This action might not be possible to undo. Are you sure you want to continue?
Updated: 28 Mar 2006
SLAC Computing UNIX at SLAC Linux at SLAC
There are several steps to setting up a fully-integrated Red Hat Enterprise Linux 4 (RHEL4) system at SLAC: 1. Before you Begin o Minimum System Requirements o Preparing to Install 2. Install Red Hat Enterprise Linux 4 o Create an Installation CDROM o Boot the Installation Program o NFS Install Method o Disk Partitions o No Firewall at SLAC o No SELinux at SLAC o Selecting Packages No servers 3. Post Install o Configure Sound 4. SLAC Configuration o Running Taylor o Access to SLAC's MAIL Spool and other NFS servers o Superuser Privileges 5. Known Issues Please note: These are not complete Red Hat Enterprise Linux install instructions; go to the Red Hat Web site for more complete information.
Before you Begin
System Requirements Architecture These instructions are for installing Red Hat Enterprise Linux 4 (RHEL4) on an IA-32 system (i.e., a 32-bit Intel- or AMD-based system) and Opteron 64-bit systems (x86_64).
Minimum Memory Red Hat recommends a minimum of 256 MB of memory. At SLAC, RHEL4 has been successfully installed on systems with 128 MB, but such systems have a tendency to bog down badly due to excessive swapping when too many applications are open at once. Minimum Disk Space SCCS recommends a minimum disk size of above 12 GB, and a minimum root partition ("/") size of about 9 GB. CDROM Drive Red Hat does not include a floppy version of the boot images for RHEL4. Your system will need a boot-capable CDROM drive. Preparing to Install 1. Consider submitting a request to have SCCS do the installation for you. 2. Have previous experience installing Red Hat Linux, or else read the Red Hat Install document. 3. Have an IP address and node name for your system. If necessary, pick up a copy of the IP Address and Node Name form from the Help Desk or print your own copy, fill it out and submit it to the Help Desk. 4. Have available the network and host information required by a Red Hat Linux install, which includes (but may not be limited to): IP address, gateway, netmask and DNS server (provided by Help Desk when you obtain your IP address); video card/monitor specs (including size of video RAM); disk drive size; etc. 5. If you are an experienced Linux user and intend to retain some responsibility for administering your system, you may want to familiarize yourself with Taylor before beginning. This is the tool SCCS uses to adapt systems to the SLAC environment and we strongly encourage you to use it. 6. If you are installing on a machine that was previously taylored, you should print a copy of the file /etc/taylor.opts before beginning. This procedure does a "clean install", not an upgrade. If you follow SCCS recommendations against storing permanent data on a workstation's system disk, this should not be a problem. If you do have some data you want to preserve on this disk, but it is all stored in a non-system partition, e.g., /u1, you might be
OK, providing your system partitions are large enough to accommodate RHEL4 with sufficient room for future updates (see Disk Partitions, below). Otherwise, it is your responsibility to backup your data before beginning the installation. If you must restore it to a local filesystem after the installation, we strongly urge you to buy a second disk and keep permanent data off the system disk. You may want to work next to a machine with a web browser and access the Red Hat installation manual from the documentation area of the Red Hat web site.
Install Red Hat Enterprise Linux 4
The installation program is mostly self-explanatory if you have installed UNIX or Linux before. We will only mention either complex or SLAC-specific issues below. Create an Installation CDROM To make a bootable CDROM for installing RHEL4, you will need to burn an ISO 9660 image file onto CD-R (or CD-RW) media. On Linux, you can use an application like Xcdroast (requires X Windows) or cdrecord (a command-line tool). Mac OSX can successfully create bootable CDROMs using the CDROM burning utility. To create an installation boot CDROM under Linux, using the cdrecord utility: 1. Find the ISO 9660 disc image for an installation boot CDROM for your architecture and the current RHEL4 Update level:
2. 3. cd /afs/slac/package/RedHat/RHEL4/ARCH/images ls boot.iso
You should replace the string 'ARCH' with the architecture of your processor, i.e., for 64-bit-capable processors such as an AMD Opteron or an Intel EM64T chip, you should substitute 'x86_64'; for 32-bit processors, use 'i386'. 4. Put a blank CD-R (or CD-RW) disc into the CDROM drive.
5. To get information about your CDROM drive, run the command:
6. cdrecord -scanbus dev=/dev/hdc
You'll get a line that includes some text identifying your specific CDROM device, along with the device address; for example:
1,0,0 100) '_NEC Removable CD-ROM ' 'CD-RW NR-9300A ' '105B'
The first field in this example, "1,0,0", is your CDROM device address. This is the information you'll need. 7. Run a command like the following:
8. cdrecord -v -speed=2 dev=1,0,0 -eject -data boot.iso
On some systems you may need to prefix the device address with a transport layer indicator, such as 'ATA:' or 'ATAPI:', or you may need additional options on the cdrecord command line. See the man page for cdrecord for details. If you haven't burned any CDROMs before, it's a good idea to run some tests first by adding the '-dummy' option to the cdrecord command line.
You might also want to consider burning a "rescue disc" for use in case of problems with the system on your hard disk. The procedure is similar to the above and you can find the appropriate image in the directory, /afs/slac/package/RedHat/RHEL4/ISO/. Look for a file ending in "...-WSdisc1.iso" and matching your architecture and the current update level, e.g., "RHEL4-U2-i386-WS-disc1.iso".
Boot the Installation Program Stick the CDROM in the drive and reboot your machine. If your machine ignores the CDROM at boot time, and simply reboots the existing system on the hard disk, there is most likely a problem with the boot order in the BIOS. You can usually get into the BIOS by pressing a function key (usually F2) early in the boot process. The various BIOS screens vary quite a bit, even within a single vendor's products. However, there is usually a
place where you can specify the order in which the BIOS should look for a bootable device. You should make sure it looks at the CDROM drive before the hard disk. At the boot prompt, you can choose between running the installation in graphical or text mode. Unless you have an older monitor or video card, it should be OK to just type linux askmethod, then hit the Enter key and run the installation in graphical mode. To run in text mode, type linux text askmethod and press the Enter key. It will take a minute or two to load. Once you are in the install program, follow the directions until you get to the question on what kind of installation method to use. N.B. There may be some variations in the order of the screens in the installation program depending on your exact hardware configuration and/or the choices you make, so it's probably a good idea to read through the rest of this section before proceeding. NFS Install Method In the "Installation Method" screen, choose NFS image to insure that the latest SLAC-recommended kernel and RPMs are installed. If you install from a CDROM, you may need to upgrade the kernel after installation in order to comply with SLAC security requirements. Next, you will be asked to configure TCP/IP. Uncheck Use dynamic IP configuration and enter the IP Address, Netmask, Default gateway and Primary nameserver information given to you by SCCS when you requested your node name and IP address. WARNING: Please be careful to enter this information accurately, since errors can disrupt the network. Note that the Red Hat install program will try to guess your Default gateway and Primary nameserver after you enter your IP address and Netmask, and will set these up as defaults. These Red Hat-supplied
values are most likely wrong. If you don't know one or more of these values, please ask the help desk or unix-admin -- do not use the Red Hat supplied values. Next you will be asked for NFS setup information. The NFS server name is afsnfs2 and the Red Hat directories are:
For Opteron and EMT64 systems: /afs/slac/package/RedHat/RHEL4/x86_64. For all other systems(Pentium, Athlon, etc.): /afs/slac/package/RedHat/RHEL4/i386.
If the directory can't be mounted try using afsnfs2's IP address, 184.108.40.206 instead of its name. , Disk Partitions At the Disk Partitioning Setup screen, select Manually partition with Disk Druid. The default partitioning scheme used by the Automatically partition option is not suitable for use in the SLAC environment. The table below shows suggested partitioning schemes for two different size disks, representing typical sizes of disks available on older hardware still in service here at SLAC. Newer systems usually have substantially larger system disks. Make sure to give Linux at least a 9 GB root partition. If your root partition is less than about 9 GB, you should omit installing some of the software package groups recommended below, in order to allow room for future upgrades and security patches. Similarly, if you install more package groups than suggested below, you will probably need a larger root partition -- perhaps 10-12 GB if you install nearly everything. Small root partitions can make it difficult or impossible to install required security patches later on. Systems that cannot apply required security patches in a timely fashion may be denied access to the SLAC network. You should also create a swap partition at least as large as the memory (twice the main memory is a good rule of thumb for the size of the swap partition).
If there is sufficient space, we recommend that you allocate an /scswork partition of 1 GB, to be reserved for the exclusive use of SCCS. Use the rest for scratch space; for example, you might want to create a larger /tmp or add a separate /scratch directory. Note that older files in /tmp are periodically removed but files in /scratch will remain until removed by you unless the system is re-installed. Always choose to format your Linux partitions. Use the new, ext3 filesystem type on all partitions except for the /usr/vice/cache and swap partitions. Use ext2 for the /usr/vice/cache partition since ext3 and AFS cache partitions do not get along (at least as of May 2002). ext3 is a journaling filesystem and will permit much faster recovery following crashes. WARNING! You should not allocate any partitions on the system disk for permanent data. Because of the large sizes of currently available disks, you may be strongly tempted to ignore this warning. However, it is very risky to do so, because:
• • •
we do not backup the data on local disks attached to workstations; the disks installed in workstation-class machines are much less reliable than those we buy for our fileservers; and, our support model assumes that it's OK to repartition and re-install the system disk on short notice.
The best way to make use of extra space on your system disk is to allocate a large /tmp or /scratch partition. If you need additional permanent space, please contact email@example.com; we will do our best to help you acquire reliable, backed-up storage at a reasonable cost. If you ignore this warning, it will be your responsibility to save and restore your data the next time your system needs to be re-installed. Note that partition names and numbers, and the order of the partitions, are assigned automatically by Disk Druid. Also, the actual sizes of allocated partitions may vary a little bit from what you request via Disk Druid's GUI interface. This may make it difficult to allocate every last block on the disk. Suggested partition schemes for typical hard disks:
Partition Mount Point /
Partition Size Partition +18 GB or Type 12 GB disk larger disk ext3 9 GB 12 GB
1 x memory or 2 x memory or at least 512 at least 1 GB MB 512 MB 512 MB 512 MB omit omit 1 GB 1 GB 1 GB 1 GB remainder
/var /usr/vice/cache /tmp /scswork /scratch (or extra /tmp space)
ext3 ext2 ext3 ext3 ext3
Boot Loader Configuration We recommend that you use the default boot loader, GRUB, and accept the defaults for the other options on this screen. Network Configuration The Network Configuration screen should show the same information you entered above in the TCP/IP Setup when requesting an NFS installation. No Firewall at SLAC If you will be using your system within the SLAC environment, you will need to select "No firewall" at the Firewall Configuration screen. However, if you are installing a stand-alone system, e.g., for use from your home, or a laptop that will be connected to the Internet from outside SLAC's firewall, you may want to learn more about the firewall facilities in Red Hat Linux in order to better protect your system. No SELinux at SLAC
At the bottom of the 'Firewall Configuration' page there is a pulldown menu to make SELinux 'active', 'warn', or 'disable'. Choose 'disable'. When the annoying box pops-up to ask you to confirm your setting, hit 'Proceed'. Additional Language Support If you wish, select one or more additional languages. Time Zone Selection Select the time zone, either by location or UTC offset (e.g., by clicking on a nearby city, such as Los Angeles, on the map or by selecting UTC-08 plus daylight savings time on the UTC Offset tab). You should not check the "System clock uses UTC" box on dual-booted machines (note that SCCS strongly discourages dual boot machines). Set Root Password Choose a good root password and DON'T FORGET IT! SLAC's post-installation tool taylor will override this password. Selecting Packages Using the 'Install default software packages' is probably sufficient for most installs. This will give you a good basic system. You may also select package groups or individual packages to be installed via the 'Customize software packages to be installed', but please follow the following guidelines: RH SCCS Default Recommendation Desktops [*] [*] [ ] [*] [*] [*] X Window System GNOME Desktop Environment KDE Desktop Environment Applications Package Groups
[*] [ ] [*] [*] [*] [*] [ ] [*] [*] [ ] [ ] [ ] [ ] [ ] [ ] [*] [ ] [ ] [ ] [ ] [ ] [*] [ ] [*]
[*] [*] [*] [*] [*] [*] [*] [*] [ ] [ ] [ ] [ ] [ ] [ ] [ ] [*] [ ] [?] [ ] [?] [ ] [*] [ ] [*]
Editors Engineering and Scientific Graphical Internet Text-based Internet Office/Productivity Sound and Video Authoring and Publishing Graphics Games and Entertainment
Servers (Please see SCCS before installing) Web Server Mail Server Windows File Server SQL Database MySQL Database Legacy Network Server Development Development Tools Kernel Development X Software Development Gnome Software Development KDE Software Development Legacy Software Development System Administration Tools System Tools Printing Support
Miscellaneous [ ] [ ] 2166 [ ] [ ] 2634 Minimal Everything Space Consumed (MB)
In addition to the Red Hat defaults, we recommend adding the following groups:
Both KDE and GNOME: It is easy to switch between the two if they are both installed, and each includes some applications that might prove useful in the other. Engineering and Scientific. This includes the GNU Scientific Library plus BLAS and LAPACK, Fortran libraries for linear algebra. Authoring and Publishing: Provides TeX and SGML support Development Tools: If you will be doing any software development on the machine, you should check this group. In addition, if you plan to build Linux kernels or develop X Windows, Gnome or KDE applications you should check the corresponding package groups in this section. Note in particular that: o Even if you only plan to run (not build) SLAC-built software with an X Windows interface (e.g., BaBar code) you may need to install the "X Software Development" package group. o Checking "KDE Software Development" gives you tools like Qt Designer, PyQt and SIP which are used by some SLAC groups.
Please do not install servers unless you really know what you are doing and okay it with SCCS first. And please don't select "Everything" which would also install the servers. To find out exactly what's included in a group, click on "Details" (you'll have to select the group first if it is not already selected). Some groups have optional parts; in the Details screen you can select or unselect these options.
If you want complete control, check the Select individual packages option before clicking the Next button. Note that selecting "Minimal" will override your previous selections, but unselecting it will restore them. Note that the last row in the above table simply shows the sum of the package sizes, and is really only intended to give you a rough idea of relative sizes for different collections of packages. You must allocate a root partition significantly larger than these minimums to get a workable system and to reserve space to install package updates (especially security updates)/ Don't worry too much about getting every package you might ever want -- you can always add additional packages later. It may take 15 minutes to over an hour to install the packages depending on the speed of your machine and network. The installation program will reboot the machine when it is finished. Make sure to remove any floppy left in the drive from the initial boot of the installation program.
Revise X Configuration In Red Hat Release 4 most graphics chips are probed for correct values. If you want to change the configuration of X Windows, use the configuration tool system-config-display. If you can't get a satisfactory X configuration using this tool then you will have to fiddle with the /etc/X11/xorg.conf file. See the xorg.conf(5x) man page for information on the format of this file and it's many device-independent options. There are also devicespecific man pages for the various supported video drivers -- see the SEE ALSO section of xorg.conf(5x) for some of the driver names. Do not increase the refresh rate ranges on your monitor unless you are absolutely sure it is supported! Configure Sound If your sound card was not automatically configured by the installation program or during the initial boot (by a program called "kudzu"), you can try running (as root) the Sound Card
Configuration Tool. You need to do this in X Windows. You can also run this tool by entering system-config-soundcard on the command line, or by choosing Main Menu => System Settings => Soundcard Detection. Note that this tool requires that you have an X server running. For more information, see the section on Problems with Sound Configuration in the RHEL4 Installation Guide. If you have an unusual sound card, you may also have to search the web for detailed help on configuring it.
WARNING: This is not (yet) for laptop users. Taylor is the tool used by SCCS for administering the very large number of UNIX (including Linux) systems for which we are responsible. It can be run after the Red Hat installation program to automatically configure your new system to be integrated into the SLAC environment. It normally installs a cronjob which will maintain your system automatically. Some of the things Taylor does include:
• • • •
• • • • • • •
Configure the network interfaces for the correct subnet at SLAC. Set up network services such as NIS, DNS, NTP, and syslog correctly. Install or update recommended software, including AFS, AMD, SSH, and LPRng. Update the passwd and groups files to include SCCSrequired system accounts and to permit login by users via their regular SLAC UNIX accounts (this can be restricted after Taylor runs the first time). Configure sendmail for SLAC's email environment. Install LPRng to centralize printing. Install some TrueType fonts. Remove or reconfigure some insecure services. Install sudo with a centrally-managed sudoers file (sudo is a UNIX tool to allow users to issue privileged commands). Install and run yum to get updates. Optionally, setup /usr/local to point to SLAC AFS /usr/local for Linux.
Install an hourly Emergency cronjob that can be used, for example, to apply urgent security fixes. Install a nightly Taylor cronjob to apply routine maintenance to your system automatically (this cronjob can be removed, and Taylor re-run by hand from time to time, on mission-critical servers).
For additional information, see the Taylor Web page. Running Taylor Taylor uses a configuration file, /etc/taylor.opts to control its , actions. If you don't have this file the first time you run Taylor, it will install one with a reasonable set of defaults. However, you may want to set some of these options before you run Taylor the first time, since the root password you set during installation will otherwise be overridden at this point. If your machine was previously taylored, you will most likely want to restore most or all of the options from your old taylor.opts file (you did print a copy before beginning, right?). If your machine is connected to a 100 MB/s port, it is particularly important to include the option, ethernet=100mb. If your machine has not been previously taylored, look in /afs/slac/package/taylor/taylor.opts for a sample taylor.opts file. In particular, this file includes commented out examples examples showing how to:
• • •
Control the root password Select a graphical or text-mode login Request a private /usr/local directory
For a more complete list of options, do man taylor.opts . After running Taylor the first time, if you subsequently need an option changed and can no longer modify /etc/taylor.opts yourself, contact one of your Linux Desktop Support people or send mail to unix-admin. To install and run Taylor, execute the following command:
elinks -source http://www/comp/unix/linux/go-taylor | sh
You will be asked whether to use the version of /usr/local maintained by SCCS or set up a private /usr/local. We highly recommend that you use the central one. Taylor will probably take several minutes to complete its work. If there is an error and you can see how to fix the problem, it is safe to rerun taylor afterward. If you have an error you cannot understand or fix, send email to unix-admin to request help. If possible, paste the error messages from Taylor into the email. Access to SLAC's MAIL Spool and other NFS servers If you receive your email via the UNIX mail spool rather than SLAC's Exchange server, you'll need access to /nfs/mailspool/mail/<your_UID>. Some users may also want to access other central NFS file servers from their Linux workstations. Access to NFS is not automatic; for security reasons you must submit a request to SCCS for permission to mount our central servers. There is a simple NFS Access form for this purpose if you do not need any superuser privileges on the machine. If you also need privileges, see the next section. Superuser Privileges If you need superuser privileges (i.e., the root password and/or sudo ALL) on your machine, you will need to carefully read the Superuser/NFS Privileges page, then fill out and submit the form you'll find there. If you also need NFS access, you must request it via this same form. SLAC's RPM Repository SLAC maintains a mirror of the Red Hat Enterprise Linux WS 4 distribution at /afs/slac/package/RedHat/RHEL4. Please note that the use of this mirror is limited by the terms of our agreement with Red Hat; see the file README-BEFORE-USING in this directory for details. Within this directory, you can find a complete set of RPMs from the most recent quarterly update from Red Hat at: (ARCH is either x86_64 or i386)
This is sometimes referred to as the base area or directory. Additional updates to individual RPMs can be found in the following directories: This collection of directories is referred to as the updates area. yum The yum command is a program that can look at a directory or at an ftp or http site and determine if there are updates to any of your packages there. If it finds them, it can also install them. Taylor installs yum and uses it to apply required security updates. In addition, Taylor configures yum so that you or your system admin can use it to install any necessary bug fix RPMs to bring your system up to the latest SCCS-recommended Red Hat update level. The command to do this is simply,
sudo yum update /afs/slac/package/RedHat/RHEL4/updates/ARCH
To find out what yum would do without actually doing it, use the command, sudo yum check-update. Extras Look in our RPM repository for additional RPMS that you might want to install (be sure to always check the updates area as well as the quarterly base directory in case there have been any recent security updates). To read the description of one of these packages, change to the appropriate directory of the repository and use the rpm program as in the following example:
rpm -qip enscript-1.6.1-24.i386.rpm
There are some known issues with RHEL4. Please see the RHEL4 Release notes for other information: AMD64/EMT64 Release Notes IA32 Release Notes
Join the SLAC Linux mailing list to exchange information and advice with other users. There is a convenient Web page for subscribing or reviewing the archives or you can send mail to firstname.lastname@example.org with the first line of the body being "subscribe linux-l". If you need more information, please have a look at our Linux Resources page.