Changes to the Acrontab Perl Scripts These changes will be put in place in the next few weeks. Please contact me if you have any concerns about them File to Change...
Initial platform installation Login to drupalsrv01 as aegir Create storage for platforms: mkdir /var/aegir/platforms Install standard drupal platform: drush...
Login as root on drupalsrv01, go to /data02/bin/, then run the following: 0. view owner details: phonebook a firstname name (use ONLY primary account login from...
Aegir configuration For all the configuration go to aegir web interface at aegir.web.cern.ch , authenticate as admin Hosting features configuration ( Hosting...
Linux AFS client file corruption (from Rainer) A script `disk stress` creates a file, copies that file n times to a number of directories and compares the results...
aims2 NOTE This documentation is outdated and has been moved to an updated version on https://linux.web.cern.ch/installation/aims/ for end users and https://linuxops...
aims2client NOTE This documentation is outdated and has been moved to an updated version on https://linux.web.cern.ch/installation/aims/aims2client/. Introduction...
aims2deploy Deploying an aims2server This quick guide will take you through deploying an aims2 server. It should not take more than a few minutes from installing...
.completed { text decoration:line through; } Developments Introduction These are really just notes for the developer so do not expect to be able to make...
Quick How to NOTE This documentation is outdated and has been moved to an updated version on https://linux.web.cern.ch/installation/aims/aims2client/. Introduction...
aims2image module The aims2image module provides the nessessary methods for dealing with pxeboot images. Module Methods add( $self, %message ) Add a new...
aims2 Kerberos 5 Introduction This recipe guide should demonstrate to you how to configure the server for Kerberos authentication. Many thanks to Bernard Antoine...
aims2oracle Enabling Oracle sqlplus support The following should be run: yum install enablerepo cern only enablerepo cern extra oracle instantclient basic...
aims2 PrepareInstall Introduction to PrepareInstall PrepareInstall is a script used by the Quattor/Elfms community at CERN to assist in the installation of Elfms...
Installation Servers Introduction AIMS2 servers have two main roles. The first is to service client requests, handling new registrations, permissions checks and interaction...
Proposing an alternative to AIMS The current cumulative process of configuring AIMS to install a new machine is very labour and time intensive and requires significant...
Project Work Plan Status Outline Schedule Stage 1 Documentation Period: 17/09 30/09 (2 weeks) Outline of tasks: Investigate, understand and document...
How to add new users to AIMS (for automated Kickstart installs, PXE or otherwise) Group Determine group for the user, this defines the AFS directory where Kickstart...
Installation/updates repositories for licensed Red Hat Enterprise Linux / Virtualization / Extended Lifetime Support are available only on internal CERN networks....
This selection box indicates the status of the Q A not all solutions found here are `official` in the sense that somebody from the LinuxSupportTeam has reviewed...
drupalsrv02 runs as a hot spare for drupalsrv01, databases content is replicated `on the fly`, filesystem content is mirrored every 15 minutes. In order to move service...
Changes to the LSF Batch Perl Scripts These changes will be put in place in the next few weeks. Please contact me if you have any concerns about them File to Change...
Bodhi Installation Guide On 12 July 2007 I tried to install bodhi. According to instruction on wiki: Config changes, old python sqlobject: root@lxxen0 u2 7 # hg...
Deprecated documentation This documentation is out of date, please refer to the latest version at: https://linux.web.cern.ch/koji/ . Quickstart Get familiar...
Definition Build Cern RPMS in a centralized system and distribute package in our repositories. Requirement Approval process ; keep it manual but easy way to...
Introduction Few words on mock $ yum install mock Few words on mockchain mockchain is part of the mock package $ which mockchain /usr/bin/mockchain mockchain on...
SLCB (currently developed build system for SLC based on plague) Advantages: works on slc4 (python 2.3, sqlite) can build in separate chroots and manage them...
Currently: we`re building more than enterprise grade storage from commodity components Proposed change: buy Big Black Boxes from some Unknown Vendor which would...
Linux Support FAQ entry 08 Jul 2008, logged in as PeterKelemen Make sure that your system clock is synchronized: ntpdate your.time.server.domain.tld Make...
CDB template generation script Typical usage Prepare config file test.cfg on machine which has access to desired repositories: output pro software packages defaults...
Short Introduction The main purpose of the CERN Alerter application is to provide one way messaging system for distributing important CERN information to the users...
THIS DOCUMENTATION IS OBSOLETE PLEASE VISIT: http://cern.ch/linux/docs/cernssocookie.shtml FOR UP TO DATE DOCUMENTATION Accessing CERN SSO protected pages using...
Cobbler and Koan Cobbler Cobbler is a network boot and update server. Cobbler supports PXE, provisioning virtualized images, and reinstalling existing Linux machines...
Things we or TUV need to fix in the next (4.5) version of comps.xml: The group `base x` includes the group `printing`, but many packages in `printing` require...
Connect to `cernts2012` with your AD account. Then launch Virtual Machine Manager and connect to server cernvmm:8100 Frist select Virtual machine in the...
Introduction Openafs patch should go through GIT for trace ability Git access You need to be part of linux adm Procedure git clone /afs/cern.ch/project/afs...
FIO Fs has reported issued with LSF killing jobs due to them exceeding the CPU time limit. On investigation, it turned out that these jobs could not have accumulated...
Custom provisioning templates Aegir provision module uses templates for virtual hosts creation, these templates are stored in ~aegir/.drush/provision/http/{apache...
The main idea is that when many incoming and outgoing streams are competing for disk access, we give priority to outgoing streams with the other endpoint being a tapeserver...
Currently: Disk servers are used at the same time for writing to and reading from. This leads to performance problems due to contention in the disk hardware (seeks...
Distcc as a service Introduction distcc is a program to distribute builds of C, C , Objective C or Objective C code across several machines on a network. distcc...
IanBaker 11 Feb 2009 Introduction Welcome to the distcc pilot service TWiki page. The purpose of this page is to provide information to users involved in the distcc...
distcc Pilot Service Announcements Introduction Welcome to the distcc pilot service TWiki page. The purpose of this page is to provide information to users involved...
A look at the current status of clustering and cluster filesystems OCFS2 from Oracle Quote: It is an extent based, POSIX compliant file system. Unlike the previous...
As of 21.09.2016 Docker registry has been replaced by GitLab integrated docker registry: https://cern.service now.com/service portal/view outage.do?n OTG...
RHEL5 Driver Update Program Add On drivers for SLC5 Goal To rationalize additional kernel module management / building / deployment for Scientific Linux (CERN)...
Linux Support FAQ entry 19 Nov 2007, logged in as PeterJones What is the CERN recommended email client for SLC4? I am used to using Pine is available and there is...
cern linuxsupport access Introduction cern linuxsupport access can be used to enable/disable root access to the machine by CERN Linux.Support personnel (2nd and 3rd...
Currently: Disk servers and tape servers are individual machines connected via a Gigabit Ethernet line. Current disk servers can internally deliver up to 300MB/s and...
Few ideas IM integration: pidgin sipe plugin (prepared for SLC5 in testing) OCS integration: SIPE over TCP ... gateways for Linux access to MS OCS ?... to...
Issues and features that need to be resolved/included in SLC4. Firstboot should ideally (finally) include user creation from LanDB, root mail setup. (low...
Collection point for SLC5 things Other links: (ELFms) ScientificLinux5Port certification page (please add a tag to see who wants want) try to use add...
Currently: Three `File Marks` per file are written now by Castor (with a small data packet before and after the file), to help identifying tape positions. This is...
List of `personal` machines in FIO LA (should include principal desktop/laptop, will be used to see who gets new hardware. Not neccesarily complete or up to date)...
mrepo mirroring sometimes gets blocked by Red Hat Network as a symptom you will see that no new updates for binary RHEL rpm appear when updaterhelrpms is being run...
Desktop/Notebook test Comments: It`s impossibile to install SLC4 by PXE because there isn`t the ethernet driver (nVidia MCP51), so it is unusable!! It works with...
Things currently broken on IA64 and/or Opterons. IA64 has usually more constructive/repeatable behaviour.. Kerberos4: libdes mixup segfault (SLC3, SLC4 to...
Issue Both in SLC4 and SLC5, getaddrinfo() in glibc sorts multiple IP addresses returned by DNS according to the algorithm defined in RFC3484. The implementation...
`GRUB Loading Stage 2` after a reinstallation Symptom is that a freshly installed machine boots, goes through the BIOS screens, then says GRUB Loading stage2 . And...
GSSAPI should be preferably used over (direct) Kerberos5 or even Kerberos4, but the current GSSAPI libraries seem to do stupid things like resolving a server hostname...
How to use mock to build packages for SLC Introduction Mock project web page is here: http://www.fedoraproject.org/wiki/Projects/Mock (mock parameters explained)...
Installation @ SLC4 Installation process goes in few steps. First is installation on 3 machines : server, builder and client. Next we have to configure all machines...
Work directory is in /afs/cern.ch/project/linux/www/internal/SLC3 migration campaign/ Read README and SLC3 migration campaign.pl You will need to copy files by...
Desktop/Notebook test Comments: Last tested on Wed Jan 25 2006 with SLC 3.0.6. some flickerking in graphical installer and XFree86 (in 800x600 mode)...
Desktop/Notebook test Update 04.02.2008 : In order to run virtualized 64 bit guest operating systems with Xen, VMware etc., set Security OS Security Intel...
Desktop/Notebook test Comments: 1. Install only in text mode. (no VESA modes available for NVIDIA NVS3100 card...) 2. After first reboot: yum install xorg x11 drv...
Desktop/Notebook test Comments: The video card works with vesa driver (1280x960). Update: This is not the physical resolution of the device (1280x800). The...
Hardware test Comments: PXE install failed to turn off DHCP replies (got in a loop reinstalling itself) using libata (no smart, no hdparm, but of course...
Desktop/Notebook test Comments: (no formal test record for this machine, this entry just tracks issues found by our users) Under SLC4, the machine may not shutdown...
current situation CERN CC netlog is a custom kernel module for SLC3. It provides the following data (based on DESIGN document from CERN CC netlog package): connect...
This is just a collection of ideas which things around SLC46 could be improved. This is no commitment to really do what is said here. Feel free to comment on the individual...
Automate the workflow for package updates First concepts and propositions We need a tool that automates as far as possible the workflow for package updates, recompilation...
NOTE : SLC4.5 is not released yet, this procedure will be possible only after 23.05.2007 EXPERIMENTAL installation of XEN Hypervisor on host SLC45/i386 or SLC...
EXPERIMENTAL Xen guest domain installation for SLC 3.0.8 / i386 PLEASE NOTE : This is Work In Progress and NOT production quality release: it may or may not...
TEST Xen guest domain installation for SLC 4.X / i386 or SLC 4.X / x86 64 PLEASE NOTE : This is Work In Progress and NOT production quality release: it may...
SL(c)5 does support virtual machines far better than SLC4 (where a special kernel was required). Once you have installed you dom0 with Xen support # yum install y...
Problems: versions later than 1.0.1 OOPS after some random time when machine is idle UPDATE: version 1.0.1 also OOPS es but it takes much longer to hit the...
root@volume server:# ietadm op new tid 1 params Name iqn.foo.bar:test1 root@volume server:# ietadm op show tid 1 root@compute client:# iscsiadm m discovery...
Please note down any issues that you observe with the packages currently in testing. Package Version OS version Architecture Build date Your name Issue...
Initial attempts to get rid of Kerberos 4 have been made as far back as March 2007 (DTF). Reasoning is that the protocol is unmaintained, has theoretical weaknesses...
(collection point for `general future Kerberos things related to Linux`) Current IT FIO runs KDCs for CERN.CH used by the UNIXish clients for authentication, and...
Kerberos client checklist List of things that should get checked whenever we bricolage with kerberos5 configs, ssh, PAM etc. Test setup description: Hostname...
AFS (and X11) broken when logging in via SSH Starting around the last week of June, we see several support requests along the lines of `no AFS token after SSH` or...
Koji User management Web interface Connect with firefox : https://koji.cern.ch/koji/ Authentication is done with Kerberos so you need to add in `about:config` two...
Koji Koji integration Linuxsoft Egroups User management Web interface Connect with firefox : https://koji.cern.ch/koji/ Authentication is done with Kerberos so...
Description take an HP rx7620 (max. 8 CPUs, 16 32GB of RAM, 15 PCI X slots, 8GByte/s I/O bandwidth) add one 10Gb NIC 800 900MByte/s network I/O add up...
Configure Lemon Install needed packages Configure the repository: /etc/yum.repos.d/swrep x86 64 slc6.repo swrep x86 64 slc6 name CERN SWrep x86 64 slc6 baseurl...
Desktop/Notebook test Comments: All OK, accepted optional install of nvidia drivers: yum install xorg x11 drv nvidia resume from suspend fails with nvidia driver...
What is this? We`re working on the changes needed in policy, technical configuration, up to the storage model in the data storage system foreseen for LHC. That is...
FIO service managers can use a privileged access Remedy flow to the Linux Support Team, by opening a ticket to the `Linux 3rdLevel`. A mail interface exists: Linux...
Architecture These servers provide only TFTP service for the moment. The sync is provided by lsyncd (using inotify to rsync) on lxdist cluster. Hardware Server...
Collection point for various ideas how we could make life more difficult for hackers i.e. limit extent of a compromise. Examples: successful service compromise...
Background (first, Google iSCSI) It turns out that there are a number of projects that provide iSCSI target code now for Linux (initiators have been around for some...
This documentation is obsolete: up to date documentation available at: http://cern.ch/linux/docs/smartcards.shtml (How and if we can use Smartcards under Linux. IT...
collect usage info from various sources, generate shiny graphs. Updaters Monitor the number of machines that pull updates from the linuxsoft service. (This has now...
Frequently Asked Questions (FAQ) THIS LIST IS NOT MAINTAINED ANYMORE, please use the IT FAQs at http://cern.ch/it faqs/ Please note that by its nature this is work...
This documentation is outdated and has been moved to an updated version on https://linuxops.web.cern.ch/ . Whatever you may find here is kept for historical purposes...
People As of 2016 Linux Support IT service is composed of: Jaroslaw (Jarek) Polok service responsible Thomas Oulevey backup service responsible Above...
Frequently Asked Questions (FAQ) Please note that by its nature this is work in progress. More topics will appear as we receive feedback.. Submit a new FAQ NOTE...
Frequently Asked Questions (FAQ) Please note that by its nature this is work in progress. More topics will appear as we receive feedback.. Submit a new FAQ NOTE...
Audience The course will target newcomers to CERN who will need to work with CERN Linux machines, both as users and as (small scale) system administrators. Some level...
Currently: tape servers use their memory cache to collect multiple streams from disk servers and then write to tape. Outgoing data is not effectively cached. Proposed...
Goal Analyze SLC4 XFS stability on 32 bit/64 bit platforms and to provide a comparison matrix of various setups for HEPiX 2006. Machines Networked setups use servers...
Introduction TODO until migration () `IT LINUXSOFT IPMI` landb set should be modifiable by `lxsoft admins` not jarek only Prerequisites Be part of `lxsoft...
SLC4 Migration Issues at CERN certification Status FeatureListForSLC4: collecting point for new things that need to go into SLC4 Timelines for LXBATCH...
OCS features Open Computer and Software Inventory Next Generation is an application designed to help a network or system administrator keep track of the computers...
Desktop/Notebook test Comments: Everythings OK, the only problem is the network card`s driver that isn`t in the installation CD, if you want use it you have...
Desktop/Notebook test Note This device initially scored a PASS , but we have since then detected several issues that make it incompatible with Linux: 1. The...
Netdump (netdump is a crash dump over the network, using UDP packets. Has support for specific network hardware only.) Support Linux.Support will not blindly debug...
NSCD dies on SLC5 if used with nss ldap, doesn`t find users (affects ZUUL, i.e. deploying PLUS accounts via LDAP probably needs fixing before we have wide scale...
OpenSSL Convert PEM Convert PEM to DER openssl x509 outform der in certificate.pem out certificate.der Convert PEM to P7B openssl crl2pkcs7 nocrl certfile certificate...
Sync the rpms/iso Connect on lxsoft04 AND lxsof05 : Update the mrepo config with the new release : cat /etc/mrepo.conf.d/ovm3 x86 64.conf ovm3 x86 64 name Oracle...
Linux Support traditionally package the CERNLIB RPM from the sources in AFS. These sources are provided by PH/SFT (aka Benedikt Hegner). Building RPMs is simple, but...
Pilot drupal service setup Initial system installation initially installed using a CDB profile.After initial installation phase following changes are made: dequattorization...
The idea is to install as many packages as we can on our reference boxes, and let Pakiti2 determine if we are up to date. This should allow us to verify our deployment...
Preparing Xen guest filesystems Xen guest are using filesystems exported to them via Xen hypervisor Virtual Block Devices (VBDs). Currently there are three methods...
This is just some thoughts: getting the data: printer information: LDAP (cerndc) could be propagated to ldap.cern.ch too I guess ldapsearch x h `cerndc...
Introduction IT CF boot a live image from the network to auto register new servers. The image are in aims2 but synced to another PXE boot server for a specific IP...
NOTE This documentation is outdated and has been moved to an updated version on https://linuxops.web.cern.ch/aims2/aims2legacyworkaround/. After https://cern.service...
Release new Redhat product. Download ISO for x86 64 and i386 Available on Redhat customers service portal AFS DIST 5Server U9 cd /afs/.cern.ch/project/linux/enterprise...
remote reset and serial console for the Linux Support `lab` machines: Serial console refslc 3 and lxcert are connected to lxcnetlab1 with the standard SLAC...
scripts: sue get hosts.pl: extract hostnames from SUE logs apt get ip.pl: extract IP addresses from TUX logs get rh data.sh: get lists of all RH73 (and...
Idea: run something regularly (at least on managed machines) and perhaps on desktops that looks for signs of a compromise. See also LinuxHardening and RootKitCheckerInternal...
TWiki search by CERN Search Results You may also search with the internal TWiki WebSearch . Please note that TWiki internal WebSearch may be very slow for large...
Legacy SLC3 Services Despite the official end of support for SLC3, some services have not been able to migrate away yet. This list documents which services are candidates...
The following packages in SLC4 require CERN specific patches: (this list is incomplete, please do not rely on this alone) acroread see SoftwareUpdatesOnSLCSpecialPackages...
The previous solution (running a hypervisor on SLC4) is not longer required since SLC5 is out and comes with a support4ed hypervisor (in fact the SLC4 xen kernel had...
A few observation concerning the SLC5.7 build: cmake fails one test if built by root build from non root account packages with missing build requirements...
The following packages in SLC5 require CERN specific patches: (this list is incomplete, please do not rely on this alone) condor This is not needed more since condor...
The following packages in SLC6 require CERN specific patches: (this list is incomplete, please do not rely on this alone) 2012 The buildall script will warn you...
Summary of observations we made about the SLC6 test release(s). Install on node with only 512 MB Q: A message flashes up about insufficient memeory, text only install...
Please note : This documentation describes a pilot, experimental setup. DO NOT USE ON PRODUCTION SYSTEMS Smart Cards revisited in 2012 The goal is to integrate...
CERN Linux 7.3.x updates Updates are normally triggered by announcements from Progeny or Fedora Legacy. Subscribe to two lists: https://www.redhat.com/mailman...
Known issues i686 build for NSS. AFS backup not in place. Build software updates Please note you need to login as the build user on the lxsoft cluster...
Software updates for RHEL 3/4/5Server machines Red Hat updates are downloaded automatically using mrepo on lxsoft/lxnfs systems. In order to feed these updates into...
Build software updates Please note you need to login as the build user on the lxsoft cluster. ssh build@lxsoft Pre build checklist Check AFS quota, once in a...
Software update policy for SLC (for desktops and auto updating machines) Software updates get triggered by the following events: notification from T.U.V. (mail...
Introduction Spacewalk is a systems management solution, potentially interesting for CERN Linux machines. From the Twiki: Spacewalk is an open source Linux and Solaris...
Compiling SpecInt2k benchmark on SL4/x86 64 (maybe others) So... get a copy of SPEC CPU 1.2 by paying http://spec.org some money and access to those extra files which...
The spec file : %{!?kversion: %define kversion %(uname r)} # hint: this can be overridden with ` define kversion foo` on rpmbuild, e.g. # define `kversion 2.6....
SSH FAQ for CERN (the following document tries to answer the most common questions around SSH at CERN. It is aimed largely at 2nd level support, but of course individual...
Introduction Evaluate Syslinux 6.01, we want to be able to use http:// for loading initrd, and therefore maintain only one server between our Datacenter. Installation...
SysReq Diagnosis (or how to interpret the weird things that get dumped to the console if you do `sysreq t`) SysReq t show tasks state (information is from kernel...
Rota roles (draft to be reviewed) At this time Linux rota role include : Rebuild and Update slc5 / slc6 packages Sync CC7 and SIGs packages Deal with...
Test: write an internally structured stream Current tape drives (as opposed to those we had had in the past) are capable of positioning the tape per block, not only...
Changes to the Perl Tool Scripts These changes will be put in place on Thursday. Please contact me if you have any concerns about them File to Change Other...
Initial mysqld/httpd system installation and configuration Adding New Drupal site,Basic failover to hot spare server Just few initial ideas in random order.......
uco is still being used and will still be useful in the future) Description Intro: UCO is a program to reset per user configuration files to known `good` values....
Potential candidates Several existing tools could provide at least a core `workflow` and `status tracking` functionality. It is very likely that custom filters and...
Client user manual Installation Log in to some machine (let it be lxplus). At the moment builder and server are provided together (with some part of client libraries...
DB structure Data model Tables Source packages: PK name (distro,pkgname,epoch,version,release) (eg:. slc4X,grep,0,2.5.1,31) filename file name of SRPM...
Update Workflow Intoduction Update events: mail (security announcement from Red Hat or CERT, freeform notification from sec team, ..) or from other tools. Update...
Status plans TODO: new Extension of options database to policy database (with data where packages should go ?) Add possibility to move packages from testing...
Installation This page is description of installation of build system on three machines: lxdist i386 , lxdist amd64 , lxdist ia64 . Prerequisition For purpose...
New system for update workflow Requirements Simplest case of system usage: took SRPM package, build it, put into repo, give a report Building process...
Troubleshooting Problem with creating chroots on IA64 There is a problem with creating chroots on IA64, selinux will ask for security context when running command...
Update Workflow System Vision Overwiev Main task of system is upgrade `update workflow` process. System reqiurements are here UpdateWorkflowSystemRequirements. What...
Starting with SLC4.5 Xen domU kernels as well as openafs kernel modules and other supporting packages are included in the standard distribution for i386/x86 64 architectures...
LinuxSupport Linux @ CERN : http://cern.ch/linux Support : linux.support #64;cernNOSPAMPLEASE.ch NOTE This documentation is outdated and has been moved...
This is a subscription service to be automatically notified by e mail when topics change in this LinuxSupport web. This is a convenient service, so you do not have...
LinuxSupport Web Preferences The following settings are web preferences of the LinuxSupport web. These preferences overwrite the site level preferences...
About Xen Xen is an Open Source virtualization solution from Xensource Inc. allowing for both para virtualization (via means of modified guest operating systems) and...
NOTE : this document describes what has been done for SLC4.4: SLC4.5 did not require any of the following since we get Xen Domain U setups `for free` from Red Hat...
Xen TEST environment We are currently testing i386 SLC3 and SLC4 paravirtualized guests on following systems. All CERN users may login there, but please REMEMBER...
Some benchmark figures for Xen paravirtualized guests These are not really meaningful ... but you would like to see them anyway, right ? Test were made on the XenTestEnvironment...