Christopher Juckins

Below notes have been combined from CentOS 8 Migration Notes and CentOS 7 Migration Notes so modifications may be needed.

Before Starting

• Get inventory of users
  • Become familiar with what each one does and the crons they run
• Make a test user on Rocky Linux 8 and one on Rocky Linux 9
  • Compare hidden files to see if anything changed between OSs
  • This allows for easy migrating of data for users' $HOME directories
  • Alternatively, just copy over the non-hidden files content first. Then rsync other $HOME directories one-by-one

• Ensure all scripts make their own log file directory
  • $log_dir = "/var/tmp/check_disk_space";
  • mkdir ("$log_dir", 0755);
  • Should crons write to /tmp and then have a daily script that checks cron logs for errors?

• Copy the following to external hard drive or other machine for restoration after upgrade
  • All users $HOME directories
  • Ensure crons are in each user's $HOME/crontab directory
  • Log files from /var/tmp/
  • /etc/ssh/*key*
    • Or, possibly the entire directory contents to prevent man-in-the-middle attack messages (testing needed)
  • /etc/hosts
  • /etc/samba/smb.conf
  • /var/lib/samba/private/passdb.tbd
  • /var/lib/samba/private/secrets.tbd
  • /etc/vsftpd/*

Installation

• Perform a minimal or basic install of Rocky Linux 9
• Run the Rocky Linux 9 bash setup script to get the usual extras, add-ons and other packages
• Backup /etc/selinux/config and change from enforcing to permissive. Reboot.
• Since Xfce will be installed by running the bash script noted above, you can copy in pre-existing configs from another machine that already has Xfce installed.
  • Copy files in ~/.config/xfce4/ from another pre-configured machine to this machine
  • Reboot target computer and login.
  • See Xfce Desktop image for suggested icons, placement, etc.
• Disable screensaver
• Skip custom java runtime installation (does not seem to be needed)
• If necessary, disable WiFi LAN connection as root: nmcli radio wifi off
• Disable bell
• Run through Python/PIP configuration

• Install Apache on Rocky Linux 9
• Copy/merge in /etc/httpd/conf/httpd.conf from previous machine
• Run through Rocky Linux 9 PHP 8.1 Upgrade
• Copy/merge in a known good /etc/php.ini file from previous machine
• Ensure a php file loads correctly (localhost, 192.168.X.XX, 127.0.0.1)
• Check httpd logs for any errors, such as mod security
  • Uninstall mod_security if necessary

• Firewall configuration
  • Export Firewall Rules to new server
    • Can also try firewall-config to clone rules from previous machine
  • Add https and http to firewall rules
    • firewall-cmd –zone=public –add-service=http –permanent
    • firewall-cmd –zone=public –add-service=https –permanent
  • Configure fail2ban
    • Edit /etc/fail2ban/jail.local to ban for longer than default of 1 hour
    • Review /var/log/fail2ban.log output
    • As root, ensure service is running:
      • systemctl enable fail2ban
      • systemctl restart fail2ban

• MySQL / MariaDB Database and users
  • Install MariaDB on Rocky Linux 9
  • Reset mysql root password
  • Migrate all databases with mysqldump
    • Note that the restore of mysql does not use -all-databases option and is an error in link above
  • Migrate with tar
  • Migrate MySQL users to new machine
    • They can be exported from phpMyAdmin (but don't include root)
  • Export MySQL databases with mysqldump
    • Migrate MySQL database to new server
    • Move MySQL databases to new server

• Install phpMyAdmin
  • Merge in configs from previous machine
  • Clear local browser history, then test
  • May need to comment out the cookie validity setting in config.inc.php

• Set up Samba users, passwords, shares (for security cameras)
  • Make sure service is running and will start at boot.
  • Check output with: testparm -v
• Set up Gmail Relay and test
• VSFTP (for security cameras)
  • Config instructions
  • 500 writeable root error
  • As root: setsebool -P allow_ftpd_full_access on
  • As root: systemctl restart vsftpd
  • As root: systemctl enable vsftpd
• Setup ddclient:
  • https://sourceforge.net/p/ddclient/wiki/Home/
  • dnf -y install ddclient
  • Use /etc/ddclient/* for configs from previous machine
• Setup duckdns updater cron
• Setup ydns updater cron
• Rsync over /var/www/html/
  • Test pages for proper display
  • Check httpd logs for errors
• Restore and test crons for each user
  • Check that each cron job runs and the specified log directory exists
• Check network connections and make sure active connection comes up at boot time
• Install NoMachine Desktop
• Restore Thunderbird profile
• Restore Firefox profile
• Restore VirtualBox and all machines
• Test ASMAD for processing end-to-end
• Install ClamAV
• Install local printer
• Check any remaining /etc/yum.repos.d/* configuration setup
  • For example, Ookla Speedtest
• Mount /disk2 (see adding_a_second_hard_drive)
• Install PasswordSafe for Linux
  • Use this instead of Gorilla password manager
  • v1.16 works with dnf localinstall passwordsafe-fedora37-1.16.rpm
• Add System Monitor to panel
  • dnf -y install mate-system-monitor
  • Right-click top panel > Add to Panel
  • In the "Find an item to add to the panel:" search box, enter "System Monitor" and click Add
  • Moving display of current CPU usage should appear

Post Installation

• As root, use alpine to check email from crons that indicate any errors or failures

Other Notes MATE is now available. See MATE Documentation