Stanford Linear Accelerator Center

Installation of Red Hat Enterprise Linux 5

SLAC Computing
UNIX at SLAC
Linux at SLAC
Updated: 1 Oct 2010

There are several steps to setting up a fully-integrated Red Hat Enterprise Linux 5 (RHEL5) system at SLAC:
  1. Before you Begin
  2. Install Red Hat Enterprise Linux 5
  3. Post Install
  4. SLAC Configuration
  5. Known Issues

Please note: These are not complete Red Hat Enterprise Linux install instructions; go to the Red Hat Web site for more complete information.


Before you Begin

      System Requirements

      Architecture
      These instructions are for installing Red Hat Enterprise Linux 5 (RHEL5) on an IA-32 system (i.e., a 32-bit Intel- or AMD-based system) and Opteron 64-bit systems (x86_64).
      Minimum Memory
      Red Hat recommends a minimum of 256 MB of memory. At SLAC, RHEL5 has been successfully installed on systems with 128 MB, but such systems have a tendency to bog down badly due to excessive swapping when too many applications are open at once.
      Minimum Disk Space
      OCIO recommends a minimum disk size of above 12 GB, and a minimum root partition ("/") size of about 9 GB.
      CDROM Drive
      Red Hat does not include a floppy version of the boot images for RHEL5. Your system will need a boot-capable CDROM drive, or a BIOS which knows how to PXE boot (ask unix-admin about that if you have questions).

      Preparing to Install

      1. Consider submitting a request to have OCIO do the installation for you.
      2. Have previous experience installing Red Hat Linux, or else read the Red Hat Install document.
      3. Have an IP address and node name for your system. If necessary, pick up a copy of the IP Address and Node Name form from the Help Desk or print your own copy, fill it out and submit it to the Help Desk.
      4. Have available the network and host information required by a Red Hat Linux install, which includes (but may not be limited to): IP address, gateway, netmask and DNS server (provided by Help Desk when you obtain your IP address); video card/monitor specs (including size of video RAM); disk drive size; etc.
      5. If you are an experienced Linux user and intend to retain some responsibility for administering your system, you may want to familiarize yourself with Taylor before beginning. This is the tool OCIO uses to adapt systems to the SLAC environment and we strongly encourage you to use it.
      6. If you are installing on a machine that was previously taylored, you should print a copy of the file /etc/taylor.opts before beginning.

      This procedure does a "clean install", not an upgrade. If you follow OCIO recommendations against storing permanent data on a workstation's system disk, this should not be a problem. If you do have some data you want to preserve on this disk, but it is all stored in a non-system partition, e.g., /u1, you might be OK, providing your system partitions are large enough to accommodate RHEL5 with sufficient room for future updates (see Disk Partitions, below). Otherwise, it is your responsibility to backup your data before beginning the installation. If you must restore it to a local filesystem after the installation, we strongly urge you to buy a second disk and keep permanent data off the system disk.

      You may want to work next to a machine with a web browser and access the Red Hat installation manual from the documentation area of the Red Hat web site.


      Install Red Hat Enterprise Linux 5

      The installation program is mostly self-explanatory if you have installed UNIX or Linux before. We will only mention either complex or SLAC-specific issues below.

      Create an Installation CDROM

      To make a bootable CDROM for installing RHEL5, you will need to burn an ISO 9660 image file onto CD-R (or CD-RW) media. On Linux, you can use an application like Xcdroast (requires X Windows) or cdrecord (a command-line tool). Mac OSX can successfully create bootable CDROMs using the CDROM burning utility.

      To create an installation boot CDROM under Linux, using the cdrecord utility:

      1. Find the ISO 9660 disc image for an installation boot CDROM for your architecture and the current RHEL5 Update level:

              cd /afs/slac/package/RedHat/RHEL5/ARCH/images
              ls boot.iso
              
        You should replace the string 'ARCH' with the architecture of your processor, i.e., for 64-bit-capable processors such as an AMD Opteron or an Intel EM64T chip, you should substitute 'x86_64'; for 32-bit processors, use 'i386'.

      2. Put a blank CD-R (or CD-RW) disc into the CDROM drive.
      3. To get information about your CDROM drive, run the command:
              cdrecord -scanbus dev=/dev/hdc
              
        You'll get a line that includes some text identifying your specific CDROM device, along with the device address; for example:
              1,0,0   100) '_NEC    ' 'CD-RW NR-9300A  ' '105B' Removable CD-ROM
              
        The first field in this example, "1,0,0", is your CDROM device address. This is the information you'll need.
      4. Run a command like the following:
              cdrecord -v -speed=2 dev=1,0,0 -eject -data boot.iso
              
        On some systems you may need to prefix the device address with a transport layer indicator, such as 'ATA:' or 'ATAPI:', or you may need additional options on the cdrecord command line. See the man page for cdrecord for details.

        If you haven't burned any CDROMs before, it's a good idea to run some tests first by adding the '-dummy' option to the cdrecord command line.

      You might also want to consider burning a "rescue disc" for use in case of problems with the system on your hard disk. The procedure is similar to the above and you can find the appropriate image in the directory, /afs/slac/package/RedHat/RHEL5/ISO/. Look for a file ending in "...-WS-disc1.iso" and matching your architecture and the current update level, e.g., "RHEL5-U2-i386-WS-disc1.iso".

      Boot the Installation Program

      Stick the CDROM in the drive and reboot your machine.

      If your machine ignores the CDROM at boot time, and simply reboots the existing system on the hard disk, there is most likely a problem with the boot order in the BIOS. You can usually get into the BIOS by pressing a function key (usually F2) early in the boot process. The various BIOS screens vary quite a bit, even within a single vendor's products. However, there is usually a place where you can specify the order in which the BIOS should look for a bootable device. You should make sure it looks at the CDROM drive before the hard disk.

      At the boot prompt, you can choose between running the installation in graphical or text mode. Unless you have an older monitor or video card, it should be OK to just type linux askmethod, then hit the Enter key and run the installation in graphical mode. To run in text mode, type linux text askmethod and press the Enter key.

      It will take a minute or two to load. Once you are in the install program, follow the directions until you get to the question on what kind of installation method to use.

      N.B.  There may be some variations in the order of the screens in the installation program depending on your exact hardware configuration and/or the choices you make, so it's probably a good idea to read through the rest of this section before proceeding.

      NFS Install Method

      In the "Installation Method" screen, choose NFS image to insure that the latest SLAC-recommended kernel and RPMs are installed. If you install from a CDROM, you may need to upgrade the kernel after installation in order to comply with SLAC security requirements.

      Next, you will be asked to configure TCP/IP. Uncheck Use dynamic IP configuration and enter the IP Address, Netmask, Default gateway and Primary nameserver information given to you by OCIO when you requested your node name and IP address.

      WARNING:

      Please be careful to enter this information accurately, since errors can disrupt the network.

      Note that the Red Hat install program will try to guess your Default gateway and Primary nameserver after you enter your IP address and Netmask, and will set these up as defaults. These Red Hat-supplied values are most likely wrong. If you don't know one or more of these values, please ask the help desk or unix-admin -- do not use the Red Hat supplied values.

      Next you will be asked for NFS setup information. The NFS server name is lnxinstall and the Red Hat directories are:

      • For Opteron and EMT64 systems: /vol/vol1/g.scs.redhat/RedHat/RHEL5/x86_64.
      • For all other systems(Pentium, Athlon, etc.): /vol/vol1/g.scs.redhat/RedHat/RHEL5/i386.

      If the directory can't be mounted try using lnxinstall's IP address, 172.23.16.97, instead of its name.

      Disk Partitions

      At the Disk Partitioning Setup screen, select Manually partition with Disk Druid. The default partitioning scheme used by the Automatically partition option is not suitable for use in the SLAC environment.

      The table below shows suggested partitioning schemes for two different size disks, representing typical sizes of disks available on older hardware still in service here at SLAC. Newer systems usually have substantially larger system disks.

      Make sure to give Linux at least a 9 GB root partition. If your root partition is less than about 9 GB, you should omit installing some of the software package groups recommended below, in order to allow room for future upgrades and security patches. Similarly, if you install more package groups than suggested below, you will probably need a larger root partition -- perhaps 10-12 GB if you install nearly everything. Small root partitions can make it difficult or impossible to install required security patches later on. Systems that cannot apply required security patches in a timely fashion may be denied access to the SLAC network. If possible the root partion should be at least 20 GB for modern machines with 100 GB and larger disks.

      You should also create a swap partition at least as large as the memory (twice the main memory is a good rule of thumb for the size of the swap partition).

      If there is sufficient space, we recommend that you allocate an /scswork partition of 1 GB, to be reserved for the exclusive use of OCIO. Use the rest for scratch space; for example, you might want to create a larger /tmp or add a separate /scratch directory. Note that older files in /tmp are periodically removed but files in /scratch will remain until removed by you unless the system is re-installed.

      Always choose to format your Linux partitions. Use the new, ext3 filesystem type on all partitions except swap. (In earlier versions of AFS, /usr/vice/cache needed the ext2 filesystem, but ext3 is now compatible with the AFS cache). ext3 is a journaling filesystem and will permit much faster recovery following crashes.

      WARNING! You should not allocate any partitions on the system disk for permanent data. Because of the large sizes of currently available disks, you may be strongly tempted to ignore this warning. However, it is very risky to do so, because:

      • we do not backup the data on local disks attached to workstations;
      • the disks installed in workstation-class machines are much less reliable than those we buy for our fileservers; and,
      • our support model assumes that it's OK to repartition and re-install the system disk on short notice.

      The best way to make use of extra space on your system disk is to allocate a large /tmp or /scratch partition. If you need additional permanent space, please contact unix-admin@slac.stanford.edu; we will do our best to help you acquire reliable, backed-up storage at a reasonable cost. If you ignore this warning, it will be your responsibility to save and restore your data the next time your system needs to be re-installed.

      Note that partition names and numbers, and the order of the partitions, are assigned automatically by Disk Druid. Also, the actual sizes of allocated partitions may vary a little bit from what you request via Disk Druid's GUI interface. This may make it difficult to allocate every last block on the disk.

      Suggested partition schemes for typical hard disks:
      Partition
      Mount Point
      Partition
      Type
      Partition Size
      12 GB disk +18 GB or larger disk
      / ext3 9 GB 12 GB
      swap swap 1 x memory or
      at least 512 MB
      2 x memory or
      at least 1 GB
      /var ext3 512 MB 4 GB
      /usr/vice/cache ext3 512 MB 2 GB
      /tmp ext3 512 MB 4 GB
      /scswork ext3 omit 1 GB
      /scratch (or extra /tmp space) ext3 omit remainder

      Boot Loader Configuration

      We recommend that you use the default boot loader, GRUB, and accept the defaults for the other options on this screen.

      Network Configuration

      The Network Configuration screen should show the same information you entered above in the TCP/IP Setup when requesting an NFS installation.

      No Firewall at SLAC

      If you will be using your system within the SLAC environment, you will need to select "No firewall" at the Firewall Configuration screen. However, if you are installing a stand-alone system, e.g., for use from your home, or a laptop that will be connected to the Internet from outside SLAC's firewall, you may want to learn more about the firewall facilities in Red Hat Linux in order to better protect your system.

      No SELinux at SLAC

      At the bottom of the 'Firewall Configuration' page there is a pull-down menu to make SELinux 'active', 'warn', or 'disable'. Choose 'disable'.

      When the annoying box pops-up to ask you to confirm your setting, hit 'Proceed'.

      Installation (Subscription) Number

      When asked for an Installation or Subscription number, use this:

                  26e2a46326aee4a5
      
      If you don't enter that number, you will not have access to all the RPMs at install time, and you will just get a very basic install. After running taylor, your machine will have access to the full list of RPMs (the workstation and supplementary child channels).

      Additional Language Support

      If you wish, select one or more additional languages.

      Time Zone Selection

      Select the time zone, either by location or UTC offset (e.g., by clicking on a nearby city, such as Los Angeles, on the map or by selecting UTC-08 plus daylight savings time on the UTC Offset tab). You should not check the "System clock uses UTC" box on dual-booted machines (note that OCIO strongly discourages dual boot machines).

      Set Root Password

      Choose a good root password and DON'T FORGET IT! SLAC's post-installation tool taylor will override this password.

      Selecting Packages

      Using the 'Install default software packages' is probably sufficient for most installs. This will give you a good basic system. You may also select package groups or individual packages to be installed via the 'Customize software packages to be installed', but do not install or run Server programs (web, nfs, tftp, ftp, etc.) without checking with unix-admin or cyber-security first.

      In addition to the Red Hat defaults, we recommend adding the following groups:

      • Both KDE and GNOME: It is easy to switch between the two if they are both installed, and each includes some applications that might prove useful in the other.
      • Engineering and Scientific. This includes the GNU Scientific Library plus BLAS and LAPACK, Fortran libraries for linear algebra.
      • Authoring and Publishing: Provides TeX and SGML support
      • Development Tools: If you will be doing any software development on the machine, you should check this group. In addition, if you plan to build Linux kernels or develop X Windows, Gnome or KDE applications you should check the corresponding package groups in this section. Note in particular that:
        • Even if you only plan to run (not build) SLAC-built software with an X Windows interface (e.g., BaBar code) you may need to install the "X Software Development" package group.
        • Checking "KDE Software Development" gives you tools like Qt Designer, PyQt and SIP which are used by some SLAC groups.
      WARNING

      Please do not install servers unless you really know what you are doing and okay it with OCIO first. And please don't select "Everything" which would also install the servers.

      To find out exactly what's included in a group, click on "Details" (you'll have to select the group first if it is not already selected). Some groups have optional parts; in the Details screen you can select or unselect these options.

      If you want complete control, check the Select individual packages option before clicking the Next button. Note that selecting "Minimal" will override your previous selections, but unselecting it will restore them.

      Note that the last row in the above table simply shows the sum of the package sizes, and is really only intended to give you a rough idea of relative sizes for different collections of packages. You must allocate a root partition significantly larger than these minimums to get a workable system and to reserve space to install package updates (especially security updates)/

      Don't worry too much about getting every package you might ever want -- you can always add additional packages later.

      It may take 15 minutes to over an hour to install the packages depending on the speed of your machine and network.

      The installation program will reboot the machine when it is finished. Make sure to remove any floppy left in the drive from the initial boot of the installation program.

      Post Install

        Red Hat Setup Agent

        The first time you boot your newly-installed system in the graphical run level (run level 5) the Red Hat Setup Agent may automatically run. This tool is intended for stand-alone systems and guides you through a number of first time system administration tasks such as:

        • Setting the timeone, date and time
        • Registering with Red Hat Network (RHN)
        • Creating a non-admin local account

        If you are planning to taylor your system you can skip most or all of these steps -- they are either unneeded or will be handled by taylor. In particular you should avoid creating a local account with the same username as your SLAC UNIX account or registering personally with RHN.

        Revise X Configuration

        In Red Hat Release 5 most graphics chips are probed for correct values. If you want to change the configuration of X Windows, use the configuration tool system-config-display.

        If you can't get a satisfactory X configuration using this tool then you will have to fiddle with the /etc/X11/xorg.conf file. See the xorg.conf(5x) man page for information on the format of this file and it's many device-independent options. There are also device-specific man pages for the various supported video drivers -- see the SEE ALSO section of xorg.conf(5x) for some of the driver names. Do not increase the refresh rate ranges on your monitor unless you are absolutely sure it is supported!

        Configure Sound

        If your sound card was not automatically configured by the installation program or during the initial boot (by a program called "kudzu"), you can try running (as root) the Sound Card Configuration Tool. You need to do this in X Windows. You can also run this tool by entering system-config-soundcard on the command line, or by choosing Main Menu => System Settings => Soundcard Detection. Note that this tool requires that you have an X server running. For more information, see the section on Sound Configuration in the RHEL5 Installation Guide. If you have an unusual sound card, you may also have to search the web for detailed help on configuring it.


        SLAC Configuration

          WARNING: This is not (yet) for laptop users.

          Taylor is the tool used by OCIO for administering the very large number of UNIX (including Linux) systems for which we are responsible. It can be run after the Red Hat installation program to automatically configure your new system to be integrated into the SLAC environment. It normally installs a cronjob which will maintain your system automatically.

          Some of the things Taylor does include:

          • Configure the network interfaces for the correct subnet at SLAC.
          • Set up network services such as NIS, DNS, NTP, and syslog correctly.
          • Install or update recommended software, including AFS, AMD, SSH, and LPRng.
          • Update the passwd and groups files to include OCIO-required system accounts and to permit login by users via their regular SLAC UNIX accounts (this can be restricted after Taylor runs the first time).
          • Configure sendmail for SLAC's email environment.
          • Install LPRng to centralize printing.
          • Install some TrueType fonts.
          • Remove or reconfigure some insecure services.
          • Install sudo with a centrally-managed sudoers file (sudo is a UNIX tool to allow users to issue privileged commands).
          • Install and run yum to get updates.
          • Optionally, setup /usr/local to point to SLAC AFS /usr/local for Linux.
          • Install an hourly Emergency cronjob that can be used, for example, to apply urgent security fixes.
          • Install a nightly Taylor cronjob to apply routine maintenance to your system automatically (this cronjob can be removed, and Taylor re-run by hand from time to time, on mission-critical servers).

          For additional information, see the Taylor Web page.

          Running Taylor

          Taylor uses a configuration file, /etc/taylor.opts, to control its actions. If you don't have this file the first time you run Taylor, it will install one with a reasonable set of defaults. However, you may want to set some of these options before you run Taylor the first time, since the root password you set during installation will otherwise be overridden at this point.

          If your machine was previously taylored, you will most likely want to restore most or all of the options from your old taylor.opts file (you did print a copy before beginning, right?). If your machine is connected to a non-autonegotiating (fixed speed) 100 MB/s port, it is particularly important to include the option, ethernet=100mb. If you are not sure, omit this option or check with net-admin.

          If your machine has not been previously taylored, look in /afs/slac/package/taylor/taylor.opts for a sample taylor.opts file. In particular, this file includes commented out examples examples showing how to:

          • Control the root password
          • Select a graphical or text-mode login
          • Request a private /usr/local directory

          For a more complete list of options, do man taylor.opts.

          After running Taylor the first time, if you subsequently need an option changed and can no longer modify /etc/taylor.opts yourself, contact one of your Linux Desktop Support people or send mail to unix-admin.

          To install and run Taylor, execute the following command:

          elinks -source http://www.slac.stanford.edu/comp/unix/linux/go-taylor | sh
          

          You will be asked whether to use the version of /usr/local maintained by OCIO or set up a private /usr/local. We highly recommend that you use the central one.

          Taylor will probably take several minutes to complete its work. If there is an error and you can see how to fix the problem, it is safe to rerun taylor afterward. If you have an error you cannot understand or fix, send email to unix-admin to request help. If possible, paste the error messages from Taylor into the email.

          Access to SLAC's MAIL Spool and other NFS servers

          If you receive your email via the UNIX mail spool rather than SLAC's Exchange server, you'll need access to /nfs/mailspool/mail/<your_UID>. Some users may also want to access other central NFS file servers from their Linux workstations. Access to NFS is not automatic; for security reasons you must submit a request to OCIO for permission to mount our central servers. There is a simple NFS Access form for this purpose if you do not need any superuser privileges on the machine. If you also need privileges, see the next section.

          Superuser Privileges

          If you need superuser privileges (i.e., the root password and/or sudo ALL) on your machine, you will need to carefully read the Superuser/NFS Privileges page, then fill out and submit the form you'll find there. If you also need NFS access, you must request it via this same form.

          SLAC's RPM Repository

          SLAC maintains a mirror of the Red Hat Enterprise Linux WS 5 distribution on a RedHat Linux Satellite Server.

          yum

          The yum command is a program that can look at a directory or at an ftp or http site and determine if there are updates to any of your packages there. If it finds them, it can also install them. Taylor installs yum and uses it to apply required security updates. In addition, Taylor configures yum so that you or your system admin can use it to install any necessary bug fix RPMs to bring your system up to the latest OCIO-recommended Red Hat update level. The command to do this is simply,

             sudo yum upgrade
          
          To find out what yum would do without actually doing it, use the command, sudo yum check-update.

          Extras

          Use the GUI program 'pirut' for additional RPMS that you might want to install.


          Known Issues

            There are some known issues with RHEL5. Please see the RHEL5 Release notes for other information:
            Release Notes


            More Information

            IMPORTANT
            Join the SLAC Linux mailing list to exchange information and advice with other users. There is a convenient Web page for subscribing or reviewing the archives or you can send mail to majordomo@slac.stanford.edu with the first line of the body being "subscribe linux-l".

            If you need more information, please have a look at our Linux Resources page.



            unix-admin