wiki.TerraBase.info

Rocky Linux Installation previously CentOS: Difference between revisions

← Older edit
VisualWikitext
mNo edit summary
mNo edit summary
 
(24 intermediate revisions by the same user not shown)
Line 1: Line 1:
===Notes===
==General Notes (applies to various version of CentOS and Rocky Linux, but modified as it applies to Rocky Linux 8 and above)==


*Hyper-V: Do not use virtual RAM when booting from CD / DVD, it will cause a Kernel Panic
*Hyper-V: Do not use virtual RAM when booting from CD / DVD, it will cause a Kernel Panic
*Bash Prompt (something actually useful): /etc/bashrc: [ "$PS1" = "\\s-\\v\\\$ " ] && PS1="[\w]\\$ "
 
*Disable SELINUX:/etc/selinux/config, set SELINUX to disabled, ''sestatus'' to check status AND /boot/efi/EFI/centos/grub.cfg, edit first line that starts with "linux..." and ends with a UTF setting, add selinux=0 to the end of the line.
'''Bash Prompt (something actually useful);'''
**This is only temporary (see above for making permanent): If issues occur when disabling SELINUX, reboot, make boot selection (do NOT press enter), press e, edit grub file, look for line near end that usually starts of with "linux..." and ends with a UTF setting, add selinux=0 to the end of the line. (Thanks to: https://www.virtualramblings.com/failed-to-load-selinux-policy-freezing/)
 
*For Existing Users, Current Session, at command prompt: PS1="\h} \w: "
*To make permanent and for New Users edit this File: /etc/bashrc: [ "$PS1" = "\\s-\\v\\\$ " ] && PS1="\h} \w: "
 
'''Disable SELINUX:/etc/selinux/config, set SELINUX to disabled;'''
 
*''sestatus'' to check status AND check /boot/efi/EFI/centos/grub, edit /etc/default/grub, <s>look for line that starts with "linux..." and ends with a UTF setting, add selinux=0 to the end of the line.</s>
 
*Alternatively or if Issues Occur: When disabling SELINUX, reboot, make boot selection (do NOT press enter), press e, edit grub file, look for line near end that usually starts of with "linux..." and ends with a UTF setting, add selinux=0 to the end of the line. (Thanks to: https://www.virtualramblings.com/failed-to-load-selinux-policy-freezing/)
 
*'''See Below in Rocky Linux 9 Section:''' <s>Show useful information when booting (it is Linux afterall): edit line in /boot/efi/EFI/centos/grub.cfg that usually starts of with "linux..." and ends with a UTF setting, remove ''rhel'' and ''quiet'' switches.</s>
*'''See Below in Rocky Linux 9 Section:''' <s>Show useful information when booting (it is Linux afterall): edit line in /boot/efi/EFI/centos/grub.cfg that usually starts of with "linux..." and ends with a UTF setting, remove ''rhel'' and ''quiet'' switches.</s>
*Boot to a command prompt: systemctl set-default multi-user.target (Thanks to: https://www.itzgeek.com/how-tos/linux/centos-how-tos/change-default-runlevel-in-centos-7-rhel-7.html#axzz3PuGwJi3X)
 
'''Boot to a command prompt instead of GUI;'''
 
*systemctl set-default multi-user.target (Thanks to: https://www.itzgeek.com/how-tos/linux/centos-how-tos/change-default-runlevel-in-centos-7-rhel-7.html#axzz3PuGwJi3X)
**startx will activate GUI
**startx will activate GUI
*Disable firewall (if behind a hardware firewall, etc.): systemctl stop firewalld.service, systemctl disable firewalld.service
*Disable firewall (if behind a hardware firewall, etc.): systemctl stop firewalld.service, systemctl disable firewalld.service
*Install Webmin RPM via Yum (it will also install dependencies automatically)
*Webmin New: Make a repo in /etc/yum.repos.d/webmin.repo (from https://www.webmin.com/rpm.html)
<syntaxhighlight lang="text">
[Webmin]
name=Webmin Distribution Neutral
#baseurl=https://download.webmin.com/download/yum
mirrorlist=https://download.webmin.com/download/yum/mirrorlist
enabled=1
gpgkey=https://download.webmin.com/jcameron-key.asc
gpgcheck=1
</syntaxhighlight>
 
