Difference between revisions of "Upgrading to Centos 7"

From Nuclear Physics Group Documentation Pages
Jump to navigationJump to search
Line 11: Line 11:
 
* Setting up bridge networking took a bit. The complication was that I just used "ifup" and "ifdown", and did not use "systemctl restart network".  
 
* Setting up bridge networking took a bit. The complication was that I just used "ifup" and "ifdown", and did not use "systemctl restart network".  
 
* Setting up sssd: The ldap authentication did not work when using TLS, because the MD5 encrypted certificate is no longer accepted. We need new certificates! For now, connect with ldap: instead of ldaps:
 
* Setting up sssd: The ldap authentication did not work when using TLS, because the MD5 encrypted certificate is no longer accepted. We need new certificates! For now, connect with ldap: instead of ldaps:
 +
** That does not appear to work for automount. Darn it!
 +
* Copied more sane iptable rules from endavour, including blacklist.

Revision as of 01:45, 11 October 2015

LOG for upgrade of the Gourd server hardware to Centos 7.

Initial

  • Gourd would not boot from a USB stick. It seems the HW doesn't support this, though it is also possible the fault is with the front USB port. Boot from installer DVD.
  • Standard server install
  • No ethernet driver: nForce ethernet "forcedeth" not available, use the kmod-forcedeth driver from elrepo.org: http://elrepo.org/linux/elrepo/el7/x86_64/RPMS/kmod-forcedeth-0.64-1.el7.elrepo.x86_64.rpm
  • Note that Centos 7 (i.e. RHEL 7) comes standard with "firewalld". Not wanting to bother with "yet another config system for firewalls (tm)", this was disabled in favor of good old iptables, which is the underlaying system anyway. This policy may change int he future. (To disable firewalld: "systemctl stop firewalld ; systemctl mask firewalld'. To setup iptables: "yum install iptables-services; systemctl enable iptables", and then of course, configure the tables.)
  • Network interfaces are now renamed to a "consistent scheme" see: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Networking_Guide/ch-Consistent_Network_Device_Naming.html
  • FARM network = enp0s8 = farm UNH network=enp0s9 = unh
  • Setting up bridge networking took a bit. The complication was that I just used "ifup" and "ifdown", and did not use "systemctl restart network".
  • Setting up sssd: The ldap authentication did not work when using TLS, because the MD5 encrypted certificate is no longer accepted. We need new certificates! For now, connect with ldap: instead of ldaps:
    • That does not appear to work for automount. Darn it!
  • Copied more sane iptable rules from endavour, including blacklist.