SLAC ESD Software Engineering Group

 

 

UNIX SYSTEM ADMIN

 

 

RHEL6 Notes

 

SLAC Detailed

SLAC Computing

Software Home

Software Detailed

Documentation and Web Suport

 


Installation procedures for RHEL6 64 Bit:

 

Reference:  http://www.slac.stanford.edu/comp/unix/linux/install_RHEL6.html#install_rhel

Note - If you are going to use PXE Kickstart, then the kickstart file will be /usr/local/admin/kickstart/ks-RHEL6-64-server.cfg. Please see at the end of this document, a proper kickstart file prepared on 03/11/2013 for facet-archapp.

After creating disk  (See reference above)

  • NFS Server:  lnxinstall
  • RPM repository: ex) /vol/vol1/g.scs.redhat/RedHat/RHEL6/6u1/x86_64
  • Install RHEL6 CD and boot server

                     Partition                                             Size                                  File System

/
20000
EXT4
SWAP
16000
swap
/tmp
6000
EXT4
/var
6000
EXT4
/scswork

1000

EXT4
/usr/vice/cache
1000
EXT4
/scratch
Remainder
EXT4
  • Accept Default for Boot Loader
  • Packages: Pick Custom installation
    • Add the following to the Default
      • Compatibility Libraries
      • Scientific Support
      • Legacy UNIX Compatibility
  • Once Built
    • Setup private server for Patching (see below)

    OR

    • Setup Tayler (see below)

 

  • Turn off SELinux and Firewall (see below)
  • Using system-config-services disable
    • NetworkManager
    • Avahi-daemon
    • Bluetooth
    • ip6tables
    • libvert-guests
    • libvirtd
    • rhnsd -on production servers
  • Configure /etc/fstab -Make copy first (/etc/fstab.orig)
  • Check /etc/resolv.conf
    • domain slac.stanford.edu
    • search  slac.stanford.edu
    • nameserver 134.79.151.12
    • nameserver 134.79.151.13
  • Install OpenManage: 
  • Fill out Superuser/NFS form if needed (Taylor'd only)

 


Special Installs:

lcls-dev3 Install libusb
  • yum install "libusb*"
   

To setup patching for our Private Servers:

To use our local RHN satellite server:

New Way:

 

wget --no-check-certificate -O- https://satellite1.slac.stanford.edu/pub/bootstrap/bootstrap.sh | sh

 

You must run  /usr/local/admin/kickstart/Extra-RHEL6-RPMs

  • This will load extra RPMs needed for RHEL6 installation that the kickstart could not.

 

 

YUM

Yum install:  To install optional packages in groups

yum --setopt=group_package_types=optional groupinstall development

 

 

Do NOT run /usr/local/admin/scripts/sync_sysconf.sh

  • This is for RHEL5.
  • Need to create new one, but for now use a current RHEL6-64 server for
    • passwd ***
    • shadow ***
    • group ***
    • resolv.conf
    • rsyslog.conf
    • ntp/step-tickers
    • hosts
    • ntp.conf
    • cups/clientd.conf

 

 

 

To run Taylor:

  • Create /etc/taylor.opts

    EX)

    automounter=autofs
    workgroup=slc
    usage=server
    xdmcp=off
    network_device=leavealone

    nolprng
    linux_kernel=leavealone

 
  • Run:  wget -O- http://www.slac.stanford.edu/comp/unix/linux/go-taylor | sh
 

Files to be edited/reviewed in case you are renaming server or changing it's IP Address.

Files to be edited/reviewed : /etc/sysconfig/network, /etc/sysconfig/network-scripts/ifcfg-*

Ensure that /etc/sysconfig/network file has all relevent entries.

Example -

$ cat /etc/sysconfig/network
NETWORKING=yes
FORWARD_IPV4=false
HOSTNAME=facet-archapp
DOMAINNAME=slac.stanford.edu
GATEWAY=134.79.151.1
NISDOMAIN=slac.slac.stanford.edu


Xorg

 

The OPI's need to have Xorg listening for X connections (MCC and EPICS displays launed from the SCP)

 

Usually the XDM is turned of with the "-nolisten"

  • Type: ps -ef | grep Xorg      -you will see a "-nolisten"
  •  RHEL5: run gdmsetup and uncheck the box in the Security tab:  Deny TCP connections to Xserver
    • restart X or reboot server
  • Type: ps -ef | grep Xorg      -the "-nolisten" should be gone. The Xserver will now listen for Xclients
  • RHEL6
    • Edit the /etc/gdm/custom.conf and add "DisallowTCP=false" to the [Security] section
    • restart X:     init 3; then init 5
    • Test with ps -ef | grep Xorg    -The "-nolistion" should be gone

 

# GDM configuration storage

[daemon]

[security]
DisallowTCP=false

[xdmcp]

[greeter]

[chooser]

[debug]

 


 

Dmesg: 

p4-clockmod: Warning: EST-capable CPU detected. The acpi-cpufreq module offers voltage scaling in addition of frequency scaling. You should use that instead of p4-clockmod, if possible.

To fix this

Perform a "updatedb"   -This creates a file to search

[root@lcls-prod08 ~]# locate p4-clockmod
/lib/modules/2.6.32-71.el6.i686/kernel/arch/x86/kernel/cpu/cpufreq/p4-clockmod.ko
[root@lcls-prod08 ~]# locate acpi-cpufreq
/lib/modules/2.6.32-71.el6.i686/kernel/arch/x86/kernel/cpu/cpufreq/acpi-cpufreq.ko

1) blacklist the p4-clockmod module by creating the file: /etc/modprobe.d/blacklist-p4-clockmod.conf
and put into that file just one line: blacklist p4-clockmod

2) put just the "modprobe acpi-cupfreq" line into the /etc/rc.d/rc.local file.

The two step method is better in that the p4-clockmod module won't load in the first place, so then no need to unload it.



SELinux configuration:

SELINUX=permissive in /etc/selinux/config:

 

# This file controls the state of SELinux on the system.

# SELINUX= can take one of these three values:

#                     enforcing - SELinux security policy is enforced.

#                     permissive - SELinux prints warnings instead of enforcing.

#                     disabled - No SELinux policy is loaded.

SELINUX=disabled

# SELINUXTYPE= can take one of these two values:

#                       targeted - Targeted processes are protected,

#                      mls - Multi Level Security protection.

SELINUXTYPE=targeted

Also, the getenforce command returns Disabled:

$ /usr/sbin/getenforce

Disabled

 


Firewall Configuration:

Turn off Firewall:  system-config-firewall

 


Nvidia driver install: (Needs to be done for every new kernel on OPIs)

  • Nvidia installed a /etc/modprobe.d/nvidia-installer-disable-nouveau.conf
    • which had
      • # generated by nvidia-installer
        blacklist nouveau
        options nouveau modeset=0
  • Edit the /etc/grub.conf     or  /boot/grub/grub.conf   (symlilnk)
  • Add 'blacklist=nouveau' to the /kernel line  (I made a copy)

GRUB.CONF:

 

default=0
timeout=5
splashimage=(hd0,0)/boot/grub/splash.xpm.gz
hiddenmenu


title Red Hat Enterprise Linux Workstation (2.6.32-131.6.1.el6.x86_64)
root (hd0,0)
kernel /boot/vmlinuz-2.6.32-131.6.1.el6.x86_64 ro root=UUID=f4f90739-31ea-4617-936f-09
d901086ea5 rd_NO_LUKS rd_NO_LVM rd_NO_MD rd_NO_DM LANG=en_US.UTF-8 SYSFONT=latarcyrheb-sun16 K
EYBOARDTYPE=pc KEYTABLE=us crashkernel=128M rhgb quiet rdblacklist=nouveau

initrd /boot/initramfs-2.6.32-131.6.1.el6.x86_64.img


title Red Hat Enterprise Linux Workstation NOBLACKLIST (2.6.32-131.6.1.el6.x86_64)
root (hd0,0)
kernel /boot/vmlinuz-2.6.32-131.6.1.el6.x86_64 ro root=UUID=f4f90739-31ea-4617-936f-09
d901086ea5 rd_NO_LUKS rd_NO_LVM rd_NO_MD rd_NO_DM LANG=en_US.UTF-8 SYSFONT=latarcyrheb-sun16 K
EYBOARDTYPE=pc KEYTABLE=us crashkernel=128M rhgb quiet
initrd /boot/initramfs-2.6.32-131.6.1.el6.x86_64.img


title Red Hat Enterprise Linux (2.6.32-131.0.15.el6.x86_64)
root (hd0,0)
kernel /boot/vmlinuz-2.6.32-131.0.15.el6.x86_64 ro root=UUID=f4f90739-31ea-4617-936f-0
9d901086ea5 rd_NO_LUKS rd_NO_LVM rd_NO_MD rd_NO_DM LANG=en_US.UTF-8 SYSFONT=latarcyrheb-sun16
KEYBOARDTYPE=pc KEYTABLE=us crashkernel=128M rhgb quiet rdblacklist=nouveau
initrd /boot/initramfs-2.6.32-131.0.15.el6.x86_64.img


To disable user list from login screen:

  • su -s /bin/sh gdm
  • gconftool-2 --direct --config-source=xml:readwrite:$HOME/.gconf -t bool -s /apps/gdm/simple-greeter/disable_user_list true

To change the Launch Feedback on Gnome

 

Open the .desktop file of nautilus with a text editor like :
sudo gedit /usr/share/applications/nautilus.desktop

Go to the end of the file and edit this line :
StartupNotify=true

And change the value "true" to "false" like this :
StartupNotify=false

Then save the file and open again nautilus... no more waiting mouses ^^


 

 

            Important notes -

            Regarding machine changing eth0 to eth1 while boot time -

            If you are cloning the root disk and plan to use it on different machine then udev will change the ethernet interface number (i.e.

            from eth0 to eth1).

            To take care of this do following -

            # dmesg | grep eth0 | grep -i rena
              udev: renamed network interface eth0 to eth1

           

            Take a look at /etc/udev/rules.d/70-persistent-net.rules and verify that the rule for your card (check its MAC) is consistent with the naming

             scheme you want. You can easily edit that file or even remove it if you want to regenerate it from scratch.

            Sample script to convert /etc/fstab and /boot/grub/grub.conf file from UUID to device name.

            #!/bin/bash
            [[ $(whoami) != root ]] && echo "Must be root" && exit
            [[ ! -r $1 ]] && echo "Can't read $1" && exit
            cp /dev/null $1.new
            while read line; do
            if [[ "$line" != *UUID=* ]]; then
            echo $line
            fi

            if [[ "$line" == *UUID=* ]]; then
            uuid1=${line#*UUID=}
            uuid=${uuid1%%[[:blank:]]*}
            dev=$(findfs UUID="$uuid")
            #label=$(vol_id -l "$dev")
            line=${line//UUID=$uuid/$dev}
            echo $line
             fi
             echo $line >>$1.new
             done < $1
    

             For linux-mirror script to run successfully ensure that /boot/grub/device.map file contains entries for both sda and sdb

             1.If the device.map already exists, move it to device.map.bak:

                # mv /boot/grub/device.map /boot/grub/device.map.bak

             2.Execute GRUB with the following options to regenerate the file:

                grub --device-map=/boot/grub/device.map

                You will be presented with a GRUB prompt:

               GNU GRUB version 0.95 (640K lower / 3072K upper memory)
               [ Minimal BASH-like line editing is supported. For the first word, TAB lists possible command completions. Anywhere else TAB

                lists the possible completions of a device/filename.]
               grub>
               Type quit and hit enter to return to the shell.

                # cat device.map
                (fd0) /dev/fd0
                (hd0) /dev/sda
                (hd1) /dev/sdb
        

Notes put by Shashi -

09/27/2012 -

1) After kickstarting edit /etc/fstab and /boot/grub/grub.conf files, remove any UUID or LABEL references and replace those by standard device entries.

2) After kickstarting edit /etc/fstab and remove 2nd swap entry (after checking and if applicable).

3) Install cups-lpd (yum install cups-lpd).

4) Check and if required recreate /boot/grub/device.map -

[root@mccelog2 divekar]# cat /boot/grub/device.map
# this device map was generated by anaconda
(hd0) /dev/sda
[root@mccelog2 divekar]# mv /boot/grub/device.map /boot/grub/device.map.bak
[root@mccelog2 divekar]# grub --device-map=/boot/grub/device.map
Probing devices to guess BIOS drives. This may take a long time.
GNU GRUB version 0.97 (640K lower / 3072K upper memory)

[ Minimal BASH-like line editing is supported. For the first word, TAB
lists possible command completions. Anywhere else TAB lists the possible
completions of a device/filename.]
grub> quit
quit
[root@mccelog2 divekar]# cat /boot/grub/device.map
(fd0) /dev/fd0
(hd0) /dev/sda
(hd1) /dev/sdb

5) Edited /etc/passwd file. Added two entries and removed one entry.

# diff /etc/passwd /etc/passwd.dist
46,48c46
< +@h-mccelog
< +@u-scs-staff
< +::::::/afs/slac.stanford.edu/common/etc/use-NOT
---
> +

6) Install dump and restore utilities.

    # yum install dump

PXE Kickstart file for standard RHEL 6/64 Bit Server -

File Location- /usr/local/admin/kickstart/ks-RHEL6-64-server.cfg

# Kickstart file automatically generated by anaconda.

#version=DEVEL
install
reboot --eject
nfs --server=172.23.16.97 --dir=/vol/vol1/g.scs.redhat/RedHat/RHEL6/6u3/x86_64
lang en_US.UTF-8
keyboard us
network --onboot yes --device em1 --bootproto static --ip 134.79.151.73 --netmask 255.255.255.0 --gateway 134.79.151.1 --noipv6 --nam
eserver 134.79.151.12 --hostname lcls-rhel6.slac.stanford.edu
network --onboot no --device em2 --bootproto dhcp --noipv6
network --onboot no --device em3 --bootproto dhcp --noipv6
network --onboot no --device em4 --bootproto dhcp --noipv6
rootpw --iscrypted $6$oF/Q6MrCYV4ssNQ8$cmEtJ4jKHpJAdH4CNuekiFEGPE3sCU/WA.eLV9aRIZtV5HxUCc4Uy4cC.IoVCwGw/QaQ./ZAazbnJcDYvuy/k/
firewall --disabled
authconfig --enableshaNUX=enforcing/SELINdow --enablemd5 --enablenis --nisdomain slac.slac.stanford.edu --nisserver nisfarm2
selinux --disabled
timezone --utc America/Los_Angeles
bootloader --location=mbr --driveorder=sda,sdb --append="crashkernel=auto rhgb quiet"
clearpart --drives=sda --all

part / --fstype=ext4 --size=20000
part swap --size=16000
part /tmp --fstype=ext4 --size=6000
part /var --fstype=ext4 --size=6000
part /scswork --fstype=ext4 --size=1000
part /usr/vice/cache --fstype=ext4 --size=1000
part /scratch --fstype=ext4 --grow --size=200

repo --name="Red Hat Enterprise Linux" --baseurl=file:///mnt/source --cost=100
%packages
@additional-devel
@base
@client-mgmt-tools
@compat-libraries
@console-internet
@core
@debugging
@basic-desktop
@desktop-debugging
@desktop-platform
@desktop-platform-devel
@development
@directory-client
@eclipse
@emacs
@fonts
@general-desktop
@graphical-admin-tools
@graphics
@hardware-monitoring
@input-methods
@internet-applications
@internet-browser
@java-platform
@large-systems
@legacy-unix
@legacy-x
@network-file-system-client
@network-tools
@office-suite

@performance
@perl-runtime
@print-client
@remote-desktop-clients
@scientific
@security-tools
@server-platform
@server-platform-devel
@system-management
@system-admin-tools
@workstation-policy
@x11
httpd-devel
pcre-devel
libcap-devel
libXinerama-devel
openmotif-devel
net-snmp-devel
libgudev1-devel
kdelibs-apidocs
xz-devel
libtopology-devel
freeglut-devel
kdegraphics-devel
libibverbs-devel
libuuid-devel
kdepimlibs-devel
libblkid-devel
papi-devel
libXmu-devel
unique-devel
xorg-x11-proto-devel

gmp-devel
kdepim-devel
sane-backends-devel
perl-Test-Pod
kdemultimedia-devel
startup-notification-devel
libudev-devel
cups-devel
gstreamer-plugins-base-devel
unixODBC-devel
tcl-devel
numactl-devel
libgnomeui-devel
libbonobo-devel
perl-Test-Pod-Coverage
libtiff-devel
junit
SDL-devel
libXau-devel
tcp_wrappers-devel
PyQt4-devel
kdenetwork-devel
kdelibs-devel
libgcrypt-devel
popt-devel
libusb-devel
hunspell-devel
iptables-devel
libdrm-devel
libXrandr-devel
libxslt-devel
kdebase-devel

tk-devel
libnl-devel
libXpm-devel
expat-devel
e2fsprogs-devel
kdebase-workspace-devel
libglade2-devel
libaio-devel
gnutls-devel
kdesdk-devel
fuse-devel
libXaw-devel
libhugetlbfs-devel
pax
python-dmidecode
oddjob
wodim
sgpio
genisoimage
edac-utils
mtools
glibc-utils
systemtap-client
memtest86+
gdb-gdbserver
lslk
flightrecorder
systemtap-initscript
abrt-gui
qt-mysql
kdesdk
gnome-common

qt-doc
gtk2-devel-docs
glade3
desktop-file-utils
gnome-devel-docs
systemtap-sdt-devel
mod_dav_svn
ElectricFence
ant
libstdc++-docs
gcc-gnat
expect
dejagnu
perltidy
cmake
imake
babel
kdewebdev
rpmdevtools
compat-gcc-34
systemtap-server
gcc-java
compat-gcc-34-g77
jpackage-utils
bzr
mercurial
chrpath
gcc-objc
rpmlint
gcc-objc++
compat-gcc-34-c++
python-docs

nasm
certmonger
pam_krb5
krb5-workstation
eclipse-mylyn-cdt
eclipse-pde
eclipse-mylyn-pde
eclipse-mylyn-wikitext
eclipse-mylyn-trac
eclipse-subclipse-graph
eclipse-mylyn-webtasks
emacs-nox
ctags-etags
emacs-gnuplot
emacs-auctex
gnome-pilot
netpbm-progs
ImageMagick
edac-utils
i2c-tools
lm_sensors
icedtea-web
cups-lpd
dump
mksh
tcp_wrappers
ncompress
krb5-appl-servers
ksh
authd
openmotif
libXmu

libXp
arpwatch
iptstate
iptraf
dropwatch
arptables_jf
sdparm
papi
sg3_utils
tuned-utils
tuned
oprofile-jit
perl-LDAP
perl-DBD-SQLite
perl-Date-Calc
perl-suidperl
perl-Date-Manip
perl-Mozilla-LDAP
perl-Frontier-RPC
mvapich2
mvapich-psm-devel
gsl-static
lapack
openmpi
openmpi-devel
atlas
mvapich
compat-openmpi
numpy
gsl-devel
mpitests-openmpi
mvapich2-psm-devel

mpich2
mpitests-mvapich2
fftw-static
fftw-devel
mvapich-psm-static
compat-openmpi-psm
mpitests-mvapich
fftw
gsl
hmaccalc
ipmitool
OpenIPMI
screen
tree
expect
rdist
libwsman1
openwsman-client
sblim-sfcb
libcmpiCppImpl0
openwsman-server
lynx
kabi-whitelists
ksc
cvs-inetd
%end

%post
/sbin/chkconfig NetworkManager off
/sbin/chkconfig bluetooth off
/sbin/chkconfig haldaemon off
/sbin/chkconfig xinetd off

/sbin/chkconfig avahi-daemon off
/sbin/chkconfig gpm off
/sbin/chkconfig hidd off
/sbin/chkconfig autofs off
/sbin/chkconfig rhnsd off
/sbin/chkconfig yum-updatesd off
/sbin/chkconfig xfs off
/sbin/chkconfig rpcidmapd off
/sbin/chkconfig pcscd off
/usr/bin/perl -i -pe 's/id\:5\:initdefault\:/id\:3\:initdefault\:/g' /etc/inittab
chkconfig iptables off; service iptables stop
echo "get Kickstart_end" > /tmp/kickstart-status

 

 
 

Author: Ken Brobeck. Last edited on 29-Apr-2015