https://daq00.triumf.ca/DaqWiki/api.php?action=feedcontributions&feedformat=atom&user=Lindner
DaqWiki - User contributions [en]
2026-04-17T11:14:56Z
User contributions
MediaWiki 1.39.6
https://daq00.triumf.ca/DaqWiki/index.php?title=DAQ_VMs&diff=8748
DAQ VMs
2026-02-23T19:16:19Z
<p>Lindner: </p>
<hr />
<div>The following is a list of virtual machines provided by the Core Computing group which are used by the DAQ group or by related experimental groups.<br />
Many of them are for elog instances.<br />
<br />
{| border="1" <br />
|+<br />
| VM machine name <br />
|Other names<br />
| Group<br />
| VLAN<br />
| Purpose<br />
| Status<br />
|-<br />
| midastestdaq<br />
|<br />
| DAQ<br />
| 1<br />
| Has example MIDAS installation (part of documentation)<br />
| Currently broken<br />
|-<br />
| trdata05<br />
|<br />
| DAQ<br />
| 1<br />
| Provides ~10TB of storage for the DAQ dcache instance.<br />
|<br />
<br />
|-<br />
| ucnsrv0-vm.triumf.ca<br />
| ucnelog<br />
| UCN<br />
| 1<br />
| Providing UCN elog<br />
|<br />
|-<br />
| ucn-backup01.triumf.ca<br />
|<br />
| UCN<br />
| 68<br />
| Provides 2TB of storage for raw data backup<br />
|<br />
|-<br />
| backup02.ucn.triumf.ca<br />
|<br />
| UCN<br />
| 68<br />
| Provides 4TB of storage for raw data backup<br />
|<br />
|-<br />
| ktmserver.triumf.ca<br />
|<br />
| UCN<br />
| 1<br />
| Provides readout and online display for the 1VM4 notch monitor (beamline 1V)<br />
|<br />
|-<br />
| exoelog.triumf.ca<br />
|<br />
| EXO<br />
| 1<br />
| Provides elog for EXO tests<br />
| not really used<br />
|-<br />
| scdms-srv0.triumf.ca<br />
|<br />
| SuperCDMS<br />
| 1<br />
| Testbed for CDMS development on Centos-7; also provides elog.<br />
|<br />
|-<br />
| mpmtelog.triumf.ca<br />
|<br />
| T2K<br />
| 1<br />
| Provides elog for mPMT development<br />
|<br />
|-<br />
| m11elog.triumf.ca<br />
|<br />
| M11<br />
| 1<br />
| Provides elog for M11 beamline<br />
|<br />
|-<br />
| nd280elog-vm<br />
|<br />
| T2K<br />
| 1<br />
| Provides elog for ND280<br />
|<br />
|-<br />
| nd280webservice-vm<br />
|<br />
| T2K<br />
| 1<br />
| Provides various elog services<br />
|<br />
|-<br />
| neut00-vm.triumf.ca<br />
|<br />
| T2K<br />
| 1<br />
| Provides T2KGSC mirror, web & db server<br />
|<br />
|-<br />
| trbsddb-vm.triumf.ca<br />
|<br />
| T2K<br />
| 1<br />
| Provides BSD MySQL Database server<br />
|<br />
|-<br />
| t2kcaldb.triumf.ca<br />
|<br />
| T2K<br />
| 1<br />
| Provides MySQL database for ND280 calibration<br />
|<br />
|-<br />
| t2kcaldb-backup.triumf.ca <br />
|<br />
| T2K<br />
| 1<br />
| Provides MySQL endpoint for calibration database<br />
|<br />
|-<br />
| nd280gsc-backup.triumf.ca <br />
|<br />
| T2K<br />
| 1<br />
| Provides MySQL endpoint for GSC database<br />
|<br />
|<br />
|-<br />
| t2k-fdg-hwdb.triumf.ca<br />
|<br />
| T2K<br />
| 1<br />
| Hosts the FGD hardware database and webserver<br />
|<br />
|<br />
|-<br />
|}</div>
Lindner
https://daq00.triumf.ca/DaqWiki/index.php?title=DAQ_VMs&diff=8747
DAQ VMs
2026-02-23T19:16:01Z
<p>Lindner: </p>
<hr />
<div>The following is a list of virtual machines provided by the Core Computing group which are used by the DAQ group or by related experimental groups.<br />
Many of them are for elog instances.<br />
<br />
{| border="1" <br />
|+<br />
| VM machine name <br />
|Other names<br />
| Group<br />
| VLAN<br />
| Purpose<br />
| Status<br />
|-<br />
| midastestdaq<br />
|<br />
| DAQ<br />
| 1<br />
| Has example MIDAS installation (part of documentation)<br />
| Currently broken<br />
|-<br />
| trdata05<br />
|<br />
| DAQ<br />
| 1<br />
| Provides ~10TB of storage for the DAQ dcache instance.<br />
|<br />
<br />
|-<br />
| ucnsrv0-vm.triumf.ca<br />
| ucnelog<br />
| UCN<br />
| 1<br />
| Providing UCN elog<br />
|<br />
|-<br />
| ucn-backup01.triumf.ca<br />
|<br />
| UCN<br />
| 68<br />
| Provides 2TB of storage for raw data backup<br />
|<br />
|-<br />
| backup02.triumf.ca<br />
|<br />
| UCN<br />
| 68<br />
| Provides 4TB of storage for raw data backup<br />
|<br />
|-<br />
| ktmserver.triumf.ca<br />
|<br />
| UCN<br />
| 1<br />
| Provides readout and online display for the 1VM4 notch monitor (beamline 1V)<br />
|<br />
|-<br />
| exoelog.triumf.ca<br />
|<br />
| EXO<br />
| 1<br />
| Provides elog for EXO tests<br />
| not really used<br />
|-<br />
| scdms-srv0.triumf.ca<br />
|<br />
| SuperCDMS<br />
| 1<br />
| Testbed for CDMS development on Centos-7; also provides elog.<br />
|<br />
|-<br />
| mpmtelog.triumf.ca<br />
|<br />
| T2K<br />
| 1<br />
| Provides elog for mPMT development<br />
|<br />
|-<br />
| m11elog.triumf.ca<br />
|<br />
| M11<br />
| 1<br />
| Provides elog for M11 beamline<br />
|<br />
|-<br />
| nd280elog-vm<br />
|<br />
| T2K<br />
| 1<br />
| Provides elog for ND280<br />
|<br />
|-<br />
| nd280webservice-vm<br />
|<br />
| T2K<br />
| 1<br />
| Provides various elog services<br />
|<br />
|-<br />
| neut00-vm.triumf.ca<br />
|<br />
| T2K<br />
| 1<br />
| Provides T2KGSC mirror, web & db server<br />
|<br />
|-<br />
| trbsddb-vm.triumf.ca<br />
|<br />
| T2K<br />
| 1<br />
| Provides BSD MySQL Database server<br />
|<br />
|-<br />
| t2kcaldb.triumf.ca<br />
|<br />
| T2K<br />
| 1<br />
| Provides MySQL database for ND280 calibration<br />
|<br />
|-<br />
| t2kcaldb-backup.triumf.ca <br />
|<br />
| T2K<br />
| 1<br />
| Provides MySQL endpoint for calibration database<br />
|<br />
|-<br />
| nd280gsc-backup.triumf.ca <br />
|<br />
| T2K<br />
| 1<br />
| Provides MySQL endpoint for GSC database<br />
|<br />
|<br />
|-<br />
| t2k-fdg-hwdb.triumf.ca<br />
|<br />
| T2K<br />
| 1<br />
| Hosts the FGD hardware database and webserver<br />
|<br />
|<br />
|-<br />
|}</div>
Lindner
https://daq00.triumf.ca/DaqWiki/index.php?title=DAQ_VMs&diff=8738
DAQ VMs
2026-02-18T02:11:47Z
<p>Lindner: </p>
<hr />
<div>The following is a list of virtual machines provided by the Core Computing group which are used by the DAQ group or by related experimental groups.<br />
Many of them are for elog instances.<br />
<br />
{| border="1" <br />
|+<br />
| VM machine name <br />
|Other names<br />
| Group<br />
| VLAN<br />
| Purpose<br />
| Status<br />
|-<br />
| midastestdaq<br />
|<br />
| DAQ<br />
| 1<br />
| Has example MIDAS installation (part of documentation)<br />
| Currently broken<br />
|-<br />
| trdata05<br />
|<br />
| DAQ<br />
| 1<br />
| Provides ~10TB of storage for the DAQ dcache instance.<br />
|<br />
<br />
|-<br />
| ucnsrv0-vm.triumf.ca<br />
| ucnelog<br />
| UCN<br />
| 1<br />
| Providing UCN elog<br />
|<br />
|-<br />
| ucn-backup01.triumf.ca<br />
|<br />
| UCN<br />
| 68<br />
| Provides 2TB of storage for raw data backup<br />
|<br />
|-<br />
| ktmserver.triumf.ca<br />
|<br />
| UCN<br />
| 1<br />
| Provides readout and online display for the 1VM4 notch monitor (beamline 1V)<br />
|<br />
|-<br />
| exoelog.triumf.ca<br />
|<br />
| EXO<br />
| 1<br />
| Provides elog for EXO tests<br />
| not really used<br />
|-<br />
| scdms-srv0.triumf.ca<br />
|<br />
| SuperCDMS<br />
| 1<br />
| Testbed for CDMS development on Centos-7; also provides elog.<br />
|<br />
|-<br />
| mpmtelog.triumf.ca<br />
|<br />
| T2K<br />
| 1<br />
| Provides elog for mPMT development<br />
|<br />
|-<br />
| m11elog.triumf.ca<br />
|<br />
| M11<br />
| 1<br />
| Provides elog for M11 beamline<br />
|<br />
|-<br />
| nd280elog-vm<br />
|<br />
| T2K<br />
| 1<br />
| Provides elog for ND280<br />
|<br />
|-<br />
| nd280webservice-vm<br />
|<br />
| T2K<br />
| 1<br />
| Provides various elog services<br />
|<br />
|-<br />
| neut00-vm.triumf.ca<br />
|<br />
| T2K<br />
| 1<br />
| Provides T2KGSC mirror, web & db server<br />
|<br />
|-<br />
| trbsddb-vm.triumf.ca<br />
|<br />
| T2K<br />
| 1<br />
| Provides BSD MySQL Database server<br />
|<br />
|-<br />
| t2kcaldb.triumf.ca<br />
|<br />
| T2K<br />
| 1<br />
| Provides MySQL database for ND280 calibration<br />
|<br />
|-<br />
| t2kcaldb-backup.triumf.ca <br />
|<br />
| T2K<br />
| 1<br />
| Provides MySQL endpoint for calibration database<br />
|<br />
|-<br />
| nd280gsc-backup.triumf.ca <br />
|<br />
| T2K<br />
| 1<br />
| Provides MySQL endpoint for GSC database<br />
|<br />
|<br />
|-<br />
| t2k-fdg-hwdb.triumf.ca<br />
|<br />
| T2K<br />
| 1<br />
| Hosts the FGD hardware database and webserver<br />
|<br />
|<br />
|-<br />
|}</div>
Lindner
https://daq00.triumf.ca/DaqWiki/index.php?title=Forums&diff=8726
Forums
2026-02-04T21:27:50Z
<p>Lindner: </p>
<hr />
<div>* [https://midas.psi.ch/elogs/Forum ELOG forum at PSI]<br />
* [https://daq00.triumf.ca/elog-midas/Midas/ MIDAS forum]<br />
* [https://daq00.triumf.ca/elog-midas/Roody/ Roody forum]<br />
* [https://daq00.triumf.ca/elog-midas/Rome/ Rome forum]<br />
* [https://daq00.triumf.ca/elog-daq/DAQ TRIUMF DAQ forums and elogs (private)]<br />
* [https://elog.triumf.ca TRIUMF ELOGs]</div>
Lindner
https://daq00.triumf.ca/DaqWiki/index.php?title=Forums&diff=8725
Forums
2026-02-04T21:27:20Z
<p>Lindner: </p>
<hr />
<div>* [https://midas.psi.ch/elogs/Forum ELOG forum at PSI]<br />
* [https://daq00.triumf.ca/elog-midas/Midas/ MIDAS forum]<br />
* [https://ladd00.triumf.ca/elog/Roody Roody forum]<br />
* [https://ladd00.triumf.ca/elog/rome Rome forum]<br />
* [https://daq00.triumf.ca/elog-daq/DAQ TRIUMF DAQ forums and elogs (private)]<br />
* [https://elog.triumf.ca TRIUMF ELOGs]</div>
Lindner
https://daq00.triumf.ca/DaqWiki/index.php?title=ZFS&diff=8312
ZFS
2025-02-27T00:00:33Z
<p>Lindner: /* Use whole disk for zfs raidz2 */</p>
<hr />
<div>=== Documentation ===<br />
<br />
* https://openzfs.github.io/openzfs-docs/Performance%20and%20Tuning/Module%20Parameters.html ZFS module tunable parameters<br />
<br />
=== Files ===<br />
<br />
* /proc/spl/kstat/zfs/arcstats<br />
* /sys/module/zfs/parameters<br />
<br />
=== Important commands ===<br />
<br />
* zfs set acltype=posixacl pool ### do this for all ZFS pools otherwise all files have world-writable permissions (with nfs4.2, ubuntu LTS 18.04, 20.04), see https://github.com/openzfs/zfs/issues/10504<br />
<br />
* zfs set relatime=on pool ### ensure relatime is enabled otherwise each file access generates a write to the filesystem (to update the "last accessed" timestamp).<br />
<br />
== isdaq00 tuning ==<br />
<br />
Increase zfs cache to allow "cd /zssd/home1; du -ks *" to run completely from cache without any disk access.<br />
<br />
<pre><br />
echo 20000000000 > /sys/module/zfs/parameters/zfs_arc_max<br />
echo 50 > /sys/module/zfs/parameters/zfs_arc_dnode_limit_percent<br />
echo 90 > /sys/module/zfs/parameters/zfs_arc_meta_limit_percent<br />
echo 20000000000 > /sys/module/zfs/parameters/zfs_arc_max<br />
echo 2 > /proc/sys/vm/drop_caches<br />
</pre><br />
<br />
Note:<br />
* "memory_free_bytes" is same as free memory reported by "top"<br />
* "memory_available_bytes" minus adjustable safety margin ("avail" in arcstat)<br />
* "arc_meta_max" is "arc_meta_used" + "memory_available_bytes"<br />
* "arc_meta_limit" should be set much bigger than that, set by zfs_arc_max and zfs_arc_meta_limit_percent<br />
* "arc_meta_used" is "size" in arcstat<br />
* "arc_dnode_limit" should be set much bigger than "dnode_size", set by zfs_arc_dnode_limit_percent<br />
* all the data should end up in the MFU (not MRU), "mfu_size" should be huge, "mru_size" much smaller.<br />
* isdaq00 with 24 GB of RAM is just about big enough to fit all of /zssd/home1, arc_meta_used is about 10 GB, arc_meta_max is about 12 GB.<br />
<br />
=== Misc commands ===<br />
<br />
* zpool status<br />
* zpool get all<br />
* zpool iostat 1<br />
* zpool iostat -v 1<br />
* zpool history<br />
* zpool scrub data14<br />
* zpool events<br />
* arcstat.py 1<br />
* cat /proc/spl/kstat/zfs/arcstats<br />
* echo 30000000000 > /sys/module/zfs/parameters/zfs_arc_meta_limit<br />
* echo 32000000000 > /sys/module/zfs/parameters/zfs_arc_max<br />
<br />
* zfs get all<br />
* zfs set dedup=verify zssd/nfsroot<br />
<br />
* zpool create data14 raidz2 /dev/sd[b-h]1<br />
* zfs create z8tb/data<br />
* zfs destroy z8tb/data<br />
* zpool add z10tb cache /dev/disk/by-id/ata-ADATA_SP550_2F4320041688<br />
* parted /dev/sdx mklabel GPT<br />
* blkid<br />
* zpool iostat -v -q 1<br />
* watch -d -n 1 "cat /proc/spl/kstat/zfs/arcstats | grep l2"<br />
* zfs set primarycache=metadata tank/datab<br />
* zfs set secondarycache=metadata tank/datab<br />
<br />
* zfs userspace -p -H zssd/home1<br />
* zfs groupspace ...<br />
<br />
* zdb -vvv -O pool/gobackup/titan00__home1 data/home1/titan/packages/elog/logbooks/titan/2017<br />
* zdb -C pool | grep ashift ### find the real value of ashift<br />
<br />
* zfs snapshot -r pool_A@migrate<br />
* zfs send -R pool_A@migrate | zfs receive -F pool_B<br />
* echo 1 > /sys/module/zfs/parameters/zfs_send_corrupt_data # zfs send should not stop on i/o errors<br />
<br />
* zpool create test raidz2 `ls -1 /dev/disk/by-id/ata-WDC_WD40EZRX-00SPEB0_WD* | grep -v part`<br />
* zpool add -f test special mirror /dev/disk/by-id/ata-WDC_WDS120G2G0A-00JH30_1843A2802212 /dev/disk/by-id/ata-KINGSTON_SV300S37A120G_50026B77630CCB2C<br />
<pre><br />
invalid vdev specification<br />
use '-f' to override the following errors:<br />
mismatched replication level: pool and new vdev with different redundancy, raidz and mirror vdevs, 2 vs. 1 (2-way)<br />
</pre><br />
* from this talk: https://drive.google.com/file/d/1YzulcT7p7TvHF50aI-Rxg6CMZMIGnxL_/view<br />
<pre><br />
zpool iostat -l 1 ### queue latencies<br />
-w 1 ### distribution<br />
-q -v 1 ### active and queued requests<br />
-r1 ### size of IO<br />
</pre><br />
* echo 2 > /proc/sys/vm/drop_caches ### clear zfs cache and system cache, all memory is free after this<br />
* watch -n1 -d "cat /proc/spl/kstat/zfs/arcstats | grep -v l2 | tail -52"<br />
<br />
=== Create raid0 (mirror) volume ===<br />
<br />
<pre><br />
echo USE_DISK_BY_ID=\'yes\' >> /etc/default/zfs<br />
dracut -vf<br />
zpool create zssd mirror /dev/sdaX /dev/sdbX<br />
zpool set cachefile=none zssd<br />
zpool set failmode=continue zssd<br />
zpool status<br />
zpool events<br />
zpool get all<br />
df /zssd<br />
ls -l /zssd<br />
</pre><br />
<br />
=== Use whole disk for zfs mirror (RAID0) ===<br />
<br />
<pre><br />
echo USE_DISK_BY_ID=\'yes\' >> /etc/default/zfs<br />
[root@daq13 ~]# parted /dev/sdb<br />
(parted) mklabel GPT<br />
(parted) q <br />
[root@daq13 ~]# parted /dev/sdc<br />
(parted) mklabel GPT <br />
(parted) q <br />
[root@daq13 ~]# blkid <br />
/dev/sda1: UUID="ab920e4b-40ae-4551-aab8-f3e893d38830" TYPE="xfs" <br />
/dev/sdb: PTTYPE="gpt" <br />
/dev/sdc: PTTYPE="gpt" <br />
[root@daq13 ~]# zpool create z10tb mirror /dev/sdb /dev/sdc<br />
[root@daq13 ~]# zpool status<br />
pool: z10tb<br />
state: ONLINE<br />
scan: none requested<br />
config:<br />
<br />
NAME STATE READ WRITE CKSUM<br />
z10tb ONLINE 0 0 0<br />
mirror-0 ONLINE 0 0 0<br />
sdb ONLINE 0 0 0<br />
sdc ONLINE 0 0 0<br />
<br />
errors: No known data errors<br />
[root@daq13 ~]# <br />
[root@daq13 ~]# zfs create z10tb/emma<br />
[root@daq13 ~]# df -kl<br />
Filesystem 1K-blocks Used Available Use% Mounted on<br />
pool 9426697856 0 9426697856 0% /pool<br />
pool/daqstore 9426697856 0 9426697856 0% /pool/daqstore<br />
[root@daq13 ~]# <br />
</pre><br />
=== Use whole disk for zfs raidz2 ===<br />
<br />
* smart-status:<br />
<pre><br />
root@grifstore03:~# ./smart-status.perl <br />
Disk model serial temperature realloc pending uncorr CRC err RRER Errors Link<br />
/dev/nvme0n1 SAMSUNG MZ1L21T9HCLS-00A07 S666NT0X707031 36 100% . 1 ? ? ? NVMe<br />
/dev/nvme1n1 SAMSUNG MZ1L21T9HCLS-00A07 S666NT0X707035 29 100% . . ? ? ? NVMe<br />
/dev/sda TOSHIBA MG10ACA20TE 54V0A01HF4MJ 29 . . . . - . 6.0<br />
/dev/sdb TOSHIBA MG10ACA20TE 54V0A029F4MJ 31 . . . . - . 6.0<br />
/dev/sdc TOSHIBA MG10ACA20TE 6430A00UF4MJ 32 . . . . - . 6.0<br />
/dev/sdd TOSHIBA MG10ACA20TE 54V0A01KF4MJ 32 . . . . - . 6.0<br />
/dev/sde TOSHIBA MG10ACA20TE 6430A00FF4MJ 29 . . . . - . 6.0<br />
/dev/sdf TOSHIBA MG10ACA20TE 54V0A014F4MJ 29 . . . . - . 6.0<br />
/dev/sdg TOSHIBA MG10ACA20TE 54V0A02RF4MJ 28 . . . . - . 6.0<br />
/dev/sdh TOSHIBA MG10ACA20TE 6430A00TF4MJ 29 . . . . - . 6.0<br />
root@grifstore03:~# <br />
</pre><br />
* zpool create pool03 raidz2 /dev/disk/by-id/ata-TOSHIBA_MG10ACA20TE_*<br />
* zfs create pool03/grifstore03<br />
* zpool status<br />
<pre><br />
pool: pool03<br />
state: ONLINE<br />
config:<br />
<br />
NAME STATE READ WRITE CKSUM<br />
pool03 ONLINE 0 0 0<br />
raidz2-0 ONLINE 0 0 0<br />
ata-TOSHIBA_MG10ACA20TE_54V0A014F4MJ ONLINE 0 0 0<br />
ata-TOSHIBA_MG10ACA20TE_54V0A01HF4MJ ONLINE 0 0 0<br />
ata-TOSHIBA_MG10ACA20TE_54V0A01KF4MJ ONLINE 0 0 0<br />
ata-TOSHIBA_MG10ACA20TE_54V0A029F4MJ ONLINE 0 0 0<br />
ata-TOSHIBA_MG10ACA20TE_54V0A02RF4MJ ONLINE 0 0 0<br />
ata-TOSHIBA_MG10ACA20TE_6430A00FF4MJ ONLINE 0 0 0<br />
ata-TOSHIBA_MG10ACA20TE_6430A00TF4MJ ONLINE 0 0 0<br />
ata-TOSHIBA_MG10ACA20TE_6430A00UF4MJ ONLINE 0 0 0<br />
<br />
errors: No known data errors<br />
</pre><br />
* zfs list<br />
<pre><br />
pool03 1.27M 103T 205K /pool03<br />
pool03/grifstore03 205K 103T 205K /pool03/grifstore03<br />
</pre><br />
* fdisk -l<br />
<pre><br />
Disk /dev/sdh: 18.19 TiB, 20000588955648 bytes, 39063650304 sectors<br />
Disk model: TOSHIBA MG10ACA2<br />
Units: sectors of 1 * 512 = 512 bytes<br />
Sector size (logical/physical): 512 bytes / 4096 bytes<br />
I/O size (minimum/optimal): 4096 bytes / 4096 bytes<br />
Disklabel type: gpt<br />
Disk identifier: 9361C644-05CF-DF49-A572-43BCC55A3AA2<br />
<br />
Device Start End Sectors Size Type<br />
/dev/sdh1 2048 39063631871 39063629824 18.2T Solaris /usr & Apple ZFS<br />
/dev/sdh9 39063631872 39063648255 16384 8M Solaris reserved 1<br />
</pre><br />
* test write speed<br />
<pre><br />
root@grifstore03:/tig/grifstore3/test# dd if=/dev/random of=/tig/grifstore3/test/test.dat bs=1M count=50000<br />
50000+0 records in<br />
50000+0 records out<br />
52428800000 bytes (52 GB, 49 GiB) copied, 87.0561 s, 602 MB/s<br />
</pre><br />
<br />
=== Enable ZFS at boot ===<br />
<br />
<pre><br />
systemctl enable zfs-import-cache<br />
systemctl enable zfs-import-scan<br />
systemctl enable zfs-mount<br />
systemctl enable zfs-import.target<br />
systemctl enable zfs.target<br />
</pre><br />
<br />
=== Replace failed disk ===<br />
<br />
* pull failed disk out<br />
* zpool status # identify failed disk zfs label (it should be labeled FAULTED or OFFLINE<br />
* safe to reboot here<br />
* install new disk<br />
* partition new disk, i.e. "gdisk /dev/sdh", use "o" to create new partition table, use "n" to create new partition, accept all default answers, use "w" to save and exit<br />
* safe to reboot here<br />
* run tests on new disk (smart, diskscrub), if unhappy go back to "install new disk"<br />
* safe to reboot here<br />
* identify serial number of new disk, i.e. "smartctl -a /dev/sdh | grep -i serial" yields "Serial Number: WD-WCAVY0893313"<br />
* identify linux id of new disk by "ls -l /dev/disk/by-id | grep -i WD-WCAVY0893313" yields "ata-WDC_WD2002FYPS-01U1B0_WD-WCAVY0893313-part1"<br />
* zpool replace data11 zfs-label-of-failed-disk ata-WDC_WD2002FYPS-01U1B0_WD-WCAVY0893313-part1<br />
* zpool status should look like this:<br />
<pre><br />
[root@daq11 ~]# zpool status<br />
pool: data11<br />
state: DEGRADED<br />
status: One or more devices is currently being resilvered. The pool will<br />
continue to function, possibly in a degraded state.<br />
action: Wait for the resilver to complete.<br />
scan: resilver in progress since Fri Apr 29 11:51:03 2016<br />
24.7G scanned out of 795G at 32.3M/s, 6h46m to go<br />
3.00G resilvered, 3.11% done<br />
config:<br />
<br />
NAME STATE READ WRITE CKSUM<br />
data11 DEGRADED 0 0 0<br />
raidz2-0 DEGRADED 0 0 0<br />
ata-WDC_WD20EARS-00MVWB0_WD-WCAZA3872943-part1 ONLINE 0 0 0<br />
ata-WDC_WD20EARS-00MVWB0_WD-WCAZA1973466-part1 ONLINE 0 0 0<br />
replacing-2 DEGRADED 0 0 0<br />
17494865033746374811 FAULTED 0 0 0 was /dev/sdi1<br />
ata-WDC_WD2002FYPS-01U1B0_WD-WCAVY0893313-part1 ONLINE 0 0 0 (resilvering)<br />
ata-WDC_WD20EARS-00MVWB0_WD-WCAZA1973369-part1 ONLINE 0 0 0<br />
ata-WDC_WD20EARS-00MVWB0_WD-WMAZA0858733-part1 ONLINE 0 0 0<br />
ata-WDC_WD20EARS-00MVWB0_WD-WMAZA0819555-part1 ONLINE 0 0 0<br />
ata-WDC_WD20EARS-00MVWB0_WD-WMAZA0857075-part1 ONLINE 0 0 0<br />
ata-WDC_WD2002FYPS-01U1B0_WD-WCAVY0347413-part1 ONLINE 0 0 0<br />
<br />
errors: No known data errors<br />
</pre><br />
* wait for raid rebuild ("resilvering") to complete<br />
* zpool status should look like this:<br />
<pre><br />
[root@daq11 ~]# zpool status<br />
pool: data11<br />
state: ONLINE<br />
scan: resilvered 96.2G in 1h44m with 0 errors on Fri Apr 29 13:35:40 2016<br />
config:<br />
<br />
NAME STATE READ WRITE CKSUM<br />
data11 ONLINE 0 0 0<br />
raidz2-0 ONLINE 0 0 0<br />
ata-WDC_WD20EARS-00MVWB0_WD-WCAZA3872943-part1 ONLINE 0 0 0<br />
ata-WDC_WD20EARS-00MVWB0_WD-WCAZA1973466-part1 ONLINE 0 0 0<br />
ata-WDC_WD2002FYPS-01U1B0_WD-WCAVY0893313-part1 ONLINE 0 0 0<br />
ata-WDC_WD20EARS-00MVWB0_WD-WCAZA1973369-part1 ONLINE 0 0 0<br />
ata-WDC_WD20EARS-00MVWB0_WD-WMAZA0858733-part1 ONLINE 0 0 0<br />
ata-WDC_WD20EARS-00MVWB0_WD-WMAZA0819555-part1 ONLINE 0 0 0<br />
ata-WDC_WD20EARS-00MVWB0_WD-WMAZA0857075-part1 ONLINE 0 0 0<br />
ata-WDC_WD2002FYPS-01U1B0_WD-WCAVY0347413-part1 ONLINE 0 0 0<br />
<br />
errors: No known data errors<br />
</pre><br />
<br />
=== replace failed disk (whole disk zfs) ===<br />
<br />
* roughly same as above<br />
* parted /dev/sdi, mklabel GPT, q<br />
* zpool replace pool 5050168421842479357 /dev/disk/by-id/ata-WDC_WD60EFRX-68MYMN1_WD-WX31D944C2AP<br />
* here "pool" is the zfs pool name<br />
* first number is the failed "was" disk from "zpool status"<br />
* second /dev/disk/by-id is the replacement disk from ./smart-status.perl<br />
* zpool status<br />
<pre><br />
[root@tigstore01 ~]# zpool status<br />
pool: pool<br />
state: DEGRADED<br />
status: One or more devices is currently being resilvered. The pool will<br />
continue to function, possibly in a degraded state.<br />
action: Wait for the resilver to complete.<br />
scan: resilver in progress since Thu Sep 8 16:06:41 2022<br />
9.36T scanned at 829M/s, 7.27T issued at 644M/s, 18.0T total<br />
625G resilvered, 40.48% done, 04:50:08 to go<br />
config:<br />
<br />
NAME STATE READ WRITE CKSUM<br />
pool DEGRADED 0 0 0<br />
raidz2-0 DEGRADED 0 0 0<br />
ata-WDC_WD60EFRX-68MYMN1_WD-WX21D9421VHA ONLINE 0 0 0 (resilvering)<br />
ata-WDC_WD60EFRX-68MYMN1_WD-WX31D944C8Y6 ONLINE 0 0 0<br />
ata-WDC_WD60EFRX-68MYMN1_WD-WX31D944CKDK ONLINE 0 0 0<br />
replacing-3 DEGRADED 0 0 0<br />
5050168421842479357 UNAVAIL 0 0 0 was /dev/disk/by-id/ata-WDC_WD60EFRX-68MYMN1_WD-WX31D944CPDP-part1<br />
ata-WDC_WD60EFRX-68L0BN1_WD-WX11DA5NDTPS UNAVAIL 3 0 0 (resilvering)<br />
ata-WDC_WD60EFRX-68MYMN1_WD-WX31D944C2AP ONLINE 0 0 0 (resilvering)<br />
ata-WDC_WD60EFRX-68L0BN1_WD-WX21DA5FNE28 ONLINE 0 0 0<br />
ata-WDC_WD60EFRX-68MYMN1_WD-WX41D94RNHS4 ONLINE 0 0 0 (resilvering)<br />
ata-WDC_WD60EFRX-68MYMN1_WD-WX41D94RNT2A ONLINE 0 0 0<br />
ata-WDC_WD60EFRX-68MYMN1_WD-WX41D94RNZJ0 ONLINE 0 0 0<br />
<br />
errors: No known data errors<br />
</pre><br />
* wait for resilver to complete<br />
<br />
=== Expand zfs pool ===<br />
<br />
<pre><br />
replacing 250GB mirrored SSDs with 1TB mirrored SSDs:<br />
zpool scrub ### ensure both mirror halves are consistent and have good data<br />
# confirm have backups of pool contents (amanda and daqbackup)<br />
# pull one 250GB SSD<br />
# insert replacement 1TB SSD<br />
# follow instructions for replacing failed disk:<br />
parted /dev/sda ...<br />
ls -l /dev/disk/by-id/...<br />
zpool replace zssd sda1 ata-WDC_WDS100T2B0A_192872803056<br />
# wait for resilvering to complete<br />
zpool scrub zssd # confirm resilver was ok<br />
# do the same with the second 1TB disk<br />
parted /dev/sdb<br />
ls -l /dev/disk/by-id/...<br />
zpool replace zssd sdb1 ata-WDC_WDS100T2B0A_192872802193<br />
zpool online -e zssd ata-WDC_WDS100T2B0A_192872803056<br />
zpool list -v ### observe EXPANDSZ is now non-zero<br />
# wait for resilver to finish<br />
zpool online -e zssd ata-WDC_WDS100T2B0A_192872803056<br />
zpool list -v ### observe EXPANDSZ is now zero, but SIZE and FREE have changed<br />
</pre><br />
<pre><br />
[root@alpha00 ~]# zpool list -v zssd<br />
NAME SIZE ALLOC FREE EXPANDSZ FRAG CAP DEDUP HEALTH ALTROOT<br />
zssd 222G 202G 20.1G 706G 56% 90% 1.00x DEGRADED -<br />
mirror 222G 202G 20.1G 708G 56% 90%<br />
ata-WDC_WDS100T2B0A_192872803056 - - - - - -<br />
replacing - - - 708G - -<br />
sdb1 - - - 708G - -<br />
ata-WDC_WDS100T2B0A_192872802193 - - - - - -<br />
</pre><br />
<pre><br />
[root@alpha00 ~]# zpool list -v zssd<br />
NAME SIZE ALLOC FREE EXPANDSZ FRAG CAP DEDUP HEALTH ALTROOT<br />
zssd 930G 202G 728G - 13% 21% 1.00x ONLINE -<br />
mirror 930G 202G 728G - 13% 21%<br />
ata-WDC_WDS100T2B0A_192872803056 - - - - - -<br />
ata-WDC_WDS100T2B0A_192872802193 - - - - - -<br />
</pre><br />
<br />
=== Convert pool from single to mirror ===<br />
<br />
* we will convert a single-disk pool to a mirrored pool<br />
* initial state:<br />
<pre><br />
root@daq13:~# zpool status<br />
pool: bpool<br />
state: ONLINE<br />
scan: none requested<br />
config:<br />
<br />
NAME STATE READ WRITE CKSUM<br />
bpool ONLINE 0 0 0<br />
489bdda8-989a-f748-95b2-c1041aceed65 ONLINE 0 0 0<br />
<br />
errors: No known data errors<br />
<br />
pool: rpool<br />
state: ONLINE<br />
scan: none requested<br />
config:<br />
<br />
NAME STATE READ WRITE CKSUM<br />
rpool ONLINE 0 0 0<br />
d870d08b-5bba-f441-b486-6e4975a384f2 ONLINE 0 0 0<br />
<br />
errors: No known data errors<br />
</pre><br />
* per https://unix.stackexchange.com/questions/525950/how-to-convert-one-disk-zfs-pool-into-two-disk-raid1-pool<br />
<pre><br />
root@daq13:~# zpool attach rpool d870d08b-5bba-f441-b486-6e4975a384f2 /dev/sda2<br />
</pre><br />
* status<br />
<pre><br />
root@daq13:~# zpool status<br />
pool: bpool<br />
state: ONLINE<br />
scan: none requested<br />
config:<br />
<br />
NAME STATE READ WRITE CKSUM<br />
bpool ONLINE 0 0 0<br />
489bdda8-989a-f748-95b2-c1041aceed65 ONLINE 0 0 0<br />
<br />
errors: No known data errors<br />
<br />
pool: rpool<br />
state: ONLINE<br />
status: One or more devices is currently being resilvered. The pool will<br />
continue to function, possibly in a degraded state.<br />
action: Wait for the resilver to complete.<br />
scan: resilver in progress since Sun Jan 3 16:17:48 2021<br />
8.94G scanned at 2.98G/s, 620M issued at 207M/s, 8.94G total<br />
637M resilvered, 6.78% done, 0 days 00:00:41 to go<br />
config:<br />
<br />
NAME STATE READ WRITE CKSUM<br />
rpool ONLINE 0 0 0<br />
mirror-0 ONLINE 0 0 0<br />
d870d08b-5bba-f441-b486-6e4975a384f2 ONLINE 0 0 0<br />
sda2 ONLINE 0 0 0 (resilvering)<br />
<br />
errors: No known data errors<br />
</pre><br />
<br />
=== