python3 -m pip install dictor +  * Copy/merge in ''/etc/httpd/conf/httpd.conf'' (and all backup versions) from previous machine 
-  # python3 -m pip install wheel +  * Test password-restricted pages 
-  # python3 -m pip install httplib2 +  * Run through [[php8.2_on_rocky_linux_8|PHP 8.2 on Rocky Linux 9]] 
-  # python3 -m pip install PyMySQL+  * Copy/merge in a known good ''/etc/php.ini'' file from previous machine 
 +  * Ensure a php file loads correctly (localhost, 192.168.X.XX, 127.0.0.1) 
 +  * Check httpd logs for any errors, such as mod security 
 +    * Uninstall [[https://phoenixnap.com/kb/setup-configure-modsecurity-on-apache|mod_security RPMs]] and restart apache if web pages cycle between Forbidden errors
  
-PyMySQL v0.9.3 has been upgraded to v1.0.and requires modification to "connect" statement.+  * Firewall configuration 
 +    * [[https://linuxhint.com/enable-disable-firewall-rocky-linux-9/|Enable-Disable Firewall]] 
 +    * [[https://serverfault.com/questions/655851/is-there-a-simple-way-to-export-import-firewalld-settings|Export Firewall Rules to new server]] 
 +      * Can also try ''firewall-config'' to clone rules from previous machine 
 +    * [[https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-using-firewalld-on-centos-8|Add https and http to firewall rules]] 
 +      * ''firewall-cmd --zone=public --add-service=http --permanent'' 
 +      * ''firewall-cmd --zone=public --add-service=https --permanent'' 
 +    * [[https://www.cyberciti.biz/faq/how-to-protect-ssh-with-fail2ban-on-centos-8/|Configure fail2ban]] 
 +      * Edit ''/etc/fail2ban/jail.local'' to ban for longer than default of 1 hour 
 +      * Review ''/var/log/fail2ban.log'' output 
 +      * As root, ensure service is running: 
 +        * ''systemctl enable fail2ban'' 
 +        * ''systemctl restart fail2ban''
  
-Other fixes:+  * MySQL / MariaDB Database - Installation 
 +    * [[https://www.digitalocean.com/community/tutorials/how-to-install-mariadb-on-rocky-linux-9|Install MariaDB on Rocky Linux 9]] and follow all steps to secure it, change default password, etc. 
 +    * How to [[https://www.digitalocean.com/community/tutorials/how-to-reset-your-mysql-or-mariadb-root-password|reset mysql root password]] if needed
  
-  * Disable WiFi LAN connection with ''# nmcli radio wifi off'' +  * Install [[https://www.phpmyadmin.net/|phpMyAdmin]] and use [[installing_phpmyadmin_tips|these tips]] 
-  * [[https://unix.stackexchange.com/questions/152691/how-to-disable-beep-sound-in-linux-centos-7-command-line|Disable bell]]+    * Merge in config.inc.php from previous machine 
 +    * Clear local browser history, then test  
 +    * To create the phpmyadmin database, use the "Import" function and browse to the sql/create_tables.sql script (do this as root db user) 
 +    * To move over users, export from phpMyAdmin on old machine and cut-past into the Import function on new machine.   
 +      * If problematic, save to a .sql file locally and use the Import function.
