News Update: On 2/21/2019, TG officially "moved in" to a SLAC managed Centos7 Linux Desktop 2.0 environment. A major milestone!
...
Package | Status | Date installed | Install Tool | Notes | |
---|---|---|---|---|---|
1 | Linux | required | 7/13/2018 and 8/28/2018 | pxe boot | Basic CLI |
2 | X11 | required | 7/17/2018 and 9/28/2018 | note 1 below | X11+gnome+gazillion dependencies |
3 | window manager | required | 7/17/2018 and 9/28/2018 | " | gnome based - working on conf file |
4 | desktop | required | 7/17/2018 and 9/28/2018 | " | (various convenience apps) |
5 | chef-client | required | 11/13/2018 | (installed by KSA) | Needed for installing YFS |
6 | Windows Active Directory | new authentication model (old=kerberos) | |||
7 | printing | required | [10/4/2018] | sudo system-config-printer | Printing will be via Windows AD IP based printing. In the meantime, configure locally using built-in printing system. Configure B048F2COPIER as a generic postscript printer. This probably needs to be rethought. A better fix involves downloading "BrightQ" Canon drivers from codehost.com. Their drivers come with instructions. |
8 | YFS | required | 11/14/2018 | chef-client -o slac_yfs-client | Auristor's YFS (AFS) client. Use "kinit [<userID>]" followed by "aklog" to get a token |
9 | emacs | required | 7/19/2018 and 9/28/2018 | gnome-software | |
10 | chrome | required | 9/28/2018 | d/l + yum install | |
11 | thunderbird | required | 7/19/2018 and 9/28/2018 | gnome-software | |
12 | NX | required | 9/28/2018 | d/l + yum install | NoMachine client for use with NERSC $ sudo rpm -i <nomachine...rpm> or $ sudo yum localinstall <nomachine...rpm> |
13 | citrix client | TESTING INC0211099 not sure if it will work | |||
14 | fastx | required | 9/28/2018 | d/l + tar -xvf | https connection fails, but ssh connection works. KSA has opened ticket with vendor |
15 | slack | required | 9/28/2018 | d/l + yum install | $ sudo yum localinstall <slack...rpm> |
16 | zoom | required | 9/28/2018 | d/l + yum install | (implies support for microphone, camera and speakers) |
17 | LibreOffice | required | 7/19/2018 and 9/28/2018 | gnome-software | calc,writer,base,draw,impress,CAD |
18 | python v3 | required | 9/28/2018 | yum install | |
19 | sshfs | required | 12/19/2018 | yum install | sudo yum install fuse-sshfs commands include: sshfs, fusermount |
20 | dev tools (gcc) | required | 9/28/2018 | yum install | sudo yum group install 'Development Tools' |
21 | filezilla | required | 10/1/2018 | gnome-software | GUI file transfer between comet2 and SLAC servers |
22 | Ksnapshot | required | 10/1/2018 | gnome-software | screen shot utility |
23 | DbVis | required | 4/8/2019 | yum install | $ sudo yum localinstall dbvis_linux_10_0_18.rpm https://www.dbvis.com/download/10.0 download RPM |
24 | NetBeans | needed by Fermi/LSST app developers | |||
25 | LSF client | convenient | 10/25/2018 | requires slac_yfs-client | requires desktop is in the lsf configuration file and allowed to run batch commands, if desktop name is not in LSF configuration, start a service now ticket to request addition Needs YFS to do run command a link for /etc/lsf.conf (likely a cookbook configured setting?) |
26 | VPN | required | 11/14/2018 | download | Must download from a current Cisco AnyConnect customer , e.g., NCSA or SLAC (How to Connect to SLAC VPN) |
27 | clamav | not needed | sudo yum install clamav | Anti-virus (needed to access SLAC VPN, but not necessary on machine connected to internal network) | |
28 | media codecs | very strongly desired | 12/14/2018 | Many steps --> | Followed numerous "sudo yum install ..." commands from https://wiki.centos.org/TipsAndTricks/MultimediaOnCentOS7 |
29 | htop | very strongly desired | 12/14/2018 | yum install htop | in EPEL |
30 | gimp | elective | 12/17/2018 | desktop installer | Gnome installer accessed through the Window Manager menu: Applications -> System Tools -> Application Installer |
31 | code42 | required | 112/20/2018 | (via SU web) | Stanford supported disk backup (for local files) https://stanford.app.box.com/v/SU-SemiCustomized-CPPe-Install |
32 | nVidia driver/dashboard | probably not needed | -- | -- | Needed to run dual monitors. On comet2, two (DVI) monitors connected to the two displayPorts on the Quadro 2000 board work just fine with the built-in (nouveau) driver seems to work fine. |
33 | GTK+ v3 | elective | 1/23/2019 | via KSA | needed to build galculator. (Also: gnome-software as gtk3-devel-3.22.20-3.el7) |
34 | galculator | elective | 1/24/2019 | d/l from web and build | One of the few decent RPN calculator apps available for linux |
35 | Java | required | Needed for Cisco VPN and other apps. | ||
36 | hdparm | elective | yum install hdparm | Useful HDD/SSD information: $ lsblk $ sudo hdparm -I /dev/sda1 | |
37 | highly desired | 6/6/2019 | recipe | CERN-based remote file distribution system. This will access LSST software. | |
38 |
Notes:
cvmfs client II | highly desired | 9/10/2019 | chef | Earlier cvmfs client removed and new(er) chef recipe installed by SCS | |
39 | numpy,scipy,pandas | required | 6/7/2019 | gnome-installer | Python packages |
40 | conda | required | 7/26/2019 | gnome-installer | Needed in preparation for Jupyter |
41 | matplotlib (python3) | required | 10/11/2019 | cmd line and gnome-installer | $ sudo python3 -mpip install matplotlib GUI installer for: python3-tkinter-3.6.8-10.el7 |
42 |
Notes:
X11 & GUI installed in this way:
Code Block title X11 and GUI curl http://yum/centos-gui > /tmp/centos-gui /bin/sh /tmp/centos-gui
(very large set of packages, takes a long time...)
Software installed via the GUI, e.g., Thunderbird, emacs, LibreOffice
Code Block sudo gnome-software
Attempt to install FastX downloaded from www.starnet.com. Code is unpacked from a tar.gz file and run without any special installation. Attempt to configure SLAC but code fails with a relocation error associated with /lib64/libssl.so.10. Karl to the rescue! Use the "ssh"
Software installed via the GUI, e.g., Thunderbird, emacs, LibreOffice
Code Block sudo gnome-software
Attempt to install FastX downloaded from www.starnet.com. Code is unpacked from a tar.gz file and run without any special installation. Attempt to configure SLAC but code fails with a relocation error associated with /lib64/libssl.so.10. Karl to the rescue! Use the "ssh" connection rather than "https" while he queries the vendor for a proper fix.
TRS should not be used as it currently requires the use of DES enctypes that are insecure. WE have a todo to remove the ability for this weak-key to work. And are working to make TRS more secure so it can be used on Centos.
X11 & GUI installed in this way:
Code Block | ||
---|---|---|
| ||
curl http://yum/centos-gui > /tmp/centos-gui
/bin/sh /tmp/centos-gui |
Configuration Hints
Desktop
The default desktop manager is gnome. A large number of desktop settings are stored in the dconf database. There are several ways to view/set these settings:
...
Code Block |
---|
$ gsettings set org.gnome.desktop.session idle-delay 3600 $ gsettings get org.gnome.desktop.session idle-delay uint32 3600 and and $ gsettings set org.gnome.desktop.screensaver lock-delay 0 $ gsettings get org.gnome.desktop.screensaver lock-delay uint32 0 |
OS Updates
To change gnome's default behavior of opening new windows maximized, do this:
Code Block |
---|
$ gsettings set org.gnome.mutter auto-maximize false |
gpg
If you use this encryption tool, it can be fussy about how it asks for your pass phrase, depending on, for example, whether you have a $DISPLAY variable set. I've found that one way to force gpg to use a terminal-emulator style (e.g., curses) dialog is to create the following file:
Code Block |
---|
$ cd ~/.gnupg
$ cat > gpg-agent.conf
pinentry-program /usr/bin/pinentry-curses
^D |
OS Update Log
Date | uname -a | Notes | |||
---|---|---|---|---|---|
7/13 | |||||
Date | uname -a | Notes | |||
7/13/2018 | 3.10.0-862.6.3.el7.x86_64 | ||||
8/8/2018 | 3.10.0-862.9.1.el7.x86_64 | ||||
/2018 | 3.10.0- | 327862.6.3.el7.x86_64 | Fresh install by ksa | ||
8/ | 298/2018 | 3.10.0-862. | 119. | 61.el7.x86_64 | |
108/428/2018 | 3.10.0-327.el7.x86_64 | Fresh install by ksa | |||
8/29/2018 | 3.10.0-862.11.6.el7.x86_64 | ||||
10/4/2018 | 3.10.0-862.862.14.4.el7.x86_64 | ||||
12/7/2018 | 3.10.0-957.1.3.el7.x86_64 | ||||
2/19/2019 | 3.10.0.957.5.1.el7.x86_64 | Fresh net install on new SSD | |||
4/1/2019 | 3.10.0-957.10.1.el7.x86_64 | ||||
5/15/2019 | 3.10.0-957.12.2.el7.x86_64 | $ sudo yum upgrade ; failure of yfs, so (via ksa)... $ sudo yum clean all;sudo yum erase kmod-yfs;sudo yum install kmod-yfs;sudo yum upgrade |
Disk Partitioning
The following table indicates a "standard" suggested disk partitioning for centos7 with a 1 TB SSD. (Note: the machine, comet2, has 16 GB of RAM.)
Currently recommended partition sizes are in blue.
Partition | Type | Size (GB) | Red Hat guideline | encrypt? | Notes |
---|---|---|---|---|---|
/boot | ext4 | 2 | >1 GB | ||
/ | ext4 | 30 | >10 GB | root | |
/home | ext4 | 30 | >1 GB | local user $HOMEs | |
swap | 8 | >1 GB | calculation based on amount of RAM | ||
/opt | ext4 | 40 | 3rd party software | ||
/tmp | ext4 | 10 | don't let this fill up! | ||
/var | ext4 | 10 | logs | ||
/scratch | ext4 | 300 | yum! | ||
/scswork | ext4 | 10 | maybe combine with / ? | ||
/usr/vice/cache | ext4 | 5 | AFS/YFS only | ||
/afs | auristorfs | --- | empty mount point (AFS/YFS only) | ||
Here is comet2's current disk config (on a 160 GB HDD):
6/14/2019 | 3.10.0-957.21.2.el7.x86_64 | Automatic upon reboot (after notifications) |
9/24/2019 | 3.10.0-1062.1.1.el7.x86_64 | |
12/2/2019 | 3.10.0-1062.4.3 | |
12/4/2019 | 3.10.0-1062.7.1 | |
1/6/2020 | 3.10.0-1062.9.1 | |
2/10/2020 | 3.10.0-1062.12.1 |
Disk Partitioning
The following table indicates a "standard" suggested disk partitioning for centos7 with a 1 TB SSD. (Note: the machine, comet2, has 16 GB of RAM.)
Currently recommended partition sizes are in blue.
Partition | Type | Size (GB) | Usage as of 3/12/2020 | Red Hat guideline | encrypt? | Notes |
---|---|---|---|---|---|---|
/boot | ext4 | 2 | .33G (19%) | >1 GB | ||
/ | ext4 | 30 | 11G (36%) | >10 GB | root | |
/home | ext4 | 30 | 23G (80%) | >1 GB | local user $HOMEs | |
swap | 8 | >1 GB | calculation based on amount of RAM | |||
/opt | ext4 | 40 | .75G (2%) | 3rd party software | ||
/tmp | ext4 | 10 | 0.04G (1%) | don't let this fill up! | ||
/var | ext4 | 10 | 2.1G (23%) | logs | ||
/scratch | ext4 | 300 | 38G (14%) | yum! | ||
/scswork | ext4 | 10 | 0.04G (1%) | maybe combine with / ? | ||
/usr/vice/cache | ext4 | 5 | 0.1G (3%) | AFS/YFS only | ||
/afs | auristorfs | --- | N/A | empty mount point (AFS/YFS only) | ||
Here is comet2's current disk config (on a 160 GB HDD):
Code Block |
---|
$ lsblk
NAME |
Code Block |
$ lsblk NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT sda MAJ:MIN RM 8:0 SIZE RO 0 149.1GTYPE MOUNTPOINT sda 0 disk ├─sda1 8:10 0 149.1G 0 disk ├─sda1 8:1 0 600M 0 part /boot └─sda2 8:2 0 148.5G 0 part ├─VolGroup00-LogVol07 253:0 0 55.2G 0 lvm /scratch ├─VolGroup00-LogVol01 253:1 0 30G 0 lvm /opt ├─VolGroup00-LogVol06 253:2 0 5G 0 lvm /tmp ├─VolGroup00-LogVol05 253:3 0 5G 0 lvm /scswork ├─VolGroup00-LogVol04 253:4 0 4G 0 lvm /usr/vice/cache ├─VolGroup00-LogVol03 253:5 0 8G 0 lvm [SWAP] ├─VolGroup00-LogVol02 253:6 0 10G 0 lvm /var └─VolGroup00-LogVol00 253:7 0 30G 0 lvm / |
...
Expand | |||||
---|---|---|---|---|---|
| |||||
2/19/2019 - Install 1 TB SSD in comet2 using partitioning scheme above. Andrew activates kerberos and adds me to sudo list. Then begin process of installing needed software all over again! 2/20/2018 -
2/21/2019 -
4/10/2019 - After a flurry of "Important OS Update" notifications, and after three reboots did not clear the notifications, Karl manually intervenes due to an issue with YFS:
5/17/2019 - comet2 has been operating normally (no observed hardware hiccups) |
Gotchas
Here is a list of gotchas or concerns that I stumbled into during these project investigations.
YFS:
5/17/2019 - comet2 has been operating normally (no observed hardware hiccups) |
Gotchas
Here is a list of gotchas or concerns that I stumbled into during these project investigations.
At this time (1/7/2020), updating YFS without a concurrent OS kernel update may fail due to an issue with the kmod-yfs library. The workaround is:
Code Block sudo yum erase kmod-yfs-0.190-1.3.10.0_1062.9.1.el7.x86_64 # (substitute your current version) sudo yum update # or "yum upgrade"
- Tilde (~) does not work. Remember that LD2.0 machines have their own user databases which are not the same as the SLAC site unix user database. If you are accustomed to typing "$ ls ~lsstprod/workflows", that will no longer function. It is not clear how to implement a good, reliable work-around.
Absolute NFS file paths will be different. Using sshfs means every remote file system must have a local mount point. On central SLAC machines, "/nfs" works. However, sshfs documentation recommends that mount points be r/w by the user and, usually, /nfs is not such a candidate. So any scripts or aliases that use the "/nfs" path must be changed. [AFS/YFS is different in that if you elect to have the client installed, the absolute paths will look identical with that on a public SLAC machine.]
** WORKAROUND: On a single-user workstation in the SLAC network, the following example shows how to allow a customary absolute NFS path using a symbolic link:Code Block sudo ln -s /nfs /home/dragon/nfs mkdir -p /home/dragon/nfs/farm/g/lsst sshfs dragon@rhel6-64:/nfs/farm/g/lsst /nfs/farm/g/lsst
Access to AFS home directories can proceed either via an absolute path, e.g., `/afs/slac/u/...` or one can create a symbolic link to recover the familiar `/u/ec/dragon/...` path.
Code Block sudo ln -s /afs/slac.stanford.edu/u /u
Lots of SLAC-written and SLAC-specific commands are no longer available locally, e.g., everything in /usr/local/bin
** WORKAROUND: Create an alias in your .bashrc to prefix your favorite SLAC command(s) with "ssh rhel6-64 ", e.g.Code Block alias person='ssh rhel6-64 person '
- Printing is currently possible via the unix print server, but I've heard rumors that this service might be deprecated and replaced with a Windows-based system. Also, the current print config in use on comet2 is very rudimentary and needs further thought. It does not, for example, know about printer-specific functions & capabilities, such as faxing, duplex printing, oddball paper sizes, etc.
** FIX: The "BrightQ" print drivers for Canon printers are straight-forward to install, interface seamlessly with CUPS, and offer all the features of my printer (a Canon C5255). There is a bit of a rigamorole involved (one must "register" twice, once for download and again for installation), but in the end it worked well. Get the drivers here: https://www.codehost.com/canon/ - Many users will need a moderately-to-highly customized application repertoire to work well for them. The application list above is acceptable for my (TG) work needs. But there are items that even I need only rarely and it is not clear it is better to seek them out and install locally, or to simply log into a public login machine to use. Here I am thinking of database tools, advanced development tools, TeX (and friends), more sophisticated printing capabilities, etc.
- While for may activities it is desirable to work locally, one will still need to log onto a public SLAC login machine (think licensed software, certain computing resource management functions, dealing with PPI, etc.) There are certain files and directories that I would like synchronized between the desktop machine and my SLAC environment (such as ssh keys, personal logbook, app configurations). Possibly a trscron job would do the trick, but then which copy becomes the master? I would like a smart synchronizer that allows either environment to make changes that will then be reflected in the other environment.
References
...
- SLAC minimum security requirements:
https://docs.slac.stanford.edu/sites/pub/Publications/701-I02-001-00_Min_Sec_Req_for_Comp.pdf Stanford minimum security requirements:
https://uit.stanford.edu/guide/securitystandardsSLAC support for Linux:
Ubuntu/CentOS 7 Desktop Scope of Support