Finishing Rocky setup

After the basic installation of Rocky Linux, it’s time to finish the setup. We’re preparing the system to actually deploy useful stuff.

Check

when you finished the basic setup, you can log in via the terminal or the web GUI (Cockpit). Check basic settings like hostname, time and timezone and so on.

Cockpit shows some statistics about your system. If you want to persist them you’ll have to install pcp. this can be done through the GUI. Alternatively, install cockpit-pcp using the command line:

$ sudo yum install cockpit-pcp

On the “Software updates” tab in the GUI, I also enabled automatic software updates (for security-related updates) and kernel patches. As the screen tells you, this means the server will reboot from time to time. Keep this in mind when you manually start programs you rely on. On the same page, you can do a manual update.

Add disks

Before adding my data disk (in the OS, that is), I added the relevant Cockpit addon and smartmontools. The disk supports SMART.

$ sudo yum smartmontools cockpit-storaged

Create a mount point:

$ sudo mkdir /mnt/data

Now add the disk. First, find its UUID.

$ sudo blkid
/dev/sdb1: UUID="1fdd1ceb-70e8-476b-819d-d7082c7b4749" BLOCK_SIZE="4096" TYPE="ext4" PARTUUID="4f330730-6bd1-4325-9343-37242b985408"
/dev/sda1: UUID="D41A-D5C0" BLOCK_SIZE="512" TYPE="vfat" PARTLABEL="EFI System Partition" PARTUUID="fca2473b-8a02-4600-a776-d9e58b572b32"
/dev/sda2: UUID="106247eb-24a7-4d88-857b-937a09100aba" BLOCK_SIZE="512" TYPE="xfs" PARTUUID="429fe31a-6a8b-4682-8103-a646248bc767"
/dev/sda3: UUID="9RG0BQ-1yKg-Nem8-O1vF-f20Q-YI45-WWJ7t7" TYPE="LVM2_member" PARTUUID="99e3b950-819c-428e-a391-6f962dbbfc1f"
/dev/mapper/rl_server-root: UUID="89b352ee-e051-4a94-bb3e-87d6348dc8d9" BLOCK_SIZE="512" TYPE="xfs"
/dev/mapper/rl_server-swap: UUID="91074d79-f7f3-4ec2-a824-2c530aec8ad7" TYPE="swap"
/dev/mapper/rl_server-home: UUID="43034b2e-0af3-49be-be5a-c4b7ed46b0aa" BLOCK_SIZE="512" TYPE="xfs"

The top entry is the right one. It’s the only one with ext4. I know the drive is formatted like that. If you’re unsure, manually mount and check. Add it to fstab.

$ sudo nano /etc/fstab

Add a line like this:

UUID=1fdd1ceb-70e8-476b-819d-d7082c7b4749 /mnt/data auto nofail,noatime,noexec,errors=remount-ro 0 0

Every item is separated by a space. Some explanation:

UUID: the long code found by blkid
mount point: where in the filesystem will the disk be attached
filesystem type: etx4 or leave auto
options
- nofail: ignore errors at boot when the disk is not there
- noatime: don’t save access time (files and dirs)
- noexec: don’t allow executables on this drive
- errors=remount-ro: when errors are encountered, remount the drive read-only to avoid further damage
0: dump, leave disabled
0: fsck, set to zero to skip checks at boot

If you want it, you can also use the disk’s SMART capabilities:

$ sudo systemctl start smartd
$ sudo systemctl enable smartd

Podman

On my Debian installation, I ran Podman and a few virtual machines. It’s my goal to move everything to Podman. Podman is Redhat’s Docker. It runs daemonless and is capable of running rootless. These are advantages but might bring some difficulties, especially with SELinux. We’ll see where it goes.

At least installation is simple:

$ sudo yum install podman cockpit-podman

Adjust the port range Podman is allowed to use:

$ sudo nano /etc/sysctl.conf

Add

net.ipv4.ip_unprivileged_port_start=80

And reload

$ sudo sysctl --system

On last thing

While we’re at it, we might want to enable the “extra packages for enterprise linux”. Up to now we didn’t need any extra packages but we might run into this in the future and who knows, cause some head scratching. It doesn’t hurt to enable it: