Christopher Juckins

NOTE: To migrate from Rocky Linux 8.x to 9, try these steps.

The notes below have been combined from CentOS 8 Migration Notes and CentOS 7 Migration Notes.
It is based on the Xfce Desktop Environment. MATE is available, see notes at bottom of the page.

Before Starting

• Get inventory of users
  • Become familiar with what each one does and the crons they run
• Ensure all scripts make their own log file directory
  • $log_dir = "/var/tmp/check_disk_space";
  • mkdir ("$log_dir", 0755);
• Copy the following to external hard drive or other machine for restoration after upgrade
  • All users $HOME directories
  • Ensure crons are in each user's $HOME/crontab directory
  • Log files from /var/tmp/
  • /etc/ssh/*key*
    • Or, possibly the entire directory contents to prevent man-in-the-middle attack messages (testing needed)
  • /etc/hosts
  • /etc/samba/smb.conf
  • /var/lib/samba/private/passdb.tbd
  • /var/lib/samba/private/secrets.tbd
  • /etc/vsftpd/*

Installation

• Perform a minimal or basic install of Rocky Linux 9
• Backup /etc/selinux/config and change from enforcing to permissive. Reboot.
• Run the Rocky Linux 9 bash setup script to get the usual extras, add-ons and other packages
• Reboot target computer and login.

• Since Xfce will be installed by running the bash script noted above, you can copy in pre-existing configs from another machine that already has Xfce installed.
  • Copy files in ~/.config/xfce4/ from another pre-configured machine to this machine
  • cd .config/xfce4; rsync -avzn –delete –progress . XX.XX.XX.XX:~/.config/xfce4/
  • See Xfce Desktop image for suggested icons, placement, etc.
    • Notes for installing additional Xfce themes

• Disable screensaver and power management
• If necessary, disable WiFi LAN connection as root: nmcli radio wifi off
• Disable bell

• Create necessary user accounts
  • mate-user-admin is a graphical admin tool
  • Copy over the non-hidden files/directories first
  • Then rsync other hidden directories in each user's $HOME one-by-one

• Install Apache on Rocky Linux 9
• Copy/merge in /etc/httpd/conf/httpd.conf (and all backup versions) from previous machine
• Test password-restricted pages
• Run through PHP 8.2 on Rocky Linux 9
• Copy/merge in a known good /etc/php.ini file from previous machine
• Ensure a php file loads correctly (localhost, 192.168.X.XX, 127.0.0.1)
• Check httpd logs for any errors, such as mod security
  • Uninstall mod_security RPMs and restart apache if web pages cycle between Forbidden errors

• Firewall configuration
  • Enable-Disable Firewall
  • Export Firewall Rules to new server
    • Can also try firewall-config to clone rules from previous machine
  • Add https and http to firewall rules
    • firewall-cmd –zone=public –add-service=http –permanent
    • firewall-cmd –zone=public –add-service=https –permanent
  • Configure fail2ban
    • Edit /etc/fail2ban/jail.local to ban for longer than default of 1 hour
    • Review /var/log/fail2ban.log output
    • As root, ensure service is running:
      • systemctl enable fail2ban
      • systemctl restart fail2ban

• MySQL / MariaDB Database - Installation
  • Install MariaDB on Rocky Linux 9 and follow all steps to secure it, change default password, etc.
  • How to reset mysql root password if needed

• Install phpMyAdmin and use these tips
  • Merge in config.inc.php from previous machine
  • Clear local browser history, then test
  • To create the phpmyadmin database, use the "Import" function and browse to the sql/create_tables.sql script (do this as root)
  • To move over users, export from phpMyAdmin on old machine and cut-past into the Import function on new machine.
    • If problematic, save to a .sql file locally and use the Import function.

• MySQL / MariaDB Database - Migrate databases
  • Migrate MySQL users to new machine
    • They can be exported from phpMyAdmin (but don't include root)
  • Migrate all databases with mysqldump
    • Note that the restore of mysql does not use -all-databases option and is an error in link above
  • Migrate with tar
  • Export MySQL databases with mysqldump
    • Migrate MySQL database to new server
    • Move MySQL databases to new server
  • When done, check format of tables (MyISAM vs InnoDB vs Aria)

• Run through Python/PIP configuration
  • python3 -m pip install dictor

• Install miniconda3 (see Python Virtual Environments)

• Set up Gmail Relay and test
• Set up Samba users, passwords, shares (for security cameras)
  • Make sure service is running and will start at boot.
  • Check output with: testparm -v
  • The above still needs to be tested
• VSFTP (for security cameras)
  • Rocky Linux 9 instructions
  • CentOS 7 instructions
  • 500 writeable root error
  • As root: setsebool -P allow_ftpd_full_access on
  • As root: systemctl restart vsftpd
  • As root: systemctl enable vsftpd
• Setup ddclient:
  • https://sourceforge.net/p/ddclient/wiki/Home/
  • dnf -y install ddclient
  • Use /etc/ddclient/* for configs from previous machine
• Setup duckdns updater cron
• Setup ydns updater cron
• Rsync over /var/www/html/
  • Test pages for proper display
  • Check httpd logs for errors
• Restore and test crons for each user
  • Check that each cron job runs and the specified log directory exists
• Check network connections and make sure active connection comes up at boot time
• Restore Thunderbird profile
• Restore Firefox profile
• Restore VirtualBox and all machines
• Restore Remmina profiles
  • $HOME/.local/share/remmina and $HOME/.config/remmina
• Test ASMAD for processing end-to-end
• Install ClamAV
• Install local printer
  • Use http://localhost:631/admin and my local username/password for credentials
  • Use AppSocket/HP JetDirect to add printer by IP address with socket nomenclature
  • Choose driver Foomatic/hl1250 en
  • Use option settings to make it the default printer and use 600x600 DPI quality
  • Test using enscript filename.txt (old a2ps command)
• Local RPMs
  • NVIDIA
  • passwordsafe
  • Slack
  • sunwait
    • Test with /usr/bin/sunwait -v sun down -0:01:00 33.640411N 84.419853W
  • VirtualBox
• Check any remaining /etc/yum.repos.d/* configuration setup
  • For example, Ookla Speedtest CLI
• Mount /disk2 (see adding_a_second_hard_drive)
• Install PasswordSafe for Linux
  • Use this instead of Gorilla password manager
  • v1.16 works with dnf localinstall passwordsafe-fedora37-1.16.rpm
• Add CPU graph and Weather Info to panel
  • Packages are xfce4-cpugraph-plugin and xfce4-weather-plugin which are part of the bash install script noted near top of this page
  • Right-click top panel > Add New Items
  • Add CPU Graph, Weather Info
• Adjust top and bottom panels
  • Reverse positions
  • Make top panel 24px with icons at fixed 22px
  • Bottom panel 24px with icons at fixed 16px
  • Top panel has these buttons:
    • Show desktop, separator, calculator, xterm, gedit, chrome, chrome beta, firefox, app finder, file manager, screenshot, keepass, xfreerdp, shortcut to security cams, VirtualBox, Remmina
  • Stop the Keyring popup GUI when starting Chrome (see this post)
    • cd ~/.local/share/keyrings; mv login.keyring login.keyring.IGNORE
    • Log out and log back in or reboot

Post Installation

• As root, use alpine to check email from crons that indicate any errors or failures

Other Notes

MATE is now available. See MATE Documentation

• Add System Monitor to panel
  • dnf -y install mate-system-monitor
  • Right-click top panel > Add to Panel
  • In the "Find an item to add to the panel:" search box, enter "System Monitor" and click Add
  • Moving display of current CPU usage should appear

Known issues

• SHA-1 security signing is not supported on RHEL9 (see RedHat blog post)
  • /etc/cron.daily/google-chrome fails because of this
    • Probably not a critical issue since Chrome can be updated via dnf