CentOS 8 - Installation instructions¶

Before you start¶

Check that your machine is properly registered (in case it is on the CERN network)
Check that CERN Domain Name Service is updated for your machine (in case it is in the CERN network):

host yourmachine command should return an answer.

Check that your machine meets minimum system requirements
Memory: Minimum 2 GB (system will run with 1 GB but performance will be affected)
Disk space: 10 GB (including 1 GB user data) for default setup ( 1 GB for minimal setup)
Please see Network/PXE installation procedure at: Linux Installation, IF YOU USE it you may skip following points up to the system installation.
Prepare boot media (you will need a single recordable CD or USB memory key). (Check the boot media preparation page for instructions how to prepare (and check) your boot media.)
Available boot media - boot CD/USB image http://linuxsoft.cern.ch/cern/centos/s8/BaseOS/x86_64/os/images/boot.iso (CentOS Stream 8) or http://linuxsoft.cern.ch/cern/centos/8/BaseOS/x86_64/os/images/boot.iso (CentOS Linux 8)
Installation method - http: http://linuxsoft.cern.ch/cern/centos/s8/BaseOS/x86_64/os (CentOS Stream 8) or http://linuxsoft.cern.ch/cern/centos/8/BaseOS/x86_64/os (CentOS Linux 8)
Note: use CD/USB image installation method ONLY if Network/PXE installation is not possible.

System installation¶

Installation language and keyboard selection:

Language and keyboard selection

Select 'Installation Destination', 'Date & Time', 'Installation Source' and 'Software Selection' are already preselected:

main screen

Select the device to be used for the installation:

Select Device

If selected device has been already used for previous version of operating system use 'Reclaim space':

Reclaim space

Select 'Begin installation':

Begin Installation

Set 'root' (administrative account) password. Note: 'User creation' option creates only local user accounts, NOT CERN accounts. Once completed, click on reboot to reboot the system:

Set root password and create user

Manual post-install configuration adjustment¶

If you have selected not to run X graphical environment on your machine, or you have installed system using kickstart and you want to apply site configuration settings, here is a short recipe:

Install Locmap
Run dnf install locmap-release
Run dnf install locmap
AFS client:
Run /usr/bin/locmap --enable afs
Run /usr/bin/locmap --enable kerberos
Run /usr/bin/locmap --configure all
Automatic update system (can also be set for machines outside CERN network)
Run dnf install dnf-autoupdate
Apply CERN site configuration defaults Run for module in afs chrony cvmfs kerberos lpadmin postfix ssh sudo; do sudo locmap --enable $module; done followed by /usr/bin/locmap --configure all to configure all locmap modules in your system

You can use /usr/bin/locmap --list to check all the available puppet modules with their current state.

Configure CVMFS filesystem
Run /usr/bin/locmap --enable cvmfs to enable the cvmfs puppet module
and then run /usr/bin/locmap --configure cvmfs to setup CVMFS filesystem
Check currently running/enabled services:
via /usr/bin/systemctl list-units
turn off those services you do not need: /usr/bin/systemctl stop servicename; /usr/bin/systemctl disable servicename
turn on other services (once you configured them) via /usr/bin/systemctl enable servicename
To immediately start the service, use /usr/bin/systemctl start servicename

Locmap default puppet modules will configure user accounts, root access, printers¶

After the successfull installation and initial configuration of the system, if the computer is on the CERN network and you chose the default options locmap script should have already create user accounts, provide root access, add printers, ... based on the Xldap information of the device. Otherwise as root, run:

/usr/bin/locmap --configure all

This will:

Forward root e-mails to the LanDB responsible by updating /root/.forward
Configure /root/.k5login to allow Kerberized root access for the LanDB responsible
Configure /etc/sudoers to allow sudo root access for the LanDB responsible
Add AFS accounts for the LanDB responsible and main users.
Add printers in the building(s) where the machine resides and where the LANdb responsible and main users have their offices.

Note that this tool expands E-groups.

Alternatively, you can (as root):

run /usr/sbin/addusercern my_login_id to add AFS user accounts
edit /root/.forward to forward e-mails sent to the root account, and make sure the SElinux context is correct. Example:

# cat /root/.forward
User.Name@cern.ch
# restorecon /root/.forward
# ls -Z /root/.forward
-rw-r--r--. root root system_u:object_r:mail_home_t:s0 /root/.forward

edit /root/.k5login to allow kerberized root logins, and make sure the SElinux context is correct. Example:

# cat /root/.k5login
my_login_id@CERN.CH
# restorecon /root/.k5login
# ls -Z /root/.k5login
-rw-r--r--. root root system_u:object_r:krb5_home_t:s0 /root/.k5login

* add centrally managed printers with /usr/sbin/lpadmincern printername --add A list of all printers available at CERN in given building can be obtained using: # /usr/sbin/lpadmincern --building XXXX --list

Applying software updates¶

You should update your system immediately after its installation: Eventual security errata and bug fixes will be applied this way before you start using it.

As root run:

/usr/bin/dnf -y update

to apply all available updates.