Rocky Linux Installation previously CentOS: Difference between revisions

(15 intermediate revisions by the same user not shown)

Line 32:

</syntaxhighlight>

*Webmin Old (now there's a repository available): Install Webmin RPM via Yum (it will also install dependencies automatically)

*Webmin Old (now there's a repository available): Install Webmin RPM via Yum (it will also install dependencies automatically);

**curl -o setup-repos.sh <nowiki>https://raw.githubusercontent.com/webmin/webmin/master/setup-repos.sh</nowiki>

**sh setup-repos.sh

==Rocky Linux 9 (New Stuff)==

Line 40:

Line 42:

*For BIOS Boot: grub2-mkconfig -o /boot/grub2/grub.cfg

*If grub-mkconfig is "not found": notice the subtle difference above: grub2-mkconfig (not grub(WITHOUT THE NUMBER 2)-mkconfig)

...but that's not enough these days. You'll also need to use the GRUBBY command to modify the Kernel Parameters? Yup, the same Kernel Parameters that can be modified in /etc/default/grub and are reflected in /boot/grub2/grub.cfg (but apparently don't do a damn thing as far a Kernel Parameters) are instead modified in the following way (this is similar to turning on a light switch and also being required to clap to have a light come on);

*grubby --info=ALL<span> </span>: Shows current settings, from https://forums.rockylinux.org/t/how-do-you-view-grub-command-line-options/11625

*Generally speaking, here's the syntax: grubby --update-kernel=ALL --args="new_option" OR grubby --update-kernel=ALL --remove-args="option_to_remove"

*To disable IPv6: grubby --update-kernel=X --args="ipv6.disable=1"

*To have useful "DMESG" information while booting instead of an Appled Up boring screen;

**grubby --update-kernel=ALL --remove-args="rhgb"

**grubby --update-kernel=ALL --remove-args="quiet"

'''Firewall''': If using something like Shorewall, get rid of FirewallD: yum remove firewalld* --noautoremove

Line 45:

Line 56:

*

'''Cockpit AddOns;'''

'''Cockpit and AddOns;'''

*...make sure it is enabled and started (not so by default)

*/etc/cockpit/disallowed-users (get rid of it to enable ROOT User)

*From: https://github.com/45Drives/cockpit-file-sharing

**Don't use this one (too much of a hastle): Samba PlugIn: dnf install <nowiki>https://github.com/45Drives/cockpit-file-sharing/releases/download/v3.2.9/cockpit-file-sharing-3.2.9-2.el8.noarch.rpm</nowiki>

Line 77:

Line 90:

<nowiki>*</nowiki> DNF = "Next Generation" of YUM

Gnome Initial GUI / Desktop Setup

Gnome Initial GUI / Desktop Setup;

...there are so many suggested solutions that don't work when one wants a single user (root)

Line 84:

Line 97:

*https://askubuntu.com/questions/1028822/disable-the-new-ubuntu-18-04-welcome-screen/1030095#1030095

*The best one that works every time is this: yum remove gnome-initial-setup (can't run if it "don't" exist!)

*Disable Lock Screen;

**Settings, Privacy, Screen Lock

===Networking===

Line 95:

Line 110:

For things like Webmin, seems to work OK. Shorewall and other deeper IP stuff, perhaps not so much

'''Tips ~~if it is necessary to use it;~~'''

'''Helpful Tips'''

*Show Physical NICs and match them to their "logical" name;

**lspci

**lshw -class network -short (notice the Device name)

**lshw -class network (notice the logical name)

**...and for detailed information on as specific adapter: ethtool WhatEverLogicalNameOfAdapter

*Webmin is a bit wonky with NetworkManager.

*Stop the "...renamed from eth0" 'consistent naming' 'capability' (from: https://www.itzgeek.com/how-tos/linux/centos-how-tos/how-to-change-network-interface-name-to-eth0-on-centos-8-rhel-8.html)

**

'''NetworkManager (if it is necessary to use it);'''

*Configuration: /etc/NetworkManger

*GUI: nm-connection-editor

*Text Based Editor: nmtui

Line 109:

Line 136:

'''Disabling NetworkManager'''

Because there seem to be so many different fashions (70-persistent-net.rules, udev, HWADDR) in how Linux in general and Rocky Linux 8 and 9 do things, here's a way to things for a server that has several NICs

*Pick a NIC port, assign an 'outlandish' (IE, you're not going to use it in the future) IP Address to it, make sure it works and then WHACK all the other ethernet devices / interfaces , using Webmin (handy if there are a bunch of NICs) or via command line.

