Introduction
Rocky Linux 9 stands as a premier enterprise Linux distribution, born from the CentOS community’s need for a stable, production-ready alternative. Designed as a 100% bug-for-bug compatible downstream build of Red Hat Enterprise Linux (RHEL), Rocky Linux delivers enterprise-grade stability while maintaining the open-source principles that made CentOS successful. This comprehensive guide walks through every aspect of installing Rocky Linux 9, from initial planning to post-installation optimization.
Understanding Rocky Linux
The Rocky Linux Story
Rocky Linux emerged in 2020 following Red Hat’s announcement to shift CentOS from a stable release to a rolling preview. Founded by Gregory Kurtzer (original co-founder of CentOS), Rocky Linux aims to provide a community-driven, enterprise-ready operating system that organizations can rely on for mission-critical workloads.
Key Features
- 100% RHEL Compatible: Binary compatible with RHEL 9
- Community Driven: Governed by the Rocky Enterprise Software Foundation
- Long-term Support: 10-year lifecycle matching RHEL
- Free and Open Source: No licensing fees or subscriptions
- Enterprise Ready: Suitable for production workloads
Pre-Installation Planning
Hardware Requirements
Minimum Specifications
CPU: 1.5 GHz 64-bit processor (x86_64 or ARM64)
RAM: 2 GB (1.5 GB for text mode)
Storage: 20 GB available disk space
Network: Ethernet or wireless adapter
Display: VGA resolution (1024x768)Recommended Specifications
CPU: Multi-core 64-bit processor with virtualization extensions
RAM: 8 GB or more
Storage: 50 GB SSD/NVMe
Network: Gigabit Ethernet
Display: 1920x1080 or higherProduction Environment Specifications
CPU: Dual socket, 8+ cores per socket
RAM: 32 GB minimum, 64 GB+ recommended
Storage: Hardware RAID with SSD/NVMe
Network: Redundant Gigabit/10 Gigabit
Power: Redundant power suppliesCompatibility Checklist
Before installation, verify:
- Hardware compatibility (check Rocky Linux HCL)
- RAID controller support
- Network adapter drivers
- GPU compatibility (if applicable)
- Virtualization platform support
Obtaining Rocky Linux 9
Download Options
1. DVD ISO (Full Installation)
# Download full DVD ISO (9+ GB)
wget https://download.rockylinux.org/pub/rocky/9/isos/x86_64/Rocky-9-latest-x86_64-dvd.iso
# Alternative mirror
curl -O https://mirror.rockylinux.org/pub/rocky/9/isos/x86_64/Rocky-9-latest-x86_64-dvd.iso2. Minimal ISO (Network Installation)
# Download minimal ISO (~2 GB)
wget https://download.rockylinux.org/pub/rocky/9/isos/x86_64/Rocky-9-latest-x86_64-minimal.iso3. Boot ISO (Netinstall)
# Download boot ISO (~800 MB)
wget https://download.rockylinux.org/pub/rocky/9/isos/x86_64/Rocky-9-latest-x86_64-boot.isoVerifying Downloads
Checksum Verification
# Download checksum file
wget https://download.rockylinux.org/pub/rocky/9/isos/x86_64/CHECKSUM
# Verify SHA256
sha256sum -c CHECKSUM 2>&1 | grep OK
# Verify specific ISO
sha256sum Rocky-9-latest-x86_64-dvd.isoGPG Signature Verification
# Import Rocky Linux GPG key
curl -O https://download.rockylinux.org/pub/rocky/RPM-GPG-KEY-Rocky-9
# Import the key
gpg --import RPM-GPG-KEY-Rocky-9
# Verify signature
gpg --verify Rocky-9-latest-x86_64-dvd.iso.sig Rocky-9-latest-x86_64-dvd.isoCreating Installation Media
Linux Methods
Using dd Command
# List block devices
lsblk
sudo fdisk -l
# Write ISO to USB (replace sdX with your device)
sudo dd if=Rocky-9-latest-x86_64-dvd.iso of=/dev/sdX bs=4M status=progress conv=fsync
# Alternative with progress
sudo dd if=Rocky-9-latest-x86_64-dvd.iso of=/dev/sdX bs=4M status=progress oflag=directUsing Ventoy (Recommended)
# Install Ventoy
wget https://github.com/ventoy/Ventoy/releases/download/v1.0.96/ventoy-1.0.96-linux.tar.gz
tar -xzf ventoy-1.0.96-linux.tar.gz
cd ventoy-1.0.96
# Install to USB
sudo ./Ventoy2Disk.sh -i /dev/sdX
# Copy ISO to USB
cp Rocky-9-latest-x86_64-dvd.iso /media/USB/Windows Methods
Using Rufus
- Download Rufus from https://rufus.ie
- Insert USB drive (8GB minimum)
- Select Rocky Linux ISO
- Choose “GPT” for UEFI or “MBR” for BIOS
- Select “DD Image” mode
- Click “START”
Using balenaEtcher
- Download from https://etcher.io
- Select Rocky Linux ISO
- Select target USB drive
- Click “Flash!”
BIOS/UEFI Configuration
Pre-boot Settings
UEFI Systems
1. Enter UEFI (F2/F10/F12/DEL during boot)
2. Disable Secure Boot (may be required)
3. Enable UEFI boot mode
4. Set USB/DVD as first boot device
5. Enable virtualization (Intel VT-x/AMD-V)
6. Save and exitLegacy BIOS Systems
1. Enter BIOS setup
2. Set boot order (USB/DVD first)
3. Enable virtualization extensions
4. Disable fast boot
5. Save and exitInstallation Walkthrough
Boot Process
- Insert installation media and power on
- Select boot option:
Install Rocky Linux 9- Standard installationTest this media & install Rocky Linux 9- Verify media integrityTroubleshooting- Advanced options
Anaconda Installer
Welcome Screen
- Select installation language
- Choose keyboard layout
- Click “Continue”
Installation Summary Hub
The installation summary presents all configuration options:
1. Localization
Language Support:
Primary: English (United States)
Additional: Add languages as neededTime & Date:
- Select timezone
- Configure NTP servers:
0.rocky.pool.ntp.org
1.rocky.pool.ntp.org
2.rocky.pool.ntp.org
3.rocky.pool.ntp.org2. Software
Software Selection:
Base Environments:
- Minimal Install: Core system only (~600 packages)
- Server: Basic server platform (~1500 packages)
- Server with GUI: GNOME desktop environment
- Workstation: Development workstation
- Custom Operating System: Minimal base
- Virtualization Host: KVM platform
Add-ons by Environment:
For Server:
□ Container Management
□ Development Tools
□ .NET Runtime
□ Graphical Administration Tools
□ Headless Management
□ Legacy UNIX Compatibility
□ Network Servers
□ RPM Development Tools
□ Scientific Support
□ Security Tools
□ Smart Card Support
□ System Tools3. System
Installation Destination:
Automatic Partitioning
Let installer create partitions automatically:
- Uses LVM by default
- Creates standard layout
- Suitable for most use cases
Manual Partitioning (Advanced)
Standard Partition Layout:
# UEFI Systems
/boot/efi 512 MB EFI System Partition FAT32
/boot 1 GB Boot Partition XFS
/ 50 GB Root Partition XFS
/home Variable Home Partition XFS
swap RAM size Swap Partition Swap
# BIOS Systems
/boot 1 GB Boot Partition XFS
/ 50 GB Root Partition XFS
/home Variable Home Partition XFS
swap RAM size Swap Partition SwapLVM Layout (Recommended):
# Physical Layout
/boot/efi 512 MB Standard Partition FAT32 (UEFI only)
/boot 1 GB Standard Partition XFS
PV Remaining Physical Volume LVM
# Volume Group: rl
Logical Volumes:
rl-root 50 GB / XFS
rl-home Variable /home XFS
rl-var 20 GB /var XFS
rl-var-log 10 GB /var/log XFS
rl-tmp 10 GB /tmp XFS
rl-swap RAM size swap SwapAdvanced Partitioning Options:
Encryption:
# Full disk encryption (except /boot)
[x] Encrypt my data
Passphrase: [strong passphrase]RAID Configuration:
# Software RAID setup
RAID Level: RAID 1 (Mirror) or RAID 10
Members: Select physical disks4. Network & Host Name
Network Configuration:
Ethernet Configuration:
# DHCP (Automatic)
[x] Connect automatically
Method: Automatic (DHCP)
# Static IP
Method: Manual
Address: 192.168.1.100
Netmask: 255.255.255.0
Gateway: 192.168.1.1
DNS: 8.8.8.8, 8.8.4.4
Search domains: example.comHostname:
# Set FQDN
rocky9.example.comUser Settings
Root Password
Set a strong root password:
- Minimum 12 characters
- Mix of upper/lowercase, numbers, symbols
- Avoid dictionary words
User Creation
Full name: System Administrator
Username: admin
[x] Make this user administrator
[x] Require password to use this account
Password: [strong password]Begin Installation
- Review all settings
- Click “Begin Installation”
- Monitor progress (~20-40 minutes)
- Reboot when complete
Post-Installation Configuration
Initial System Setup
First Login Tasks
# Login as root or admin user
# Update system immediately
sudo dnf update -y
# Install essential packages
sudo dnf install -y \
vim-enhanced \
bash-completion \
wget \
curl \
git \
htop \
net-tools \
bind-utils \
yum-utilsNetwork Configuration
Verify Network Settings
# Check interfaces
ip addr show
nmcli device status
# Test connectivity
ping -c 4 8.8.8.8
ping -c 4 google.com
# Check routing
ip route showConfigure Additional Interfaces
# Add static IP to second interface
nmcli con add type ethernet \
con-name eth1 \
ifname eth1 \
ip4 192.168.2.100/24 \
gw4 192.168.2.1
# Set DNS
nmcli con mod eth1 ipv4.dns "8.8.8.8 8.8.4.4"
# Activate connection
nmcli con up eth1Security Hardening
SELinux Configuration
# Verify SELinux is enforcing
getenforce
# Set to enforcing if not
sudo setenforce 1
# Make permanent
sudo sed -i 's/SELINUX=permissive/SELINUX=enforcing/' /etc/selinux/config
# Install SELinux tools
sudo dnf install -y setroubleshoot-server selinux-policy-develFirewall Setup
# Ensure firewalld is running
sudo systemctl enable --now firewalld
# Check current zones
sudo firewall-cmd --get-active-zones
# Add services
sudo firewall-cmd --permanent --add-service=ssh
sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --permanent --add-service=https
# Add custom ports
sudo firewall-cmd --permanent --add-port=8080/tcp
sudo firewall-cmd --permanent --add-port=3306/tcp
# Reload rules
sudo firewall-cmd --reload
# List all rules
sudo firewall-cmd --list-allSSH Hardening
# Backup SSH config
sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.backup
# Edit configuration
sudo vim /etc/ssh/sshd_configRecommended settings:
# Security settings
Protocol 2
PermitRootLogin no
PasswordAuthentication yes # Disable after setting up keys
PubkeyAuthentication yes
PermitEmptyPasswords no
MaxAuthTries 3
ClientAliveInterval 300
ClientAliveCountMax 2
# Restrict users
AllowUsers admin user1 user2
# Use strong ciphers
Ciphers [email protected],[email protected],aes256-ctr,aes192-ctr,aes128-ctr
MACs [email protected],[email protected]Apply changes:
# Test configuration
sudo sshd -t
# Restart SSH
sudo systemctl restart sshdRepository Management
Enable Additional Repositories
# Install EPEL (Extra Packages for Enterprise Linux)
sudo dnf install -y epel-release
# Install ELRepo (for newer kernels and drivers)
sudo dnf install -y elrepo-release
# Enable PowerTools/CRB
sudo dnf config-manager --enable crb
# Enable HA and RS repos
sudo dnf config-manager --enable ha
sudo dnf config-manager --enable rs
# Update cache
sudo dnf makecacheConfigure DNF/YUM
# Edit DNF configuration
sudo vim /etc/dnf/dnf.confAdd optimizations:
[main]
gpgcheck=1
installonly_limit=3
clean_requirements_on_remove=True
best=True
skip_if_unavailable=False
fastestmirror=True
max_parallel_downloads=10
defaultyes=True
keepcache=0System Services
Essential Services Setup
# Time synchronization
sudo systemctl enable --now chronyd
chronyc sources -v
# Enable cockpit (web management)
sudo dnf install -y cockpit
sudo systemctl enable --now cockpit.socket
sudo firewall-cmd --permanent --add-service=cockpit
sudo firewall-cmd --reload
# Performance monitoring
sudo systemctl enable --now sysstat
# Enable automatic updates (optional)
sudo dnf install -y dnf-automatic
sudo systemctl enable --now dnf-automatic.timerStorage Configuration
LVM Management
# Display volume groups
sudo vgs
# Display logical volumes
sudo lvs
# Extend logical volume
sudo lvextend -L +10G /dev/rl/home
sudo xfs_growfs /home
# Create new logical volume
sudo lvcreate -L 20G -n data rl
sudo mkfs.xfs /dev/rl/data
sudo mkdir /data
echo '/dev/rl/data /data xfs defaults 0 0' | sudo tee -a /etc/fstab
sudo mount -aDisk Monitoring
# Install monitoring tools
sudo dnf install -y smartmontools
# Enable SMART monitoring
sudo systemctl enable --now smartd
# Check disk health
sudo smartctl -a /dev/sdaPerformance Optimization
Tuned Profiles
# Install and enable tuned
sudo dnf install -y tuned
sudo systemctl enable --now tuned
# List profiles
tuned-adm list
# Recommend profile
tuned-adm recommend
# Set profile based on workload
sudo tuned-adm profile virtual-guest # For VMs
sudo tuned-adm profile throughput-performance # For servers
sudo tuned-adm profile desktop # For workstations
# Verify active profile
tuned-adm activeKernel Parameters
# Create custom sysctl configuration
sudo vim /etc/sysctl.d/99-rocky-optimization.confAdd optimization parameters:
# Network optimizations
net.core.rmem_max = 134217728
net.core.wmem_max = 134217728
net.ipv4.tcp_rmem = 4096 87380 134217728
net.ipv4.tcp_wmem = 4096 65536 134217728
net.core.netdev_max_backlog = 5000
net.ipv4.tcp_congestion_control = bbr
# VM optimizations
vm.swappiness = 10
vm.dirty_ratio = 15
vm.dirty_background_ratio = 5
# File system
fs.file-max = 2097152
# Apply settings
sudo sysctl -p /etc/sysctl.d/99-rocky-optimization.confBackup Configuration
System Backup Setup
# Install backup tools
sudo dnf install -y rsync tar
# Create backup script
sudo vim /usr/local/bin/system-backup.shBasic backup script:
#!/bin/bash
BACKUP_DIR="/backup"
DATE=$(date +%Y%m%d_%H%M%S)
HOSTNAME=$(hostname -s)
# Create backup directory
mkdir -p ${BACKUP_DIR}
# Backup system files
tar -czf ${BACKUP_DIR}/system_${HOSTNAME}_${DATE}.tar.gz \
--exclude=/proc \
--exclude=/sys \
--exclude=/dev \
--exclude=/tmp \
--exclude=/var/tmp \
--exclude=/backup \
--exclude=/mnt \
--exclude=/media \
/
# Backup package list
rpm -qa > ${BACKUP_DIR}/packages_${HOSTNAME}_${DATE}.txt
# Remove old backups (keep 7 days)
find ${BACKUP_DIR} -name "*.tar.gz" -mtime +7 -deleteMake executable:
sudo chmod +x /usr/local/bin/system-backup.sh
# Add to cron
echo "0 2 * * * /usr/local/bin/system-backup.sh" | sudo crontab -Troubleshooting Guide
Installation Issues
Boot Problems
# At GRUB menu, press 'e' to edit
# Add to kernel line:
systemd.unit=rescue.target
# Or for emergency mode:
systemd.unit=emergency.target
# Boot with modified parameters (Ctrl+X)Network Issues
# Reset network
nmcli networking off
nmcli networking on
# Restart NetworkManager
sudo systemctl restart NetworkManager
# Check for errors
journalctl -u NetworkManager -n 50Package Conflicts
# Clean all caches
sudo dnf clean all
# Rebuild cache
sudo dnf makecache
# Check for problems
sudo dnf check
# Remove orphaned packages
sudo dnf autoremove
# Repair RPM database
sudo rpm --rebuilddbRecovery Procedures
Root Password Recovery
- Reboot system
- At GRUB menu, press ‘e’
- Add
rd.breakto kernel line - Press Ctrl+X to boot
- At prompt:
mount -o remount,rw /sysroot
chroot /sysroot
passwd root
touch /.autorelabel
exit
rebootFile System Repair
# Boot from installation media
# Select "Troubleshooting" → "Rescue"
# Check file systems
fsck -y /dev/sda1
xfs_repair /dev/mapper/rl-root
# Mount and chroot
mount /dev/mapper/rl-root /mnt/sysimage
mount /dev/sda1 /mnt/sysimage/boot
chroot /mnt/sysimageBest Practices Summary
-
Documentation
- Document all configuration changes
- Maintain system inventory
- Keep network diagrams updated
-
Security
- Regular security updates
- Monitor logs daily
- Implement least privilege
- Use SELinux enforcing mode
-
Monitoring
- Set up system monitoring
- Configure log aggregation
- Implement alerting
- Regular health checks
-
Backup
- Test backup restoration
- Offsite backup storage
- Document recovery procedures
- Regular backup verification
Conclusion
Rocky Linux 9 provides a robust, enterprise-ready platform suitable for any workload. This guide covered the complete installation process, from initial planning through post-installation hardening and optimization. By following these procedures, you’ll have a secure, performant, and maintainable Rocky Linux system ready for production use.
Key takeaways:
- Proper planning ensures smooth installation
- Security should be configured from the start
- Regular maintenance keeps systems healthy
- Documentation is crucial for troubleshooting
With Rocky Linux 9 successfully installed and configured, you’re ready to deploy applications and services with confidence in a stable, community-supported enterprise platform.
