CentOS 8.x Configure rekallcm1 (high-end desktop) with software raid, lxc, kvm and other utilities
<yambe:breadcrumb self="Configure rekallcm1 (high-end desktop) with software raid, lxc, kvm and other utilities">CentOS 8.x New machine configuration|New machine configuration</yambe:breadcrumb>
CentOS 8.x Configure rekallcm1 (high-end desktop) with software raid, lxc, kvm and other utilities
Older CentOS 7.x article is present at CentOS 7.x Configure rekallcm1 (high-end desktop) with software raid, lxc, kvm and other utilities
This is case of complete data loss on rekallcm1 and fresh setup of rekallcm1 using files from laptop(barjatiyarklp)
OS installation
- Create a live USB with CentOS 8.x installer
- Boot and select server with GUI while skipping:
- Guest Agents
- Infiband support
- .NET Core Development
- Smart card support
- Disable kdump
- Configure 192.168.1.3/24 with 192.168.1.251 as gateway and rekallcm1 as hostname
- Install OS on software RAID on 3 * 2 TB disks as follows:
- /
- ext4 - RAID 1 - 50 GB
- /boot/efi
- EFI system partition - RAID 1 - 1 GB
- swap
- swap - RAID 5 - 18 GB
- /mnt/data1
- ext4 - RAID 5 - remaining
Install Owncloud Desktop client
CentOS 8.x Owncloud linux desktop client
Sudo configuration
Run 'visudo' and append
saurabh ALL=(ALL) NOPASSWD:ALL achal ALL=(ALL) NOPASSWD:ALL jitender ALL=(ALL) NOPASSWD:ALL
Create ext4 partition on raid5 device and mount on /mnt/data1
Use:
mkfs.ext4 /dev/mapper/centos_rekallcm1-mnt_data1 mkdir -p /mnt/data1 blkid #Note UUID for /dev/mapper/centos_rekallcm1-mnt_data1 vim /etc/fstab #and append UUID="<from-above-command>" /mnt/data1 ext4 defaults 1 2 mount -a
Copy data from laptop (barjatiyarklp) to rekallcm1
cd /mnt/data1 rsync -aHz --delete root@<laptop-ip>:/mnt/data1/ ./ mkdir -p large_files mv vms large_files mkdir -p large_files/operating_systems cd large_files/operating_systems rsync -vaHz --inplace root@<laptop-ip>:/mnt/ddrive/operating_systems/ ./ #Copy /mnt/data1/personal from various backup sources
Configure history retention
- Refer Storing date / time along with commands in history
- After this exit all running shells and reopen new shell. Validate history is stored with date/time information.
Disable screen lock
- Start gnome-control-center and under Privacy, disable automatic screen-lock
- Under "Power savings" set screen going blank to never
Disable SELinux
- setenforce 0
- edit /etc/sysconfig/selinux
- SELINUX=disabled
Yum configuration and package installation
- Configure keep-cache for yum
- Edit /etc/yum.conf and set =keepcache=1=
- *Note cache goes to /var/cache/dnf*
- Edit /etc/yum.conf and set =keepcache=1=
- Install required packages
- yum -y install epel-release #EPEL repository
- yum -y install htop #Colorful command-line top
- yum -y install gimp #Advanced image editor useful for editing pdf as images
- yum -y install wireshark #Packet capturing
- yum -y install erlang #Programming
- yum -y install fdupes #Duplicate file detection
- yum -y install libreoffice-calc libreoffice-writer libreoffice-impress #Libreoffice
- yum -y install p7zip #Support for 7zip
- yum -y install expect #For shell automation. Includes mkpasswd utility
- yum -y install git #For versioning
- yum -y install bind bind-utils #For DNS related tasks* CentOS 8.x barjatiyarklp
- yum -y install texlive
- yum -y install brasero #For burning CD/DVD
- yum -y install livecd-tools #For creating live USB
- yum -y install freerdp #Windows remote desktop
- yum -y install texlive #For latex
- yum -y install thunderbird #For email
- yum -y install byobu #To run shell commands in background
- yum -y install openvpn #For vpn connectivity
- yum -y install ntfs-3g #NTFS file-system support
- yum -y install telnet nc #Telnet
- yum -y install minicom #For working with serial ports
- yum -y install pandoc #For documentation generation
- yum -y install encfs #For fuse encrypted filesystem
- yum -y install libguestfs-tools #For virt-sysprep
- yum -y install dia #Diagram such as flowcharts or network design editor
- yum -y install ImageMagick #For image editing
- yum -y install xsane #For scanning
- yum -y install texlive-wrapfig texlive-capt-of texlive-ulem texlive-translator #For org-latex exports
- Packages not found in CentOS 8 at time of writing
- yum -y install yaws #Erlang web server
- yum -y install kile #Latex editor
- yum -y install bzr kdiff3 #For versioning and comparing files
- yum -y install kolourpaint #Basic image editor
- yum -y install unetbootin liveusb-creator #For creating live bootable USB from iso files
- Full update system
- yum -y update --skip-broken
Install and configure emacs
- yum -y install emacs
- Ensure /home/saurabh/.emacs and /home/saurabh/.emacs.d are symlink to appropriate folders of application-data
- Validate things are working by opening to-do.org file
- Configure nautilus to open .org file via emacs by default
Install vlc
- yum -y install https://download1.rpmfusion.org/free/el/rpmfusion-free-release-8.noarch.rpm
- yum -y install vlc
Refer:
Download and configure anydesk
- Refer CentOS 8.x Install anydesk
- Restore backup of anydesk configuration:
- cd ~/.anydesk
- mv user.conf user-old.conf
- ln -s /mnt/data1/workspace/application-data/anydesk/anydesk-saurabh-user.conf user.conf
Install nomachine
Install chrome
- Refer CentOS 7.x Installing Google chrome
- Start chrome
- Do not make chrome default browser and Disable submitting of usage information
- Test by opening www.google.com
Configure git
- Configure various git parameters:
- git config --global user.name "Saurabh Barjatiya"
- git config --global user.email "saurabh@sbarjatiya.com"
- git config --global color.ui true
- git config --global color.status auto
- git config --global color.branch auto
- git config --global core.editor vim
- Configure to use simple push by default
- git config --global push.default simple
- Refer https://stackoverflow.com/questions/21839651/git-what-is-the-difference-between-push-default-matching-and-simple
Postfix and logwatch
- Configure postfix gmail relay using Sending email via Gmail relay through postfix
- Edit /etc/aliases and add saurabh [at] rekallsoftware.com as alias for root.
- newaliases
- Install logwatch
- systemctl start postfix
- systemctl enable postfix
Configure SSH
- Symbolic link ssh from /mnt/data1
- ln -s /mnt/data1/workspace/application-data/ssh .ssh
- ssh root@sbarjatiya.com
- Enter passphrase (4cs..) and enable automatic unlock during login
Configure thunderbird
- Create symbolic link
- ln -s /mnt/data1/workspace/application-data/thunderbird/ .thunderbird
- Run thunderbird and validate email accounts are accessible
- Set date-format display using OpenSuse Leap 15 Change date-format displayed in Thunderbird
- Optionally set correct calendar response email ID using CentOS 8.x Thunderbird calendar invitation response email address
Configure firefox
- Ensure that /home/saurabh/.mozilla is symlink to application-data folder
- Starting firefox and see that various profiles are appearing properly.
- Validate history and stored passwords are working as expected
Configure nautlius
- Open nautilus
- Create bookmarks for (Open folder and press Ctrl+D)
- /mnt/data1/workspace/gbb/owncloud/saurabh
- /mnt/data1
- /mnt/data1/plain_folders/documents/Desktop/rekall
- Configure nautilus to open .org file via emacs by default, if not done already
- vim ~/.config/user-dirs.dirs #As saurabh user
- Comment all except Desktop and Downloads
- vim /etc/xdg/user-dirs.default #As root user
- Comment all except Desktop and Downloads
- Logoff and login again
- Open nautilus and remove bookmarks for Documents, Music, Videos and Pictures
Refer:
Configure /etc/hosts
- Various AWS backup VM IPs
- rekallcm1 to its IPv4 LAN IP
Configure owncloud client to sync /mnt/data1/workspace/gbb/owncloud while keeping local data
- Choose to sync folders up to 1000MB
Install flash-plugin
- Open https://get.adobe.com/flashplayer/
- Choose download of "Yum for Linux"
- Install downloaded rpm file
- yum -y localinstall adobe-release-x86_64-1.0-1.noarch.rpm
- Close all browsers (Esp. firefox)
- yum -y install flash-plugin
- Start firefox and check "about:plugins"
Install and configure fail2ban
Enable bind
- yum -y install bind bind-utils
- Configure bind for starting automatically:
- systemctl start named
- systemctl enable named
- Change DNS of machine in /etc/sysconfig/network-scripts/ifcfg-br0 file to 127.0.0.1
- Optionally edit /etc/named.conf as follows:
- Update first listen to 'listen-on port 53 { 127.0.0.1; any; };'
- Comment listen-on-v6 port 53 { ::1; };' using '//' as prefix
- Update allow-query to 'allow-query { localhost; 10.0.0.0/8; 192.168.0.0/12; 172.16.0.0/16; };'
- Disable IPv6 lookups using CentOS 7.x Disabling IPv6 lookups in bind
- Restart named if not done already
- Test by running
- nslookup www.google.com 127.0.0.1
Make sure printer is recognized and working
- yum -y install hplip gutenprint-cups
Setup various servers and services
Configure software bridge
- Refer Creating bridge interfaces (br0) for virtual hosts to use shared interface section "Bridge interfaces in CentOS 7.0"
- Include all IPv6, IPv4 and other addressing configuration in ifcfg-br0
- Validate that bridge is having ip address and not interface:
- nmcli connection show
- nmcli connection show <ethernet-interface> | grep br0
- Should show
- connection.master: br0
- Might have to reboot for things to work
Refer:
Re-add various older VMs
- Add the VMs via disk or config file
- Start virt-manager as normal non-root (eg saurabh) user. Add connection to Qemu/KVM if not present.
- Go to File -> New virtual machine
- Choose "Import existing disk image"
- Select VM disk (Eg =/mnt/data1/large_files/vms/tally_vm/tally_vm.qcow2= )
- Select OS type "Linux" and Version "CentOS 7.0"
- Give required RAM and CPU (Eg 2048, 2 vCPU)
- Ensure that bridge br0 is selected
- Give appropriate VM name (Eg tally_vm)
- Select "Customize configuration before install"
- For "Disk 1" select "Disk Bus" as "IDE" instead of virtio
- For CPU select copy host CPU configuration option
- For Windows XP on NIC choose "e1000" instead of default virtio
- Click "Begin installation" to boot the VM.
- Download Intel Pro/1000 MT drivers for 32-bit and 64-bit windows from: https://downloadcenter.intel.com/download/18717/Network-Adapter-Drivers-for-Windows-XP-Final-Release?product=50485 As such 32-bit drivers from above link works for Tally_VM. But for other OS / VMs consider using one of the below as required:
- Download Linksys E1000 drivers from https://www.driverguide.com/driver/download/Linksys-E1000
- Download virtio drivers iso from https://fedorapeople.org/groups/virt/virtio-win/direct-downloads/stable-virtio/virtio-win.iso
- Copy the downloaded setup to pen drive and make it available to VM using USB redirection.
- Install the setup and Ethernet should get detected.
- Take latest snapshot of VM and delete older snapshots via qemu-img
- Start virt-manager and take at least one snapshot of all important VMs.
- If there are VM folders in /mnt/data1/large_files/vms which are not useful to be added then delete those folders
- Go to vms folder and list snapshots of existing vm disks:
- cd /mnt/data1/large_files/vms/tally_vm
- qemu-img snapshot -l tally_vm.qcow2
- qemu-img snapshot -d '<Old-snapshot-name>' tally_vm.qcow2
- Be careful and do not delete recent snapshot taken
- Boot the VM and validate that it is still booting properly
Setup apache, mariadb including DB restore and php for wikis
- Replace httpd.conf from configuration folder:
- mv /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf-old
- ln -s /documents/room-documents/documents/general/configuration_files/httpd.conf /etc/httpd/conf/
- Install mariadb
- yum -y install mariadb-server
- Start and enable mariadb
- systemctl start mariadb
- systemctl enable mariadb
- Check old wiki passwords at following locations:
- /documents/public_html/notes_wiki/LocalSettings.php
- /documents/room-documents/documents/databases/mysql/notes_wiki/mediawiki/LocalSettings.php
- /documents/room-documents/documents/databases/mysql/research_wiki/mediawiki/LocalSettings.php
- /documents/room-documents/documents/databases/mysql/readme_wiki/mediawiki/LocalSettings.php
- Login as root user ('mysql -u root') and create other database accounts:
- create database wikidb_notes;
- grant all on wikidb_notes.* to wikidb_notes@localhost identified by '<password>';
- create database wikidb_res;
- grant all on wikidb_res.* to wikidb_res@localhost identified by '<password>';
- create database wikidb_readme;
- grant all on wikidb_readme.* to wikidb_readme@localhost identified by '<password>';
- create database notes_wiki;
- grant all on notes_wiki.* to notes_wiki@localhost identified by '<password>';
- flush privileges;
- \q
- Restore various database backups using:
- cd /documents/public_html/
- bunzip2 -k notes_wiki.sql.bz2
- cat notes_wiki.sql | mysql -u notes_wiki -p<password> notes_wiki
- rm -f notes_wiki.sql
- cd /documents/room-documents/documents/databases/mysql/notes_wiki/
- bunzip2 -k wikidb_notes.sql.bz2
- cat wikidb_notes.sql | mysql -u wikidb_notes -p<password> wikidb_notes
- rm -f wikidb_notes.sql
- cd /documents/room-documents/documents/databases/mysql/research_wiki
- bunzip2 -k wikidb_res.sql.bz2
- cat wikidb_res.sql | mysql -u wikidb_res -p<password> wikidb_res
- rm -f wikidb_res.sql
- cd /documents/room-documents/documents/databases/mysql/readme_wiki
- bunzip2 -k wikidb_readme.sql.bz2
- cat wikidb_readme.sql | mysql -u wikidb_readme -p<password> wikidb_readme
- rm -f wikidb_readme.sql
- Install required packages for php and php-mysql:
- yum -y install php-mysqlnd php php-xml httpd mod_ssl php-mbstring php-json
- Restart and enable httpd:
- systemctl restart httpd
- systemctl enable httpd
Setup postgreSQL databases
- Install postgreSQL and start DB
- yum -y install postgresql postgresql-server
- postgresql-setup --initdb --unit postgresql
- systemctl start postgresql
- systemctl enable postgresql
- Restore postgreSQL configuration file to allow password based logins:
- mv /var/lib/pgsql/data/pg_hba.conf /var/lib/pgsql/data/pg_hba.conf-old
- sudo ln -s /documents/room-documents/documents/general/configuration_files/pg_hba.conf /var/lib/pgsql/data/
- sudo chown postgres:postgres /documents/room-documents/documents/general/configuration_files/pg_hba.conf
- systemctl restart postgresql
- Read existing DB password in
- /documents/room-documents/public_html/bookworm/global/library/global_common.php
- Use below to create required databases:
- sudo su - postgres
- psql
- CREATE USER saurabh WITH NOSUPERUSER NOCREATEDB LOGIN ENCRYPTED PASSWORD '<password>';
- CREATE DATABASE saurabh WITH OWNER=saurabh;
- CREATE USER sen WITH NOSUPERUSER NOCREATEDB LOGIN ENCRYPTED PASSWORD '<password>';
- CREATE DATABASE sen WITH OWNER=sen;
- \q
- exit
- Restore various database backups using:
- cd /documents/room-documents/documents/databases/pgsql/
- psql -U saurabh -d saurabh < saurabh_saurabh.sql
- # cd /documents/room-documents/documents/databases/pgsql/
- # bunzip2 -k sen.sql.bz2
- # psql -U sen -d sen < sen.sql
- # rm -f sen.sql
- Note that localhost/bookworm does not seems to work with latest php packages
- Install php postgresql libraries:
- yum -y install php-pgsql
- systemctl restart httpd
Configure lxc
Configure backups for localhost and AWS VMs
- Install required packages
- yum -y install rsnapshot sshpass
- Create rsnapshot root folder:
- mkdir -p /mnt/data1/large_files/rsnapshot_backups/
- Edit /etc/rsnapshot.conf as follows ***TABS and not spaces***
- snapshot_root /mnt/data1/large_files/rsnapshot_backups/
- no_create_root 1
- cmd_ssh /usr/bin/ssh
- retain hourly 6
- retain daily 7
- retain weekly 5
- retain monthly 3
- logfile /var/log/rsnapshot
- link_dest 1
- backup /etc/ rekallcm1/
- backup /root/ rekallcm1/
- backup /var/log/ rekallcm1/
- backup /mnt/data1/erlang/ rekallcm1/
- backup /mnt/data1/personal/ rekallcm1/
- backup /mnt/data1/plain_folders/ rekallcm1/
- backup /mnt/data1/workspace/ rekallcm1/
- backup /mnt/data1/setup/ rekallcm1/
- backup /mnt/data1/windows_setup/ rekallcm1/
- backup_script /usr/bin/sshpass -p <password> mysqldump -u root -p wikidb_notes | bzip2 > /documents/room-documents/documents/databases/mysql/notes_wiki/wikidb_notes.sql.bz2 rekallcm1/.ignore1/
- backup_script /usr/bin/sshpass -p <password> mysqldump -u root -p wikidb_res | bzip2 > /documents/room-documents/documents/databases/mysql/research_wiki/wikidb_res.sql.bz2 rekallcm1/.ignore2/
- backup_script /usr/bin/sshpass -p <password> mysqldump -u root -p wikidb_readme | bzip2 > /documents/room-documents/documents/databases/mysql/readme_wiki/wikidb_readme.sql.bz2 rekallcm1/.ignore3/
- #Notes_wiki backup is taken by /documents/public_html/update.sh manually
- # sbarjatiya.com
- backup root@sbarjatiya.com:/etc/ sbarjatiya.com/
- backup root@sbarjatiya.com:/home/ sbarjatiya.com/
- backup root@sbarjatiya.com:/root/ sbarjatiya.com/
- # mail.rekallsoftware.com
- backup root@mail.rekallsoftware.com:/etc/ mail.rekallsoftware.com/
- backup root@mail.rekallsoftware.com:/home/ mail.rekallsoftware.com/
- backup root@mail.rekallsoftware.com:/root/ mail.rekallsoftware.com/
- backup root@mail.rekallsoftware.com:/var/www/html/ mail.rekallsoftware.com/
- # km.rekallsoftware.com
- backup root@km.rekallsoftware.com:/etc/ km.rekallsoftware.com/
- backup root@km.rekallsoftware.com:/home/ km.rekallsoftware.com/
- backup root@km.rekallsoftware.com:/root/ km.rekallsoftware.com/
- Create root ssh keys
- ssh-keygen
- Allow authorized access for root to
- sbarjatiya.com
- mail.rekallsoftware.com
- km.rekallsoftware.com
- SSH as root to all the above servers and accept ssh fingerprint
- Test backups using
- rsnapshot hourly
- Edit root crontab using 'crontab -e' and use:
- 0 0,4,8,12,16,20 * * * /usr/bin/rsnapshot hourly
- 45 23 * * * /usr/bin/rsnapshot daily
- 30 23 * * 0 /usr/bin/rsnapshot weekly
- 15 23 1 * * /usr/bin/rsnapshot monthly
Take fresh full backup
Take full backup on external hdd
Take fresh full backup on external hdd using:
umount /dev/sdd1 mkdir -p /mnt/usb mount /dev/sdd1 /mnt/usb mkdir yyyy-mm-dd-rekallcm1-backup cd yyyy-mm-dd-rekallcm1-backup mkdir -p mnt/data1 rsync -aH --delete /etc/ etc/ rsync -aH --delete /home/ home/ rsync -aH --delete /root/ root/ rsync -aH --delete --exclude '/cache' /var/ var/ rsync -aH --delete --exclude '/large_files' /mnt/data1/ mnt/data1/
Refer:
<yambe:breadcrumb self="Configure rekallcm1 (high-end desktop) with software raid, lxc, kvm and other utilities">CentOS 8.x New machine configuration|New machine configuration</yambe:breadcrumb>