  
-For migrating a system from a different OS, take note of this info first: +  * MySQL / MariaDB Database - Migrate databases 
-  Make a test user on CentOS7 and one on CentOS8 +    * [[http://www.uptimemadeeasy.com/linux/mysql-migrate-users-server-server/|Migrate MySQL users to new machine]] 
-    * Compare hidden files to see if anything changed between OSs +      They can be exported from phpMyAdmin (but don't include root)
-    * This allows for easy migrating of data for users' $HOME directories +
-  * ensure all scripts make their own log file directory +
-    * $log_dir = "/var/tmp/check_disk_space"; +
-    * mkdir ("$log_dir", 0755); +
-    * should crons write to /tmp and then have a daily script that checks cron logs for errors? +
- +
- +
----- +
- +
- +
-  * Get inventory of users +
-  * /// +
-  * Check that PHP is working correctly, localhost/index.php tries to open a file +
-    * check httpd.conf +
-  * /// +
-  * Clear all history from Firefox before testing phpmyadmin +
-    * Check httpd logs for any errors, such as mod security +
-    * uninstall [[https://phoenixnap.com/kb/setup-configure-modsecurity-on-apache|mod_security]] if necessary +
-  * [[https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-using-firewalld-on-centos-8|Add https and http to firewall rules]] +
-    * ''firewall-cmd --zone=public --add-service=http --permanent'' +
-    * ''firewall-cmd --zone=public --add-service=https --permanent'' +
-  * <color #ed1c24>MySQL / MariaDB Database and users</color> +
-    * [[https://www.digitalocean.com/community/tutorials/how-to-reset-your-mysql-or-mariadb-root-password|Reset mysql root password]] +
-    * [[https://www.tecmint.com/install-lamp-on-centos-8/|Notes for installing LAMP]] on CentOS 8 +
-    [[https://www.digitalocean.com/community/tutorials/how-to-install-the-apache-web-server-on-centos-8]]+
     * [[https://www.tecmint.com/transfer-mysql-databases-from-old-to-new-server/|Migrate all databases with mysqldump]]     * [[https://www.tecmint.com/transfer-mysql-databases-from-old-to-new-server/|Migrate all databases with mysqldump]]
-      * Note that the restore of mysql does not use "--all-databasesoption and is an error in link above+      * Note that the restore of mysql does not use ''-all-databases'' option and is an error in link above
     * [[https://www.linode.com/docs/databases/mysql/create-physical-backups-of-your-mariadb-or-mysql-databases/|Migrate with tar]]     * [[https://www.linode.com/docs/databases/mysql/create-physical-backups-of-your-mariadb-or-mysql-databases/|Migrate with tar]]
-    * [[http://www.uptimemadeeasy.com/linux/mysql-migrate-users-server-server/|Migrate MySQL users to new machine]] +    * Export MySQL databases with mysqldump 
-      * They can be exported from phpmyadmin (but don't include root) +      * [[https://www.digitalocean.com/community/tutorials/how-to-migrate-a-mysql-database-between-two-servers|Migrate MySQL database to new server]] 
-  * export MySQL databases with mysqldump +      * [[http://dev.mysql.com/doc/refman/5.7/en/copying-databases.html|Move MySQL databases to new server]] 
-    * [[https://www.digitalocean.com/community/tutorials/how-to-migrate-a-mysql-database-between-two-servers|Migrate MySQL database to new server]] +    When done, check format of tables (MyISAM vs InnoDB vs Aria
-    * [[http://dev.mysql.com/doc/refman/5.7/en/copying-databases.html|Move MySQL databases to new server]] +    * To change database enginesee [[https://phoenixnap.com/kb/myisam-vs-innodb|these notes]]
-  list of installed perl modules +
-    * grep all .pl script and look for the "use " calls +
-  * Copy the following to accessible location for restore after upgrade +
-    * users' $HOME +
-    * crons should be in each user's $HOME/crontab +
-    * various processing log files from /var/tmp/ +
-    * /etc/ssh/*key* or possibly the entire directory contents (this may prevent man-in-the-middle attack messages but testing needed+
-    * /etc/hosts +
-    * /etc/httpd/conf/httpd.conf +
-    * Samba userspasswords, shares (for security cameras) +
-      * /etc/samba/smb.conf +
-      * /var/lib/samba/private/passdb.tbd +
-      * /var/lib/samba/private/secrets.tbd +
-      * Make sure service is running and will start at boot. +
-      * Check output with: testparm -v +
-  * nxclient-3.5.0-7.x86_64.rpm +
-  * nxnode-3.5.0-9.x86_64.rpm +
-  * nxserver-3.5.0-11.x86_64.rpm +
-  * <del>skype-4.3.0.37-fedora.i586.rpm</del> +
-  * verify services that should be installed/running in chkconfig +
-  * Note firewall rules +
-    * [[https://serverfault.com/questions/655851/is-there-a-simple-way-to-export-import-firewalld-settings|Export Firewall Rules to new server]]+
  
-<color #ed1c24>**Below is copied from [[centos_7_migration_notes|CentOS 7 Migration Notes]] so modify as needed.**</color>+  * [[python_notes|Run through Python/PIP configuration]] 
 +    For the non-root user needing it, run ''pip install dictor'' and ''pip install astral'' 
 + 
 +  Install miniconda3 (see [[python_virtual_environments|Python Virtual Environments]])
  
-Must-Have functionality: 
-  * Apache, MySQL, PHP, Perl 
-  * [[https://www.cyberciti.biz/faq/how-to-protect-ssh-with-fail2ban-on-centos-8/|fail2ban]] 
-    * edit /etc/fail2ban/jail.local to ban for longer than default of 1 hour 
-    * Check logs: # cat /var/log/fail2ban.log 
-    * Ensure service is running: 
-      * ''# systemctl enable fail2ban'' 
-      * ''# systemctl restart fail2ban'' 
   * [[gmail_as_a_relay_on_linux|Set up Gmail Relay and test]]   * [[gmail_as_a_relay_on_linux|Set up Gmail Relay and test]]
-  * Disable SELinux+  * Set up [[samba_file_sharing|Samba]] users, passwords, shares (for security cameras) 
 +    * Credentials are stored in my secure password file 
 +      * command will be: ''smbpasswd -a USER'' (then enter password at next prompt) 
 +    * Make sure service is running and will start at boot. 
 +    * Check output with: ''testparm -v'' 
 +    * The security cameras will need to reformat their nas disk locations to store video files
   * VSFTP (for security cameras)   * VSFTP (for security cameras)
-    * [[http://www.liquidweb.com/kb/how-to-install-and-configure-vsftpd-on-centos-7/|Config instructions]]+    * [[https://wiki.crowncloud.net/?How_Install_VSFTPD_on_Rocky_Linux_9|Rocky Linux 9 instructions]] 
 +    * [[http://www.liquidweb.com/kb/how-to-install-and-configure-vsftpd-on-centos-7/|CentOS 7 instructions]]
     * [[https://www.benscobie.com/fixing-500-oops-vsftpd-refusing-to-run-with-writable-root-inside-chroot/|500 writeable root error]]     * [[https://www.benscobie.com/fixing-500-oops-vsftpd-refusing-to-run-with-writable-root-inside-chroot/|500 writeable root error]]
-    * As root: setsebool -P allow_ftpd_full_access on  +    * As root: ''setsebool -P allow_ftpd_full_access on'' 
-    * As root: systemctl restart vsftpd +    * As root: ''systemctl restart vsftpd'' 
-    * As root: systemctl enable vsftpd +    * As root: ''systemctl enable vsftpd'' 
-  * Samba +  * Setup ddclient: 
-    * [[samba_file_sharing|Samba File Sharing]] +    * https://sourceforge.net/p/ddclient/wiki/Home/ 
-  * <del>Skype</del> +    ''dnf -y install ddclient'' 
-  * Virtual Box +    * Use ''/etc/ddclient.conf'' for configs from previous machine 
-  * Working crontabs for each user +  Setup duckdns updater cron 
-  * [[python_notes|Install Python 3]] +  * Setup ydns updater cron 
- +  * Rsync over ''/var/www/html/'' 
-Customize MATE Desktop displays +    Test pages for proper display 
-  * Adjust System > Preferences > Look and Feel > Appearance +    * Check httpd logs for errors 
-  * Under Fonts tab, set all to size 8 +  * Restore and test crons for each user 
-  * Click Details, set resolution to 96 dpi, Smoothing Grayscale, Hinting Slight, Subpixel order RGB +    Check that each cron job runs and the specified log directory exists 
-  * Firefox has large bullets for password masking.  Theme setting? +    * Modify ''/etc/environment'' to include ''LC_TIME="en_GB.UTF-8"'' for 24-hour clock used by cron jobs 
-  * [[http://juckins.net/dokuwiki/lib/exe/fetch.php?media=centos7_desktop.png|Configure Desktop]] +  * Check network connections and make sure active connection comes up at boot time 
-  * Set up gnome-terminal preferences +  * Restore Thunderbird profile 
-    * General: Font Monospace 9, No terminal bell +  * [[https://www.virtualbox.org/wiki/Linux_Downloads|Install VirtualBox]] 
-    * Colors: Use colors from system theme +    Migrate/import VirtualBox machines [[https://4sysops.com/archives/move-virtualbox-vm-to-other-hosts/|using these notes]] 
-      * Or, black background with text color #d3d7cf (from GNOME Dark in RHEL9) +    I had to create and self-sign MOK (Machine Owner Key) certificates Info [[https://gist.github.com/reillysiemens/ac6bea1e6c7684d62f544bd79b2182a4|here]]. 
-    * Scrolling: unlimited +    * My Google Doc "Linux Replacement 2024" has some crude notes 
-    * Edit > Keyboard Shortcuts > Reset and Clear > F2 +  Restore Remmina profiles 
-  * Disable Vim auto-indent following [[vim_tips|Vi and Vim Tips]] +    * ''$HOME/.local/share/remmina'' and ''$HOME/.config/remmina'' 
- +  Test ASMAD for processing end-to-end 
-Change setting on screensaver +    All perl scripts 
-  * System > Preferences > Look and Feel > Screensaver +      Required modules should be included in the [[dnf_installer_bash_script_rocky_linux_9|dnf installer bash script]] 
- +    All python scripts 
-System Monitor (needs mate-system-monitor and mate-applets RPMs): +      Check my amtrak_status "docdirectory for required python modules 
-  * Right-click top panel > Add to Panel +  * Install [[clamav_antivirus|ClamAV]] 
-  * In the "Find an item to add to the panel:" search box, enter "System Monitor" and click Add +  * Install local printer 
-  * Moving display of current CPU usage should appear +    Use http://localhost:631/admin and root username/password for credentials 
- +    If you don't use root credentials, then you need to modify /etc/cups/cups-files.conf and add my username to the SystemGroup line 
----- +    Then restart cups ''systemctl restart cups'' 
- +    Use AppSocket/HP JetDirect to add printer by IP address like <nowiki>''socket://XX.XX.XX.XX''</nowiki
-Database work: +    Choose driver ''Foomatic/hl1250 en'' 
-  * Backup /etc/my.cnf +    * Use option settings to make it the default printer and use 600x600 DPI quality 
-    * Add this line under [mysqld] +    * Test using enscript filename.txt (old a2ps command
-      * default-storage-engine=MyISAM +    * See if printer is default with ''lpstat --d'' and/or set it with ''lpoptions -d PRINTER_NAME'' 
-  * Add other database users with phpMyAdmin GUI +    ''lpstat -d'' should now show the new printer as the default 
-    * set username +  * Local RPMs 
-    * set password +    * perl-Math-Round 
-    * select "Grant all privileges on wildcard name (username\_%)." +    * Slack 
-  * Dump all databases from source server to sql file then import on target server +    * sunwait 
-    * mysqldump -u USER -p'PASSDATABASE > /tmp/DATABASE.sql +      Test with ''/usr/bin/sunwait -v sun down -0:01:00 33.640411N 84.419853W'' 
-    Ensure database on target server exists; create if necessary +  * Check any remaining ''/etc/yum.repos.d/*'' configuration setup 
-      * Tables migrated should be MyISAM +    For example, [[https://www.speedtest.net/apps/cli|Ookla Speedtest CLI]] 
-      * Default database engine is InnoDB as<color #ed1c24>Red Highlighted Text</color> of MySQL 5.5 +  * Mount /disk2 (see [[adding_a_second_hard_drive]]) 
-      * [[https://dev.mysql.com/doc/refman/5.6/en/innodb-default-se.html|Perform some tests and queries]] +  * Install [[https://github.com/pwsafe/pwsafe/releases?q=non-windows&expanded=true|PasswordSafe for Linux]] 
-        * The exact number of rows of InnoDB tables cannot be shown +    * See repo at https://sourceforge.net/projects/passwordsafe/files/Linux
-        * Need to monitor /var</fc>/lib/mysql for growing logs +    * Use this instead of [[https://gorilla.dp100.com/downloads/|Gorilla password manager]] 
-        * <color #ed1c24>CHECK</color>: [[http://stackoverflow.com/questions/3927690/howto-clean-a-mysql-innodb-storage-engine/4056261#4056261|Manage and Cleanup InnoDB Infrastructure]] +    * v1.16 works with ''dnf localinstall passwordsafe-fedora37-1.16.rpm'' 
-        * [[http://dba.stackexchange.com/questions/8982/what-is-the-best-way-to-reduce-the-size-of-ibdata-in-mysql|Similar Post 1]]  +    Binary is /usr/bin/pwsafe 
