Christopher Juckins

SysAdmin Tips, Tricks and other Software Tools

User Tools

Site Tools


rocky_linux_9_migration_notes

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
rocky_linux_9_migration_notes [2023/04/26 13:10] juckinsrocky_linux_9_migration_notes [2024/01/11 11:21] (current) juckins
Line 1: Line 1:
 ==== Rocky Linux 9 Migration Notes ==== ==== Rocky Linux 9 Migration Notes ====
  
-To migration from Rocky Linux 8.x to 9, [[https://www.starwindsoftware.com/blog/upgrade-from-rocky-linux-8-x-to-rocky-linux-9-0|try these steps]].+NOTE 1: The fresh install instructions below were tested on Rocky Linux 9.3
  
-//Below notes have been combined from [[centos_8_migration_notes|CentOS 8 Migration Notes]] and [[centos_7_migration_notes|CentOS 7 Migration Notes]].//\\+NOTE 2: Upgrading Rocky Linux 9.2 to 9.3 in late November 2023 resulted in ImageMagick errors.  Tried to remove ImageMagick*, then upgrade 9.2 to 9.3, and then reinstall ImageMagick* but the same error occurs. Fix was to disable /etc/yum.repos.d/epel-next.repo and then reinstall ImageMagick*. 
 + 
 +NOTE 3: To migrate from Rocky Linux 8.x to 9, [[https://www.starwindsoftware.com/blog/upgrade-from-rocky-linux-8-x-to-rocky-linux-9-0|try these steps]]. 
 + 
 +//The notes below have been combined from [[centos_8_migration_notes|CentOS 8 Migration Notes]] and [[centos_7_migration_notes|CentOS 7 Migration Notes]].//\\
 //It is based on the **[[https://www.xfce.org/|Xfce Desktop Environment]]**. MATE is available, see notes at bottom of the page.// //It is based on the **[[https://www.xfce.org/|Xfce Desktop Environment]]**. MATE is available, see notes at bottom of the page.//
  
 __Before Starting__ __Before Starting__
  
-  * Get inventory of users+  * Get inventory of users (see /home)
     * Become familiar with what each one does and the crons they run     * Become familiar with what each one does and the crons they run
-  * Make a test user on Rocky Linux 8 and one on Rocky Linux 9 
-    * Compare hidden files to see if anything changed between OSs 
-    * This allows for easy migrating of data for users' $HOME directories 
-    * Alternatively, just copy over the non-hidden files content first.  Then rsync other $HOME directories one-by-one 
- 
-  * Ensure all scripts make their own log file directory 
-    * ''$log_dir = "/var/tmp/check_disk_space";'' 
-    * ''mkdir ("$log_dir", 0755);'' 
-    * Should crons write to /tmp and then have a daily script that checks cron logs for errors? 
- 
   * Copy the following to external hard drive or other machine for restoration after upgrade   * Copy the following to external hard drive or other machine for restoration after upgrade
     * All users $HOME directories     * All users $HOME directories
     * Ensure crons are in each user's $HOME/crontab directory     * Ensure crons are in each user's $HOME/crontab directory
-    * Log files from /var/tmp/ 
-    * ''/etc/ssh/*key*''  
-      * Or, possibly the entire directory contents to prevent man-in-the-middle attack messages (testing needed) 
     * ''/etc/hosts''     * ''/etc/hosts''
     * ''/etc/samba/smb.conf''     * ''/etc/samba/smb.conf''
Line 35: Line 26:
  
   * Perform a minimal or basic install of Rocky Linux 9   * Perform a minimal or basic install of Rocky Linux 9
-  * Run the [[dnf_installer_bash_script_rocky_linux_9|Rocky Linux 9 bash setup script]] to get the usual extras, add-ons and other packages 
   * Backup ''/etc/selinux/config'' and change from enforcing to permissive. Reboot.   * Backup ''/etc/selinux/config'' and change from enforcing to permissive. Reboot.
 +  * Run the [[dnf_installer_bash_script_rocky_linux_9|Rocky Linux 9 bash setup script]] to get the usual extras, add-ons and other packages
 +  * Reboot target computer and login.
 +
   * Since Xfce will be installed by running the bash script noted above, you can copy in pre-existing configs from another machine that already has Xfce installed.   * Since Xfce will be installed by running the bash script noted above, you can copy in pre-existing configs from another machine that already has Xfce installed.
     * Copy files in ''~/.config/xfce4/'' from another pre-configured machine to this machine     * Copy files in ''~/.config/xfce4/'' from another pre-configured machine to this machine
-    * Reboot target computer and login.  +    * ''cd .config/xfce4; rsync -avzn --delete --progress . XX.XX.XX.XX:~/.config/xfce4/''     
-    * See {{:xfce.png?linkonly|Xfce Desktop image}} for suggested icons, placement, etc. +    * See {{:xfce.png?linkonly|Xfce Desktop image 1}} or {{:xfce_desktop_layout.png?linkonly|Xfce Desktop image 2}} for suggested icons, placement, etc. 
-  Disable screensaver +      [[https://itsfoss.com/install-themes-xfce-xubuntu/|Notes for installing additional Xfce themes]] 
-  * Skip custom java runtime installation (does not seem to be needed)+ 
 +  * Disable screensaver and power management
   * If necessary, disable WiFi LAN connection as root: ''nmcli radio wifi off''   * If necessary, disable WiFi LAN connection as root: ''nmcli radio wifi off''
   * [[https://unix.stackexchange.com/questions/152691/how-to-disable-beep-sound-in-linux-centos-7-command-line|Disable bell]]   * [[https://unix.stackexchange.com/questions/152691/how-to-disable-beep-sound-in-linux-centos-7-command-line|Disable bell]]
-  * [[python_notes|Run through Python/PIP configuration]] 
  
-  * [[https://www.linuxcapable.com/how-to-install-apache-httpd-on-rocky-linux-9/|Install Apache on Rocky Linux 9]] +  * Create necessary user accounts 
-  * Copy/merge in ''/etc/httpd/conf/httpd.conf'' from previous machine +    *  ''mate-user-admin'' is a graphical admin tool (old tool was system-config-users) 
-  * Run through [[php8.1_upgrade|Rocky Linux 9 PHP 8.1 Upgrade]]+  * Restore user's $HOME directories 
 +    * Copy over non-hidden files/directories first 
 +      * You can use rsync with the option to [[rsync_ignore_hidden_files|ignore hidden files]] 
 +    * Then rsync other hidden directories in each user's $HOME one-by-one, taking only what is needed 
 + 
 +  * [[https://www.linuxteck.com/how-to-install-apache-on-rocky-linux/|Install Apache on Rocky Linux 9]] 
 +  * Copy/merge in ''/etc/httpd/conf/httpd.conf'' (and all backup versions) from previous machine 
 +  * Test password-restricted pages 
 +  * Run through [[php8.2_on_rocky_linux_8|PHP 8.2 on Rocky Linux 9]]
   * Copy/merge in a known good ''/etc/php.ini'' file from previous machine   * Copy/merge in a known good ''/etc/php.ini'' file from previous machine
   * Ensure a php file loads correctly (localhost, 192.168.X.XX, 127.0.0.1)   * Ensure a php file loads correctly (localhost, 192.168.X.XX, 127.0.0.1)
   * Check httpd logs for any errors, such as mod security   * Check httpd logs for any errors, such as mod security
-    * Uninstall [[https://phoenixnap.com/kb/setup-configure-modsecurity-on-apache|mod_security]] if necessary+    * Uninstall [[https://phoenixnap.com/kb/setup-configure-modsecurity-on-apache|mod_security RPMs]] and restart apache if web pages cycle between Forbidden errors
  
   * Firewall configuration   * Firewall configuration
 +    * [[https://linuxhint.com/enable-disable-firewall-rocky-linux-9/|Enable-Disable Firewall]]
     * [[https://serverfault.com/questions/655851/is-there-a-simple-way-to-export-import-firewalld-settings|Export Firewall Rules to new server]]     * [[https://serverfault.com/questions/655851/is-there-a-simple-way-to-export-import-firewalld-settings|Export Firewall Rules to new server]]
       * Can also try ''firewall-config'' to clone rules from previous machine       * Can also try ''firewall-config'' to clone rules from previous machine
Line 68: Line 70:
         * ''systemctl restart fail2ban''         * ''systemctl restart fail2ban''
  
-  * MySQL / MariaDB Database and users +  * MySQL / MariaDB Database - Installation 
-    * [[https://www.digitalocean.com/community/tutorials/how-to-install-mariadb-on-rocky-linux-9|Install MariaDB on Rocky Linux 9]] +    * [[https://www.digitalocean.com/community/tutorials/how-to-install-mariadb-on-rocky-linux-9|Install MariaDB on Rocky Linux 9]] and follow all steps to secure it, change default password, etc. 
-    * [[https://www.digitalocean.com/community/tutorials/how-to-reset-your-mysql-or-mariadb-root-password|Reset mysql root password]]+    * How to [[https://www.digitalocean.com/community/tutorials/how-to-reset-your-mysql-or-mariadb-root-password|reset mysql root password]] if needed 
 + 
 +  * Install [[https://www.phpmyadmin.net/|phpMyAdmin]] and use [[installing_phpmyadmin_tips|these tips]] 
 +    * Merge in config.inc.php from previous machine 
 +    * Clear local browser history, then test  
 +    * To create the phpmyadmin database, use the "Import" function and browse to the sql/create_tables.sql script (do this as root db user) 
 +    * To move over users, export from phpMyAdmin on old machine and cut-past into the Import function on new machine.   
 +      * If problematic, save to a .sql file locally and use the Import function. 
 + 
 +  * MySQL / MariaDB Database - Migrate databases 
 +    * [[http://www.uptimemadeeasy.com/linux/mysql-migrate-users-server-server/|Migrate MySQL users to new machine]] 
 +      * They can be exported from phpMyAdmin (but don't include root)
     * [[https://www.tecmint.com/transfer-mysql-databases-from-old-to-new-server/|Migrate all databases with mysqldump]]     * [[https://www.tecmint.com/transfer-mysql-databases-from-old-to-new-server/|Migrate all databases with mysqldump]]
       * Note that the restore of mysql does not use ''-all-databases'' option and is an error in link above       * Note that the restore of mysql does not use ''-all-databases'' option and is an error in link above
     * [[https://www.linode.com/docs/databases/mysql/create-physical-backups-of-your-mariadb-or-mysql-databases/|Migrate with tar]]     * [[https://www.linode.com/docs/databases/mysql/create-physical-backups-of-your-mariadb-or-mysql-databases/|Migrate with tar]]
-    * [[http://www.uptimemadeeasy.com/linux/mysql-migrate-users-server-server/|Migrate MySQL users to new machine]] 
-      * They can be exported from phpMyAdmin (but don't include root) 
     * Export MySQL databases with mysqldump     * Export MySQL databases with mysqldump
       * [[https://www.digitalocean.com/community/tutorials/how-to-migrate-a-mysql-database-between-two-servers|Migrate MySQL database to new server]]       * [[https://www.digitalocean.com/community/tutorials/how-to-migrate-a-mysql-database-between-two-servers|Migrate MySQL database to new server]]
       * [[http://dev.mysql.com/doc/refman/5.7/en/copying-databases.html|Move MySQL databases to new server]]       * [[http://dev.mysql.com/doc/refman/5.7/en/copying-databases.html|Move MySQL databases to new server]]
 +    * When done, check format of tables (MyISAM vs InnoDB vs Aria)
 +    * To change database engine, see [[https://phoenixnap.com/kb/myisam-vs-innodb|these notes]]
  
-  * Install [[https://www.phpmyadmin.net/|phpMyAdmin]] +  * [[python_notes|Run through Python/PIP configuration]] 
-    * Merge in configs from previous machine +    * For the non-root user needing itrun ''pip install dictor'' and ''pip install astral''
-    * Clear local browser historythen test  +
-    * May need to comment out the cookie validity setting in config.inc.php+
  
 +  * Install miniconda3 (see [[python_virtual_environments|Python Virtual Environments]])
 +
 +  * [[gmail_as_a_relay_on_linux|Set up Gmail Relay and test]]
   * Set up [[samba_file_sharing|Samba]] users, passwords, shares (for security cameras)   * Set up [[samba_file_sharing|Samba]] users, passwords, shares (for security cameras)
 +    * Credentials are stored in my secure password file
 +      * command will be: ''smbpasswd -a USER'' (then enter password at next prompt)
     * Make sure service is running and will start at boot.     * Make sure service is running and will start at boot.
     * Check output with: ''testparm -v''     * Check output with: ''testparm -v''
-  [[gmail_as_a_relay_on_linux|Set up Gmail Relay and test]]+    The security cameras will need to reformat their nas disk locations to store video files
   * VSFTP (for security cameras)   * VSFTP (for security cameras)
-    * [[http://www.liquidweb.com/kb/how-to-install-and-configure-vsftpd-on-centos-7/|Config instructions]]+    * [[https://wiki.crowncloud.net/?How_Install_VSFTPD_on_Rocky_Linux_9|Rocky Linux 9 instructions]] 
 +    * [[http://www.liquidweb.com/kb/how-to-install-and-configure-vsftpd-on-centos-7/|CentOS 7 instructions]]
     * [[https://www.benscobie.com/fixing-500-oops-vsftpd-refusing-to-run-with-writable-root-inside-chroot/|500 writeable root error]]     * [[https://www.benscobie.com/fixing-500-oops-vsftpd-refusing-to-run-with-writable-root-inside-chroot/|500 writeable root error]]
     * As root: ''setsebool -P allow_ftpd_full_access on''     * As root: ''setsebool -P allow_ftpd_full_access on''
Line 98: Line 115:
     * https://sourceforge.net/p/ddclient/wiki/Home/     * https://sourceforge.net/p/ddclient/wiki/Home/
     * ''dnf -y install ddclient''     * ''dnf -y install ddclient''
-    * Use ''/etc/ddclient/*'' for configs from previous machine+    * Use ''/etc/ddclient.conf'' for configs from previous machine
   * Setup duckdns updater cron   * Setup duckdns updater cron
   * Setup ydns updater cron   * Setup ydns updater cron
Line 106: Line 123:
   * Restore and test crons for each user   * Restore and test crons for each user
     * Check that each cron job runs and the specified log directory exists     * Check that each cron job runs and the specified log directory exists
 +    * Modify ''/etc/environment'' to include ''LC_TIME="en_GB.UTF-8"'' for 24-hour clock used by cron jobs
   * Check network connections and make sure active connection comes up at boot time   * Check network connections and make sure active connection comes up at boot time
-  * Install NoMachine Desktop 
   * Restore Thunderbird profile   * Restore Thunderbird profile
-  * Restore Firefox profile +  * [[https://www.virtualbox.org/wiki/Linux_Downloads|Install VirtualBox]] 
-  * Restore VirtualBox and all machines+    * Migrate/import VirtualBox machines [[https://4sysops.com/archives/move-virtualbox-vm-to-other-hosts/|using these notes]] 
 +    * I had to create and self-sign MOK (Machine Owner Key) certificates.  Info [[https://gist.github.com/reillysiemens/ac6bea1e6c7684d62f544bd79b2182a4|here]]. 
 +    * My Google Doc "Linux Replacement 2024" has some crude notes 
 +  * Restore Remmina profiles 
 +    * ''$HOME/.local/share/remmina'' and ''$HOME/.config/remmina''
   * Test ASMAD for processing end-to-end   * Test ASMAD for processing end-to-end
 +    * All perl scripts
 +      * Required modules should be included in the [[dnf_installer_bash_script_rocky_linux_9|dnf installer bash script]]
 +    * All python scripts
 +      * Check my amtrak_status "doc" directory for required python modules
   * Install [[clamav_antivirus|ClamAV]]   * Install [[clamav_antivirus|ClamAV]]
   * Install local printer   * Install local printer
 +    * Use http://localhost:631/admin and root username/password for credentials
 +    * If you don't use root credentials, then you need to modify /etc/cups/cups-files.conf and add my username to the SystemGroup line
 +    * Then restart cups ''systemctl restart cups''
 +    * Use AppSocket/HP JetDirect to add printer by IP address like <nowiki>''socket://XX.XX.XX.XX''</nowiki>
 +    * Choose driver ''Foomatic/hl1250 en''
 +    * Use option settings to make it the default printer and use 600x600 DPI quality
 +    * Test using enscript filename.txt (old a2ps command)
 +    * See if printer is default with ''lpstat -p -d'' and/or set it with ''lpoptions -d PRINTER_NAME''
 +    * ''lpstat -d'' should now show the new printer as the default
 +  * Local RPMs
 +    * perl-Math-Round
 +    * Slack
 +    * sunwait
 +      * Test with ''/usr/bin/sunwait -v sun down -0:01:00 33.640411N 84.419853W''
   * Check any remaining ''/etc/yum.repos.d/*'' configuration setup   * Check any remaining ''/etc/yum.repos.d/*'' configuration setup
-    * For example, Ookla Speedtest+    * For example, [[https://www.speedtest.net/apps/cli|Ookla Speedtest CLI]]
   * Mount /disk2 (see [[adding_a_second_hard_drive]])   * Mount /disk2 (see [[adding_a_second_hard_drive]])
   * Install [[https://github.com/pwsafe/pwsafe/releases?q=non-windows&expanded=true|PasswordSafe for Linux]]   * Install [[https://github.com/pwsafe/pwsafe/releases?q=non-windows&expanded=true|PasswordSafe for Linux]]
 +    * See repo at https://sourceforge.net/projects/passwordsafe/files/Linux/
     * Use this instead of [[https://gorilla.dp100.com/downloads/|Gorilla password manager]]     * Use this instead of [[https://gorilla.dp100.com/downloads/|Gorilla password manager]]
     * v1.16 works with ''dnf localinstall passwordsafe-fedora37-1.16.rpm''     * v1.16 works with ''dnf localinstall passwordsafe-fedora37-1.16.rpm''
 +    * Binary is /usr/bin/pwsafe
   * Add CPU graph and Weather Info to panel   * Add CPU graph and Weather Info to panel
-    * ''dnf install xfce4-cpugraph-plugin xfce4-weather-plugin'' +    * Packages are xfce4-cpugraph-plugin and xfce4-weather-plugin which are part of the bash install script noted near top of this page 
-    * Right-click top panel > Add to Panel+    * Right-click top panel > Add New Items
     * Add CPU Graph, Weather Info     * Add CPU Graph, Weather Info
 +  * Adjust top and bottom panels
 +    * Reverse positions
 +    * Make top panel 24px with icons at fixed 22px
 +    * Bottom panel 24px with icons at fixed 16px
 +    * Top panel has these buttons:
 +      * Show desktop, separator, calculator, xterm, gedit, chrome, chrome beta, firefox, app finder, file manager, screenshot, password safe, keepassxc, shortcut to security cams, VirtualBox, Remmina, XfreeRDP
 +    * Stop the Keyring popup GUI when starting Chrome (see [[https://unix.stackexchange.com/questions/718489/how-to-fix-login-keyring|this post]])
 +      * ''cd ~/.local/share/keyrings; mv login.keyring login.keyring.IGNORE'' 
 +      * Log out and log back in or reboot
  
 __Post Installation__ __Post Installation__
  
 +  * In /root/bin on old/new machines, see final_sync_for_new_server.txt
   * As root, use ''alpine'' to check email from crons that indicate any errors or failures   * As root, use ''alpine'' to check email from crons that indicate any errors or failures
 +  * Cleanup old files in root, my $HOME
 +  * Fix date [[https://unix.stackexchange.com/questions/553679/set-clock-to-24-hour-format-for-all-users|to show 24 hour clock]]
 +    * Setting should be in .bashrc
  
 __Other Notes__ __Other Notes__
Line 138: Line 192:
     * In the "Find an item to add to the panel:" search box, enter "System Monitor" and click Add     * In the "Find an item to add to the panel:" search box, enter "System Monitor" and click Add
     * Moving display of current CPU usage should appear     * Moving display of current CPU usage should appear
 +
 +__Known issues__
 +  * SHA-1 security signing is not supported on RHEL9 ([[https://www.redhat.com/en/blog/rhel-security-sha-1-package-signatures-distrusted-rhel-9|see RedHat blog post]])
 +    * /etc/cron.daily/google-chrome fails because of this
 +      * Probably not a critical issue since Chrome can be updated via dnf
rocky_linux_9_migration_notes.1682529034.txt.gz · Last modified: 2023/04/26 13:10 by juckins