Re: [PLUG] CentOS 6 to 7 migration
Thanks to everyone for the feedback. The migration is far from complete, but at least I have my email running. Here are a few random things I've learned thus far: I used Clonezilla to copy my old CentOS 6 install to another disk so I could keep it as a backup and reference. I thought Clonezilla would speed up the copy, but apparently it has no deep knowledge of LVM. dd or ddrescue would likely have been just as fast. Dropping a UEFI-based disk into a new machine requires telling the UEFI firmware(aka the BIOS) where to find the boot image. It's somewhat difficult to find documentation on what all is included in the various Software Selection options in the CentOS 7 install. The migration involves changing UID and GID for a few users. Perhaps unsurprisingly, rsync and GNU tar just do the right thing unless specifically instructed otherwise. I was using dovecot-lda for local mail delivery. All the cool kids now use dovecot LMTP for local delivery. Apparently the cool kids also have only virtual users, otherwise the Dovecot documentation would tell you that the following change needs to be made in 10-auth.conf if you have local users. #auth_username_format = %Lu auth_username_format = %n The Let's Encrypt certbot makes it pretty easy to get SSL certificates for your postfix and dovecot servers (and of course your web server). However, you are likely to find some old info on the web describing how to use tls-sni for the '--preferred-challenges' argument. As of mid-January, tls-sni is no longer supported, as there was some sort of fundamental security flaw. If you are currently using tls-sni for renewals, that still works, but you should check into if or when it will also be disabled. Thunderbird defaults to downloading all email, even if you are using IMAP. I suppose that's a reasonable default, and maybe I knew it at one time, but that means I had two copies of every email in my home directory (Maildir plus Thunderbird's storage, 5.7GB + 5.7GB). Now I know which Thunderbird files need to be deleted to clean things up. galen ___ PLUG mailing list PLUG@pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] CentOS 6 to 7 migration
On Fri, 9 Feb 2018, Galen Seitz wrote: Hi, My task for this weekend is to install CentOS 7 on my primary machine. It's currently running CentOS 6, so after tonight's backup I will perform the 7 install. I've done other installs of 7, but this will be the first of a machine that is running important stuff. Here are some of the services that I currently have running. Among these, ssh, postfix, and dovecot are the most critical. The others can be brought up on an as needed basis. For ssh, you may want to update the Ciphers, KexAlgorithms, and MACs directives in sshd_config -- especially if your client machines all have recent ssh versions. I suggest ensuring that your HostKey list includes the rsa and ed25519 keys but omits dsa and ecdsa. Similar changes can be made to user-specific ~/.ssh/config file, especially the directives that specify protocol and cipher strength: Ciphers, HostbasedKeyTypes, HostKeyAlgorithms, KexAlgorithms, MACs. For dovecot, check your ssl_* settings. Disable SSLv2 and SSLv3 in ssl_protocols and ensure a strong ssl_cipher_list. I don't use postfix, so you're on your own there. For other services, httpd has bumped from Apache 2.2 to 2.4; there's a good possibility you'll need to change some modules and directives. If you use mod_ssl, consider verifying your configuration: https://www.ssllabs.com/ssltest/ -- Paul Heinlein heinl...@madboa.com 45°38' N, 122°6' W___ PLUG mailing list PLUG@pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] CentOS 6 to 7 migration
