FEDORA
Folders and files
Name | Name | Last commit message | Last commit date | |
---|---|---|---|---|
parent directory.. | ||||
TODO: give remote machine a name like "dullon" or something so I don't keep have to say "remote" and "brighton" TODO: add disclaimer re these are my experiences AND you should not follow instructions blindly AND especially not run commands blindly AND especially not as root. No intentional malicious code, but blindly running stuff hurts you and other-- botnet TODO: note that I focus on LVM thingy but most people won't run into it unless they try to install one on media first another media later NOTE: any reference to "this directory" or "here" refers to https://github.com/barrycarter/bcapps/blob/master/FEDORA/ NOTE: the "local" machine is the one to which you are installing Fedora 24; the "remote" machine is any Linux machine from which you are performing the install. NOTE: I will sometimes refer to "Fedora 24" as "Fedora Core 24" because many of the package names still have "fc24" in them. NOTE: during graphical boot, hit ESC to see what system is actually doing NOTE: if any step fails, reboot and try to backup (or reinstall) to the failing step NOTE: in some cases, ssh to brighton works even during bootup error NOTE TO SELF: I have Fedora 24 installed to both P0: and P2: but should boot from P0: if not automatic NOTE: some of my commands in both this file and other files in this directory either print out something you can pipe to sh or use options like rsync's "-n" to do test runs. This is so you can see what a command does before actually running it. When ready to run, either pipe to sh or remove the dry run option as applicable NOTE: just after initial install, you won't have many editors available (probably just ex and vi), so I give commands like: echo something >> filename In reality, you should always look at filename to make sure you're not destroying anything. If you want to "cheat", you may choose to install a better editor before continuing installation. %% TODO: construct list of services and ps -ef that fedora brings up by default (ultimately, it's all about the processes) and whittle from there % OPTIONAL: if your reinstall several times while testing, you might see the same boot entry repeatedly in BIOS; to fix this, use "efibootmgr" from fedora (thanks htBBtp://superuser.com/questions/582445/gigabyte-uefi-dualbios-lingering-boot-option) [note: you may need to "modprobe efivars", which should occur automatically after runme.sh anyway] sudo efibootmgr -v;: to see options : to see if you have one boot option multiple times sudo efibootmgr -v | perl -pnle 's/^\S+\s+//' | sort | uniq -c | sort -nr : note to self: I have one partition listed 93 times, wowsers! sudo efibootmgr -v | fgrep 'redundant partition' | perl -anle '$F[0]=~s/^Boot//; $F[0]=~s/\*//; print $F[0]' : remove ALL BUT ONE of above -- being safe below sudo efibootmgr -v | fgrep 'redundant partition' | perl -anle '$F[0]=~s/^Boot//; $F[0]=~s/\*//; print $F[0]' | tail -n +10 | xargs -n 1 efibootmgr -B -b : you may also want to use "ssh -o "UserKnownHostsFile /dev/null" : root@brighton" remotely to avoid the "WARNING: REMOTE HOST : IDENTIFICATION HAS CHANGED!" message each time %% TODO: disclaim order of steps, multiple tries [or do additional reinstalls to test final file] %% TODO: last minute final sync from old machine to brighton, after all filechanging processes have been stopped forever %% TODO: move files in this directory to the proper places on brighton (or symlink) [many done, but need to make sure all done] This document describes how I (mostly remotely) created a minimal Fedora 24 system (no gnome, no evolution, no unnecessary daemons) running fvwm2 Download Fedora 24 from https://getfedora.org/en/workstation/download/, burn it to a DVD or USB stick, and boot from the DVD or USB stick. When prompted, click "Install" to install Fedora 24 on your hard disk. Create a root password and another user (called "user") with no password. OPTIONAL: if you are installing Fedora to a solid-state drive (SSD), and want the /home and /root directories on another drive, partition as follows: - Set the /home partition to 5GiB. We will symlink to the big drive drive later. - Delete the swap partition; we will create it below later - Leave the /boot and /boot/efi partitions as is. - Give the remaining space to the / partition, but leave at least 20GiB: you probably won't need it, but the dnf installs below total ~9GiB, so you just might if you install even more stuff. After removing the installation media and rebooting, login as user. You will now be in the GNOME environment. Now: % Go to the top right of the screen, click the down arrow, and choose the settings icon at the bottom left of the pulldown menu. % Select "Sharing", and turn on Sharing in general and "Remote Login" specifically (even though you're logged in as the passwordless 'user' account, this will turn on ssh for root) % On your remote machine (not the one on which you're installing Fedora Core 24), add the machine's IP address to /etc/hosts something like this: 192.168.0.3 brighton This will let you refer to the machine as "brighton" instead of having to type out the IP address each time. Of course, make sure you use the machine's actual IP address, which probably won't be 192.168.0.3 in your case. % OPTIONAL: If you have an encrypted non-boot drive (I'm naming mine kemptown), do the following (note use your LVM's actual name below-- if you previously tried installing fedora this other drive, your LVMs will have the same name, which you will have to fix-- see "lvm-name-conflict.txt" in this directory): : initially, there is no "/etc/cryptsetup" and "/etc/crypttab" reads: : luks-id-of-root-partition UUID=id-of-root-partition none cryptsetup open /dev/sdb3 kemptown less /etc/cryptsetup echo "luks /dev/sdb3 -" > /etc/cryptsetup less /etc/crypttab blkid | fgrep /dev/sdb3 : this must be an append, since main drive should appear there first echo "luks UUID=the-uuid-given-by-blkid-for-dev-sdb3 none" >> /etc/crypttab less /etc/fstab echo "/dev/mapper/oldfedora-home /mnt/kemptown ext4 defaults,x-systemd.device-timeout=30 60 90" >> /etc/fstab mkdir /mnt/kemptown mount /mnt/kemptown % If you installed Fedora on your large internal drive first and then tried to move the installation to an SSD drive, the steps above may not work properly: read lvm-name-conflict.txt in this directory to continue % create swapspace on /mnt/kemptown/swapspace (TODO: there may be better ways of doing this but I'm wary of messing w/ my 8TB drive since I've copied stuff over and made changes) : only need to do two steps below once dd if=/dev/zero of=/mnt/kemptown/swap bs=1000000000 count=128 status=progress& mkswap /mnt/kemptown/swap : below as recommended chmod 0600 /mnt/kemptown/swap less /etc/fstab echo "/mnt/kemptown/swap swap swap defaults 0 0" >> /etc/fstab swapon /mnt/kemptown/swap % OPTIONAL: move user's home to /mnt/kemptown: : if below reports "userdel: user user is currently used by process : xxxx", kill process xxxx (potentially repeatedly) until the command : succeeds userdel user; find /home/user -type f : above should be tiny(ish) rm -rf /home/user; useradd -d /mnt/kemptown/user -g wheel -u 1000 user passwd user ln -s /mnt/kemptown/user /home : move root over as well mv /root /root.old ln -s /mnt/kemptown/root /root % From remote machine, rsync over BCGIT to brighton, since I will use symlinks to get things in their proper place \rsync -Pav /home/barrycarter/BCGIT user@brighton:/home/user/ : and rsync over my private crontab, one of the few files not in this directory \rsync -Pav /home/barrycarter/bc-private-crontab user@brighton:/home/user/ % seriously consider removing /root/.cpan and /root/.cpanm to avoid screwing up the cpan install (if you've defined it previously) [current runme.sh doesn't do any cpan so probably not relevant] % configure /etc/dnf/dnf.conf to keep downloaded packages (since I delete and re-install the same package multiple times sometimes) by adding this line under "[main]": less /etc/dnf/dnf.conf : change "clean_requirements_on_remove=True" to False echo "keepcache=1" >> /etc/dnf/dnf.conf % OPTIONAL: since I install multiple times, move /var/cache to main 8TB drive that remains unchanged between reinstalls : if youve done this once, no need to do it again mkdir -p /mnt/kemptown/var/ sudo mv /var/cache/ /mnt/kemptown/var/ : if youve done this previously youll need to remove the pristine : /var/cache on every new install sudo ln -s /mnt/kemptown/var/cache /var/ % stop selinux by editing /etc/selinux/config and change "SELINUX=enforcing" to "SELINUX=disabled" % reboot (required so that selinux is off; this is required to turn auditd off) [actually, even this may not work] % Then run the commands in runme.sh : below should do everything automatically, but MAY require user intervention chmod +x /home/user/BCGIT/FEDORA/runme.sh sudo sh -c '/home/user/BCGIT/FEDORA/runme.sh 1>/runme.out 2>/runme.err'& : NOTE: if the command above hangs and requests the disk encryption : password, kill it and rerun it : you may need to kill /usr/bin/systemd-tty-ask-password-agent pgrep systemd-tty-ask | xargs ps -wwwl : and then kill %% TODO: remove apostrophes in ":" style comments, they break cut/paste; make sure multi-line ":" comments have a ":" at the start of each line (also parentheses and other odd chars (since shell expansion still works?) % things we must build manually (not in any good repo) : NOTE: must install fly 1.6.5 -- version 2.0.1 breaks bc-bg.pl methodology : get fly from link on http://www.w3perl.com/fly/installation.html cd /root/build cp ~user/Downloads/fly-1.6.5.tar.gz . tar xvfz fly-1.6.5.tar.gz cd fly-1.6.5 make cp fly /usr/local/bin/ % I prefer the tcsh for both user and root though some believe this isn't a good idea (so not putting in runme.sh): chsh -s /bin/tcsh root chsh -s /bin/tcsh user % NOT WORKING: To setup passwordless ssh/rsync, add remote ssh key (in ~/.ssh/id_dsa.pub or similar on remote machine) to ~/.ssh/authorized_keys % reboot ("shutdown -r now") to bring up the system clean %% TODO: for some reason, I have to reboot twice to get "xinit" working properly % you will come up a "localhost login" or similar prompt, not a windows environment (you don't actually need to login locally) % Remotely, "ssh user@brighton" and start xinit& (TODO: this probably won't actually work -- must be at console to xinit&, but can then vncviewer in) %% TODO: for some reason, I must "cpan Digest::SHA1" separately after reboot (ok, it appears you have to install Test BEFORE Digest::SHA1, sheesh) %% TODO: lots of servicectl commands didn't run properly (?!) so running runme.sh again after reboot %% TODO: other fails: Math::BigFloat version 1.999718 required--this is only version 1.999715 Warning: Prerequisite 'Math::BigRat => 0.12' for 'PJACKLAM/bignum-0.44.tar.gz' failed when processing 'PJACKLAM/Math-BigRat-0.260805.tar.gz' with 'make_test => NO'. Continuing, but chances to succeed are limited. # Failed test 'use Net::Amazon::MechanicalTurk;' # at t/00-load.t line 6. # Tried to use 'Net::Amazon::MechanicalTurk'. %% TODO: run "dnf update" after installs? (or upgrade?) %% TODO: maybe add cpan -u BEFORE the main cpan command (so the cpan works better?) %% TODO: do dnf install Perl packages interfere w cpan installed ones? (although the only thing I actually install is perl-cpan itself?) %% TESTING: cpan -u cpan Math::BigFloat Math::BigRat Math::BigInt |& tee /tmp/error.txt %% TODO: consider moving pgsql and mysql dirs to 8TB drive % INFO: you can use the following to see which services are still running: systemctl -t service | egrep 'loaded +active +running' % INFO: use "ps -ef | fgrep -v '['" to see the few remaining (nonbracketed) processes. You CANNOT safely kill or remove any of these (including "(sd-pam)") % then, remotely "ssh user@brighton" and then "sudo su" again % setup passwordless login FROM remote to local machine (so I can rsync in crontab passwordlessly); if you don't already have an RSA key (do this as user, it's more flexible): ssh-keygen -t rsa -b 2048 -f /home/user/.ssh/id_rsa (with no passphrase, since you'll need it for automated tasks) % DONE: find and reinstall parallel version that uses stdin (do NOT install moreutils-parallel) %% TODO: "ifconfig enp1s0 192.168.0.3 netmask 255.255.0.0" works to bring up network... how to put this in config file? (actually, that just brings up the local network), then need "ip route add default via 192.168.0.1" %% TODO: why not "dnf install '*'"? %% TODO: install nagios3 or upgrade my nagios stuff to 4... : this is just a one off-- for the future Ive removed nagios from dnf install : I can still keep nagios-plugins since theyre fundamentally similar cd /root/build curl -L -o nagios.tgz https://sourceforge.net/projects/nagios/files/nagios-3.x/nagios-3.5.1/nagios-3.5.1.tar.gz/download tar xvfz nagios.tgz cd nagios sh configure |& tee configure.out make all |& tee make.out make install %% TODO: symlink or otherwise get /usr/local/nagios/bin/nagios into my path %% TODO: tweak local machine /etc/hosts file since many of my aliases depend on short hostnames (or tweak aliases) %% OPTIONAL: install sources of everything I've got installed and their dependencies (excluding those things that "dnf list installed" gives but aren't actually packages) : if using SSD, make these symlinks on big drive mkdir /root/dnf-sources cd /root/dnf-sources : see dnf-source-exclusions.txt in this directory dnf list installed|perl -anle 'print $F[0]'|sort -u|fgrep -vf dnf-source-exclusions.txt | xargs dnf download --source rpm -i *.rpm : the results are in /root/rpmbuild/SOURCES/ % INFO: to see how much space dnf installed packages take up: : note that I could make this a pipe but its useful to do in steps dnf list installed|perl -anle 'print $F[0]'|sort -u > /tmp/dnf-installed.txt xargs rpm -ql < /tmp/dnf-installed.txt | sort | uniq > /tmp/dnf-files.txt xargs wc -c < /tmp/dnf-files.txt | egrep ' total$' |tee /tmp/dnf-wc-totals.txt : for me this is 8786074786 or about 8.8 GiB % edit /etc/mail/sendmail.mc define(`SMART_HOST', `smtp.comcast.net')dnl % NOTE: you can run "make" after the above (in /etc/mail), but starting sendmail does this automatically % import postgres data : on current machine pg_dumpall > pgsql-super-dump.txt : rsync over to brighton (not shown) : on brighton sudo -u postgres psql < /tmp/pgsql-super-dump.txt : "psql -d main" should now work as "user" % import mysql data : on current machine mysqldump --all-databases > mysql-super-dump.txt : rsync over to brighton (not shown) sudo mysql < /tmp/mysql-super-dump.txt %% TODO: mysql, even with dump above, does not appear to have same users; however "mysql -u root" works as user % OK to rsync over /etc/httpd/conf and /etc/httpd/conf.d but not other httpd related files. Comment out any lines like (use "apachectl configtest" to find these): # LoadModule authn_file_module modules/mod_authn_file.so # LoadModule authn_alias_module modules/mod_authn_alias.so # LoadModule authn_anon_module modules/mod_authn_anon.so # LoadModule authn_dbm_module modules/mod_authn_dbm.so # LoadModule authn_default_module modules/mod_authn_default.so # LoadModule authz_host_module modules/mod_authz_host.so # LoadModule authz_user_module modules/mod_authz_user.so # LoadModule authz_owner_module modules/mod_authz_owner.so # LoadModule authz_groupfile_module modules/mod_authz_groupfile.so # LoadModule authz_dbm_module modules/mod_authz_dbm.so # LoadModule authz_default_module modules/mod_authz_default.so # LoadModule disk_cache_module modules/mod_disk_cache.so % In /etc/httpd/conf.d, remove (or move to DISABLED subdir) mod_dnssd.conf : remove -n for production \rsync -avxn /etc/httpd/conf /etc/httpd/conf.d root@brighton:/etc/httpd/ % Reboot once again, login, run "sh startup-nox.csh" and "xinit &" % You can then return to remote access using "vncviewer -geometry 1024x768 brigton&" %% TODO: copy my .fvwm2rc file over into this dir after I get it working right on brighton live editing %% TODO: post this to wp with a link to github; google doesn't index github well %% TODO: passwordless cross machine ssh (and thus rsync) % DONE: get dnsmasq working %% TODO: consider wiping /root/.cpan before running cpan command at least once (garbage?) %% TODO: find information command for listing which cpan modules I have installed (it's "cpan -l", now use it and "dnf list installed" to print out reports somewhere to make sure they do what they say they do) %% TODO: get local httpd working %% TODO: make sure bcgit alias works %% TODO: some files still have selinux attrs, remove these?: brighton:~$ attr -l . Attribute "selinux" has a 41 byte value for . : however Could not get "selinux" for . %% TODO: fedora assumes same passphrase for multiple encrypted disks? %% TODO: install and run skype %% TODO: if copying over cron jobs, change old machine name to new machine name %% TODO: redirect cron output somewhere useful or setup sendmail properly %% TODO: setup sendmail properly using comcast servers %% TODO: get nagios working %% TODO: check for broken symlinks %% TODO: check personal file I had for bringing this machine up % TIP: Found an inconsistenty between dnf-installs.sh and runme.sh; resolving them as follows and then remove dnf-installs.s fgrep 'sudo dnf install' dnf-installs.sh | perl -anle 'print join("\n",@F)' | sort | uniq > /tmp/dnf.txt fgrep 'sudo dnf -y install' runme.sh | perl -anle 'print join("\n",@F)' | sort | uniq > ! /tmp/runme.txt diff /tmp/dnf.txt /tmp/runme.txt comm -13 /tmp/runme.txt /tmp/dnf.txt