-        * [[http://pc-freak.net/blog/fix-mysql-ibdata-file-size-ibdata1-file-growing-large-preventing-ibdata1-eating-disk-space/|Similar Post 2]] +  * Add CPU graph and Weather Info to panel 
-        * [[https://dev.mysql.com/doc/refman/5.6/en/innodb-data-log-reconfiguration.html|dev.mysql info]] +    * Packages are xfce4-cpugraph-plugin and xfce4-weather-plugin which are part of the bash install script noted near top of this page 
-      * Alternatively, set MyISAM to default database engine +    * Right-click top panel > Add New Items 
-      * systemctl start mariadb.service +    Add CPU Graph, Weather Info 
-      * systemctl enable mariadb.service +  * Adjust top and bottom panels 
-    * mysql DATABASE -h localhost -u USER -p'PASS' < /tmp/DATABASE.sql +    * Reverse positions 
- +    * Make top panel 24px with icons at fixed 22px 
-Setup ddclient: +    * Bottom panel 24px with icons at fixed 16px 
-  * https://sourceforge.net/p/ddclient/wiki/Home/ +    * Top panel has these buttons: 
-  * dnf -y install ddclient +      * Show desktop, separator, calculator, xterm, gedit, chrome, chrome beta, firefox, app finder, file manager, screenshot, password safe, keepassxc, shortcut to security cams, VirtualBox, Remmina, XfreeRDP 
-  * Use /etc/ddclient/* for configs from previous machine +    Stop the Keyring popup GUI when starting Chrome (see [[https://unix.stackexchange.com/questions/718489/how-to-fix-login-keyring|this post]]) 
- +      ''cd ~/.local/share/keyrings; mv login.keyring login.keyring.IGNORE''  
-Setup duckdns: +      Log out and log back in or reboot
-  * crontab is <code>~/duckdns/duck.sh >/dev/null 2>&1</code> +
- +
-Setup ydns+
-  * crontab is <code>~/ydns/updater.sh -V -u <snip> -p <snip> -H juckins.ydns.eu >>~/ydns/updater.log 2>&1</code> +
- +
-Firewall notes: +
-  * Using firewall-config to close rules from previous machine +
- +
-rsync /var/www/html/  +
-  test pages for proper display +
-  * check soft link to phpmy is correct and current +
- +
-Restore and test crons +
-  check that each cron job runs and the specified log directory exists +
- +
-Backup /etc/selinux/config and change from enforcing to permissive +
- +
-Restore /etc/hosts from previous machine as needed +
- +
-Then, edit the network connections and make sure the "Ethernet" tab for the active connection, such as enp0s3, has the "Device" set to that interface.  Reboot to test. +
- +
-Download sample .png, .gif, .jpg images and test /usr/bin/display for any errors +
-  * [[http://juckins.net/dokuwiki/lib/exe/fetch.php?media=sample.gif|GIF image]] +
-  * [[http://juckins.net/dokuwiki/lib/exe/fetch.php?media=sample.jpg|JPG image]] +
-  [[http://juckins.net/dokuwiki/lib/exe/fetch.php?media=sample.png|PNG image]] +
- +
-[[http://www.if-not-true-then-false.com/2014/install-oracle-java-8-on-fedora-centos-rhel/|Install Oracle Java]] (note, this is not the default CentOS, it will not auto-update)  +
- +
-Install X2Go +
- +
-Restore Thunderbird profile +
- +
-Restore Firefox profile +
- +
-Restore VirtualBox and all machines +
- +
-Test ASMAD for processing end-to-end +
- +
-SSH issues +
-  Cannot ssh to yourself passwordlessly with default /etc/ssh/sshd_config +
-  Comment out the following line, like this: +
-  #AuthorizedKeysFile .ssh/authorized_keys   +
-  This allows you to NX into the CentOS7 machine +
-  * Update to openssh seems to require RSA keys now and authorized_keys file instead of DSA keys and authorized_keys2 file +
-  * Set "PermitRootLogin no+