While you are at it - automate the setup/config - it will be great asset to you when you need to repeat or extend it. I second - systemd was the biggest change when I moved on a few years ago. While I do not necessarily like its monolith architecture - I find it pretty easy to work with. Systend is actually quite similar across different distros, which is nice. T On Feb 9, 2018 7:55 PM, "Larry Brigman" wrote: The biggest learning curve is systemd. If you have service scripts for things, you will need to convert them. Also file system defaults to xfs. NFS also goes to the next version. On Feb 9, 2018 3:53 PM, "Galen Seitz" wrote: > Hi, > > My task for this weekend is to install CentOS 7 on my primary machine. > It's currently running CentOS 6, so after tonight's backup I will > perform the 7 install. I've done other installs of 7, but this will be > the first of a machine that is running important stuff. > > Here are some of the services that I currently have running. Among > these, ssh, postfix, and dovecot are the most critical. The others can > be brought up on an as needed basis. > > cups0:off 1:off 2:on3:on4:on5:on6:off > denyhosts 0:off 1:off 2:on3:on4:on5:on6:off > dovecot 0:off 1:off 2:on3:on4:on5:on6:off > fail2ban0:off 1:off 2:off 3:on4:on5:on6:off > httpd 0:off 1:off 2:on3:on4:on5:on6:off > postfix 0:off 1:off 2:on3:on4:on5:on6:off > postgresql 0:off 1:off 2:on3:on4:on5:on6:off > smb 0:off 1:off 2:on3:on4:on5:on6:off > sshd0:off 1:off 2:on3:on4:on5:on6:off > > If you've learned anything relevant from performing a CentOS, Scientific > Linux, or RHEL migration, I'd love to hear it. I've read through the > Redhat Migration Guide, but I'd be interested in hearing any other words > of wisdom regarding the move from 6 to 7. > > Thanks! > galen > -- > Galen Seitz > gal...@seitzassoc.com > ___ > PLUG mailing list > PLUG@pdxlinux.org > http://lists.pdxlinux.org/mailman/listinfo/plug > ___ PLUG mailing list PLUG@pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug ___ PLUG mailing list PLUG@pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] CentOS 6 to 7 migration
The biggest learning curve is systemd. If you have service scripts for things, you will need to convert them. Also file system defaults to xfs. NFS also goes to the next version. On Feb 9, 2018 3:53 PM, "Galen Seitz" wrote: > Hi, > > My task for this weekend is to install CentOS 7 on my primary machine. > It's currently running CentOS 6, so after tonight's backup I will > perform the 7 install. I've done other installs of 7, but this will be > the first of a machine that is running important stuff. > > Here are some of the services that I currently have running. Among > these, ssh, postfix, and dovecot are the most critical. The others can > be brought up on an as needed basis. > > cups0:off 1:off 2:on3:on4:on5:on6:off > denyhosts 0:off 1:off 2:on3:on4:on5:on6:off > dovecot 0:off 1:off 2:on3:on4:on5:on6:off > fail2ban0:off 1:off 2:off 3:on4:on5:on6:off > httpd 0:off 1:off 2:on3:on4:on5:on6:off > postfix 0:off 1:off 2:on3:on4:on5:on6:off > postgresql 0:off 1:off 2:on3:on4:on5:on6:off > smb 0:off 1:off 2:on3:on4:on5:on6:off > sshd0:off 1:off 2:on3:on4:on5:on6:off > > If you've learned anything relevant from performing a CentOS, Scientific > Linux, or RHEL migration, I'd love to hear it. I've read through the > Redhat Migration Guide, but I'd be interested in hearing any other words > of wisdom regarding the move from 6 to 7. > > Thanks! > galen > -- > Galen Seitz > gal...@seitzassoc.com > ___ > PLUG mailing list > PLUG@pdxlinux.org > http://lists.pdxlinux.org/mailman/listinfo/plug > ___ PLUG mailing list PLUG@pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
[PLUG] CentOS 6 to 7 migration
Hi, My task for this weekend is to install CentOS 7 on my primary machine. It's currently running CentOS 6, so after tonight's backup I will perform the 7 install. I've done other installs of 7, but this will be the first of a machine that is running important stuff. Here are some of the services that I currently have running. Among these, ssh, postfix, and dovecot are the most critical. The others can be brought up on an as needed basis. cups0:off 1:off 2:on3:on4:on5:on6:off denyhosts 0:off 1:off 2:on3:on4:on5:on6:off dovecot 0:off 1:off 2:on3:on4:on5:on6:off fail2ban0:off 1:off 2:off 3:on4:on5:on6:off httpd 0:off 1:off 2:on3:on4:on5:on6:off postfix 0:off 1:off 2:on3:on4:on5:on6:off postgresql 0:off 1:off 2:on3:on4:on5:on6:off smb 0:off 1:off 2:on3:on4:on5:on6:off sshd0:off 1:off 2:on3:on4:on5:on6:off If you've learned anything relevant from performing a CentOS, Scientific Linux, or RHEL migration, I'd love to hear it. I've read through the Redhat Migration Guide, but I'd be interested in hearing any other words of wisdom regarding the move from 6 to 7. Thanks! galen -- Galen Seitz gal...@seitzassoc.com ___ PLUG mailing list PLUG@pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug