CentOS 7 for armv7 SOC





Installing the image

This page presents updated steps to get a CentOS7 image up and running on Cubieboard2 or CubieTruck SOC.  It should also work for many other armv7 boards.  These instructions were developed in the building of this server.

A copy of textareas was recently added.  The default behavior is to only select the contents of the area on click and the copy to clipboard is a manual step.  This is for saftey measures in protecting the content of the clipboard.  Below are buttons to allow changing this behavior to copy the area to the clipboard on click.



You can learn the basics for Centos on ARM boards and more from:

https://wiki.Centos.org/SpecialInterestGroup/AltArch/armhfp
**NEW** CentOS for the Odroid HC1.  This is a fantastic 8 core armv7 with integrated sata all in a neat package.  Special installation instructions are at:
CentOS7 for the Odroid HC1
The CentOS site is now very good for the basic installation.  It also lists all boards currently supported.  The challenge is getting the proper uboot file.  If you have a CentOS or Fedora system, it is easy to install the uboot-images-armv7 or uboot-images-armv8 rpm to source the uboot file.  It is also very easy to make a Fedora arm image for your board and get the uboot file that way.

Alternatively, I have made the whole uboot-tools directory that comes with CentOS7-arm available here:
Uboot files here
Cubieboards, with their integrated sata, can boot directly from sata with only uboot on the uSD card.  Use a USB/sata adapter to install CentOS directly to a sata drive.  I prefer to use gparted to size the partitions to my likings.  Use the dd command to put the uboot on a uSD card (as small a card as you can find) that you have removed all partitions.  I use fdisk to simply remove any partitions.

Other board's uboot may support booting directly from a usb drive.  Check your board's uboot documentation.

Note: You can run CentOS7 from a uSD card.  I recommend at least an 8Gb card.  Many of the later steps will be painfully slow, though.

You are now ready to insert the uSD card, attach the sata drive and power up your Cubie.  I strongly recommend to have a serial console.  Get yourself a USB UART TTL adapter (less than $2 each) and from a terminal window access the console with (assuming it shows up as /dev/ttyUSB0):

You can avoid needing sudo for screen by adding your user to group dialout:

Alternatively, you can get finer grain control over ttyUSB access with udev that is discussed here:
How do I allow a non-default user to use serial device ttyUSB0?

Booting the image and first steps

Throughout this guide, there are values unique to an installation that have to be provided.  For the most part, these can be handled by first setting some environment variables that will be used in cat and sed commands.  Or you can manually alter the variables.  Special characters (\, $, and / tested) MUST be proceeded by a \

To set date_timezone value.  See

http://php.net/date.timezone
Set the following variables for this guide.  Save your settings somewhere as there is at least one reboot where these variables will have to be set again.

Insert the uSD card, attach the sata drive, USB/TTL adapter, and Ethernet cable (no WiFi or Bluetooth support for the CubieTruck embedded interfaces).  Power up and log in as root (default password is CentOS, change it!)

Give the system a little time and check that chrony reached its ntp servers with the 'date' command.  If the date stays at Dec 31, 1969, you have connectivity challenges.  Set the date with:

Next you should probably set your timezone.

SELinux is now set to Enforcing.  You no longer need to set it!  Unless you want to disable it...

Set your hostname and create your personal user account:


Updating the image

Run yum update.  For the 1810 image, it is necessary prior to update to:

Then reboot to use the current new kernel.  It is important to pay attention to space in /boot before allowing yum to install a new kernel.  Again, I use gparted to make a larger /boot partition (as well as a larger swap partition) than what comes in the base image.

At this point the system is ready to use.  I like to add:

Screen is very helpful for running remote yum updates.  If the SSH connection drops, it is easy to reconnect to the screen session which survived the disconnect.

To change SSHD's port to $SSHD_Port:

To get the logwatch to my email account:

Since this is a server, you may want a static IP address (IPv6 support TBD):

Finally, you can add an external USB drive to FSTAB.  Find its UUID in /dev/disk/by-uuid, and its label with fdisk or other tool.  Then add to /etc/fstab (if type is not ext4, replace with appropriate type):

And that is pretty much it!

The Xfce Desktop

The Xfce Desktop is now available!  For the most part, as I am still finding missing pieces.  Xfce is well suited for armv7 devices, requiring less of the device than Gnome or KDE.

Install the CentOS minimal image, following all the instructions above, AND enable the EPEL repo, then:

Xscreensaver is not (as of Dec 12, 2018) installed as part of the Xfce group.  Plus its controls are not appearing on the Settings menu.  So far the best way to access the screensaver settings is to run xscreensaver-demo from a terminal window.

Chrony caveats

Since the Cubieboards do not have an RTC (no battery!), Chrony is really great at making that huge time jump quickly on boot up, but it does not step the clock as it drifts.  This may be OK for a workstation, but not all servers.  If you need clock accuracy replace the makestep line in /etc/chrony.conf with the following:

If you want to serve NTP time to local clients, uncomment the "Allow local access" line.

Some services, like Postfix and Samba need to delay their startup until the system time is brought current.  This is done via using Chrony-wait:

Apply the above commands from setting the service variable, on, to any service needing the delay after enabling the service.

If NTP contact fails, Chronyd will fail to set the time and leave it at ZERO (Dec 31, 1969).  Chrony can use the timestamp from its driftfile by adding the -s option:

An alternative tool, that sets the timestamp right after systemd starts can be found at:
https://github.com/kristjanvalur/fake-hwclock
The instructions there are easy to follow.

Replace swap partition with zram

Zram uses a portion of system memory for a compressed swap partition.  This can be very valuable on a system with only a uSD drive.  Fedora arm has standardized on using Zram since v28 for the performace gain over memory tradeoff.  Zram only uses as much memory as currently needed for swap space and compressions from 2:1 to 4:1 have been reported depending on the application mix.

Zram is not currently part of EPEL, but a developer's repo can be installed with:

First replace $basearch with x86_64 in /etc/yum.repos.d/markvnl-zram-swap-epel-7.repo.  Zram is noarch, but the developer only has the one repo for it.

Install zram with:

The size of the swap is determent by the factor in /etc/zram.conf.
At installation this value is 2 (FACTOR=2); meaning the swapsize will be total_physical_memory / 2.

(if applicable) disable the current swap:

You may need to disable mounting your swap partition at boot by commenting out the "swap line" in /etc/fstab -or run:

enable and start the zram-swap service:

You may want to check your swap setup with zramctl and swapon -s.

Named with SELinux caveats

Named wants to use random ports.  SELinux does not like random ports.

You have to limit the range of random ports named will use to keep SELinux happy.  So add the following to your named.conf

This is actually a general CentOS7 with SELinux issue, not specific to arm.

Improving Randomness

Randomness, or Entropy, tends to be a little low and slow via software on an ARM SOC.  The Cubieboard does have a hardware RNG, but we have to enable it.

Test the available Entropy with:

Add the hardware RNG support by installing rng-tools:

If rng-tools does not bring the available entropy above 2000 bits, consider installing haveged from EPEL:
https://issihosts.com/haveged


Managing the server Remotely

Webmin

Webmin is probably the best interface to monitor and manage the server.  you can access it via yum by adding:

Next, install and start the Webmin service.

You can now access Webmin via:
https://your_host_tld:10000


VNC Server

VNC to the GNOME or Xfce desktop is another remote management alternative.  Install the Gnome or Xfce (see Xfce above) image, then follow these steps:

If you will not be accessing the graphic desktop directly, but only remotely, you can disable graphic session startup.

The Gnome session can always be accessed from the local login with startx.  For Xfce use startxfce4.

Next install vnc server

For those accounts that will be accessed via vnc (e.g. root, user), login to those accounts and run vncpasswd.  This SHOULD be done prior to trying to start vncserver, as it creates the ~/.vnc directory and prevents the server start from failing.

For the first remote user:

Edit /etc/systemd/system/vncserver@\:1.service, replacing <USER> with the userID.  Then:

Finally repeat these steps for user2, using @:2 and port 5902, etc.

At this point, vncserver is ready for a Gnome desktop, but not for Xfce.  For Xfce, you need to edit ~/.vnc/xstartup.  Delete the last 2 lines and append:

Then restart vncserver:

NOTE: VNC is NOT secure!  It should only be run on a trusted network or over an SSH tunnel:


EPEL - Extra Packages for Enterprise Linux

The CentOS armfhp site referenced at the beginning of this page is the definitive source for setting up the EPEL repo.

The maintainer said to feel free to have a look at the build logs, submit patch and enjoy!

https://armv7.dev.Centos.org/rpmbuild/epel-pass-1/
And if you can fix any of the packages, "You're a better man than I am, Gunga Din!"

You can EMail Robert at mailto:rgm at htt-consult.com  his desk...

Updated

© Robert G. Moskowitz -- 2019