-  * <del>But MATE does not work, tried KDE with dnf group install "KDE Plasma Workspaces" and seems to work better but still no icons on the screen</del> +
-  * <del>But need to configure custom desktop to use /etc/X11/xinit/Xsession mate-session</del> +
-  <del>Also tried /usr/bin/startxfce4 but still general odd behavior</del> +
-  Additional tips: http://ubuntuforums.org/archive/index.php/t-941530.html +
-  * systemctl restart sshd.service +
-  User accounts at remove machines connecting to the new machine will need their $HOME/.ssh/known_hosts either rebuilt or offending entries removed +
- +
-Update GRUB and splash screen +
-  * My saved splash images with varying resolutions are in /root/downloads/splash +
-  * <color #ed1c24>As of CentOS 7.2 cannot get custom splash image to appear at boot (with UEFI)</color+
-  cd /etc/default +
-  * cp grub grub.YYYYMMDD +
-  * vi grub  +
-    * remove "rhgb quiet" from the GRUB_CMDLINE_LINUX call +
-    * add "vga=0x317" to the GRUB_CMDLINE_LINUX call for better screen resolution (try 0x34b for 1920x1200x8 or 0x34c for 1920x1200x16, or vga=ask to see all available resolutions+
-    * comment out this line: GRUB_TERMINAL_OUTPUT="console" +
-    * add this line: GRUB_BACKGROUND="/boot/grub2/splash.png" +
-      * Ensure it is rw-r-r permissions +
-      * [[http://192.168.1.14/dokuwiki/lib/exe/fetch.php?media=splash.png|Upload this image]] to the directory noted above +
-  For VM/BIOS-based installs, as root: grub2-mkconfig -o /boot/grub2/grub.cfg (Dell XPS 8930) +
-  * For UEFI-based installs, as root: grub2-mkconfig -o /boot/efi/EFI/centos/grub.cfg +
-  More info at [[https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/System_Administrators_Guide/sec-Customizing_the_GRUB_2_Configuration_File.html|Customizing the Grub2 Config File]] and [[https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Desktop_Migration_and_Administration_Guide/GRUB.html|RHEL7 GRUB Guide]] +
-  * [[https://www.centos.org/forums/viewtopic.php?t=49321|Change GRUB Menu Resolution]] +
-  * [[https://www.centos.org/forums/viewtopic.php?t=50957|Change GRUB2 splash screen in CentOS 7]] +
-  * [[http://www.tuxfixer.com/set-grub2-custom-splash-screen-on-rhel-7-centos-7-uefi-and-legacy-bios-iso-image/]] +
-  * [[https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/desktop_migration_and_administration_guide/grub]] +
-    * Tried part about making a special font +
-    * Tried installing all grub2* rpms +
-    * Tried 640x480 small splash image +
- +
-<code> +
-GRUB_CMDLINE_LINUX_DEFAULT="video=1024x768" +
-GRUB_GFXMODE=1024x768 +
-GRUB_GFXPAYLOAD_LINUX=keep +
-</code> +
- +
-Set default GRUB entry +
-  * Download [[https://www.systutorials.com/3826/setting-default-entry-in-grub2-and-grub/|grub2-select.bash]] +
- +
-If GRUB2 no longer finds other OS to boot (such as Windows 10) use [[https://sourceforge.net/projects/boot-repair-cd/|SourceForge Boot Repair Disk]] +
- +
-Install [[clamav_antivirus|ClamAV]] +
- +
-Set up local printer(s) +
-  * Note that Brother has notes for the HL2170W at https://support.brother.com/g/b/downloadlist.aspx?c=us&lang=en&prod=hl2170w_all&os=127 +
-    * RPM #1: brhl2170wlpr-2.0.2-1.i386.rpm +
-    * RPM #2: cupswrapperHL2170W-2.0.2-1.i386.rpm +
-    * Use 'lpstatand 'lpq' to ensure it's a known destination printer +
-  [[https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/System_Administrators_Guide/sec-Printer_Configuration.html#sec-Starting_Print_Settings_Config|RHEL7 Print Settings]] +
-  * dnf install cups +
-  * service cups start +
-  * systemctl enable cups +
-  * Use System > Administration > Print Settings +
-    * Add printer with Network JetDirect by IP address +
-    * Default printer driver works OK +
-  * Or use web browser: +
-  * # dnf install httpd +
-  * # /bin/systemctl start httpd.service +
-  * # dnf install system-config-firewall +
-  * # firewall-config (or System > Administration > Firewall) +
-    * Allow http and https as rules +
-    * Sometimes the firewall-config command will hang if trying to run via an SSH connection to a remote machine +
-    * To add a port manually follow [[http://stackoverflow.com/questions/24729024/centos-7-open-firewall-port]] +
-    * To close a port manually follow [[http://www.codero.com/knowledge-base/content/10/377/en/how-to-manage-firewall-rules-in-centos-7.html]] +
-  # systemctl enable httpd +
-  * Go to http://localhost:631 +
-    * Go to Administration tab +
-    * Enter credentials for user root +
-    * Add printer with prompts +
- +
-Firewall Notes  +
- +
-  Adding an allowed port at the command line (from [[http://stackoverflow.com/questions/24729024/centos-7-open-firewall-port]] +
-  Use this command to find your active zone(s): +
- +
-<code> +
-firewall-cmd --get-active-zones +
-</code> +
- +
-  * It will say either public, dmz, or something elseYou should only apply to the zones required. +
- +
-  * If you want to add a port such as 8080 to your public zone: +
- +
-<code> +
-firewall-cmd --zone=public --add-port=8080/tcp --permanent +
-</code> +
- +
-  * Then remember to reload the firewall for changes to take effect. +
- +
-<code> +
-firewall-cmd --reload +
-</code> +
- +
-Managing runlevel settings +
- +
-  * Switch to runlevel 5: +
-<code> +
-# systemctl isolate graphical.target +
-</code> +
- +
-  Initiate runlevel 5 by default: +
  
-<code> +__Post Installation__
-# systemctl set-default graphical.target +
-</code>+
  
-  * Switch to runlevel 3: +  * In /root/bin on old/new machines, see final_sync_for_new_server.txt 
-<code> +  * As root, use ''alpine'' to check email from crons that indicate any errors or failures 
-# systemctl isolate multi-user.target +  * Cleanup old files in root, my $HOME 
-</code>+  * Fix date [[https://unix.stackexchange.com/questions/553679/set-clock-to-24-hour-format-for-all-users|to show 24 hour clock]] 
 +    * Setting should be in .bashrc
  
-  * Initiate runlevel 3 by default: +__Other Notes__
  
-<code> +MATE is now available See [[https://docs.rockylinux.org/guides/desktop/mate_installation/|MATE Documentation]]
-# systemctl set-default multi-user.target +
-</code>+
  
-  * For other run-level info, see [[https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/System_Administrators_Guide/sect-Managing_Services_with_systemd-Targets.html#sect-Managing_Services_with_systemd-Targets-Change_Default|RHEL7 Working with Systemd Targets]]+  * Add System Monitor to panel 
 +    * ''dnf -y install mate-system-monitor'' 
 +    * Right-click top panel > Add to Panel 
 +    * In the "Find an item to add to the panel:" search box, enter "System Monitor" and click Add 
 +    * Moving display of current CPU usage should appear
  
-After machine has been running for a few days, don't forget to use "alpine" and check for local email from crons that indicate any errors or failures.+__Known issues__ 
 +  * SHA-1 security signing is not supported on RHEL9 ([[https://www.redhat.com/en/blog/rhel-security-sha-1-package-signatures-distrusted-rhel-9|see RedHat blog post]]) 
 +    * /etc/cron.daily/google-chrome fails because of this 
 +      * Probably not a critical issue since Chrome can be updated via dnf
rocky_linux_9_migration_notes.1656279925.txt.gz · Last modified: 2022/06/26 17:45 by juckins