*Webmin Old (now there's a repository available): Install Webmin RPM via Yum (it will also install dependencies automatically);
**curl -o setup-repos.sh <nowiki>https://raw.githubusercontent.com/webmin/webmin/master/setup-repos.sh</nowiki>
**sh setup-repos.sh
 
==Rocky Linux 9 (New Stuff)==
'''For Showing Useful Information While Booting, edit the /etc/default/grub File (get rid of quiet rhel Directives) and then use this command(s) (equivalent to what BootICE does for the Windows BCD File);'''
 
*For UEFI / EFI Boot: grub2-mkconfig -o /boot/efi/EFI/rocky/grub.cfg  or
*For BIOS Boot: grub2-mkconfig -o /boot/grub2/grub.cfg
*If grub-mkconfig is "not found": notice the subtle difference above: grub2-mkconfig (not grub(WITHOUT THE NUMBER 2)-mkconfig)
 
...but that's not enough these days.  You'll also need to use the GRUBBY command to modify the Kernel Parameters?  Yup, the same Kernel Parameters that can be modified in /etc/default/grub and are reflected in /boot/grub2/grub.cfg (but apparently don't do a damn thing as far a Kernel Parameters) are instead modified in the following way (this is similar to turning on a light switch and also being required to clap to have a light come on);
 
*grubby --info=ALL<span> </span>: Shows current settings, from https://forums.rockylinux.org/t/how-do-you-view-grub-command-line-options/11625
*Generally speaking, here's the syntax: grubby --update-kernel=ALL --args="new_option" OR grubby --update-kernel=ALL --remove-args="option_to_remove"
*To disable IPv6: grubby --update-kernel=X --args="ipv6.disable=1"
*To have useful "DMESG" information while booting instead of an Appled Up boring screen;
**grubby --update-kernel=ALL --remove-args="rhgb"
**grubby --update-kernel=ALL --remove-args="quiet"


===Rocky Linux 9 (New Stuff)===
'''Firewall''': If using something like Shorewall, get rid of FirewallD: yum remove firewalld* --noautoremove
For Showing Useful Information While Booting, edit the /etc/default/grub File and then use this command: grub2-mkconfig -o /boot/efi/EFI/rocky/grub.cfg (equivalent to what BootICE does for the Windows BCD File)


*  
*


Cockpit AddOns;
'''Cockpit and AddOns;'''


*...make sure it is enabled and started (not so by default)
*/etc/cockpit/disallowed-users (get rid of it to enable ROOT User)
*From: https://github.com/45Drives/cockpit-file-sharing
*From: https://github.com/45Drives/cockpit-file-sharing
**Samba PlugIn: dnf install <nowiki>https://github.com/45Drives/cockpit-file-sharing/releases/download/v3.2.9/cockpit-file-sharing-3.2.9-2.el8.noarch.rpm</nowiki>
**Don't use this one (too much of a hastle): Samba PlugIn: dnf install <nowiki>https://github.com/45Drives/cockpit-file-sharing/releases/download/v3.2.9/cockpit-file-sharing-3.2.9-2.el8.noarch.rpm</nowiki>
**Navigator (File Explorer): wget https://github.com/45Drives/cockpit-navigator/releases/download/v0.5.10/cockpit-navigator-0.5.10-1.el8.noarch.rpm, then rpm -Uhv WhateEverFileName
**Navigator (File Explorer): wget https://github.com/45Drives/cockpit-navigator/releases/download/v0.5.10/cockpit-navigator-0.5.10-1.el8.noarch.rpm, then rpm -Uhv WhateEverFileName


SAMBA / SMB: Remember, if SELINUX is enabled it messes up how SAMBA / SMB operates (can be very puzzling and frustrating): edit /etc/selinux/config and set to disabled (...yes I know, but when it's more hassle than it's worth forget it).
'''SAMBA / SMB:'''
 
*smbpasswd -a WhatEverUserName
*Remember, if SELINUX is enabled it messes up how SAMBA / SMB operates (can be very puzzling and frustrating): edit /etc/selinux/config and set to disabled (...yes I know, but when it's more hassle than it's worth forget it).


REMI (for multiple PHP version)
'''REMI (for multiple PHP version)'''


*dnf install epel-release
*dnf install epel-release
Line 45: Line 90:
<nowiki>*</nowiki> DNF = "Next Generation" of YUM
<nowiki>*</nowiki> DNF = "Next Generation" of YUM


Gnome Initial GUI / Desktop Setup
Gnome Initial GUI / Desktop Setup;


...there are so many suggested solutions that don't work when one wants a single user (root)
...there are so many suggested solutions that don't work when one wants a single user (root)
Line 52: Line 97:
*https://askubuntu.com/questions/1028822/disable-the-new-ubuntu-18-04-welcome-screen/1030095#1030095
*https://askubuntu.com/questions/1028822/disable-the-new-ubuntu-18-04-welcome-screen/1030095#1030095
*The best one that works every time is this: yum remove gnome-initial-setup (can't run if it "don't" exist!)
*The best one that works every time is this: yum remove gnome-initial-setup (can't run if it "don't" exist!)
*Disable Lock Screen;
**Settings, Privacy, Screen Lock
===Networking===
And under the category of "It isn't broken, so let's fix it" (thanks Red Hat Morons, yes morons, because in all of the documentation available no one has any good reason why the old system really needed replacing), so say hello to a piece of junk, err, NetworkManager
'''For more information;'''
*https://docs.rockylinux.org/gemstones/nmtui/
*https://www.redhat.com/en/blog/rhel-9-networking-say-goodbye-ifcfg-files-and-hello-keyfiles
For things like Webmin, seems to work OK.  Shorewall and other deeper IP stuff, perhaps not so much
'''Helpful Tips'''
*Show Physical NICs and match them to their "logical" name;
**lspci
**lshw -class network -short (notice the Device name)
**lshw -class network (notice the logical name)
**...and for detailed information on as specific adapter: ethtool WhatEverLogicalNameOfAdapter
*Webmin is a bit wonky with NetworkManager.
*Stop the "...renamed from eth0" 'consistent naming' 'capability' (from: https://www.itzgeek.com/how-tos/linux/centos-how-tos/how-to-change-network-interface-name-to-eth0-on-centos-8-rhel-8.html)
**
'''NetworkManager (if it is necessary to use it);'''
*Configuration: /etc/NetworkManger
*GUI: nm-connection-editor
*Text Based Editor: nmtui
*Directory for direct Text Editing: /etc/NetworkManager/system-connections
'''"Over Coming" NetworkManager (not disabling);'''
*Edit this file to PRIORITIZE the "old fashion" method over NetworkManager: /etc/NetworkManager/NetworkManager.conf, edit the plugins= line and put ifcfg-rh first
*Leave this in place for /etc/sysconfig/network-scripts/ifcfg-ethWhatEverNumber: NM_CONTROLLED="yes"
*yum install network-scripts --enableprepo=devel (this gets back stuff like "service network restart")
*ifup (just run the command and it will offer to install the necessary files)
'''Disabling NetworkManager'''
Because there seem to be so many different fashions (70-persistent-net.rules, udev, HWADDR) in how Linux in general and Rocky Linux 8 and 9 do things, here's a way to things for a server that has several NICs
*Pick a NIC port, assign an 'outlandish' (IE, you're not going to use it in the future) IP Address to it, make sure it works and then WHACK all the other ethernet devices / interfaces , using Webmin (handy if there are a bunch of NICs) or via command line.
*Rename Interfaces if desired (AKA getting rid of the freaky Rocky8 Network Interface names), see below example where enp2s0 is renamed to eth0;
**<code>ifconfig WhatEverName down</code>
**<code>ip link set enp2s0 name eth0</code>
***<code>...then in /etc/default/grub: GRUB_CMDLINE_LINUX="net.ifnames=0"</code>
***<code>...then: grub2-mkconfig /boot/grub2/grug.cfg</code>
***<code>...then make sure the Hardware Address is defined in ifcfg-ethX: HWADDR=WhatEverMACAddress</code>
**<code>mv /etc/sysconfig/network-scripts/ifcfg-enp2s0 /etc/sysconfig/network-scripts/ifcfg-eth0/</code>
**<code>nano /etc/sysconfig/network-scripts/ifcfg-eth0: DEVICE=eth0 (NAME Directive too if present)</code>
**above is from: https://tekneed.com/how-to-rename-nic-in-linux-centos-rhel-7-8/
**...and check with above noted "Hardware Commands": lshw -class network -short
*Everything good?  Nope, not finished;
**Gotta make sure Red Hat, err, Rocky Linux (especially 8) doesn't revert to the 'messed up', err, new method of naming interfaces (that don't work well with useful things like Shorewall, Webmin, etc): https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/networking_guide/ch-consistent_network_device_naming
**Make some boot configuration changes (sort of (don't set to stated values here) from https://yallalabs.com/linux/how-to-change-network-interface-name-from-enp0s3-to-eth0-centos-8/)
***Make sure the /etc/default/grub GRUB_CMDLINE_LINUX: "WhatEverIsCurrentlyThere AndAddSpace net.ifnames=1 biosdevname=1" (more information: https://unix.stackexchange.com/questions/637295/linux-kernel-parameters-what-is-the-difference-of-net-ifnames-0-and-biosdevname and https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/networking_guide/sec-consistent_network_device_naming_using_biosdevname)
***Rebuild Grub: See Above Section
**...and still not done because this leaves the naming of interfaces completely up to Linux and the information from the BIOS (or UEFI)
***Cute Story to start things: On a server with two built in NICs and an Intel i350 with 4 NICs on one x4 PCIe card, the names were as follows: eth0, eth1, eth2, eth4 were assigned to the Intel NICs, and eth3 and eth5 were assigned to the built in NICs.  Did you catch that?  Why did one of the built in one's nab eth3 from the Intel card.  Who knows? (Hint: above BIOS setting wasn't correct)
***Solution?  See below...
***Assign Hardware Addresses in /etc/sysconfig/network-scripts to make sure every NIC gets the IP Address it is supposed to get;
****HWADDR=WhatEverMACAddress (use ''lshw -class network -short'' AND ''ip a'' to match things up)
*From Here: https://www.thegeekdiary.com/centos-rhel-7-how-to-disable-networkmanager/amp/
**systemctl stop NetworkManager
**systemctl disable NetworkManager
**Any Network Interfaces in /etc/sysconfig/network-scripts, set this line as follows: NM_CONTROLLED="no"
**systemctl enable network (which results in this: /usr/lib/systemd/systemd-sysv-install enable network )
**service network restart OR systemctl restart network
***If needed: yum install network-scripts
**...and in /etc/NetworkManager/NetworkManager.conf: plugins=ifcfg-rh,keyfile (with keyfile second)
'''Disabling IPv6 (hint, it's in the GRUB configuration file);'''
https://www.tecmint.com/disable-ipv6-rhel-rocky-almalinux/
...and watch out for this annoying error from PING every time it is used: Address family not supported by protocol
'''Update Check: Disabling'''
There's a bunch of different things to do with a lot of 'it depends', so impossible to cover everything, sadly, look it up and resign one's self to doing a bunch of different things.
===Boot Time===
systemd-analyze blame
===Shorewall===
If using ShoreWall, some changes have been made over the years.  Watch out for these items: https://sourceforge.net/p/webadmin/discussion/600155/thread/67206ca38b/
===ApacheGUI (doesn't seem to have been popular and hasn't been supported for a couple of years, but still useful for quick viewing of files)===
Install it from here:
To have it start automatically, create a file named ApacheGUI.service in /etc/systemd/system<syntaxhighlight lang="text">
[Unit]
Description=ApacheGUI
[Service]
WorkingDirectory=/usr/share/ApacheGUI/bin
ExecStart=/usr/share/ApacheGUI/bin/run.sh
ExecStop=/usr/share/ApacheGUI/bin/stop.sh
[Install]
WantedBy=multi-user.target
</syntaxhighlight>...then: systemctl enable ApacheGUI.service
===Apache / HTTPD===
Believe it or not, SSL (AKA TLS) capability is not installed by default: yum install mod_ssl
To check general Apache performance (not troubleshooting) (from https://github.com/richardforth/apache2buddy, updated in late 2022, so seems current and valid as of this writing in early 2023 );
<code>curl -sL <nowiki>https://raw.githubusercontent.com/richardforth/apache2buddy/master/apache2buddy.pl</nowiki> | perl</code>


===Other Notes===
===phpMyAdmin===
The install via Yum / DNF puts things in locations that are different than if phpMyAdmin is installed manually.
 
*Directory for Files: /usr/share/phpMyAdmin
*Directories for Configuration
**/etc/phpMyAdmin/config.inc (for phpMyAdmin configuration) (ain't no config.sample.inc by default, as it has already been 'defaulted' by Red Hat)
**/etc/httpd/conf.d/phpMyAdmin.conf (for Apache level configuration)
*SSL / TLS / HTTPS: Believe it or not, out of the box accessing phpMyAdmin via HTTPS will not work (even if all the Apache stuff is properly configured).  Solution?
**Add this line to /etc/phpMyAdmin/config.inc: $cfg['Servers'][$i]['ssl'] = true;
**Some other comments here (but keep in mind this dude is trying to turn off HTTPS): https://stackoverflow.com/questions/57972164/run-phpmyadmin-without-ssl-https
 
===FSTAB===
Oh, where to begin.  Well, the only solution as of 2023 is to reboot.  Go ahead.  Try it.  Research it.  And see if you come to any conclusion other than the last sentence in this section.
 
Old Way (AKA, the first 1000 results from Google): mount -a
 
New Way (AKA, results sporadically starting at 1001 from Google): systemctl daemon-reload
 
Part they left out of New Way, in addition to the New Way (AKA, result 2000 plus from Google): systemctl restart-remote-fs.target AND systemctl restart-local-fs.target (thanks to: https://bbs.archlinux.org/viewtopic.php?id=192991)
 
...and in the end test with the plain MOUNT command to find none of it works.  So reboot.
 
==Obnoxious Issues==
 
===Error: Environment block too small ( in regards to grubenv )===
Source: https://www.linuxsysadmins.com/grub2-editenv-block-too-small/
 
==Other Notes==
After GUI installation, get it to boot to command line: <nowiki>http://www.itzgeek.com/how-tos/linux/centos-how-tos/change-default-runlevel-in-centos-7-rhel-7.html#axzz3PuGwJi3X</nowiki>
After GUI installation, get it to boot to command line: <nowiki>http://www.itzgeek.com/how-tos/linux/centos-how-tos/change-default-runlevel-in-centos-7-rhel-7.html#axzz3PuGwJi3X</nowiki>


o  systemctl set-default multi-user.target
Lock


o  Start Gnome Desktop; startx
*For Command Line instead of GUI interface:  systemctl set-default multi-user.target
**Display Current Setting: systemctl get-default OR ls -l /usr/lib/systemd/system/default.target
**List what is available: systemctl list units --type target
**More details here: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/configuring_basic_system_settings/working-with-systemd-targets_configuring-basic-system-settings
*Start Gnome Desktop from command line; startx


o  Exit Gnome desktop; Click the User Name, and select Logout
o  Exit Gnome desktop; Click the User Name, and select Logout
Line 240: Line 427:


MailWatch and MailScanner note; Version 5 for MailScanner changes some stuff including directory files, see the ReadMe in the installation source folder.
MailWatch and MailScanner note; Version 5 for MailScanner changes some stuff including directory files, see the ReadMe in the installation source folder.
...path issue on Rocky Linux: MailWatchConf.pm and other files here: /usr/share/MailScanner/perl/custom




Line 260: Line 449:
o  Left mailscanner.service in place instead of MailScanner like in previous builds.
o  Left mailscanner.service in place instead of MailScanner like in previous builds.


Postfix / MailScanner / etc general thought; Get Postfix working properly and tested as a relay first. Learned this from the overly restrictive and parnoid CentOS 7 default postfix config file that doesn’t even fucking include documentation in the file itself, as in the past.
Postfix / MailScanner / etc general thought; Get Postfix working properly and tested as a relay first. Learned this from the overly restrictive and parnoid CentOS 7 default postfix config file that doesn’t even forking include documentation in the file itself, as in the past.


And to do the above, just comment out that
And to do the above, just comment out that
Line 268: Line 457:




Clamd fucked out of the box… Configuration file from YUM is /etc/clamd.d/scan.conf, in the example file it is something else, and it is actually configured to use amavisd.conf.  WTF?
Clamd forked out of the box… Configuration file from YUM is /etc/clamd.d/scan.conf, in the example file it is something else, and it is actually configured to use amavisd.conf.  WTF?




Retrieved from "https://wiki.terrabase.info/wiki/Rocky_Linux_Installation_previously_CentOS"