Scientific Linux Fermi 5.9 x86_64 March 7, 2013
---------------------------------------------------------------------------
Items marked with a "*" have changed since SLF 5.8
Please read the Release Notes for Scientific Linux. It is located at
SL.releasenote
Also read the Upstream Vendor release notes . They are located in
Upstream.vendor.releasenote
All of the info in the SL.releasenote is valid unless this document
states otherwise. This document only contains info that is specific
to the Fermi site. Any reference to SL.releasenote is done to emphasis
that it contains important information.
----------------------------------------------------------------------------
This is based on the rebuilding of RPMS out of SRPMS's that form Scientific
Linux. Please read this entire document before installing.
Table of contents
INSTALLATION INFO
ADDED compared to Scientific Linux 5.9
UPDATED compared to Scientific Linux 5.9
Installer modifications
/contrib
/docs
/notsupported
MISC Notes
HARDWARE SPECIFIC ISSUES
SOFTWARE ISSUES/BUGS
SUPPORT INFO
vendor ERRATA
Each has a "---" line above and below it.
_____________________________________________________________________________
INSTALLATION INFO
_____________________________________________________________________________
Installation Locations
Paths for both arches are provided. Please select the correct arch for your
system.
Via NETWORK:
nfs:
linux.fnal.gov:/export/linux/slf59/i386/
linux.fnal.gov:/export/linux/slf59/x86_64/
ftp:
linux.fnal.gov/linux/slf59/i386
linux.fnal.gov/linux/slf59/x86_64
http:
linux1.fnal.gov/linux/slf59/i386
linux1.fnal.gov/linux/slf59/x86_64
And our easy to remember location
ftp://linux.fnal.gov/downloads/slf59/
Network install with CDROM
There is a boot.iso which is small iso image which includes all the
drivers. After download you can use cdrecord to create a cdr with this
image on it.
ftp://linux.fnal.gov/download/slf59/network.install.i386/boot.iso
ftp://linux.fnal.gov/download/slf59/network.install.x86_64/boot.iso
Install via DVD image
Download and then burn the dvd iso image from
ftp://linux.fnal.gov/download/slf59/dvd.install.i386/
ftp://linux.fnal.gov/download/slf59/dvd.install.x86_64/
Installing a Xen Paravirtualized Guest
When installing a Xen Paravirtualized Guest, the location is
http://linux1.fnal.gov/linux/slf59/i386/sites/Fermi
http://linux1.fnal.gov/linux/slf59/x86_64/sites/Fermi
-----------------------------------------------------------------------------
ADDED compared to Scientific Linux 59
-----------------------------------------------------------------------------
*Fermi-release
*Fermi-release-notes
* Fermi-release-5.9-1.slf.x86_64.rpm
* Fermi-release-notes-5.9-2.noarch.rpm
Made change so that /etc/redhat-release, /etc/issue and /etc/issue.net
show Scientific Linux Fermi instead of just Scientific Linux.
*augeas
* augeas-1.0.0-1.el5
* augeas-devel-1.0.0-1.el5
* augeas-libs-1.0.0-1.el5
* Added as a dependency for zz_apache_no_browsable_directory
* Updated to the latest EPEL version, this fixes many parsing bugs
* This rpm was built from an EPEL source package
*fermi-timecard-2.0-2.noarch.rpm
* Removed as it requires the closed source java which is no longer
* packaged with SLF
* Note that there is a html interface to Kronos.
* http://www.fnal.gov/pub/ftl/index.html
Clam Anti Virus
Clam Anti-Virus. Obtained from the DAG and EPEL repositories
and rebuilt from src.rpm. http://www.clamav.net
perl packages were added so that clamtk would work
clamav-0.97.3-3.el5
clamav-db-0.97.3-3.el5
clamav-devel-0.97.3-3.el5
clamav-milter-0.97.3-3.el5
clamd-0.97.3-3.el5
clamtk-3.09-1.rf
clamav-unofficial-sigs-3.7.1-6.el5
perl-Config-Tiny-2.12-1.rf
perl-ExtUtils-Depends-0.301-1.rf
perl-ExtUtils-PkgConfig-1.11-1.rf
perl-File-Find-Rule-0.30-1.rf
perl-gettext-1.05-1.rf
perl-Glib-1.200-1.rf
perl-Gtk2-1.183-1.rf
perl-Number-Compare-0.01-1.2.rf
perl-Text-Glob-0.08-1.rf
drbd
DRBD mirrors a block device over the network to another machine.
Think of it as networked raid 1. It is a building block for
setting up high availability (HA) clusters.
drbd-8.3.7-3.sl
drbd-bash-completion-8.3.7-3.sl
drbd-heartbeat-8.3.7-3.sl
drbd-pacemaker-8.3.7-3.sl
drbd-udev-8.3.7-3.sl
drbd-utils-8.3.7-3.sl
drbd-xen-8.3.7-3.sl
* Updated to match current kernel
* kernel-module-drbd-2.6.18-348.el5-8.3.7-1.sl5.x86_64.rpm
* kernel-module-drbd-2.6.18-348.el5xen-8.3.7-1.sl5.x86_64.rpm
Added for dependency resolution
bash-completion-1.3-5
libpacemaker3-1.0.1-6.2.sl5
libpacemaker-devel-1.0.1-6.2.sl5
pacemaker-1.0.1-6.2.sl5
*epel-release
* Installes the epel repo disabled by default
* epel-release-5-5.SLF.noarch.rpm
*elrepo-release
* Installes the elrepo repo disabled by default
* It also excludes any OpenAFS packages to avoid compatibility issues
* elrepo-release-5-5.el5.SLF.noarch.rpm
flpr
Installed by default. This does NOT require ups/upd.
The flpr binary will reside in /usr/local/bin/
flpr-2.4-4f.9x.i386.rpm
heartbeat
heartbeat is a basic high-availability subsystem for Linux-HA.
It will run scripts at initialization, and when machines go up or down.
This version will also perform IP address takeover using
gratuitous ARPs.
It supports "n-node" clusters with significant capabilities for managing
resources and dependencies.
Updated to a more current version
heartbeat-2.99.2-6.1.sl5
heartbeat-common-2.99.2-6.1.sl5
heartbeat-devel-2.99.2-6.1.sl5
heartbeat-ldirectord-2.99.2-6.1.sl5
heartbeat-resources-2.99.2-6.1.sl5
libheartbeat2-2.99.2-6.1.sl5
libheartbeat-devel-2.99.2-6.1.sl5
libnet-1.1.5-1.el5
libnet-devel-1.1.5-1.el5
*Kerberos
We have updated the kx509 and get-cert to be able to use the
newer certificate servers
krb5-fermi-addons-1.1-1.i386.rpm
krb5-fermi-getcert-2.0-2.i386.rpm
* krb5-fermi-config-4.6-1.noarch.rpm
* krb5-fermi-krb5.conf-4.6-1.noarch.rpm
krb5-fermi-base-2.1-14.noarch.rpm
* Updated to current version
krb5-devel-1.6.1-70.slf5
krb5-libs-1.6.1-70.slf5
krb5-server-1.6.1-70.slf5
krb5-server-ldap-1.6.1-70.slf5
krb5-workstation-1.6.1-70.slf5
Patched to fix kshd hang problem.
OpenAFS
See SL.releasenote
Here is the procedure for installing openafs, using yum
yum install openafs-client kernel-module-openafs-`uname -r`
yum install openafs-krb5 openafs-thiscell
openafs-thiscell-FNAL now changes CellAlias so that
/afs/fnal is really /afs/fnal.gov
openafs-thiscell-FNAL-6.noarch.rpm
*pidgin-sipe
*purple-sipe
* A pidgin plugin for Microsoft Chat protocols
redhat-logos-4.9.16-1.SLF.4.noarch.rpm
This version of redhat-logo's has all of the generic changes
that were made with Scientific Linux as well as changes to make
it look like SLF.
rrdtool
Round Robin Database Tool to store and display time-series data
rrdtool-1.3.9-2.sl5
rrdtool-devel-1.3.9-2.sl5
rrdtool-perl-1.3.9-2.sl5
rrdtool-python-1.3.9-2.sl5
rrdtool-ruby-1.3.9-2.sl5
rrdtool-tcl-1.3.9-2.sl5
SLIP
Scientific Linux Inventory Project client
Name changed to be compatible with SLF6, installs asking
for the previous name (ocsinventory-client) will still
work as before on SLF5
Now has an /etc/sysconfig/ocsinventory-fermi for behavior control
Can enable "DEBUG mode"
ocsinventory-fermi-0.9.9-16.noarch.rpm
*revtex
* tetex-natbib-8.31a-1.sl5.1.noarch.rpm
* tetex-revtex-4.1-1.sl5.1.noarch.rpm
* Added to simplify creating articles for publication
upsupdbootstrap
Not installed by default.
Links from /usr/local/bin are NOT made anymore.
upsupdbootstrap-5.0-0.i386.rpm
upsupdbootstrap-fnal-5.0-0.i386.rpm
conflicts with upsupdbootstrap-local
Installs ups/upd to /fnal/ups
upsupdbootstrap-local-5.0-0.i386.rpm
conflicts with upsupdbootstrap-fnal
Installs ups/upd to /local/ups
*yum-conf
Modified to give Fermi's rpm's a priority, as well as point to
Fermi's linux distribution servers instead of scientific linux's.
* yum-conf-59-1.slf.noarch.rpm
* Added fermi-security-prerelease for installing security errata placed
* in 'rolling'
yum-conf-5x
Will keep you at 5x which is the current stable 5x release. So when
we release the next 5 release yum will automatically yum install it
except for the kernel.
* Starting with SL 5.9, yum-conf-5x is automatically installed.
* Users wishing for the historical behavior can remove the package
* with 'yum remove yum-conf-5x'
* This rpm will also pull in the yum-conf-adobe package to create
* the adobe repos. The adobe repos were previously created by
* the yum-conf and yum-conf-5x repos.
* yum-conf-5x-2-0.slf5.noarch.rpm
yum-conf-fermi-internal
Adds the fermi-internal yum repository
yum-conf-fermi-internal-5-1.noarch.rpm
*yum-autoupdate-1.2-3.SLF.noarch.rpm
yum-autoupdate has the nightly yum cron job in it.
The nightly cron job has been modified to check the add-ons directory.
Added /etc/yum.d/yum.cron.updateexec for configuring PRERUN and POSTRUN
You can now trigger events before or after yum-autoupdate like in SLF6
* Bugs with the use of tempfiles and interaction with selinux have
* been fixed.
*zz_apache_no_browsable_directory-1.0-4.noarch.rpm
* This modifies the /etc/httpd/conf/httpd.conf file using augeas so that
* mod_autoindex does not list your directories out by default.
* This will remove 'Indexes' from your 'Options' list for '/var/www/html'
* and '/var/www/icons'. It will also remove 'Indexes' from the sample
* options list for mod_userdir (~username directories).
* You can still enable this option with a .htaccess file or by editing
* the config file yourself.
* To return indexes to working state you will need to add:
* Options +Indexes
* to either your apache config or your .htaccess file
*zz_apache_use_clogger-1.0-1.el5.noarch.rpm
* This rpm modifies the /etc/httpd/conf/httpd.conf file using augeas
* so that log events are sent to the traditional files and to clogger.
* It does this via use of /usr/bin/logger and should have a negligible
* performance impact.
* It only changes the default logs and is expected to run against
* the default /etc/httpd/conf/httpd.conf
* It requires rsyslog5 introduced in SLF 5.9 and will replace
* the standard SLF5 syslog service.
zz_auto_update_kernel-1.0-1.noarch.rpm
Remove the exclude of the kernel from the nightly autoyum thus
allowing the kernel to be upgraded via the nightly yum. Note
that this does not check if you have custom kernel modules or
a custom kernel installed. You have to ensure that this will
work in your environment. You will have to reboot after the
kernel is upgraded. The rpm does NOT reboot the system. Watch
root email for notification of all nightly auto yum updates.
zz_dhcp_resolv-3.0.5-1.noarch.rpm
This rpm fixes that so that when your network starts, as it checks
your resolv.conf, if you have dhcp.fnal.gov, but not fnal.gov it will
put it in, so that you will have "search fnal.gov dhcp.fnal.gov" in
your /etc/resolv.conf file.
Does not work with NetworkManager
zz_disable_avahi-1.0-0.5.noarch.rpm
This will turn off and disable the avahi daemons
zz_lang_collate-1.0-4.noarch.rpm
Changes LANG so that sorting is done the same as 6.1 and
earlier. (ABCabc instead of AaBbCc).
Can speed up programs that sort.
*zz_local_dns_cache-3-1.3.1.noarch.rpm
This rpm will change your machine to use a local dns cache before
looking for the standard dns servers
* There have been a large number of bug fixes for determing
* when and what triggers to run
zz_logwatch_df-1.1-2.noarch.rpm
By default logwatch does a df -h when looking at disk usage.
This can be unwanted if you have alot of NFS mounted disks.
This rpm changes that command to be df -lP -h, which looks at
local disks only, and the output is in the POSIX output format.
*zz_ntp_configure-4.2.6-5.noarch.rpm
Configure ntp for Fermi site network.
Startup script now pokes hole in the firewall for itself
One can manually change the script by editing the file
/etc/sysconfig/ntpd.fermi
* Updated default ntp server list
zz_pine_user_domain-1.0-3.noarch.rpm
By default when a user sends mail from pine their email address
is myname@mycomputer.fnal.gov. This rpm changes it so that the
default is myname@fnal.gov by modifying the /etc/alpine/pine.conf
config file.
*zz_screenlock_kde
Enables screen lock with "blanking"
screen saver so power saving monitors will go into sleep mode.
Ensures that the Timeout value is 15 minutes or less.
Preserves existing values if they are less than required
minimum value. Installed by default if KDE is installed.
* Added extra 'Requires' entries to ensure everything is
* installed in the correct order
zz_sendmail_fermi_gateway-2.1-2.noarch.rpm
zz_postfix_fermi_gateway-1.1-2.noarch.rpm
This rpm is designed to configure sending outbound
e-mail through the fermilab e-mail gateway(smtp.fnal.gov).
zz_tcp_wrappers_change-3.0-3.noarch.rpm
Disable all offsite access to common network services. Also
puts in the "DOE required login banners". If it determines that
you have already modified /etc/hosts.allow or host.deny it leaves
them alone.
Change to add perl to requires as %post uses perl
zz_tex_tweaks-1.0-1.noarch.rpm
Changes the default paper size to 8.5 x 11 vs A3
*zz_use_clogger-1.1-4.noarch.rpm
Change /etc/syslog.conf to log to clogger.fnal.gov
* Now supports rsyslog5, you can utilize rsyslog5
* with 'yum install rsyslog5', disabling syslogd and enabling rsyslog.
* You cannot run rsyslog5 at the sametime as ksyslogd.
---------------------------------------------------------------------------
UPDATED compared to Scientific Linux 59
----------------------------------------------------------------------------
OpenSSH
This is the openssh from S.L. 5.x with some patches and modifications.
The client does kerberos with both fermi's old openssh(old gssapi),
as well as generic new openssh's(new gssapi)
The server only does the kerberos with the newer versions of openssh
It does 'kerberos only' by default
It does not do cryptocard; cryptocard is enabled by pam_krb5.
openssh-server is not installed by default.
added Mark Mengel's GSS_HOSTNAME patch
openssh-4.3p2-82.el5.slf
openssh-askpass-4.3p2-82.el5.slf
openssh-clients-4.3p2-82.el5.slf
openssh-server-4.3p2-82.el5.slf
pam_krb5
This is a modified version of the pam_krb5 that comes with SL5.
This pam module has the ability to do cryptocard authentication.
pam_krb5-2.2.11-6.slf5
----------------------------------------------------------------------------
Installer modifications
---------------------------------------------------------------------------
Anaconda (installer)
Changes to "defaults" from vendor installer.
Firewall is on by default.
The zz_ntp_configure-4.2.0-6 rpm pokes a hole for inbound ntp.
US/Central is default timezone. vendor default was New York.
Kerberos is on by default with a realm of FNAL.GOV . vendor default
was off.
Default install is via http. If one wishes to use nfs then type
nfs at the isolinux prompt. If one wshes to use ftp then type ftp
at the isolinux prompt.
Support for "sites" was added.
Support for workgroups was added
Workgroup maintainers can now check their workgroups in an out of cvs
Fixed the kernel-module bug that was in SLF 5.0
Kickstart additions:
The following groups have been added to the comps.xml for SLF5
- fermi / misc-slf
- clamav
- drbd-group
- heartbeat-group
- local-printer
- openafs-client
- openssh-server
- rrdtool-group
- upsupdbootstrap
---------------------------------------------------------------------------
/contrib/
---------------------------------------------------------------------------
The packages in this section have been contributed by various people. They
are presented AS IS and there is no guarantee of them working. These packages
are NOT supported by us. They will only get security updates if the
contributor provides them. If you have questions about them then ask the
contributor.
To use with yum:
For one time only (prefered method)
yum --enablerepo=fermi-contrib install <package>
To enable for all yum updates/install (including autoyum)
edit the file /etc/yum.repos.d/fermi-contrib.repo
and change the line
enabled=0
to
enabled=1
See README's in the RPMS/ directorys for specific package info.
/sites/Fermi/contrib/RPMS/
---------------------------------------------------------------------------
KNOWN LIMITATIONS/BUGS
---------------------------------------------------------------------------
The estimated time to install is not even close.
After you have picked a workgroup on the workgroup selection page and moved
to the next , you cannot go back to that page. The installer will die.
---------------------------------------------------------------------------
MISC NOTES
---------------------------------------------------------------------------
If you select "linux text" or you might want to type
"linux text noipv6"
because the install trys to do ipv6 and since there is no support
at FNAL for ipv6 it takes a long time to timeout
kickstart users might want to add the "noipv6" option to their ks.cfg file
---------------------------------------------------------------------------
SUPPORT INFO
---------------------------------------------------------------------------
Fermi site users should start with the "Fermi" specific support areas and
use the Scientific Linux next.
Scientific Linux Fermi web pages
https://fermilinux.fnal.gov/
Fermi Linux Community support mailing list
linux-users@fnal.gov
Which is archived at
http://listserv.fnal.gov/archives/linux-users.html
Scientific Linux web page
http://www.scientificlinux.org
----------------------------------------------------------------------------
ERRATA included which was released after SL 5.9
----------------------------------------------------------------------------
*Security errata will not be placed in the default install tree as has been
*done with prior releases of Scientific Linux Fermi 5. They will only
*reside in the updates/security/ directory.
You will have to do a "yum -y update" after the installation via DVD to
install all the security errata.