*Rename Interfaces if desired (AKA getting rid of the freaky Rocky8 Network Interface names), see below example where enp2s0 is renamed to eth0;

**<code>ifconfig WhatEverName down</code>

**<code>ip link set enp2s0 name eth0</code>

***<code>...then in /etc/default/grub: GRUB_CMDLINE_LINUX="net.ifnames=0"</code>

***<code>...then: grub2-mkconfig /boot/grub2/grug.cfg</code>

***<code>...then make sure the Hardware Address is defined in ifcfg-ethX: HWADDR=WhatEverMACAddress</code>

**<code>mv /etc/sysconfig/network-scripts/ifcfg-enp2s0 /etc/sysconfig/network-scripts/ifcfg-eth0/</code>

**<code>nano /etc/sysconfig/network-scripts/ifcfg-eth0: DEVICE=eth0 (NAME Directive too if present)</code>

**above is from: https://tekneed.com/how-to-rename-nic-in-linux-centos-rhel-7-8/

**...and check with above noted "Hardware Commands": lshw -class network -short

*Everything good? Nope, not finished;

**Gotta make sure Red Hat, err, Rocky Linux (especially 8) doesn't revert to the 'messed up', err, new method of naming interfaces (that don't work well with useful things like Shorewall, Webmin, etc): https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/networking_guide/ch-consistent_network_device_naming

**Make some boot configuration changes (sort of (don't set to stated values here) from https://yallalabs.com/linux/how-to-change-network-interface-name-from-enp0s3-to-eth0-centos-8/)

***Make sure the /etc/default/grub GRUB_CMDLINE_LINUX: "WhatEverIsCurrentlyThere AndAddSpace net.ifnames=1 biosdevname=1" (more information: https://unix.stackexchange.com/questions/637295/linux-kernel-parameters-what-is-the-difference-of-net-ifnames-0-and-biosdevname and https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/networking_guide/sec-consistent_network_device_naming_using_biosdevname)

***Rebuild Grub: See Above Section

**...and still not done because this leaves the naming of interfaces completely up to Linux and the information from the BIOS (or UEFI)

***Cute Story to start things: On a server with two built in NICs and an Intel i350 with 4 NICs on one x4 PCIe card, the names were as follows: eth0, eth1, eth2, eth4 were assigned to the Intel NICs, and eth3 and eth5 were assigned to the built in NICs. Did you catch that? Why did one of the built in one's nab eth3 from the Intel card. Who knows? (Hint: above BIOS setting wasn't correct)

***Solution? See below...

***Assign Hardware Addresses in /etc/sysconfig/network-scripts to make sure every NIC gets the IP Address it is supposed to get;

****HWADDR=WhatEverMACAddress (use ''lshw -class network -short'' AND ''ip a'' to match things up)

*From Here: https://www.thegeekdiary.com/centos-rhel-7-how-to-disable-networkmanager/amp/

Line 117:

Line 168:

**service network restart OR systemctl restart network

***If needed: yum install network-scripts

**...and in /etc/NetworkManager/NetworkManager.conf: plugins=ifcfg-rh,keyfile (with keyfile second)

~~Renaming and Interface~~ (~~AKA getting rid of~~ the ~~freaky Rocky8 Network Interface names~~);

'''Disabling IPv6 (hint, it's in the GRUB configuration file);'''

* <code>ip link set enp2s0 name eth0</~~code>~~

https://www.tecmint.com/disable-ipv6-rhel-rocky-almalinux/

'''Disabling ~~IPv6 (hint, it's in the GRUB configuration file);~~'''

...and watch out for this annoying error from PING every time it is used: Address family not supported by protocol

'''Update Check: Disabling'''

~~https://www~~.~~tecmint.com/disable-ipv6-rhel-rocky-almalinux/~~

There's a bunch of different things to do with a lot of 'it depends', so impossible to cover everything, sadly, look it up and resign one's self to doing a bunch of different things.

===Boot Time===

Line 165:

Line 219:

**Add this line to /etc/phpMyAdmin/config.inc: $cfg['Servers'][$i]['ssl'] = true;

**Some other comments here (but keep in mind this dude is trying to turn off HTTPS): https://stackoverflow.com/questions/57972164/run-phpmyadmin-without-ssl-https

===FSTAB===

Oh, where to begin. Well, the only solution as of 2023 is to reboot. Go ahead. Try it. Research it. And see if you come to any conclusion other than the last sentence in this section.

