Versions Compared

Old Version 8

changes.mady.by.user Tom Glanzman

Saved on

compared with

New Version Current

changes.mady.by.user Tom Glanzman

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

 PackageStatusDate installedInstall ToolNotes
1Linuxrequired7/13/2018 and 8/28/2018pxe bootBasic CLI
2X11required7/17/2018 and 9/28/2018note 1 belowX11+gnome+gazillion dependencies
3window managerrequired7/17/2018 and 9/28/2018"gnome based - working on conf file
4desktoprequired7/17/2018 and 9/28/2018"(various convenience apps)
5chef-clientrequired11/13/2018(installed by KSA)Needed for installing YFS
6Windows Active Directory   new authentication model (old=kerberos)
7printingrequired[10/4/2018]sudo system-config-printerPrinting will be via Windows AD IP based printing. In the meantime, configure locally using built-in printing system. Configure B048F2COPIER as a generic postscript printer. This probably needs to be rethought. A better fix involves downloading "BrightQ" Canon drivers from codehost.com. Their drivers come with instructions.
8YFSrequired11/14/2018chef-client -o slac_yfs-clientAuristor's YFS (AFS) client. Use "kinit [<userID>]" followed by "aklog" to get a token
9emacsrequired7/19/2018 and 9/28/2018gnome-software 
10

chrome

required9/28/2018d/l + yum install 
11thunderbirdrequired7/19/2018 and 9/28/2018gnome-software 
12NXrequired9/28/2018d/l + yum install

NoMachine client for use with NERSC

$ sudo rpm -i <nomachine...rpm>

or

$ sudo yum localinstall <nomachine...rpm>

13citrix client   TESTING INC0211099 not sure if it will work
14fastxrequired9/28/2018d/l + tar -xvf

https connection fails, but ssh connection works. KSA has opened ticket with vendor

15slackrequired9/28/2018d/l + yum install$ sudo yum localinstall <slack...rpm>
16zoomrequired9/28/2018d/l + yum install(implies support for microphone, camera and speakers)
17LibreOfficerequired7/19/2018 and 9/28/2018gnome-softwarecalc,writer,base,draw,impress,CAD
18python v3required9/28/2018yum install 
19sshfsrequired12/19/2018

yum install

sudo yum install fuse-sshfs
commands include: sshfs, fusermount
20dev tools (gcc)required9/28/2018yum installsudo yum group install 'Development Tools'
21filezillarequired10/1/2018gnome-softwareGUI file transfer between comet2 and SLAC servers
22Ksnapshotrequired10/1/2018gnome-softwarescreen shot utility
23DbVisrequired4/8/2019yum install$ sudo yum localinstall dbvis_linux_10_0_18.rpm
https://www.dbvis.com/download/10.0 download RPM
24NetBeans   needed by Fermi/LSST app developers
25LSF clientconvenient10/25/2018requires slac_yfs-client

requires desktop is in the lsf configuration file and allowed to run batch commands,

if desktop name is not in LSF configuration, start a service now ticket to request addition

Needs YFS to do run command a link for /etc/lsf.conf  (likely a cookbook configured setting?)

26VPNrequired11/14/2018download

Must download from a current Cisco AnyConnect customer (question), e.g., NCSA

or SLAC (How to Connect to SLAC VPN)

27clamavnot needed sudo yum install clamavAnti-virus (needed to access SLAC VPN, but not necessary on machine connected to internal network)
28media codecsvery strongly desired12/14/2018Many steps -->Followed numerous "sudo yum install ..." commands from https://wiki.centos.org/TipsAndTricks/MultimediaOnCentOS7
29htopvery strongly desired12/14/2018yum install htopin EPEL
30gimpelective12/17/2018desktop installerGnome installer accessed through the Window Manager menu: Applications -> System Tools -> Application Installer
31code42required112/20/2018(via SU web)Stanford supported disk backup (for local files)
https://stanford.app.box.com/v/SU-SemiCustomized-CPPe-Install
32nVidia driver/dashboardprobably not needed----Needed to run dual monitors. On comet2, two (DVI) monitors connected to the two displayPorts on the Quadro 2000 board work just fine with the built-in (nouveau) driver seems to work fine.
33GTK+ v3elective1/23/2019via KSAneeded to build galculator. (Also: gnome-software as gtk3-devel-3.22.20-3.el7)
34galculatorelective1/24/2019d/l from web and buildOne of the few decent RPN calculator apps available for linux
35Javarequired  Needed for Cisco VPN and other apps.
36hdparmelective yum install hdparm

Useful HDD/SSD information:

$ lsblk

$ sudo hdparm -I /dev/sda1

37cvmfs clienthighly desired6/6/2019recipe

CERN-based remote file distribution system. This will access LSST software.

https://sw.lsst.eu/installation.html

38cvmfs client IIhighly desired9/10/2019chefEarlier cvmfs client removed and new(er) chef recipe installed by SCS
39numpy,scipy,pandasrequired6/7/2019gnome-installerPython packages

 

Notes:

40condarequired7/26/2019gnome-installerNeeded in preparation for Jupyter
41matplotlib (python3)required10/11/2019cmd line and gnome-installer

$ sudo python3 -mpip install matplotlib

GUI installer for: python3-tkinter-3.6.8-10.el7

42     

 

Notes:

  1. X11 & GUI installed in this way:  

    Code Block
    titleX11 and GUI
    curl http://yum

    X11 & GUI installed in this way:  

    Code Block
    titleX11 and GUI
    curl http://yum/centos-gui > /tmp/centos-gui
/bin/sh /tmp/centos-gui

    (very large set of packages, takes a long time...)

  2. Software installed via the GUI, e.g., Thunderbird, emacs, LibreOffice

    Code Block
    sudo gnome-software

  3. Attempt to install FastX downloaded from www.starnet.com.  Code is unpacked from a tar.gz file and run without any special installation.  Attempt to configure SLAC but code fails with a relocation error associated with /lib64/libssl.so.10.  Karl to the rescue!  Use the "ssh" connection rather than "https" while he queries the vendor for a proper fix.

  4. TRS should not be used as it currently requires the use of DES enctypes that are insecure. WE have a todo to remove the ability for this weak-key to work. And are working to make TRS more secure so it can be used on Centos.

     

...

Code Block
$ gsettings set org.gnome.desktop.session idle-delay 3600
$ gsettings get org.gnome.desktop.session idle-delay
uint32 3600


    and
 
$ gsettings set org.gnome.desktop.screensaver lock-delay 0
$ gsettings get org.gnome.desktop.screensaver lock-delay
uint32 0

To change gnome's default behavior of opening new windows maximized, do this:

Code Block
$ gsettings set org.gnome.mutter auto-maximize false

 

gpg

If you use this encryption tool, it can be fussy about how it asks for your pass phrase, depending on, for example, whether you have a $DISPLAY variable set.  I've found that one way to force gpg to use a terminal-emulator style (e.g., curses) dialog is to create the following file:

...

Dateuname -aNotes
7/13/20183.10.0-862.6.3.el7.x86_64 
8/8/20183.10.0-862.9.1.el7.x86_64 
8/28/20183.10.0-327.el7.x86_64Fresh install by ksa
8/29/20183.10.0-862.11.6.el7.x86_64 
10/4/20183.10.0-862.14.4.el7.x86_64 
12/7/20183.10.0-957.1.3.el7.x86_64 
2/19/20193.10.0.957.5.1.el7.x86_64Fresh net install on new SSD
4/1/20193.10.0-957.10.1.el7.x86_64 
5/15/20193.10.0-957.12.2.el7.x86_64

$ sudo yum upgrade ; failure of yfs, so (via ksa)...

$ sudo yum clean all;sudo yum erase kmod-yfs;sudo yum install kmod-yfs;sudo yum upgrade
$ sudo chef-client -o slac_yfs-client

6/14/20193.10.0-957.21.2.el7.x86_64Automatic upon reboot (after notifications)
9/24/20193.10.0-1062.1.1.el7.x86_64 

Disk Partitioning

The following table indicates a "standard" suggested disk partitioning for centos7 with a 1 TB SSD.  (Note: the machine, comet2, has 16 GB of RAM.)

Currently recommended partition sizes are in blue.

PartitionType

Size

(GB)

Red Hat guidelineencrypt?Notes
/bootext42>1 GB  
/ext430>10 GB root
/homeext430>1 GB local user $HOMEs
swap 8>1 GB calculation based on amount of RAM
/optext440  3rd party software
/tmpext410  don't let this fill up!
/varext410  logs
/scratchext4300  yum!
/scsworkext410  maybe combine with / ?
/usr/vice/cacheext45  AFS/YFS only
/afsauristorfs---  empty mount point (AFS/YFS only)
      
      
      

 

Here is comet2's current disk config (on a 160 GB HDD):

12/2/20193.10.0-1062.4.3 
12/4/20193.10.0-1062.7.1 
1/6/20203.10.0-1062.9.1 
2/10/20203.10.0-1062.12.1 

 

Disk Partitioning

The following table indicates a "standard" suggested disk partitioning for centos7 with a 1 TB SSD.  (Note: the machine, comet2, has 16 GB of RAM.)

Currently recommended partition sizes are in blue.

PartitionType

Size

(GB)

Usage as of 3/12/2020Red Hat guidelineencrypt?Notes
/bootext42.33G (19%)>1 GB  
/ext43011G (36%)>10 GB root
/homeext43023G (80%)>1 GB local user $HOMEs
swap 8 >1 GB calculation based on amount of RAM
/optext440.75G (2%)  3rd party software
/tmpext4100.04G (1%)  don't let this fill up!
/varext4102.1G (23%)  logs
/scratchext430038G (14%)  yum!
/scsworkext4100.04G (1%)  maybe combine with / ?
/usr/vice/cacheext450.1G (3%)  AFS/YFS only
/afsauristorfs---N/A  empty mount point (AFS/YFS only)
       
       
       

 

Here is comet2's current disk config (on a 160 GB HDD):

Code Block
$ lsblk
NAME                    MAJ:MIN RM   SIZE RO
Code Block
$ lsblk
NAME                    MAJ:MIN RM   SIZE RO TYPE MOUNTPOINT
sda                       8:0    0 149.1G  0 disk 
├─sda1                    8:1    0   600M  0 part /boot
└─sda2                    8:2    0 148.5G  0 part 
  ├─VolGroup00-LogVol07 253:0    0  55.2G  0 lvm  /scratch
  ├─VolGroup00-LogVol01 253:1    0    30G  0 lvm  /opt
  ├─VolGroup00-LogVol06 253:2    0     5G  0 lvm  /tmp
  ├─VolGroup00-LogVol05 253:3    0     5G  0 lvm  /scswork
  ├─VolGroup00-LogVol04 253:4    0     4G  0 lvm  /usr/vice/cache
  ├─VolGroup00-LogVol03 253:5    0     8G  0 lvm  [SWAP]
  ├─VolGroup00-LogVol02 253:6    0    10G  0 lvm  /var
  └─VolGroup00-LogVol00 253:7    0    30G  0 lvm  /

...

Expand
titleCurrent Log (starting Feb 2019)

2/19/2019 - Install 1 TB SSD in comet2 using partitioning scheme above. Andrew activates kerberos and adds me to sudo list. Then begin process of installing needed software all over again!

2/20/2018 -

  • New CR 2032 battery installed in comet2 for RTC
  • X11 install appears successful, but causes screen freeze early on. Also SELinux complaints...but Karl fixes:
Code Block
    sudo semanage fcontext -a -t abrt_var_log_t '/var/adm'
    sudo restorecon -v '/var/adm'
    sudo systemctl restart rsyslog
  • And adds me to the 'wheel' group so I may use the GUI s/w installer tools.
Code Block
# usermod -a -G wheel dragon
  • The X11 freeze was "solved" by reseating the nVidia card. Will have to see if this is a long-term solution. If not, Karl suggests swapping out the nouveau video driver for the nVidia driver: nvidia-automatic-builds-via-dkms
  • Install AFS/YFS
  • Install google-chrome
  • Install thunderbird
  • Install emacs + git version control package
  • Install NX client (from NERSC)
  • Install FastX
  • Install python3
  • Install slack app
  • Install Zoom app
  • Install sshfs
  • Install dev tools
  • Install filezilla
  • NOTE: the following apps were already installed (or equivalents): libreOffice, ksnapshot
  • Install multimedia codecs and apps (including ffmpeg)
  • Install htop
  • Install gimp
  • Install gitg (GTK+ interfact to git)
  • Install galculator and GTK+ development files
  • Install BrightQ printer support for Canon ImageRunner Advance C5255
    • Driver package is recommended by Canon, https://www.codehost.com/canon/
    • One must "register" to download and then again to install the drivers (sad)
    • This system was installed to interface with CUPS (already installed)
    • A number of "BrightQ" apps appear in the gnome Applications->Office menu
    • It seems to work, including providing the printer-specific options (e.g., paper size, duplex, etc.)
  • Install Code42 CrashPlan, configure and start

2/21/2019 -

  • Install hdparm
  • Add shell extentions (Applications --> System Tools --> Application Installer --> Add-ons)
    • "system-monitor" – CPU/Network/Disk activity plots to gnome top bar
    • "No Topleft Hot Corner"
    • "Workspace Indicator"

4/10/2019 - After a flurry of "Important OS Update" notifications, and after three reboots did not clear the notifications, Karl manually intervenes due to an issue with YFS:

 

sudo yum clean all; sudo yum erase kmod-yfs; sudo yum install kmod-yfs; sudo yum upgrade

 

5/17/2019 - comet2 has been operating normally (no observed hardware hiccups)

 

Gotchas

...

YFS:


 

sudo yum clean all; sudo yum erase kmod-yfs; sudo yum install kmod-yfs; sudo yum upgrade

 

5/17/2019 - comet2 has been operating normally (no observed hardware hiccups)

 

Gotchas

Here is a list of gotchas or concerns that I stumbled into during these project investigations.

  • At this time (1/7/2020), updating YFS without a concurrent OS kernel update may fail due to an issue with the kmod-yfs library.  The workaround is:

    Code Block
    sudo yum erase kmod-yfs-0.190-1.3.10.0_1062.9.1.el7.x86_64   # (substitute your current version)
sudo yum update                                              # or "yum upgrade"
  • Tilde (~) does not work.  Remember that LD2.0 machines have their own user databases which are not the same as the SLAC site unix user database.  If you are accustomed to typing "$ ls ~lsstprod/workflows", that will no longer function.  It is not clear how to implement a good, reliable work-around.

  • Absolute NFS file paths will be different.  Using sshfs means every remote file system must have a local mount point.  On central SLAC machines, "/nfs" works.  However, sshfs documentation recommends that mount points be r/w by the user and, usually, /nfs is not such a candidate.  So any scripts or aliases that use the "/nfs" path must be changed. [AFS/YFS is different in that if you elect to have the client installed, the absolute paths will look identical with that on a public SLAC machine.]
    ** WORKAROUND: On a single-user workstation in the SLAC network, the following example shows how to allow a customary absolute NFS path using a symbolic link:

    Code Block
    sudo ln -s /nfs /home/dragon/nfs
mkdir -p /home/dragon/nfs/farm/g/lsst
sshfs dragon@rhel6-64:/nfs/farm/g/lsst /nfs/farm/g/lsst

  • Access to AFS home directories can proceed either via an absolute path, e.g., `/afs/slac/u/...` or one can create a symbolic link to recover the familiar `/u/ec/dragon/...` path.

    Code Block
    sudo ln -s /afs/slac.stanford.edu/u /u

  • Lots of SLAC-written and SLAC-specific commands are no longer available locally, e.g., everything in /usr/local/bin
    ** WORKAROUND: Create an alias in your .bashrc to prefix your favorite SLAC command(s) with "ssh rhel6-64 ", e.g.

    Code Block
    alias person='ssh rhel6-64 person '
  • Printing is currently possible via the unix print server, but I've heard rumors that this service might be deprecated and replaced with a Windows-based system.  Also, the current print config in use on comet2 is very rudimentary and needs further thought.  It does not, for example, know about printer-specific functions & capabilities, such as faxing, duplex printing, oddball paper sizes, etc.
    ** FIX: The "BrightQ" print drivers for Canon printers are straight-forward to install, interface seamlessly with CUPS, and offer all the features of my printer (a Canon C5255).  There is a bit of a rigamorole involved (one must "register" twice, once for download and again for installation), but in the end it worked well.  Get the drivers here: https://www.codehost.com/canon/
  • Many users will need a moderately-to-highly customized application repertoire to work well for them.  The application list above is acceptable for my (TG) work needs. But there are items that even I need only rarely and it is not clear it is better to seek them out and install locally, or to simply log into a public login machine to use.  Here I am thinking of database tools, advanced development tools, TeX (and friends), more sophisticated printing capabilities, etc.
  • While for may activities it is desirable to work locally, one will still need to log onto a public SLAC login machine (think licensed software, certain computing resource management functions, dealing with PPI,  etc.) There are certain files and directories that I would like synchronized between the desktop machine and my SLAC environment (such as ssh keys, personal logbook, app configurations).  Possibly a trscron job would do the trick, but then which copy becomes the master?  I would like a smart synchronizer that allows either environment to make changes that will then be reflected in the other environment.

 

References

...

  1. SLAC minimum security requirements:
    https://docs.slac.stanford.edu/sites/pub/Publications/701-I02-001-00_Min_Sec_Req_for_Comp.pdf

  2. Stanford minimum security requirements:  
    https://uit.stanford.edu/guide/securitystandards

  3. SLAC support for Linux:
    Ubuntu/CentOS 7 Desktop Scope of Support