Linux Install/Setup Notes
In places this document is specific to RedHat 7.2 on MSKCC's twin-chip Pentium4 Xeons. But much of it will map to other architectures/versions - it pays to be circumspect. Most of this works still on 8.0. Formal RedHat support for 7.2 and 8.0 ceases as of end of 2003, although this appears to mean that "no more program fixes will be posted" rather than them removing the actual software. Formal RedHat support for 9.0 ended in spring 2004, although 9.0 is very similar to 8.0 in many respects.
Documentation
There's a lot of Linux experience and documentation out there, but it's not all centralized and certain features are documented poorly by (e.g.) Red Hat. I often just Google for the appropriate question. The Linux Documentation Project has some useful stuff, as does the Red Hat Documentation. My standard location for RPMs is RPMFind.net which has nearly always proved a better resource than Red Hat itself.Table of Contents: arranged somewhat chronologically.
- Startup and Install
- Initial Configuration
- General notes on SCSI configuation
- Adding new SCSI hard drives
- Adding NFS mount points
- SSH daemon and login
- Which RPMs are useful
- How to add users
- Making backups/copies using rsync
- Time synchronization via NTP
- Printers and papd
- Configuring samba
- Adding and using CD-RW and DVR-RW
- Using up2date for software upgrades/fixes.
- A useful graphics upgrade
- Major upgrade to RedHat 8.0
- Adding a firewire card and drive(s).
- Adding remote PC disk shares.
- Notes on FTP protections.
- Notes on Sendmail and Fetchmail.
- Notes on TCPWrappers configuration.
Just a little hardware summary:
| What | HP XW6000 | Compaq W8000 |
|---|---|---|
| Chip | Xeon 2.4 GHz | Xeon 2.0 GHz |
| SCSI | Ultra 320 | Ultra 160 |
| Controller | Adaptec 7902 | Adaptec 7899 |
| SCSI Max # | TWO | THREE |
| IDE | Ultra ATA/100 | Ultra ATA/100 |
| USB | USB 2.0 (#=4) | USB 1.0 (#=4) |
| Firewire | no | via PCI card |
| Graphics | Nvidia 980 XGL | Nvidia 740 XGL |
Boot Up
Insert the first RedHat installation CD in the CD driveReboot the machine
Usually the machine will read the CD-ROM drive before the system drive by default, so it will override any copies of Micro$loth operating systems on there. If not the boot order can be changed my the PROM options at boot-time (F10 on Compaq), although this is vendor-specific how you actually change this.
Operating System Install
Elect to use the graphical installation method (default)English language
Generic 105 key keyboard
US English layout
Enable dead keys
Logitech Mouseman mouse
Select workstation install
Automatic configuration of disk partitioning
Drives set automatically to /dev/sda and /dev/sdb
Remove ALL partitions (not just all Linux partitions) for pure Linux install
Select /dev/sda as the install disk
Review the partitioning
Default partition is 47 Mb boot, 33 Gb /, 2Gb swap (2*memory)
GRUB boot loader in /dev/sda, record in Master Boot Record
/dev/sda2 is ext3 partition with default boot image
Depending on options it may be /dev/sda3 - it's the one with /. If you select only /dev/sda for partitioning, you get / in /dev/sda2, BUT if you select both /dev/sda and /dev/sdb it puts / on /dev/sdb so you will need to manually change the default configuration (using Edit). It doesn't seem possible to make ext3 filesystems by partitioning the drives later (under RedHat 7.2), so some futzing is advantageous at this stage. In the upgrade to RedHat 8.0 there's usually an option to convert ext2 filesystems to ext3. Ext3 is closely related to ext2 but with the additional of journalling.
Set GRUB password the same as the root password.
NO firewall
INSTALL STARTS (takes about 15-20 mins, needs a couple of CDs)
Kernel is 2.4.7-10
Monitor: default OK for flat screen, specifically set ViewSonic PF790 for
others
Reboot after install
See this
useful set of links answering many SCSI questions.
Shut down the system ("shutdown now" as root and then "halt" at the
single user mode prompt).
Install the hard drive in the third slot above the other two. There is
a 3rd power connector and more than enough SCSI connectors for it.
If the drive does not automatically pick up its SCSI ID via the
SCSI bus (most drives don't, some drives do) you will have to
manually configure the SCSI ID. Hopefully you'll already
know the SCSI IDs of the other drives (often 0 and 1). Consult the
instructions that came with (or were printed on) the 3rd hard drive
and set the jumpers across the pins for something like SCSI ID 4.
Yes, you do this sort of thing in hardware still.
Close up the chassis and boot. If you view the boot prom messages you should
see the 3rd hard drive being recognised. Linux calls SCSI drives /dev/sda,
/dev/sdb, /dev/sdc etc. So hopefully your 3rd drive is /dev/sdc.
cat /proc/scsi/scsi will give you a basic idea of what the SCSI
interfaces are, and which drives are attached.
egrep 'sd[abcde]' /var/log/dmesg will also give you clues as
the which partitions are mounted as which devices. The kernel log
file /var/log/dmesg is somewhat useful in this regard. Linux calls the
adaptor number the "host", the channel number the "bus", the scsi id of
the drive the "id" and the logical unit # "lun" which is unlikely to
ever be anything other than zero. Information on the adaptor can be
found in /proc/scsi/aic7xxx directories (under controller #).
On the XW6000's it would be /proc/scsi/aic79xx. The command:
Initial Configuration
IP: 140.163.178.208 (this is for xray1)
Netmask: 255.255.255.0
(Network and Broadcast values set by default from the above values)
Hostname: xray1
Gateway: 140.163.179.1
Primary DNS: 140.163.9.254
Secondary DNS: 140.163.1.254
Ternary DNS: 140.163.96.254 (this probably doesn't exist anymore)
No additional languages
Set root password
Set geographic location
Install ALL packages
X config - automatically identifies NVIDIA GeForce 3 MX with 32 Mb RAM
TrueColor (24 bit) 1280x1024 with KDE Desktop
Accept SMP version of kernel at reboot
Post-install Configuration
Most of the subsequent steps are found duplicated
in ~xtal/ROOT_CONFIG in the file
BOOTSTRAP and some other script files. What remains here is taken from
this setup directory. This file was created to avoid having to type too
many commands over and over but is not ready as an executible step.
SCSI
The servers have external SCSI connections. They look like HD68 SCSI
connectors and the controller is Ultra160 via Adaptec 7899 (Ultra320 is the
newer standard). There are three internal SCSI drives in the internal
brackets, which is all the physical space and power connections that
are available. The disks appear to mount as /dev/sda, /dev/sdb,
/dev/sdc.
Adding new hard drives
The SCSI-2.4 HOWTO
is a rather useful, if technical, guide to the SCSI and pseudo-SCSI
interface on Linux.
echo "scsi log error
where n=0 (none) to 6 (verbose) - DO NOT USE n=7 - affects the way error logging is done
for SCSI errors (/var/log/messages). /var/log/messages can also be useful to track
problems with SCSI devices or emulated SCSI devices (USB or Firewire drives).
This URL on Performance, Tests
and Debugging Tools may ultimately prove useful.
Note that some user pulled the connection for a mounted firewire drive out of xray6 and caused persistent SCSI errors (mounted as SCSI via the emulation layer). In this case I manually did:
echo "scsi remove-single-device 2 0 0 0" > /proc/scsi/scsito attempt to deactivate the device since it seemed to be causing problems with xray6. The host/channel/id/lun was obtained from /var/log/messages:
Jun 29 13:20:23 xray6 kernel: I/O error: dev 08:31, sector 6 Jun 29 13:20:23 xray6 kernel: SCSI disk error : host 2 channel 0 id 0 lun 0 return code = 10000and the identity of the drive confirmed using cat /proc/scsi/scsi and comparing IDs and host adaptors.
Partition it using fdisk using the "p" partition, "n" new partion and "w" write configuration options:
fdisk /dev/sdc p n p 1 [return for default start point] [return for default end point] w qwhich, cryptically, prints the current partitions (there should be none) creates a new one (primary, partition #1 with default start point and extent) and the finally writes it to disk.
Now create a Linux ext3 filesystem on the new partition:
mkfs -t ext3 /dev/sdc1Add the disk details in /etc/fstab:
/dev/sdc1 /usr2 ext3 defaults 1 2then create the mount point and mount the disk:
mkdir /usr2 mount /usr2If you want to export the disk you'll want to add the entry into /etc/exports and issue exportfs -a
See this tutorial for more information.
On helium, I added a new large ATA drive as follows: Insert it into the brackets below the CD-ROM drive. Attach power cables and the ATA cable that also connects to the CD-ROM drive. Reboot. Look in /var/log/messages for "hd" and we see the information:
Jul 19 18:07:09 helium kernel: hdc: Lite-On LTN486 48x Max, ATAPI CD/DVD-ROM drive Jul 19 18:07:09 helium kernel: hdd: Maxtor 6B120P0, ATA DISK drive Jul 19 18:07:10 helium kernel: hdd: attached ide-disk driver. Jul 19 18:07:10 helium kernel: hdd: host protected area => 1 Jul 19 18:07:10 helium kernel: hdd: 240121728 sectors (122942 MB) w/8192KiB Cache, CHS=238216/16/63, UDMA(100) Jul 19 18:07:10 helium kernel: hdd: unknown partition table Jul 19 18:07:10 helium kernel: SCSI device sda: 35566478 512-byte hdwr sectors (18210 MB) Jul 19 18:07:10 helium kernel: SCSI device sdb: 35566478 512-byte hdwr sectors (18210 MB)which indicates that the new partitionless hard drive is at /dev/hdd with the CD-ROM drive at /dev/hdc and the SCSI hard drives at /dev/sda and /dev/sdb.
To add partitions use fdisk on /dev/hdd as given above for the SCSI drives. The only variation is that we use mkfs -t ext2 /dev/hdd1 to make the new file system since the rather venerable RedHat 7.2 does not support ext3. Do a mkdir /usr/people5, add the appropriate entry in /etc/fstab, mount the drive and edit /etc/exports.
Then edit the /etc/hosts file to add the relevant hosts.
Make sure you remove the self machine from 127.0.0.1 but leave
localhost in there:
Make the relevant NFS mount directories:
Change the /etc/group file so that the following entries exist:
If looks like you can append multiple keys to ~/.ssh/authorized_keys2 to allow automated
ssh logins from multiple machines (which obviously have different ssh keys).
Test it using:
Note that other RPMs may be required to upgrade to new versions of
Python etc. These RPMs may not all be in the same place (use the rpm
command to get a list of installed rpms). Then install a specific
Java implementation for SnB into user local:
Then most of the install is done - you can add users by:
Since presumably you will set up the account via multiple machines, you should
use the -m (make home dir) flag for the first (parent) machine and the -M (do
not make home dir) flag for the other machines, i.e.
Note that I've hacked /etc/group to make it such that we can use the
existing SGI-style groups under Linux.
Setting up XTAL mirroring of PDB on xray6 : use the package
MIRROR to make a copy of PDB on /xray6/usr1/Databases/pdb/ via a simple
~xtal/MIRROR script and this crontab entry (.crontab.xray6 in ~xtal):
Setting up NTP time clamping : use the package NTP to synchronize
clocks with a stable remote machine. On each machine do:
Get netatalk-1.5.0-2rh7.i386.rpm from www.rpmfind.net not from RedHat.
For more in-depth discussion see
AppleTalk printer installation
and
How to setup the printer using AppleTalk
.
Linux loads CD-RW and DVD+-RW drives in a scsi emulation level. If you
look at /etc/grub.conf you typically see something like:
To write CD-RW disks
To quote the cdrecord webpage: To copy an audio CD in the most accurate
way, first run
To write DVD-RW disks:
The drive /dev/scd1 works OK using cdrecord and CD-R media. It works
OK using growisofs and DVD+R media (works OK on DVD-R also), writing
about 3.3 Gb in ~10 minutes. That's really fast.
To make ISO images from a CD-ROM:
Note that there are specific up2date versions for specific OS releases so
they are not completely interchangeable. The old up2date's certificate
has expired so you need to update up2date by the following procedure:
This has been done on xray1, xray6, xray7, xray8 and xray9.
In order to install an Nvidia driver you must not have X windows
running. With a heavily modified installation it may not work
anyway, but if you have a "working" configuration you have to do
the following:
These configurations include specs for the graphics card and the
monitor, and perhaps could still be optimized although they are
fairly close. The file /etc/X11/XF86Config seems to compete with
the XF86Config-4 file, so I usually rename it to avoid conflicts.
The 750XGL are hardware-stereo-enabled graphics cards that work well
with Nuvision's 60GX-T1 emitter that plugs straight into the card
and works well with Nuvision and Stereographics glasses. The Nvidia
750XGL is a very fast graphics card.
Once you've got the drivers in place and everything configured,
just change the id:3:initdefault: line in /etc/inittab back to
id:5:initdefault and reboot the machine (the command startx will do
in a pinch, but will not restart X after you log off).
At Princeton on xray8, I have created the /collect directory so as root you can specify:
Created /etc/orbitrc:
Created /etc/profile.d/gconf-lockfile-hack.sh:
It was the latter hack that seemed to work, although there is a denial of
service potential in this particular change. It's slightly galling that
since we run KDE rather than Gnome, GConf isn't exactly the most important
app we have ever seen.
Need to RECONFIGURE SENDMAIL:
By default sendmail has delivery from external hosts turned off, so to
re-activiate, edit /etc/mail/sendmail.mc to change the line:
then do:
I note that Mail -v pjeffrey@hotmail.com "looks" different outgoing on
xray10 and xray2, namely on xray10 it cites 127.0.0.1 (localhost relay?)
whereas on xray2 it cites mx.hotmail.com. The Linux boxes appear to
relay off themselves (127.0.0.1) on the way out.
Tested using Mail -v.
Internal email only necessary, nevertheless they can deliver email directly
to the outside world (e.g. hotmail)
because they are their own SMTP servers. They probably cannot receive
email directly.
NFS Mount Points
A typical Linux /etc/fstab looks like:
LABEL=/ / ext3 defaults 1 1
LABEL=/boot /boot ext3 defaults 1 2
none /dev/pts devpts gid=5,mode=620 0 0
none /proc proc defaults 0 0
none /dev/shm tmpfs defaults 0 0
/dev/sda2 swap swap defaults 0 0
/dev/sdb1 /usr1 ext2 defaults 0 0
/dev/cdrom /mnt/cdrom iso9660 noauto,owner,kudzu,ro 0 0
/dev/fd0 /mnt/floppy auto noauto,owner,kudzu 0 0
where the LABEL= syntax is atypical but apparently the result of
configuration at install. In this case LABEL=/usr1 is not present
because this was recovered after a system disk crash. We add the
usual NFS mounts to /etc/fstab using the conventional syntax:
xray2:/usr /xray2/usr nfs rw,bg,soft 0 0
xray3:/usr /xray3/usr nfs rw,bg,soft 0 0
xtreme1:/usr /xtreme1/usr nfs rw,bg,soft 0 0
xtreme1:/usr1 /xtreme1/usr1 nfs rw,bg,soft 0 0
xtreme1:/usr3 /xtreme1/usr3 nfs rw,bg,soft 0 0
xtreme2:/usr /xtreme2/usr nfs rw,bg,soft 0 0
xtreme2:/usr1 /xtreme2/usr1 nfs rw,bg,soft 0 0
xtreme2:/usr2 /xtreme2/usr2 nfs rw,bg,soft 0 0
xtreme3:/usr /xtreme3/usr nfs rw,bg,soft 0 0
xtreme3:/usr1 /xtreme3/usr1 nfs rw,bg,soft 0 0
xtreme3:/usr2 /xtreme3/usr2 nfs rw,bg,soft 0 0
xtreme4:/usr /xtreme4/usr nfs rw,bg,soft 0 0
xtreme4:/data2 /xtreme4/data2 nfs rw,bg,soft 0 0
xtreme4:/data3 /xtreme4/data3 nfs rw,bg,soft 0 0
xtreme5:/usr /xtreme5/usr nfs rw,bg,soft 0 0
xtreme5:/data1 /xtreme5/data1 nfs rw,bg,soft 0 0
xtreme6:/data1 /xtreme6/data1 nfs rw,bg,soft 0 0
xtreme6:/usr /xtreme6/usr nfs rw,bg,soft 0 0
ximpact1:/usr1 /ximpact1/usr1 nfs rw,bg,soft 0 0
ximpact1:/usr2 /xtreme4/usr1 nfs rw,bg,soft 0 0
ximpact2:/usr1 /ximpact2/usr1 nfs rw,bg,soft 0 0
ximpact2:/usr2 /ximpact2/usr2 nfs rw,bg,soft 0 0
ximpact2:/usr3 /ximpact2/usr3 nfs rw,bg,soft 0 0
ximpact3:/usr /ximpact3/usr nfs rw,bg,soft 0 0
ximpact3:/usr1 /ximpact3/usr1 nfs rw,bg,soft 0 0
ximpact4:/usr /ximpact4/usr nfs rw,bg,soft 0 0
ximpact4:/usr1 /ximpact4/usr1 nfs rw,bg,soft 0 0
#xray1:/home /xray1/home nfs rw,bg,soft 0 0
#xray1:/usr1 /xray1/usr1 nfs rw,bg,soft 0 0
xray4:/usr /xray4/usr nfs rw,bg,soft 0 0
xray4:/usr1 /xray4/usr1 nfs rw,bg,soft 0 0
xray4:/usr2 /xray4/usr2 nfs rw,bg,soft 0 0
xray4:/usr3 /xray4/usr3 nfs rw,bg,soft 0 0
xray5:/usr /xray5/usr nfs rw,bg,soft 0 0
xray5:/usr1 /xray5/usr1 nfs rw,bg,soft 0 0
xray6:/home /xray6/home nfs rw,bg,soft 0 0
xray6:/usr1 /xray6/usr1 nfs rw,bg,soft 0 0
xray7:/home /xray7/home nfs rw,bg,soft 0 0
xray7:/usr1 /xray7/usr1 nfs rw,bg,soft 0 0
xray8:/home /xray8/home nfs rw,bg,soft 0 0
xray8:/usr1 /xray8/usr1 nfs rw,bg,soft 0 0
xray9:/home /xray9/home nfs rw,bg,soft 0 0
xray9:/usr1 /xray9/usr1 nfs rw,bg,soft 0 0
Note the NFS mounts for the self machine are commented out.
140.163.179.207 xtreme6 xtreme6.ski.mskcc.org
140.163.179.206 xtreme5 xtreme5.ski.mskcc.org
140.163.179.205 xtreme4 xtreme4.ski.mskcc.org
140.163.179.204 xtreme3 xtreme3.ski.mskcc.org
140.163.179.203 xtreme2 xtreme2.ski.mskcc.org
140.163.179.202 xtreme1 xtreme1.ski.mskcc.org
140.163.179.214 ximpact4 ximpact4.ski.mskcc.org
140.163.179.213 ximpact3 ximpact3.ski.mskcc.org
140.163.179.212 ximpact2 ximpact2.ski.mskcc.org
140.163.179.211 ximpact1 ximpact1.ski.mskcc.org
140.163.179.221 xray9 xray9.ski.mskcc.org
140.163.179.220 xray8 xray8.ski.mskcc.org
140.163.179.219 xray7 xray7.ski.mskcc.org
140.163.179.218 xray6 xray6.ski.mskcc.org
140.163.179.217 xray5 xray5.ski.mskcc.org
140.153.179.216 xray4 xray4.ski.mskcc.org
140.163.179.210 xray3 xray3.ski.mskcc.org
140.163.179.209 xray2 xray2.mskcc.org xray2.ski.mskcc.org
140.163.179.208 xray1 xray1.ski.mskcc.org
127.0.0.1 localhost.localdomain localhost
Again, the localhost entry must exist or the machine will not work.
mkdir /xtreme1 /xtreme1/usr /xtreme1/usr1 /xtreme1/usr2
mkdir /xtreme2 /xtreme2/usr /xtreme2/usr1 /xtreme2/usr2
mkdir /xtreme3 /xtreme3/usr /xtreme3/usr1 /xtreme3/usr2
mkdir /xtreme4 /xtreme4/usr /xtreme4/usr1 /xtreme4/usr2
mkdir /xtreme5 /xtreme5/usr /xtreme5/usr1 /xtreme5/usr2
mkdir /xtreme6 /xtreme6/usr /xtreme6/usr1 /xtreme6/usr2
mkdir /ximpact1 /ximpact1/usr /ximpact1/usr1 /ximpact1/usr2
mkdir /ximpact2 /ximpact2/usr /ximpact2/usr1 /ximpact2/usr2
mkdir /ximpact3 /ximpact3/usr /ximpact3/usr1 /ximpact3/usr2
mkdir /ximpact4 /ximpact4/usr /ximpact4/usr1 /ximpact4/usr2
mkdir /xray1 /xray1/usr /xray1/usr1 /xray1/home
mkdir /xray2 /xray2/usr /xray2/usr1 /xray2/usr2
mkdir /xray3 /xray3/usr /xray3/usr1 /xray3/usr2
mkdir /xray4 /xray4/usr /xray4/usr1 /xray4/usr2 /xray4/usr3
mkdir /xray5 /xray5/usr /xray5/usr1 /xray5/home
mkdir /xray6 /xray6/usr /xray6/usr1 /xray6/home
mkdir /xray7 /xray7/usr /xray7/usr1 /xray7/home
mkdir /xray8 /xray8/usr /xray8/usr1 /xray8/home
mkdir /xray9 /xray9/usr /xray9/usr1 /xray9/home
mkdir /xtreme4/data2 /xtreme4/data3 /xtreme5/data1 /xtreme6/data1
set the domain name appropriately:
domainname ski.mskcc.org
And then actually mount the NFS disks (note that the source machines have
to have added the host machine as a valid export in /etc/exports and issued
exportfs -a).
mount -a
Edit the /etc/exports file so it looks something like the following:
# EXPORTS FILE FOR XRAY4
#
#
/home xray2(rw) xray3(rw) xray4(rw) xray5(rw) xray6(rw) xray7(rw) xray8(rw) xray9(rw) \
ximpact1(rw) ximpact2(rw) ximpact3(rw) ximpact4(rw) \
xtreme1(rw) xtreme2(rw) xtreme3(rw) xtreme4(rw) xtreme5(rw) xtreme6(rw)
/usr xray2(ro) xray3(ro) xray4(ro) xray5(ro) xray6(ro) xray7(ro) xray8(ro) xray9(ro) \
ximpact1(ro) ximpact2(ro) ximpact3(ro) ximpact4(ro) \
xtreme1(ro) xtreme2(ro) xtreme3(ro) xtreme4(ro) xtreme5(ro) xtreme6(ro)
/usr1 xray2(rw) xray3(rw) xray4(rw) xray5(rw) xray6(rw) xray7(rw) xray8(rw) xray9(rw) \
ximpact1(rw) ximpact2(rw) ximpact3(rw) ximpact4(rw) \
xtreme1(rw) xtreme2(rw) xtreme3(rw) xtreme4(rw) xtreme5(rw) xtreme6(rw)
These days I often do not export/mount /usr since no user data sits on it
(it's all in /home). Note that all NFS exports are to explicitly-named machines
to reduce the security risk, and that ideally those machines are defined in /etc/hosts.
Of course this doesn't eliminate e.g. IP spoofing, but it's a fairly major advance over
exporting it to every machine on the internet.
user:x:20:
brains:x:90:
gold:x:91:
You may need to change the entry for group 20 (games?). This is a hangover of the SGI
defining new users as group 20, and that group not being the same on Linux boxes.
Automated SSH Logins
Linux disables RSH and TELNET for many sources of login and this can
be a certain pain in the neck if you're trying to automated things.
You can set up Linux to do automated logins via ssh, which
will automate transfers using ssh and scp. Ssh and scp are encrypted
transfers and considerably more secure than the older rsh and rcp
counterparts.
mkdir ~/.ssh
chmod go-rwx ~/.ssh
cd ~/.ssh
ssh-keygen -t dsa
[hit enter several times]
Just enter through the password prompts and whatnot.
scp id_dsa.pub some.remote.machine.address:~/
ssh some.remote.machine.address
mkdir ~/.ssh
chmod go-rwx ~/.ssh
cp id_dsa.pub .ssh/authorized_keys2
These last 3 steps are obviously on the remote machine that you ssh'd to.
ssh some.remote.machine.address
You should get no password prompt.
RPM installs
. By default RedHat leaves out a
rather large range of useful products. I install these as RPMs.
You need to download these RPMs (or other relevant ones) from www.rpmfind.net. Then issue:
rpm -iv blt-2.4u-7.i386.rpm
rpm -iv f2c-20000510-5.i386.rpm
rpm -iv fort77-1.18-7.noarch.rpm
rpm -iv fsplit-5.5-1.i386.rpm
rpm -iv gkrellm-1.2.8-1.i686.rpm
rpm -iv gqmpeg-0.12.0-1.i686.rpm
rpm -iv netatalk-1.5.0-2rh7.i386.rpm
#rpm -Uv openssh-2.9p2-12.i386.rpm (commented out)
rpm -iv openssh-server-2.9p2-12.i386.rpm
rpm -iv telnet-server-0.17-18.i386.rpm
rpm -iv tmpwatch-2.8.1-1.src.rpm
rpm -iv wu-ftpd-2.6.1-16.i386.rpm
rpm -Uv xcdroast-0.98alpha9-1.i386.rpm
rpm -Uv rsh-server-0.17-2.5.i386.rpm
Then do:
chkconfig atalkd on
chkconfig atalk on
chkconfig wu-ftpd on
chkconfig telnetd on
chkconfig telnet on
chkconfig ssh on
chkconfig sshd on
chkconfig atalk on
chkconfig nfs on
chkconfig nfsd on
chkconfig rsync on
chkconfig rsh on
chkconfig rlogin on
killall -USR2 xinetd
which might start most of the services, although I dare say I haven't
remembered every single one. The killall statement just makes xinetd
re-read the configurations file(s).
cd /usr/local
tar xvjf /xray1/home/xtal/ROOT_CONFIG/jre*.bz
tar xvjf /xray1/home/xtal/ROOT_CONFIG/jdk*.bz
Then upgrade the graphics drivers to the proprietary optimized
ones from Nvidia - note that after doing this, doing further kernel
upgrades can serious mess with the X server. If you don't want
optimal graphics performance you can skip this step. Check the
NVIDIA website for the most
recent drivers.
rpm -ivh NVIDIA_kernel-1.0-2313.rh72smp.i686.rpm
rpm -ivh NVIDIA_GLX-1.0-2313.i386.rpm
emacs /etc/X11/XF86Config-4
# in the file /etc/X11/XF86Config-4
# replace Driver "nv" with Driver "nvidia"
# check for Load "glx" and comment out Load "dri" and Load "GLcore"
Note that the current NVIDIA driver install mechanism is a little different
to this
useradd -d /home/xtal -g 500 -m -s /bin/tcsh -u 1113 -n xtal
chmod a+rx ~xtal
Keeping the same UID and GID as on the SGI boxes.
Remember that Linux creates user accounts (e.g. /home/xtal) without
group or world search privelege - need to do chmod a+rx /home/xtal after
creating the username
useradd -d /home/xtal -g 500 -M -s /bin/tcsh -u 1113 -n xtal
Then set the password to something dummy using:
passwd xtal
Don't set it to the final password, since the first time a user
logs into the system it seems to make them change their password.
RedHat is also pretty cranky about known words in passwords. It is
a lot less liberal than the SGIs. It does not appear to be
possible to "cut and paste" encrypted passwords between /etc/shadow or
/etc/passwd files on different machines.
Setting up RSYNC mirroring from xtremes to xray1
: make sure
that /usr1/xtreme5/data1, /usr1/xtreme6/data1 and /usr1/xtreme4/data2
exist. Make a soft link from /usr1/xtreme4/data3 to /usr/xtreme4/data3
because otherwise there isn't enough space on the disks. Try issuing
the commands:
rsync -azv --delete /xtreme5/data1/ /usr1/xtreme5/data1/.
rsync -azv --delete /xtreme6/data1/ /usr1/xtreme6/data1/.
rsync -azv --delete /xtreme4/data2/raxis/ /usr1/xtreme4/data2/raxis/.
rsync -azv --delete /xtreme4/data3/raxis/ /usr1/xtreme4/data3/raxis/.
or for things like entire disk backups (as root)
rsync -azv --delete /xtreme1/usr3/ /usr1/RSYNC/xtreme1/usr3/.
Note that we don't mirror /xtreme4/data2/archived/. Make a
crontab entry for all this and store it in ~raxis/.crontab:
##
## RSYNC
##
0,30 * * * * rsync -azv --delete /xtreme5/data1/ /usr1/xtreme5/data1/.
5,35 * * * * rsync -azv --delete /xtreme6/data1/ /usr1/xtreme6/data1/.
10,40 * * * * rsync -azv --delete /xtreme4/data2/raxis/ /usr1/xtreme4/data2/raxis/.
20,50 * * * * rsync -azv --delete /xtreme4/data3/raxis/ /usr1/xtreme4/data3/raxis/.
Activate the cron job using crontab -l .crontab. All files will/are
owned by raxis.
##
##
## MIRROR
##
##
0 3 * * 0 csh /xray1/home/xtal/MIRROR
Actually building the mirror in the first place took quite a lot of
effort to avoid downloading the entire PDB in one chunk (this might
piss off the RCSB servers). I did it by running mirror manually and
interrupting it every so often.
chkconfig ntpd on
emacs /etc/ntp.conf
#insert a server line e.g. server ntp.ctr.columbia.edu
#at the top of the file, comment out other server lines
/etc/init.d/ntpd start
To check, use ntpq -n and issue pe and rv
lines. Servers should be ntp.ctr.columbia.edu for xray1, and
xray1.ski.mskcc.org for xray6/7/8/9. All other servers should
be commented out. The jitter and offset entries in the rv output should
be small, after enough time to even the clocks out.
Printers, Chooser and PAPD
An AppleTalk daemon can, in principle, let you talk to AppleTalk
printers on the network and also let someone access their home
directory via the Chooser from a MAC (SAMBA attempts to do the same
thing from a PC). The actual implementation seems to fail in our
hands for mysterious reasons related to an obscure but in
RedHat 7.2 that I never got to the bottom of, nevertheless the config goes as follows:
rpm -ivv netatalk-1.5.0-2rh7.i386.rpm
chkconfig atalk on
/etc/rc.d/init.d/atalk status
/etc/rc.d/init.d/atalk start
does the basic install and starts atalkd.
/usr/bin/getzones gets all zones
/usr/bin/getzones -m shows current zone (should be StructureBio)
/usr/bin/nbplkup shows all printers
/usr/bin/papstatus -p "(RRL-217) The Beast"
/usr/bin/papstatus -p "rrl 221 - hp color lj 4550n"
/usr/bin/pap -p "(RRL-217) The Beast" < doc.ps
-or-
/usr/bin/pap -p "rrl 221 - hp color lj 4550n" < doc.ps
lpq -P lp queries for lobs
lprm ### removes jobs
Bear in mind that the IP addresses reported by nbplkup seem to be WRONG.
The script xray0/bin/print does some safety checks and prints to
The Beast. The error that prevented AppleTalk printing from working in RedHat 7.2
appears to be fixed in 8.0 and 9.0.
More on Linux Printing
(This is the current config as of Nov 2003, but the directory locations
are perhaps a little non-standard). Works on 8.0 but resolutely
refuses to work on 7.2, despite identical configuration and a great
deal of poking around. Must be a REALLY cryptic bug.
getzones
nbplkup
These help you detect where you are on Appletalk.
cd /var/spool
mkdir lp
chown root.lp lp . . . . Change the ownership of the just created directory.
chmod 775 lp . . . . Sets the right priorities.
cd /dev . . . . Go to the directory to set up the printer.
mkdir atalk . . . . Create the directory.
chown root.lp atalk . . . . Change the ownership of the just created directory.
chmod 775 atalk . . . . Sets the right priorities.
touch atalk/lp . . . . Creates the printer device.
chown root.lp atalk/lp . . . . Change the ownership of the just created directory.
chmod 664 atalk/lp . . . . Sets the right priorities.
touch /var/tmp/lpd-errs . . . . Create the file to store error messages.
mkdir /usr/lib/atalk
mkdir /usr/lib/atalk/filters
cd /usr/lib/atalk/filters . . . . Move to the directory to create the filters.
ln -s /usr/sbin/psf ifpap . . . . Create the different filters.
ln -s /usr/sbin/psf ifpaprev . . . . Create the different filters.
ln -s /usr/sbin/psf dfpap . . . . Create the different filters.
ln -s /usr/sbin/psf dfpaprev . . . . Create the different filters.
ln -s /usr/sbin/psf tfpap . . . . Create the different filters.
ln -s /usr/sbin/psf tfpaprev . . . . Create the different filters.
ln -s /usr/sbin/psf ofpap . . . . Create the different filters.
These commands create locations for the printer and printer spool directories
that you will define in /etc/printcap. Now add a definition in /etc/printcap
and /etc/printcap.local. Add this:
lp|LJ4200:\
:lp=/dev/atalk/lp:\
:sd=/var/spool/lp:\
:px#3060:py#3960:sh:sf:rw:\
:lf=/var/tmp/lpd-errs:\
:if=/usr/lib/atalk/filters/ifpap:\
:tf=/usr/lib/atalk/filters/tfpap:\
:df=/usr/lib/atalk/filters/dfpap:\
:of=/usr/lib/atalk/filters/ofpap:
Now define the printer for pap to use, via the .paprcfile:
cd /var/spool/lp
echo "(RRL-217) The Beast" > .paprc
NOTE THAT THE QUOTES SHOULD NOT APPEAR IN THE FILE. Now (re)start the
lp daemon:
/etc/init.d/lpd stop
/etc/init.d/lpd start
Try printing with e.g.:
lpr -P lp /etc/hosts
and monitor the fun with lpstat
Setting up SAMBA
By default on RedHat 7.2, samba is not installed. So go get the rpm
samba-2.2.1a-4.i386.rpm and install it. Then edit
/etc/samba/smb.conf, and make a few modifications:
workgroup = MSKCC
hosts allow = 140.163.179.
For Windows NT and Windows 2000 you have to run password encryption:
encrypt passwords = yes
smb passwd file = /etc/samba/smbpasswd
Now, having minimally edited /etc/samba/smb.conf, start/restart samba using.
I'm not sure if chkconfig makes much difference here.
service smb restart
chkconfig smb on
Create the password file using mksmbpasswd.sh. This is a blank dummy
password and you have to change the passwords manually using smbpasswd
username:
cat /etc/passwd | mksmbpasswd.sh > /etc/samba/smbpasswd
chmod 600 /etc/samba/smbpasswd
See the URL on RedHat about
Samba Configuration
Burning CDs and DVDs
Apparently you can only do this as root because of device protections.
This tends to be somewhat of a thorny issue under Linux. Possible
modifications to /etc/fstab might allow this more transparently.
kernel /vmlinuz-2.4.20-24.8smp ro root=LABEL=/ hda=ide-scsi
which means that the IDE drive /dev/hda is emulated under an ide-scsi layer.
On xray9, which has both CD-RW (master) and DVD-RW (slave) in it's secondary
IDE controller, the line is:
kernel /vmlinuz-2.4.20-24.8smp ro root=LABEL=/ hdc=ide-scsi hdd=ide-scsi
where the CD-RW is /dev/hdc and the DVD-RW as /dev/hdd. No, I don't
have any idea why they aren't /dev/hda and /dev/hdb, which
is what they are in xray1 (hda==CD-RW, hdb==DVD-RW). Anyway, these
two devices seem to be emulated as /dev/scd0 and /dev/scd1
which is a nice complement to the three true SCSI drives, /dev/sda,
/dev/sdb and /dev/sdc.
To look for the drives, to cdrecord -scanbus. Use the device number
to write to the CD-RW drive, e.g.:
/usr/bin/mkisofs -J -R /some/FILES | /usr/bin/cdrecord -v -speed=4 -dev=2,0,0 -
seems to work OK. Be aware that since the buffer must be kept full
to avoid CD-RW corruptions, the machine should be as lightly used as
practical. The default is 4 Mb.
/usr/bin/cdda2wav -v255 -D2,0 -B -Owav
and then run
/usr/bin/cdrecord -v dev=2,0 -dao -useinfo *.wav
Possibly you might use -speed=2 or -speed=4 but check first using -dummy to
see if cdrecord can handle that, i.e.:
/usr/bin/cdrecord -v -dummy -speed=4 dev=2,0 -dao -useinfo *.wav
But I haven't checked the process of making audio CD's on Linux yet.
Note that CDRECORD and DVDRECORD do not work even though they claim
to support DVD recording. (The newer ProDVD versions allegedly
work). What you need to use is DVD+RW-Tools which I have
installed in ~xtal for convenience. Use the program growisofs
which is the counterpart to mkisofs in the above example. (However you
do need mkisofs from the cdrecord package to run DVD+RW-Tools, I think).
~xtal/dvd+rw-tools-5.14.4.7.4/growisofs -Z /dev/scd1 -J -R /some/FILES
Which obviously assumes the DVD-R is on /dev/scd1. Perhaps run -dummy
first to check everything is OK. Note the potential for confusion:
drive /dev/sdc1 is the 1st partition on the third SCSI hard drive
but /dev/scd1 is the DVD+RW drive.
Insert the CD
umount /dev/cdrom
dd if=/dev/cdrom of=meaningfulname.iso
eject
Up2date
Red Hat allows admins to automatically update the systems to the latest
modifications for the particular Red Hat OS version, via the program
up2date. This is actually a fairly sophisticated program that lets
you check, download and install updates/bug fixes over the network.
Unfortunately unless you purchase support ("entitlements") you can
have only one machine licensed at any given time. I seem to have
created about 3 user accounts, partially because of typos. They are:
Graphics Card Upgrades
Physically, replacing the graphics card is just a question of
swapping out the AGP card on the PCI bus. The more complex thing
is getting the X11 software configured correctly. First of all you
want to get the best drivers in place. So far I have exclusively
used Nvidia graphics cards made by PNY. They have their own
proprietary drives, which can be got from the driver section of the
Nvidia website.
Edit /etc/inittab and change the
id:5:initdefault:
to read
id:3:initdefault:
and reboot. This boots Linux into multiuser without X-windows. Then do the
Nvidia install:
sh NVIDIA-Linux-x86-1.0-4496-pkg2.run
(or whatever NVIDIA driver package you've installed from their
website). Once the Nvidia driver is installed you must edit
/etc/X11/XF86Config-4 to reflect the new configuration.
This tends to be a somewhat messy and cryptic file to play with, so
I tend to do cut and paste from existing configurations:
Upgrading to RedHat 8.0
Select upgrade, go get coffee. I did find that it chkconfig'd atalk
off, so I had to re-enable it. Also programs compiled under 8.0 do
not run under 7.2. However 7.2 programs run under 8.0. Go figure.
Bill Barton's upgrade went OK until we changed the kernel to a newer
version, so it's possible that Grub/Lilo modifications can screw
you throroughly. Make sure you do backups first.
Changing Kernel Version
To try and get firewire working I "upgraded" the kernel from 2.4.18
to 2.4.20 under RedHat 8.0. This went relatively smoothly except
that it broke the NVIDIA graphics drivers. Moreover there is
no precompiled version of the drivers for 2.4.20-24.8, which is what
I was using. So I had to
Get kernel-source-2.4.20-24.8.i386.rpm kernel sources from rpmfind.net
rpm -Uv kernel-source-2.4.20-24.8.i386.rpm
Let the NVIDIA install script recompile the drivers with the kernel headers
Pray to God that it all worked
And it did seem to, despite a little whining about it all. O seems to
work and stereo seems (kinda) to work. Not tested on xray9, however,
which actually has bona fide stereo capability. The latest Nvidia
drivers apparently get rid of the slow-on-mono bug which previously
existed. The most recent driver as of Dec 2003 was 4496, which was
the driver version I was using during the 750XGL upgrades.
smbmount //xray7/data /collect -o username=raxis%password
where "password" means the NT raxis password you specify at login
Network Stuff
mii-tool prints the current ethenet controller settings. The -v
option gives more detail. Apparently you can force the speed on the
interface using mii-tool -F 100baseTx-FD eth0 if you were so inclined.
arp gives the relationship between IP
address and ethernet address for recently-contacted machines - useful
for figuring out MAC addresses if you don't already have it.
Weird GConf Errors
Logging in simultaneously from multiple workstations tends to cause
problems with some apps (e.g. gedit). I traced the error message back
to GConf and as per the Gconf
system config pages made the following changes:
ORBIIOPIPv4=1
GCONF_LOCAL_LOCKS=1
#
# see http://www.gnome.org/projects/gconf/
These profile.d files appear to be sourced by /etc/profile.
Sendmail and Fetchmail
Usage:
fetchmail -u jeffreyp pop3.mskcc.org
-c check (and do nothing)
-k keep (keep messages on server)
-K nokeep
-s silent
-v verbose
-a fetchall (retreive old and new messages)
-f flush (nuke old messages)
-p protocol
Put:
poll pop3.mskcc.org user jeffreyp pass PASSWORD_HERE
into .fetchmailrc
chmod 600 ~/.fetchmailrc
to make fetchmail work "automatically"
rpm -Uv sendmail-cf-8.12.8-9.80.i386.rpm
and add:
sendmail: ALL
to /etc/hosts.allow
From: DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')
To: dnl DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')
which effectively comments it out.
m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf
/etc/init.d/sendmail restart
which should be enough.
THERE NEEDS TO BE A FULLY QUALIFIED DOMAIN NAME IN /etc/hosts