Old Way (AKA, the first 1000 results from Google): mount -a

New Way (AKA, results sporadically starting at 1001 from Google): systemctl daemon-reload

Part they left out of New Way, in addition to the New Way (AKA, result 2000 plus from Google): systemctl restart-remote-fs.target AND systemctl restart-local-fs.target (thanks to: https://bbs.archlinux.org/viewtopic.php?id=192991)

...and in the end test with the plain MOUNT command to find none of it works. So reboot.

==Obnoxious Issues==

===Error: Environment block too small ( in regards to grubenv )===

Source: https://www.linuxsysadmins.com/grub2-editenv-block-too-small/

==Other Notes==

After GUI installation, get it to boot to command line: <nowiki>http://www.itzgeek.com/how-tos/linux/centos-how-tos/change-default-runlevel-in-centos-7-rhel-7.html#axzz3PuGwJi3X</nowiki>

Lock

*For Command Line instead of GUI interface: systemctl set-default multi-user.target

Line 355:

Line 427:

MailWatch and MailScanner note; Version 5 for MailScanner changes some stuff including directory files, see the ReadMe in the installation source folder.

...path issue on Rocky Linux: MailWatchConf.pm and other files here: /usr/share/MailScanner/perl/custom

Line 375:

Line 449:

o Left mailscanner.service in place instead of MailScanner like in previous builds.

Postfix / MailScanner / etc general thought; Get Postfix working properly and tested as a relay first. Learned this from the overly restrictive and parnoid CentOS 7 default postfix config file that doesn’t even ~~fucking~~ include documentation in the file itself, as in the past.

Postfix / MailScanner / etc general thought; Get Postfix working properly and tested as a relay first. Learned this from the overly restrictive and parnoid CentOS 7 default postfix config file that doesn’t even forking include documentation in the file itself, as in the past.

And to do the above, just comment out that

Line 383:

Line 457:

Clamd ~~fucked~~ out of the box… Configuration file from YUM is /etc/clamd.d/scan.conf, in the example file it is something else, and it is actually configured to use amavisd.conf. WTF?

Clamd forked out of the box… Configuration file from YUM is /etc/clamd.d/scan.conf, in the example file it is something else, and it is actually configured to use amavisd.conf. WTF?

@@ Line 32: / Line 32: @@
 </syntaxhighlight>
-*Webmin Old (now there's a repository available): Install Webmin RPM via Yum (it will also install dependencies automatically)
+*Webmin Old (now there's a repository available): Install Webmin RPM via Yum (it will also install dependencies automatically);
+**curl -o setup-repos.sh <nowiki>https://raw.githubusercontent.com/webmin/webmin/master/setup-repos.sh</nowiki>
+**sh setup-repos.sh
 ==Rocky Linux 9 (New Stuff)==
@@ Line 40: / Line 42: @@
 *For BIOS Boot: grub2-mkconfig -o /boot/grub2/grub.cfg
 *If grub-mkconfig is "not found": notice the subtle difference above: grub2-mkconfig (not grub(WITHOUT THE NUMBER 2)-mkconfig)
+...but that's not enough these days.  You'll also need to use the GRUBBY command to modify the Kernel Parameters?  Yup, the same Kernel Parameters that can be modified in /etc/default/grub and are reflected in /boot/grub2/grub.cfg (but apparently don't do a damn thing as far a Kernel Parameters) are instead modified in the following way (this is similar to turning on a light switch and also being required to clap to have a light come on);
+*grubby --info=ALL<span> </span>: Shows current settings, from https://forums.rockylinux.org/t/how-do-you-view-grub-command-line-options/11625
+*Generally speaking, here's the syntax: grubby --update-kernel=ALL --args="new_option" OR grubby --update-kernel=ALL --remove-args="option_to_remove"
+*To disable IPv6: grubby --update-kernel=X --args="ipv6.disable=1"
+*To have useful "DMESG" information while booting instead of an Appled Up boring screen;
+**grubby --update-kernel=ALL --remove-args="rhgb"
+**grubby --update-kernel=ALL --remove-args="quiet"
 '''Firewall''': If using something like Shorewall, get rid of FirewallD: yum remove firewalld* --noautoremove
@@ Line 45: / Line 56: @@
 *
-'''Cockpit AddOns;'''
+'''Cockpit and AddOns;'''
+*...make sure it is enabled and started (not so by default)
+*/etc/cockpit/disallowed-users (get rid of it to enable ROOT User)
 *From: https://github.com/45Drives/cockpit-file-sharing
 **Don't use this one (too much of a hastle): Samba PlugIn: dnf install <nowiki>https://github.com/45Drives/cockpit-file-sharing/releases/download/v3.2.9/cockpit-file-sharing-3.2.9-2.el8.noarch.rpm</nowiki>
@@ Line 77: / Line 90: @@
 <nowiki>*</nowiki> DNF = "Next Generation" of YUM
-Gnome Initial GUI / Desktop Setup
+Gnome Initial GUI / Desktop Setup;
 ...there are so many suggested solutions that don't work when one wants a single user (root)
@@ Line 84: / Line 97: @@
 *https://askubuntu.com/questions/1028822/disable-the-new-ubuntu-18-04-welcome-screen/1030095#1030095
 *The best one that works every time is this: yum remove gnome-initial-setup (can't run if it "don't" exist!)
+*Disable Lock Screen;
+**Settings, Privacy, Screen Lock
 ===Networking===
@@ Line 95: / Line 110: @@
 For things like Webmin, seems to work OK.  Shorewall and other deeper IP stuff, perhaps not so much
-'''Tips if it is necessary to use it;'''
+'''Helpful Tips'''
+*Show Physical NICs and match them to their "logical" name;
+**lspci
+**lshw -class network -short (notice the Device name)
+**lshw -class network (notice the logical name)
+**...and for detailed information on as specific adapter: ethtool WhatEverLogicalNameOfAdapter
+*Webmin is a bit wonky with NetworkManager.
+*Stop the "...renamed from eth0" 'consistent naming' 'capability' (from: https://www.itzgeek.com/how-tos/linux/centos-how-tos/how-to-change-network-interface-name-to-eth0-on-centos-8-rhel-8.html)
+**
+'''NetworkManager (if it is necessary to use it);'''
+*Configuration: /etc/NetworkManger
 *GUI: nm-connection-editor
 *Text Based Editor: nmtui
@@ Line 109: / Line 136: @@
 '''Disabling NetworkManager'''
+Because there seem to be so many different fashions (70-persistent-net.rules, udev, HWADDR) in how Linux in general and Rocky Linux 8 and 9 do things, here's a way to things for a server that has several NICs
+*Pick a NIC port, assign an 'outlandish' (IE, you're not going to use it in the future) IP Address to it, make sure it works and then WHACK all the other ethernet devices / interfaces , using Webmin (handy if there are a bunch of NICs) or via command line.
+*Rename Interfaces if desired (AKA getting rid of the freaky Rocky8 Network Interface names), see below example where enp2s0 is renamed to eth0;
+**<code>ifconfig WhatEverName down</code>
+**<code>ip link set enp2s0 name eth0</code>
+***<code>...then in /etc/default/grub: GRUB_CMDLINE_LINUX="net.ifnames=0"</code>
+***<code>...then: grub2-mkconfig /boot/grub2/grug.cfg</code>
+***<code>...then make sure the Hardware Address is defined in ifcfg-ethX: HWADDR=WhatEverMACAddress</code>
+**<code>mv /etc/sysconfig/network-scripts/ifcfg-enp2s0 /etc/sysconfig/network-scripts/ifcfg-eth0/</code>
+**<code>nano /etc/sysconfig/network-scripts/ifcfg-eth0: DEVICE=eth0 (NAME Directive too if present)</code>
+**above is from: https://tekneed.com/how-to-rename-nic-in-linux-centos-rhel-7-8/
+**...and check with above noted "Hardware Commands": lshw -class network -short
+*Everything good?  Nope, not finished;
+**Gotta make sure Red Hat, err, Rocky Linux (especially 8) doesn't revert to the 'messed up', err, new method of naming interfaces (that don't work well with useful things like Shorewall, Webmin, etc): https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/networking_guide/ch-consistent_network_device_naming
+**Make some boot configuration changes (sort of (don't set to stated values here) from https://yallalabs.com/linux/how-to-change-network-interface-name-from-enp0s3-to-eth0-centos-8/)
+***Make sure the /etc/default/grub GRUB_CMDLINE_LINUX: "WhatEverIsCurrentlyThere AndAddSpace net.ifnames=1 biosdevname=1" (more information: https://unix.stackexchange.com/questions/637295/linux-kernel-parameters-what-is-the-difference-of-net-ifnames-0-and-biosdevname and https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/networking_guide/sec-consistent_network_device_naming_using_biosdevname)
+***Rebuild Grub: See Above Section
+**...and still not done because this leaves the naming of interfaces completely up to Linux and the information from the BIOS (or UEFI)
+***Cute Story to start things: On a server with two built in NICs and an Intel i350 with 4 NICs on one x4 PCIe card, the names were as follows: eth0, eth1, eth2, eth4 were assigned to the Intel NICs, and eth3 and eth5 were assigned to the built in NICs.  Did you catch that?  Why did one of the built in one's nab eth3 from the Intel card.  Who knows? (Hint: above BIOS setting wasn't correct)
+***Solution?  See below...
+***Assign Hardware Addresses in /etc/sysconfig/network-scripts to make sure every NIC gets the IP Address it is supposed to get;
+****HWADDR=WhatEverMACAddress (use ''lshw -class network -short'' AND ''ip a'' to match things up)
 *From Here: https://www.thegeekdiary.com/centos-rhel-7-how-to-disable-networkmanager/amp/
@@ Line 117: / Line 168: @@
 **service network restart OR systemctl restart network
 ***If needed: yum install network-scripts
+**...and in /etc/NetworkManager/NetworkManager.conf: plugins=ifcfg-rh,keyfile (with keyfile second)
-Renaming and Interface (AKA getting rid of the freaky Rocky8 Network Interface names);
+'''Disabling IPv6 (hint, it's in the GRUB configuration file);'''
-* <code>ip link set enp2s0 name eth0</code>
+https://www.tecmint.com/disable-ipv6-rhel-rocky-almalinux/
-'''Disabling IPv6 (hint, it's in the GRUB configuration file);'''
+...and watch out for this annoying error from PING every time it is used: Address family not supported by protocol
+'''Update Check: Disabling'''
-https://www.tecmint.com/disable-ipv6-rhel-rocky-almalinux/
+There's a bunch of different things to do with a lot of 'it depends', so impossible to cover everything, sadly, look it up and resign one's self to doing a bunch of different things.
 ===Boot Time===
@@ Line 165: / Line 219: @@
 **Add this line to /etc/phpMyAdmin/config.inc: $cfg['Servers'][$i]['ssl'] = true;
 **Some other comments here (but keep in mind this dude is trying to turn off HTTPS): https://stackoverflow.com/questions/57972164/run-phpmyadmin-without-ssl-https
+===FSTAB===
+Oh, where to begin.  Well, the only solution as of 2023 is to reboot.  Go ahead.  Try it.  Research it.  And see if you come to any conclusion other than the last sentence in this section.
+Old Way (AKA, the first 1000 results from Google): mount -a
+New Way (AKA, results sporadically starting at 1001 from Google): systemctl daemon-reload
+Part they left out of New Way, in addition to the New Way (AKA, result 2000 plus from Google): systemctl restart-remote-fs.target AND systemctl restart-local-fs.target (thanks to: https://bbs.archlinux.org/viewtopic.php?id=192991)
+...and in the end test with the plain MOUNT command to find none of it works.  So reboot.
+==Obnoxious Issues==
+===Error: Environment block too small ( in regards to grubenv )===
+Source: https://www.linuxsysadmins.com/grub2-editenv-block-too-small/
 ==Other Notes==
 After GUI installation, get it to boot to command line: <nowiki>http://www.itzgeek.com/how-tos/linux/centos-how-tos/change-default-runlevel-in-centos-7-rhel-7.html#axzz3PuGwJi3X</nowiki>
+Lock
 *For Command Line instead of GUI interface:  systemctl set-default multi-user.target
@@ Line 355: / Line 427: @@
 MailWatch and MailScanner note; Version 5 for MailScanner changes some stuff including directory files, see the ReadMe in the installation source folder.
+...path issue on Rocky Linux: MailWatchConf.pm and other files here: /usr/share/MailScanner/perl/custom
@@ Line 375: / Line 449: @@
 o  Left mailscanner.service in place instead of MailScanner like in previous builds.
-Postfix / MailScanner / etc general thought; Get Postfix working properly and tested as a relay first. Learned this from the overly restrictive and parnoid CentOS 7 default postfix config file that doesn’t even fucking include documentation in the file itself, as in the past.
+Postfix / MailScanner / etc general thought; Get Postfix working properly and tested as a relay first. Learned this from the overly restrictive and parnoid CentOS 7 default postfix config file that doesn’t even forking include documentation in the file itself, as in the past.
 And to do the above, just comment out that
@@ Line 383: / Line 457: @@
-Clamd fucked out of the box… Configuration file from YUM is /etc/clamd.d/scan.conf, in the example file it is something else, and it is actually configured to use amavisd.conf.  WTF?
+Clamd forked out of the box… Configuration file from YUM is /etc/clamd.d/scan.conf, in the example file it is something else, and it is actually configured to use amavisd.conf.  WTF?