Skip to content

CentOS 8 - Installation instructions

Before you start

  • Check that your machine is properly registered (in case it is on the CERN network)

  • Check that CERN Domain Name Service is updated for your machine (in case it is in the CERN network):

host yourmachine command should return an answer.

  • Check that your machine meets minimum system requirements

  • Memory: Minimum 2 GB (system will run with 1 GB but performance will be affected)

  • Disk space: 10 GB (including 1 GB user data) for default setup ( 1 GB for minimal setup)

  • Please see Network/PXE installation procedure at: Linux Installation, IF YOU USE it you may skip following points up to the system installation.

  • Prepare boot media (you will need a single recordable CD or USB memory key). (Check the boot media preparation page for instructions how to prepare (and check) your boot media.)

  • Available boot media - boot CD/USB image

  • Installation method - http:

  • Note: use CD/USB image installation method ONLY if Network/PXE installation is not possible.

System installation

Installation language and keyboard selection:

Language and keyboard selection

Select 'Installation Destination', 'Date & Time', 'Installation Source' and 'Software Selection' are already preselected:

main screen

Select the device to be used for the installation:

Select Device

If selected device has been already used for previous version of operating system use 'Reclaim space':

Reclaim space

Select 'Begin installation':

Begin Installation

Set 'root' (administrative account) password. Note: 'User creation' option creates only local user accounts, NOT CERN accounts. Once completed, click on reboot to reboot the system:

Set root password and create user

Manual post-install configuration adjustment

If you have selected not to run X graphical environment on your machine, or you have installed system using kickstart and you want to apply site configuration settings, here is a short recipe:

  • Install Locmap
  • Run dnf install locmap-release
  • Run dnf install locmap

  • AFS client:

  • Run /usr/bin/locmap --enable afs
  • Run /usr/bin/locmap --enable kerberos
  • Run /usr/bin/locmap --configure all

  • Automatic update system (can also be set for machines outside CERN network)

Edit /etc/sysconfig/yum-autoupdate and set: * YUMUPDATE=0 to be informed about available updates (by e-mail to root) * YUMUPDATE=1 for the automatic updates to be applied Next configure automatic update system: * /usr/bin/systemctl enable yum-autoupdate

  • Apply CERN site configuration defaults Run for module in afs chrony cvmfs kerberos lpadmin postfix ssh sudo; do sudo locmap --enable $module; done followed by /usr/bin/locmap --configure all to configure all locmap modules in your system

You can use /usr/bin/locmap --list to check all the available puppet modules with their current state.

  • Configure CVMFS filesystem
  • Run /usr/bin/locmap --enable cvmfs to enable the cvmfs puppet module
  • and then run /usr/bin/locmap --configure cvmfs to setup CVMFS filesystem

  • Check currently running/enabled services:

  • via /usr/bin/systemctl list-units
  • turn off those services you do not need: /usr/bin/systemctl stop servicename; /usr/bin/systemctl disable servicename
  • turn on other services (once you configured them) via /usr/bin/systemctl enable servicename
  • To immediately start the service, use /usr/bin/systemctl start servicename

Locmap default puppet modules will configure user accounts, root access, printers

After the successfull installation and initial configuration of the system, if the computer is on the CERN network and you chose the default options locmap script should have already create user accounts, provide root access, add printers, ... based on the Xldap information of the device. Otherwise as root, run:

/usr/bin/locmap --configure all

This will:

  • Forward root e-mails to the LanDB responsible by updating /root/.forward
  • Configure /root/.k5login to allow Kerberized root access for the LanDB responsible
  • Configure /etc/sudoers to allow sudo root access for the LanDB responsible
  • Add AFS accounts for the LanDB responsible and main users.
  • Add printers in the building(s) where the machine resides and where the LANdb responsible and main users have their offices.

Note that this tool expands E-groups.

Alternatively, you can (as root):

  • run /usr/sbin/addusercern my_login_id to add AFS user accounts

  • edit /root/.forward to forward e-mails sent to the root account, and make sure the SElinux context is correct. Example:

# cat /root/.forward
# restorecon /root/.forward
# ls -Z /root/.forward
-rw-r--r--. root root system_u:object_r:mail_home_t:s0 /root/.forward
  • edit /root/.k5login to allow kerberized root logins, and make sure the SElinux context is correct. Example:

# cat /root/.k5login
# restorecon /root/.k5login
# ls -Z /root/.k5login
-rw-r--r--. root root system_u:object_r:krb5_home_t:s0 /root/.k5login
* add centrally managed printers with /usr/sbin/lpadmincern printername --add A list of all printers available at CERN in given building can be obtained using: # /usr/sbin/lpadmincern --building XXXX --list

Applying software updates

You should update your system immediately after its installation: Eventual security errata and bug fixes will be applied this way before you start using it.

As root run:

/usr/bin/yum -y update

to apply all available updates.