Scientific Linux Fermi 5.10 i386/x86_64 Dec 3, 2013
---------------------------------------------------------------------------
Items marked with a "*" have changed since SLF 5.9
Please read the Release Notes for Scientific Linux. It is located at
SL.releasenote
Also read the Upstream Vendor release notes . They are located in
Upstream.vendor.releasenote
All of the info in the SL.releasenote is valid unless this document
states otherwise. This document only contains info that is specific
to the Fermi site. Any reference to SL.releasenote is done to emphasis
that it contains important information.
----------------------------------------------------------------------------
This is based on the rebuilding of RPMS out of SRPMS's that form Scientific
Linux. Please read this entire document before installing.
Table of contents
INSTALLATION INFO
ADDED compared to Scientific Linux 5.9
UPDATED compared to Scientific Linux 5.9
Installer modifications
/contrib
/docs
/notsupported
MISC Notes
HARDWARE SPECIFIC ISSUES
SOFTWARE ISSUES/BUGS
SUPPORT INFO
vendor ERRATA
Each has a "---" line above and below it.
_____________________________________________________________________________
INSTALLATION INFO
_____________________________________________________________________________
Installation Locations
Paths for both arches are provided. Please select the correct arch for your
system.
Via NETWORK:
nfs:
linux.fnal.gov:/export/linux/slf510/i386/
linux.fnal.gov:/export/linux/slf510/x86_64/
ftp:
linux.fnal.gov/linux/slf510/i386
linux.fnal.gov/linux/slf510/x86_64
http:
linux1.fnal.gov/linux/slf510/i386
linux1.fnal.gov/linux/slf510/x86_64
And our easy to remember location
ftp://linux.fnal.gov/downloads/slf510/
Network install with CDROM
There is a boot.iso which is small iso image which includes all the
drivers. After download you can use cdrecord to create a cdr with this
image on it.
ftp://linux.fnal.gov/download/slf510/network.install.i386/boot.iso
ftp://linux.fnal.gov/download/slf510/network.install.x86_64/boot.iso
Install via DVD image
Download and then burn the dvd iso image from
ftp://linux.fnal.gov/download/slf510/dvd.install.i386/
ftp://linux.fnal.gov/download/slf510/dvd.install.x86_64/
Installing a Xen Paravirtualized Guest
When installing a Xen Paravirtualized Guest, the location is
http://linux1.fnal.gov/linux/slf510/i386/sites/Fermi
http://linux1.fnal.gov/linux/slf510/x86_64/sites/Fermi
-----------------------------------------------------------------------------
ADDED compared to Scientific Linux 59
-----------------------------------------------------------------------------
*Fermi-release
*Fermi-release-notes
* Fermi-release-5.10-1.slf.i386.rpm
* Fermi-release-5.10-1.slf.x86_64.rpm
* Fermi-release-notes-5.10-0.noarch.rpm
Made change so that /etc/redhat-release, /etc/issue and /etc/issue.net
show Scientific Linux Fermi instead of just Scientific Linux.
augeas
augeas-1.0.0-1.el5
augeas-devel-1.0.0-1.el5
augeas-libs-1.0.0-1.el5
Added as a dependency for zz_apache_no_browsable_directory
Updated to the latest EPEL version, this fixes many parsing bugs
This rpm was built from an EPEL source package
fermi-timecard-2.0-2.noarch.rpm
Removed as it requires the closed source java which is no longer
packaged with SLF
Note that there is a html interface to Kronos.
http://www.fnal.gov/pub/ftl/index.html
Clam Anti Virus
Clam Anti-Virus. Obtained from the DAG and EPEL repositories
and rebuilt from src.rpm. http://www.clamav.net
perl packages were added so that clamtk would work
clamav-0.97.3-3.el5
clamav-db-0.97.3-3.el5
clamav-devel-0.97.3-3.el5
clamav-milter-0.97.3-3.el5
clamd-0.97.3-3.el5
clamtk-3.09-1.rf
clamav-unofficial-sigs-3.7.1-6.el5
perl-Config-Tiny-2.12-1.rf
perl-ExtUtils-Depends-0.301-1.rf
perl-ExtUtils-PkgConfig-1.11-1.rf
perl-File-Find-Rule-0.30-1.rf
perl-gettext-1.05-1.rf
perl-Glib-1.200-1.rf
perl-Gtk2-1.183-1.rf
perl-Number-Compare-0.01-1.2.rf
perl-Text-Glob-0.08-1.rf
drbd
DRBD mirrors a block device over the network to another machine.
Think of it as networked raid 1. It is a building block for
setting up high availability (HA) clusters.
drbd-8.3.7-3.sl
drbd-bash-completion-8.3.7-3.sl
drbd-heartbeat-8.3.7-3.sl
drbd-pacemaker-8.3.7-3.sl
drbd-udev-8.3.7-3.sl
drbd-utils-8.3.7-3.sl
drbd-xen-8.3.7-3.sl
kernel-module-drbd is also provided
Added for dependency resolution
bash-completion-1.3-5
libpacemaker3-1.0.1-6.2.sl5
libpacemaker-devel-1.0.1-6.2.sl5
pacemaker-1.0.1-6.2.sl5
epel-release
Installes the epel repo disabled by default
epel-release-5-5.SLF.noarch.rpm
elrepo-release
Installes the elrepo repo disabled by default
It also excludes any OpenAFS packages to avoid compatibility issues
elrepo-release-5-5.el5.SLF.noarch.rpm
flpr
Installed by default. This does NOT require ups/upd.
The flpr binary will reside in /usr/local/bin/
flpr-2.4-4f.9x.i386.rpm
heartbeat
heartbeat is a basic high-availability subsystem for Linux-HA.
It will run scripts at initialization, and when machines go up or down.
This version will also perform IP address takeover using
gratuitous ARPs.
It supports "n-node" clusters with significant capabilities for managing
resources and dependencies.
* Updated to a more current version
* heartbeat-2.99.2-6.1.sl5.1
* heartbeat-common-2.99.2-6.1.sl5.1
* heartbeat-devel-2.99.2-6.1.sl5.1
* heartbeat-ldirectord-2.99.2-6.1.sl5.1
* heartbeat-resources-2.99.2-6.1.sl5.1
* libheartbeat2-2.99.2-6.1.sl5.1
* libheartbeat-devel-2.99.2-6.1.sl5.1
libnet-1.1.5-1.el5
libnet-devel-1.1.5-1.el5
Kerberos
We have updated the kx509 and get-cert to be able to use the
newer certificate servers
* Update krb5.conf to v4.7 changing KDC search order to put the
FCC3 Slave KDC first by default
krb5-fermi-addons-1.1-1.i386.rpm
krb5-fermi-getcert-2.0-2.i386.rpm
* krb5-fermi-config-4.7-1.noarch.rpm
* krb5-fermi-krb5.conf-4.7-1.noarch.rpm
krb5-fermi-base-2.1-14.noarch.rpm
Patched to fix kshd hang problem.
krb5-devel-1.6.1-70.slf5
krb5-libs-1.6.1-70.slf5
krb5-server-1.6.1-70.slf5
krb5-server-ldap-1.6.1-70.slf5
krb5-workstation-1.6.1-70.slf5
OpenAFS
See SL.releasenote
Here is the procedure for installing openafs, using yum
yum install openafs-client kernel-module-openafs-`uname -r`
yum install openafs-krb5 openafs-thiscell
openafs-thiscell-FNAL now changes CellAlias so that
/afs/fnal is really /afs/fnal.gov
openafs-thiscell-FNAL-6.noarch.rpm
pidgin-sipe
purple-sipe
A pidgin plugin for Microsoft Chat protocols
*pssh
* A high performance parallel ssh client with many options
redhat-logos-4.9.16-1.SLF.4.noarch.rpm
This version of redhat-logo's has all of the generic changes
that were made with Scientific Linux as well as changes to make
it look like SLF.
rrdtool
Round Robin Database Tool to store and display time-series data
rrdtool-1.3.9-2.sl5
rrdtool-devel-1.3.9-2.sl5
rrdtool-perl-1.3.9-2.sl5
rrdtool-python-1.3.9-2.sl5
rrdtool-ruby-1.3.9-2.sl5
rrdtool-tcl-1.3.9-2.sl5
SLIP
Scientific Linux Inventory Project client
Name changed to be compatible with SLF6, installs asking
for the previous name (ocsinventory-client) will still
work as before on SLF5
Now has an /etc/sysconfig/ocsinventory-fermi for behavior control
Can enable "DEBUG mode"
ocsinventory-fermi-0.9.9-16.noarch.rpm
revtex
tetex-natbib-8.31a-1.sl5.1.noarch.rpm
tetex-revtex-4.1-1.sl5.1.noarch.rpm
Added to simplify creating articles for publication
upsupdbootstrap
Not installed by default.
Links from /usr/local/bin are NOT made anymore.
upsupdbootstrap-5.0-0.i386.rpm
upsupdbootstrap-fnal-5.0-0.i386.rpm
conflicts with upsupdbootstrap-local
Installs ups/upd to /fnal/ups
upsupdbootstrap-local-5.0-0.i386.rpm
conflicts with upsupdbootstrap-fnal
Installs ups/upd to /local/ups
*yum-conf
Modified to give Fermi's rpm's a priority, as well as point to
Fermi's linux distribution servers instead of scientific linux's.
* yum-conf-510-1.slf.noarch.rpm
yum-conf-5x
Will keep you at 5x which is the current stable 5x release. So when
we release the next 5 release yum will automatically yum install it
except for the kernel.
Starting with SL 5.9, yum-conf-5x is automatically installed.
Users wishing for the historical behavior can remove the package
with 'yum remove yum-conf-5x'
This rpm will also pull in the yum-conf-adobe package to create
the adobe repos. The adobe repos were previously created by
the yum-conf and yum-conf-5x repos.
yum-conf-5x-2-0.slf5.noarch.rpm
yum-conf-fermi-internal
Adds the fermi-internal yum repository
yum-conf-fermi-internal-5-1.noarch.rpm
yum-autoupdate-1.2-3.SLF.noarch.rpm
yum-autoupdate has the nightly yum cron job in it.
The nightly cron job has been modified to check the add-ons directory.
Added /etc/yum.d/yum.cron.updateexec for configuring PRERUN and POSTRUN
You can now trigger events before or after yum-autoupdate like in SLF6
zz_apache_no_browsable_directory-1.0-4.noarch.rpm
This modifies the /etc/httpd/conf/httpd.conf file using augeas so that
mod_autoindex does not list your directories out by default.
This will remove 'Indexes' from your 'Options' list for '/var/www/html'
and '/var/www/icons'. It will also remove 'Indexes' from the sample
options list for mod_userdir (~username directories).
You can still enable this option with a .htaccess file or by editing
the config file yourself.
To return indexes to working state you will need to add:
Options +Indexes
to either your apache config or your .htaccess file
zz_apache_use_clogger-1.0-1.el5.noarch.rpm
This rpm modifies the /etc/httpd/conf/httpd.conf file using augeas
so that log events are sent to the traditional files and to clogger.
It does this via use of /usr/bin/logger and should have a negligible
performance impact.
It only changes the default logs and is expected to run against
the default /etc/httpd/conf/httpd.conf
It requires rsyslog5 introduced in SLF 5.9 and will replace
the standard SLF5 syslog service.
zz_auto_update_kernel-1.0-1.noarch.rpm
Remove the exclude of the kernel from the nightly autoyum thus
allowing the kernel to be upgraded via the nightly yum. Note
that this does not check if you have custom kernel modules or
a custom kernel installed. You have to ensure that this will
work in your environment. You will have to reboot after the
kernel is upgraded. The rpm does NOT reboot the system. Watch
root email for notification of all nightly auto yum updates.
zz_dhcp_resolv-3.0.5-1.noarch.rpm
This rpm fixes that so that when your network starts, as it checks
your resolv.conf, if you have dhcp.fnal.gov, but not fnal.gov it will
put it in, so that you will have "search fnal.gov dhcp.fnal.gov" in
your /etc/resolv.conf file.
Does not work with NetworkManager
zz_disable_avahi-1.0-0.5.noarch.rpm
This will turn off and disable the avahi daemons
zz_lang_collate-1.0-4.noarch.rpm
Changes LANG so that sorting is done the same as 6.1 and
earlier. (ABCabc instead of AaBbCc).
Can speed up programs that sort.
*zz_local_dns_cache-3-1.3.2.noarch.rpm
This rpm will change your machine to use a local dns cache before
looking for the standard dns servers
* There have been a large number of bug fixes for determing
* when and what triggers to run
zz_logwatch_df-1.1-2.noarch.rpm
By default logwatch does a df -h when looking at disk usage.
This can be unwanted if you have alot of NFS mounted disks.
This rpm changes that command to be df -lP -h, which looks at
local disks only, and the output is in the POSIX output format.
zz_ntp_configure-4.2.6-5.noarch.rpm
Configure ntp for Fermi site network.
Startup script now pokes hole in the firewall for itself
One can manually change the script by editing the file
/etc/sysconfig/ntpd.fermi
zz_pine_user_domain-1.0-3.noarch.rpm
By default when a user sends mail from pine their email address
is myname@mycomputer.fnal.gov. This rpm changes it so that the
default is myname@fnal.gov by modifying the /etc/alpine/pine.conf
config file.
zz_screenlock_kde
Enables screen lock with "blanking"
screen saver so power saving monitors will go into sleep mode.
Ensures that the Timeout value is 15 minutes or less.
Preserves existing values if they are less than required
minimum value. Installed by default if KDE is installed.
zz_sendmail_fermi_gateway-2.1-2.noarch.rpm
zz_postfix_fermi_gateway-1.1-2.noarch.rpm
This rpm is designed to configure sending outbound
e-mail through the fermilab e-mail gateway(smtp.fnal.gov).
zz_tcp_wrappers_change-3.0-3.noarch.rpm
Disable all offsite access to common network services. Also
puts in the "DOE required login banners". If it determines that
you have already modified /etc/hosts.allow or host.deny it leaves
them alone.
Change to add perl to requires as %post uses perl
zz_tex_tweaks-1.0-1.noarch.rpm
Changes the default paper size to 8.5 x 11 vs A3
zz_use_clogger-1.1-4.noarch.rpm
Change /etc/syslog.conf to log to clogger.fnal.gov
Supports rsyslog5, you can utilize rsyslog5
---------------------------------------------------------------------------
UPDATED compared to Scientific Linux 5
----------------------------------------------------------------------------
OpenSSH
This is the openssh from S.L. 5.x with some patches and modifications.
The client does kerberos with both fermi's old openssh(old gssapi),
as well as generic new openssh's(new gssapi)
The server only does the kerberos with the newer versions of openssh
It does 'kerberos only' by default
It does not do cryptocard; cryptocard is enabled by pam_krb5.
openssh-server is not installed by default.
added Mark Mengel's GSS_HOSTNAME patch
openssh-4.3p2-82.el5.slf
openssh-askpass-4.3p2-82.el5.slf
openssh-clients-4.3p2-82.el5.slf
openssh-server-4.3p2-82.el5.slf
pam_krb5
This is a modified version of the pam_krb5 that comes with SL5.
This pam module has the ability to do cryptocard authentication.
pam_krb5-2.2.11-6.slf5
----------------------------------------------------------------------------
Installer modifications
---------------------------------------------------------------------------
Anaconda (installer)
Changes to "defaults" from vendor installer.
Firewall is on by default.
The zz_ntp_configure-4.2.0-6 rpm pokes a hole for inbound ntp.
US/Central is default timezone. vendor default was New York.
Kerberos is on by default with a realm of FNAL.GOV . vendor default
was off.
Default install is via http. If one wishes to use nfs then type
nfs at the isolinux prompt. If one wshes to use ftp then type ftp
at the isolinux prompt.
Support for "sites" was added.
Support for workgroups was added
Workgroup maintainers can now check their workgroups in an out of cvs
Fixed the kernel-module bug that was in SLF 5.0
Kickstart additions:
The following groups have been added to the comps.xml for SLF5
- fermi / misc-slf
- clamav
- drbd-group
- heartbeat-group
- local-printer
- openafs-client
- openssh-server
- rrdtool-group
- upsupdbootstrap
---------------------------------------------------------------------------
/contrib/
---------------------------------------------------------------------------
The packages in this section have been contributed by various people. They
are presented AS IS and there is no guarantee of them working. These packages
are NOT supported by us. They will only get security updates if the
contributor provides them. If you have questions about them then ask the
contributor.
To use with yum:
For one time only (prefered method)
yum --enablerepo=fermi-contrib install <package>
To enable for all yum updates/install (including autoyum)
edit the file /etc/yum.repos.d/fermi-contrib.repo
and change the line
enabled=0
to
enabled=1
See README's in the RPMS/ directorys for specific package info.
/sites/Fermi/contrib/RPMS/
---------------------------------------------------------------------------
KNOWN LIMITATIONS/BUGS
---------------------------------------------------------------------------
The estimated time to install is not even close.
After you have picked a workgroup on the workgroup selection page and moved
to the next , you cannot go back to that page. The installer will die.
---------------------------------------------------------------------------
MISC NOTES
---------------------------------------------------------------------------
If you select "linux text" or you might want to type
"linux text noipv6"
because the install trys to do ipv6 and since there is no support
at FNAL for ipv6 it takes a long time to timeout
kickstart users might want to add the "noipv6" option to their ks.cfg file
The SLF workgroups were frozen with SLF 5.9, this release has updated the
workgroup rpm version numbers to 'slf5' rather than a specific minor release
to signify this change.
MySQL:
Scientific Linux 5.10 provides updated versions, specifically versions 5.1
and 5.5, of the MySQL packages as software collections.
In order to migrate from MySQL 5.0 to 5.5, you must first update to MySQL 5.1.
Note that the MySQL 5.1 packages are not supported and are provided only for
the purposes of migration to MySQL 5.5. You should not use MySQL 5.1 on any of
your production systems.
For more information on the migration from MySQL 5.0 to MySQL 5.5, refer to
chapter Migrating from MySQL 5.0 to MySQL 5.5 provided by Upstream at:
https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/5/html/Deployment_Guide/ch-Migrating_from_MySQL_5.0_to_MySQL_5.5.html
As a result of this update, we will not issue any more security advisories for
the MySQL 5.0 packages (mysql-5.0.* and related packages). Security advisories
will be provided only for MySQL 5.5.
---------------------------------------------------------------------------
SUPPORT INFO
---------------------------------------------------------------------------
Fermi site users should start with the "Fermi" specific support areas and
use the Scientific Linux next.
Scientific Linux Fermi web pages
https://fermilinux.fnal.gov/
Fermi Linux Community support mailing list
linux-users@fnal.gov
Which is archived at
http://listserv.fnal.gov/archives/linux-users.html
Scientific Linux web page
http://www.scientificlinux.org
----------------------------------------------------------------------------
ERRATA included which was released after SL
----------------------------------------------------------------------------
Security errata will not be placed in the default install tree as has been
done with prior releases of Scientific Linux Fermi 5. They will only
reside in the updates/security/ directory.
You will have to do a "yum -y update" after the installation via DVD to
install all the security errata.