Home > CentOS > CentOS 8.x > System Administration > New machine configuration > CentOS 8.x Configure rekallcm1 (high-end desktop) with software raid, lxc, kvm and other utilities

Older CentOS 7.x article is present at CentOS 7.x Configure rekallcm1 (high-end desktop) with software raid, lxc, kvm and other utilities

This is case of complete data loss on rekallcm1 and fresh setup of rekallcm1 using files from laptop(barjatiyarklp)

OS installation

1. Create a live USB with CentOS 8.x installer
2. Boot and select server with GUI while skipping:
   • Guest Agents
   • Infiband support
   • .NET Core Development
   • Smart card support
3. Disable kdump
4. Configure 192.168.1.3/24 with 192.168.1.251 as gateway and rekallcm1 as hostname
5. Install OS on software RAID on 3 * 2 TB disks as follows:

   /

   ext4 - RAID 1 - 50 GB

   /boot/efi

   EFI system partition - RAID 1 - 1 GB

   swap

   swap - RAID 5 - 18 GB

   /mnt/data1

   ext4 - RAID 5 - remaining

Install Owncloud Desktop client

CentOS 8.x Owncloud linux desktop client

Sudo configuration

Run 'visudo' and append

   saurabh ALL=(ALL)  NOPASSWD:ALL
   achal ALL=(ALL)  NOPASSWD:ALL
   jitender ALL=(ALL)  NOPASSWD:ALL

Create ext4 partition on raid5 device and mount on /mnt/data1

Use:

   mkfs.ext4 /dev/mapper/centos_rekallcm1-mnt_data1
   mkdir -p /mnt/data1
   blkid  #Note UUID for /dev/mapper/centos_rekallcm1-mnt_data1
   vim /etc/fstab #and append
     UUID="<from-above-command>"  /mnt/data1         ext4    defaults        1 2
   mount -a 

Copy data from laptop (barjatiyarklp) to rekallcm1

   cd /mnt/data1
   rsync -aHz --delete root@<laptop-ip>:/mnt/data1/ ./

   mkdir -p large_files
   mv vms large_files

   mkdir -p large_files/operating_systems
   cd large_files/operating_systems
   rsync -vaHz --inplace root@<laptop-ip>:/mnt/ddrive/operating_systems/ ./

   #Copy /mnt/data1/personal from various backup sources

Configure history retention

• Refer Storing date / time along with commands in history
• After this exit all running shells and reopen new shell. Validate history is stored with date/time information.

Disable screen lock

1. Start gnome-control-center and under Privacy, disable automatic screen-lock
2. Under "Power savings" set screen going blank to never

Disable SELinux

1. setenforce 0
2. edit /etc/sysconfig/selinux

   SELINUX=disabled

dnf configuration and package installation

1. Configure keep-cache for yum
   • Edit /etc/dnf/dnf.conf and set =keepcache=1=

     *Note cache goes to /var/cache/dnf*

2. Install required packages

   dnf -y install epel-release   #EPEL repository
   dnf -y install htop        #Colorful command-line top
   dnf -y install gimp        #Advanced image editor useful for editing pdf as images
   dnf -y install wireshark   #Packet capturing
   dnf -y install erlang      #Programming
   dnf -y install fdupes      #Duplicate file detection
   dnf -y install libreoffice-calc libreoffice-writer libreoffice-impress #Libreoffice
   dnf -y install p7zip       #Support for 7zip
   dnf -y install expect      #For shell automation.  Includes mkpasswd utility
   dnf -y install git         #For versioning
   dnf -y install bind bind-utils   #For DNS related tasks* CentOS 8.x barjatiyarklp
   dnf -y install texlive
   dnf -y install brasero     #For burning CD/DVD
   dnf -y install livecd-tools #For creating live USB
   
   dnf -y install freerdp    #Windows remote desktop
   dnf -y install texlive     #For latex
   dnf -y install thunderbird  #For email
   dnf -y install byobu        #To run shell commands in background
   dnf -y install openvpn      #For vpn connectivity
   dnf -y install ntfs-3g      #NTFS file-system support
   dnf -y install telnet nc    #Telnet
   dnf -y install minicom     #For working with serial ports
   dnf -y install pandoc   #For documentation generation
   dnf -y install encfs    #For fuse encrypted filesystem
   dnf -y install libguestfs-tools  #For virt-sysprep
   dnf -y install dia         #Diagram such as flowcharts or network design editor
   dnf -y install ImageMagick  #For image editing
   dnf -y install xsane    #For scanning
   dnf -y install texlive-wrapfig texlive-capt-of texlive-ulem  texlive-translator #For org-latex exports
   dnf -y install libvirt virt-manager   #To manage VMs
   dnf -y install texlive-translator  #For compiling beamer presentations using latex

3. Packages not found in CentOS 8 at time of writing

   dnf -y install yaws  #Erlang web server
   dnf  -y install kile  #Latex editor
   dnf -y install bzr kdiff3  #For versioning and comparing files
   dnf -y install kolourpaint #Basic image editor
   dnf -y install unetbootin liveusb-creator  #For creating live bootable USB from iso files

4. Full update system

   dnf -y update --skip-broken

5. Install a few games:

   dnf -y install blinken bomber bovo kanagram kapman katomic kblackbox kblocks kbounce kdiamond kfourinline kgoldrunner khangman kigo killbots kiriki kjumpingcube klines kmahjongg kmines knetwalk kolf kollision konquest kreversi kshisen ksirk ksnakeduel kspaceduel ktuberling kubrick lskat nethack picmi trader xrick zork

Install brave browser

sudo rpm --import https://brave-browser-rpm-release.s3.brave.com/brave-core.asc
sudo dnf -y install dnf-utils
sudo dnf config-manager --add-repo https://brave-browser-rpm-release.s3.brave.com/x86_64/
sudo dnf install brave-browser -y

Install and configure emacs

1. yum -y install emacs
2. Ensure /home/saurabh/.emacs and /home/saurabh/.emacs.d are symlink to appropriate folders of application-data
3. Validate things are working by opening to-do.org file
4. Configure nautilus to open .org file via emacs by default

Install vlc

1. yum -y install https://download1.rpmfusion.org/free/el/rpmfusion-free-release-8.noarch.rpm
2. yum -y install vlc

Refer:

• https://www.tecmint.com/install-vlc-media-player-in-rhel-centos-fedora/

Install broadcom-wl

1. dnf -y install https://mirrors.rpmfusion.org/nonfree/el/rpmfusion-nonfree-release-8.noarch.rpm
2. dnf -y install broadcom-wl

Install skype

1. Download skype rpm from https://www.skype.com/en/get-skype/download-skype-for-desktop/
2. Install the rpm using:

   dnf -y localinstall <rpm-name>

Download and configure anydesk

1. Refer CentOS 8.x Install anydesk
2. Restore backup of anydesk configuration:

   cd ~/.anydesk
   mv user.conf user-old.conf
   ln -s /mnt/data1/workspace/application-data/anydesk/anydesk-saurabh-user.conf user.conf

Install nomachine

• CentOS 8.x Install nomachine

Install chrome

1. Refer CentOS 7.x Installing Google chrome
2. Start chrome
3. Do not make chrome default browser and Disable submitting of usage information
4. Test by opening www.google.com

Configure git

1. Configure various git parameters:

   git config --global user.name "Saurabh Barjatiya"
   git config --global user.email "saurabh [at] sbarjatiya.com"   #Replace with proper email ID
   git config --global color.ui true
   git config --global color.status auto
   git config --global color.branch auto
   git config --global core.editor vim

2. Configure to use simple push by default

   git config --global push.default simple

   Refer https://stackoverflow.com/questions/21839651/git-what-is-the-difference-between-push-default-matching-and-simple

Postfix and logwatch

1. Configure postfix gmail relay using Sending email via Gmail relay through postfix
2. Edit /etc/aliases and add saurabh [at] rekallsoftware.com as alias for root.
3. newaliases
4. Install logwatch
5. systemctl start postfix
6. systemctl enable postfix

Configure SSH

1. Symbolic link ssh from /mnt/data1

   ln -s /mnt/data1/workspace/application-data/ssh .ssh

2. ssh root@sbarjatiya.com

   Enter passphrase (4cs..) and enable automatic unlock during login

Configure thunderbird

1. Create symbolic link

   ln -s /mnt/data1/workspace/application-data/thunderbird/ .thunderbird

2. Run thunderbird and validate email accounts are accessible
3. Set date-format display using OpenSuse Leap 15 Change date-format displayed in Thunderbird
4. Optionally set correct calendar response email ID using CentOS 8.x Thunderbird calendar invitation response email address

Configure firefox

1. Ensure that /home/saurabh/.mozilla is symlink to application-data folder
2. Starting firefox and see that various profiles are appearing properly.
3. Validate history and stored passwords are working as expected

Configure nautlius

1. Open nautilus
2. Create bookmarks for (Open folder and press Ctrl+D)
   • /mnt/data1/workspace/gbb/owncloud/saurabh
   • /mnt/data1
   • /mnt/data1/plain_folders/documents/Desktop/rekall
3. Configure nautilus to open .org file via emacs by default, if not done already
4. vim ~/.config/user-dirs.dirs #As saurabh user

   Comment all except Desktop and Downloads

5. vim /etc/xdg/user-dirs.default #As root user

   Comment all except Desktop and Downloads

6. Logoff and login again
7. Open nautilus and remove bookmarks for Documents, Music, Videos and Pictures

Refer:

• https://askubuntu.com/questions/762591/how-to-remove-unwanted-default-bookmarks-in-nautilus

Configure /etc/hosts

1. Various AWS backup VM IPs
2. rekallcm1 to its IPv4 LAN IP

Configure owncloud client to sync /mnt/data1/workspace/gbb/owncloud while keeping local data

1. Choose to sync folders up to 1000MB

Install and configure fail2ban

CentOS 7.x fail2ban

Enable bind

1. yum -y install bind bind-utils
2. Configure bind for starting automatically:

   systemctl start named
   systemctl enable named

3. Change DNS of machine in /etc/sysconfig/network-scripts/ifcfg-br0 file to 127.0.0.1
4. Optionally edit /etc/named.conf as follows:
   • Update first listen to 'listen-on port 53 { 127.0.0.1; any; };'
   • Comment listen-on-v6 port 53 { ::1; };' using '//' as prefix
   • Update allow-query to 'allow-query { localhost; 10.0.0.0/8; 192.168.0.0/12; 172.16.0.0/16; };'
5. Disable IPv6 lookups using CentOS 7.x Disabling IPv6 lookups in bind
6. Restart named if not done already
7. Test by running

   nslookup www.google.com 127.0.0.1

Make sure printer is recognized and working

1. yum -y install hplip gutenprint-cups

Configure ntp client

• CentOS 8.x chronyc ntp client configuration

Setup various servers and services

Configure software bridge

1. Refer CentOS 8.x Creating bridge interfaces (br0) for virtual hosts to use shared interface

Re-add various older VMs

1. Add use saurabh to libvirt group by editing /etc/group add adding saurabh in front of libvirt:x:. This way there wont be any password prompt while using virt-manager.
2. Add the VMs via disk or config file
   1. Start virt-manager as normal non-root (eg saurabh) user. Add connection to Qemu/KVM if not present.
   2. Go to File -> New virtual machine
   3. Choose "Import existing disk image"
   4. Select VM disk (Eg '/mnt/data1/large_files/vms/tally_vm/tally_vm.qcow2' )
   5. Select OS type "Linux" and Version "CentOS 7.0"
   6. Give required RAM and CPU (Eg 2048, 2 vCPU)
   7. Ensure that bridge br0 is selected
   8. Give appropriate VM name (Eg tally_vm)
   9. Select "Customize configuration before install"
   10. For "Disk 1" select "Disk Bus" as "IDE" instead of virtio
   11. For CPU select copy host CPU configuration option
   12. For Windows XP on NIC choose "e1000" instead of default virtio
   13. Click "Begin installation" to boot the VM.
   14. Download Intel Pro/1000 MT drivers for 32-bit and 64-bit windows from: https://downloadcenter.intel.com/download/18717/Network-Adapter-Drivers-for-Windows-XP-Final-Release?product=50485 As such 32-bit drivers from above link works for Tally_VM. But for other OS / VMs consider using one of the below as required:
       • Download Linksys E1000 drivers from https://www.driverguide.com/driver/download/Linksys-E1000
       • Download virtio drivers iso from https://fedorapeople.org/groups/virt/virtio-win/direct-downloads/stable-virtio/virtio-win.iso
   15. Copy the downloaded setup to pen drive and make it available to VM using USB redirection.
   16. Install the setup and Ethernet should get detected.
3. Take latest snapshot of VM and delete older snapshots via qemu-img
   1. Start virt-manager and take at least one snapshot of all important VMs.
   2. If there are VM folders in /mnt/data1/large_files/vms which are not useful to be added then delete those folders
   3. Go to vms folder and list snapshots of existing vm disks:

      cd /mnt/data1/large_files/vms/tally_vm
      qemu-img snapshot -l tally_vm.qcow2
      qemu-img snapshot -d '<Old-snapshot-name>' tally_vm.qcow2

      Be careful and do not delete recent snapshot taken

4. Boot the VM and validate that it is still booting properly

Setup apache, mariadb including DB restore and php for wikis

1. Replace httpd.conf from configuration folder:

   mv /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf-old
   ln -s /documents/room-documents/documents/general/configuration_files/httpd.conf /etc/httpd/conf/

2. Install mariadb

   yum -y install mariadb-server

3. Start and enable mariadb

   systemctl start mariadb
   systemctl enable mariadb

4. Check old wiki passwords at following locations:
   • /documents/public_html/notes_wiki/LocalSettings.php
   • /documents/room-documents/documents/databases/mysql/notes_wiki/mediawiki/LocalSettings.php
   • /documents/room-documents/documents/databases/mysql/research_wiki/mediawiki/LocalSettings.php
   • /documents/room-documents/documents/databases/mysql/readme_wiki/mediawiki/LocalSettings.php
5. Login as root user ('mysql -u root') and create other database accounts:

   create database wikidb_notes;
   grant all on wikidb_notes.* to wikidb_notes@localhost identified by '<password>';
   
   create database wikidb_res;
   grant all on wikidb_res.* to wikidb_res@localhost identified by '<password>';
   
   create database wikidb_readme;
   grant all on wikidb_readme.* to wikidb_readme@localhost identified by '<password>';
   
   create database notes_wiki;
   grant all on notes_wiki.* to notes_wiki@localhost identified by '<password>';
   
   flush privileges;
   \q

6. Restore various database backups using:

   cd /documents/public_html/
   bunzip2 -k notes_wiki.sql.bz2
   cat notes_wiki.sql | mysql -u notes_wiki -p<password> notes_wiki
   rm -f notes_wiki.sql
   
   cd /documents/room-documents/documents/databases/mysql/notes_wiki/
   bunzip2 -k wikidb_notes.sql.bz2
   cat wikidb_notes.sql | mysql -u wikidb_notes -p<password> wikidb_notes
   rm -f wikidb_notes.sql
   
   cd /documents/room-documents/documents/databases/mysql/research_wiki
   bunzip2 -k wikidb_res.sql.bz2
   cat wikidb_res.sql | mysql -u wikidb_res -p<password> wikidb_res
   rm -f wikidb_res.sql
   
   cd /documents/room-documents/documents/databases/mysql/readme_wiki
   bunzip2 -k wikidb_readme.sql.bz2
   cat wikidb_readme.sql | mysql -u wikidb_readme -p<password> wikidb_readme
   rm -f wikidb_readme.sql

7. Install required packages for php and php-mysql:

   yum -y install php-mysqlnd php php-xml httpd mod_ssl php-mbstring php-json

8. Restart and enable httpd:

   systemctl restart httpd
   systemctl enable httpd

Setup postgreSQL databases

1. Install postgreSQL and start DB

   yum -y install postgresql postgresql-server
   postgresql-setup --initdb --unit postgresql
   systemctl start postgresql
   systemctl enable postgresql

2. Restore postgreSQL configuration file to allow password based logins:

   mv /var/lib/pgsql/data/pg_hba.conf /var/lib/pgsql/data/pg_hba.conf-old
   sudo ln -s /documents/room-documents/documents/general/configuration_files/pg_hba.conf /var/lib/pgsql/data/
   sudo chown postgres:postgres /documents/room-documents/documents/general/configuration_files/pg_hba.conf
   systemctl restart postgresql

3. Read existing DB password in
   • /documents/room-documents/public_html/bookworm/global/library/global_common.php
4. Use below to create required databases:

   sudo su - postgres
   psql
   
   CREATE USER saurabh WITH NOSUPERUSER NOCREATEDB LOGIN ENCRYPTED PASSWORD '<password>';
   CREATE DATABASE saurabh WITH OWNER=saurabh;
   
   CREATE USER sen WITH NOSUPERUSER NOCREATEDB LOGIN ENCRYPTED PASSWORD '<password>';
   CREATE DATABASE sen WITH OWNER=sen;
   \q
   
   exit

5. Restore various database backups using:

   cd /documents/room-documents/documents/databases/pgsql/
   psql -U saurabh -d saurabh < saurabh_saurabh.sql
   
   # cd /documents/room-documents/documents/databases/pgsql/
   # bunzip2 -k sen.sql.bz2
   # psql -U sen -d sen < sen.sql
   # rm -f sen.sql

   Note that localhost/bookworm does not seems to work with latest php packages

6. Install php postgresql libraries:

   yum -y install php-pgsql
   systemctl restart httpd

Configure lxc

• CentOS 8.x install lxc

Configure backups for localhost and AWS VMs

1. Install required packages

   yum -y install rsnapshot sshpass

2. Create rsnapshot root folder:

   mkdir -p /mnt/data1/large_files/rsnapshot_backups/

3. Edit /etc/rsnapshot.conf as follows ***TABS and not spaces***

   snapshot_root	/mnt/data1/large_files/rsnapshot_backups/
   no_create_root	1
   
   cmd_ssh	/usr/bin/ssh
   
   retain	hourly	6
   retain	daily	7
   retain	weekly	5
   retain	monthly	3
   
   logfile	/var/log/rsnapshot
   
   link_dest	1
   
   backup	/etc/		rekallcm1/
   backup	/root/		rekallcm1/
   backup  /var/log/	rekallcm1/
   
   backup	/mnt/data1/erlang/		rekallcm1/
   backup	/mnt/data1/personal/		rekallcm1/
   backup	/mnt/data1/plain_folders/	rekallcm1/
   backup	/mnt/data1/workspace/		rekallcm1/
   backup	/mnt/data1/setup/		rekallcm1/
   backup	/mnt/data1/windows_setup/	rekallcm1/
   
   backup_script	/usr/bin/sshpass -p <password> mysqldump -u root -p wikidb_notes | bzip2  > /documents/room-documents/documents/databases/mysql/notes_wiki/wikidb_notes.sql.bz2		rekallcm1/.ignore1/
   backup_script	/usr/bin/sshpass -p <password> mysqldump -u root -p wikidb_res | bzip2  > /documents/room-documents/documents/databases/mysql/research_wiki/wikidb_res.sql.bz2		rekallcm1/.ignore2/
   backup_script	/usr/bin/sshpass -p <password> mysqldump -u root -p wikidb_readme | bzip2  > /documents/room-documents/documents/databases/mysql/readme_wiki/wikidb_readme.sql.bz2	rekallcm1/.ignore3/
   #Notes_wiki backup is taken by /documents/public_html/update.sh manually
   
   
   # sbarjatiya.com
   backup		root@sbarjatiya.com:/etc/		sbarjatiya.com/
   backup		root@sbarjatiya.com:/home/		sbarjatiya.com/
   backup		root@sbarjatiya.com:/root/		sbarjatiya.com/
   
   # mail.rekallsoftware.com
   backup		root@mail.rekallsoftware.com:/etc/	mail.rekallsoftware.com/
   backup		root@mail.rekallsoftware.com:/home/	mail.rekallsoftware.com/
   backup		root@mail.rekallsoftware.com:/root/	mail.rekallsoftware.com/
   backup		root@mail.rekallsoftware.com:/var/www/html/	mail.rekallsoftware.com/
   
   # km.rekallsoftware.com
   backup		root@km.rekallsoftware.com:/etc/	km.rekallsoftware.com/
   backup		root@km.rekallsoftware.com:/home/	km.rekallsoftware.com/
   backup		root@km.rekallsoftware.com:/root/	km.rekallsoftware.com/

4. Create root ssh keys
   1. ssh-keygen
   2. Allow authorized access for root to
      • sbarjatiya.com
      • mail.rekallsoftware.com
      • km.rekallsoftware.com
   3. SSH as root to all the above servers and accept ssh fingerprint
5. Test backups using

   rsnapshot hourly

6. Edit root crontab using 'crontab -e' and use:

   0 0,4,8,12,16,20 * * *       /usr/bin/rsnapshot hourly
   45 23 * * *       /usr/bin/rsnapshot daily
   30 23 * * 0       /usr/bin/rsnapshot weekly
   15 23 1 * *       /usr/bin/rsnapshot monthly

Take fresh full backup

Take full backup on external hdd

Take fresh full backup on external hdd using:

umount /dev/sdd1
mkdir -p /mnt/usb
mount /dev/sdd1 /mnt/usb

mkdir yyyy-mm-dd-rekallcm1-backup
cd yyyy-mm-dd-rekallcm1-backup

mkdir -p mnt/data1
rsync -aH --delete /etc/  etc/
rsync -aH --delete /home/  home/
rsync -aH --delete /root/ root/
rsync -aH --delete --exclude '/cache' /var/ var/
rsync -aH --delete --exclude '/large_files' /mnt/data1/  mnt/data1/

Refer:

• https://unix.stackexchange.com/questions/83394/rsync-exclude-directory-not-working

Home > CentOS > CentOS 8.x > System Administration > New machine configuration > CentOS 8.x Configure rekallcm1 (high-end desktop) with software raid, lxc, kvm and other utilities