Skip to content

RLC Configuration Guide

This guide covers post-installation configuration and optimization for Rocky Linux from CIQ (RLC).

Repository Configuration

Primary RLC Repositories

# Verify RLC repositories are enabled
dnf repolist enabled | grep -i ciq

# Check repository priorities
dnf repolist -v

Additional Repositories

# Enable EPEL (if needed)
sudo dnf install epel-release

# Enable PowerTools/CRB
sudo dnf config-manager --enable crb

# Enable CIQ Extras
sudo dnf config-manager --enable ciq-extras

System Optimization

Performance Tuning

# Install tuned for performance optimization
sudo dnf install tuned

# List available profiles
tuned-adm list

# Apply server performance profile
sudo tuned-adm profile throughput-performance

# Verify active profile
tuned-adm active

Memory Management

# Configure swap
sudo fallocate -l 4G /swapfile
sudo chmod 600 /swapfile
sudo mkswap /swapfile
sudo swapon /swapfile

# Add to fstab
echo '/swapfile none swap sw 0 0' | sudo tee -a /etc/fstab

# Configure swappiness
echo 'vm.swappiness=10' | sudo tee -a /etc/sysctl.conf

Kernel Parameters

# Edit kernel parameters
sudo vim /etc/sysctl.conf

# Common optimizations:
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.ipv4.tcp_rmem = 4096 12582912 16777216
net.ipv4.tcp_wmem = 4096 12582912 16777216
vm.dirty_ratio = 15
vm.dirty_background_ratio = 5

# Apply changes
sudo sysctl -p

Network Configuration

Advanced Networking

# Configure bonding (if multiple NICs)
sudo cat > /etc/NetworkManager/system-connections/bond0.nmconnection << EOF
[connection]
id=bond0
type=bond
interface-name=bond0

[bond]
mode=802.3ad
miimon=100

[ipv4]
method=static
address1=192.168.1.100/24,192.168.1.1
dns=8.8.8.8;8.8.4.4
EOF

# Reload NetworkManager
sudo nmcli connection reload

Firewall Configuration

# Configure zones
sudo firewall-cmd --permanent --zone=public --add-service=ssh
sudo firewall-cmd --permanent --zone=public --add-service=http
sudo firewall-cmd --permanent --zone=public --add-service=https

# Custom services
sudo firewall-cmd --permanent --add-port=8080/tcp
sudo firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="10.0.0.0/8" accept'

# Apply changes
sudo firewall-cmd --reload

Storage Configuration

Filesystem Optimization

# Optimize ext4 filesystems
sudo tune2fs -o journal_data_writeback /dev/sda1
sudo mount -o remount,noatime,nodiratime /

# XFS optimization
sudo xfs_fsr -v /dev/sdb1

LVM Management

# Extend logical volume
sudo lvextend -L +10G /dev/vg0/lv_root
sudo xfs_growfs /

# Create snapshots
sudo lvcreate -L 5G -s -n root-snapshot /dev/vg0/lv_root

Service Management

System Services

# Enable essential services
sudo systemctl enable chronyd
sudo systemctl enable firewalld
sudo systemctl enable NetworkManager

# Disable unnecessary services
sudo systemctl disable postfix
sudo systemctl disable cups

# Check service status
systemctl list-unit-files --state=enabled

Log Management

# Configure journald
sudo vim /etc/systemd/journald.conf

# Recommended settings:
Storage=persistent
Compress=yes
MaxRetentionSec=1month
MaxFileSec=1week

# Apply changes
sudo systemctl restart systemd-journald

Security Configuration

User and Group Management

# Create service accounts
sudo useradd -r -s /sbin/nologin -d /var/lib/myapp myapp

# Configure sudo
sudo visudo -f /etc/sudoers.d/admin-users

# Password policies
sudo vim /etc/security/pwquality.conf

File Permissions

# Set secure permissions
sudo chmod 700 /root
sudo chmod 755 /home
sudo chmod 1777 /tmp

# Configure umask
echo "umask 027" | sudo tee -a /etc/profile

Monitoring and Logging

System Monitoring

# Install monitoring tools
sudo dnf install htop iotop nethogs sysstat

# Enable system statistics
sudo systemctl enable sysstat
sudo systemctl start sysstat

# Configure log rotation
sudo vim /etc/logrotate.conf

Performance Monitoring

# Setup sar for performance monitoring
sudo vim /etc/sysconfig/sysstat

# Enable detailed monitoring
SADC_OPTIONS="-S DISK -S POWER"

# View performance data
sar -u 1 10  # CPU usage
sar -r 1 10  # Memory usage
sar -d 1 10  # Disk I/O

Application Configuration

Web Server Setup

# Install and configure Apache
sudo dnf install httpd mod_ssl
sudo systemctl enable httpd

# Configure virtual hosts
sudo vim /etc/httpd/conf.d/example.conf

# SSL configuration
sudo mkdir /etc/httpd/ssl
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
  -keyout /etc/httpd/ssl/apache.key \
  -out /etc/httpd/ssl/apache.crt

Database Setup

# Install MariaDB
sudo dnf install mariadb-server
sudo systemctl enable mariadb
sudo systemctl start mariadb

# Secure installation
sudo mysql_secure_installation

# Configure for performance
sudo vim /etc/my.cnf.d/server.cnf

Backup Configuration

System Backup

# Install backup tools
sudo dnf install rsync borgbackup

# Configure automated backups
sudo cat > /etc/cron.daily/system-backup << 'EOF'
#!/bin/bash
rsync -aAXv --exclude={"/dev/*","/proc/*","/sys/*","/tmp/*","/run/*","/mnt/*","/media/*","/lost+found"} / /backup/$(date +%Y%m%d)/
EOF

sudo chmod +x /etc/cron.daily/system-backup

Update Management

Automatic Updates

# Configure dnf-automatic
sudo vim /etc/dnf/automatic.conf

# Recommended settings:
upgrade_type = security
apply_updates = yes
emit_via = email
email_from = admin@example.com
email_to = admin@example.com

# Enable the service
sudo systemctl enable dnf-automatic.timer
sudo systemctl start dnf-automatic.timer

Troubleshooting Configuration

Common Configuration Issues

Performance Problems: 

# Check system load
uptime
top
iotop

# Memory usage
free -h
cat /proc/meminfo

# Disk usage
df -h
du -sh /*

Network Issues: 

# Check network configuration
ip addr show
ip route show
systemctl status NetworkManager

# Test connectivity
ping google.com
nslookup google.com

Validation

Configuration Verification

# Check system configuration
sudo dnf check
sudo systemctl --failed
sudo journalctl -p err --since "1 hour ago"

# Verify services
systemctl list-unit-files --state=enabled
netstat -tulpn

# Security check
sudo ausearch -m avc -ts recent
sudo restorecon -R /

Next Steps

After configuration:

For troubleshooting configuration issues: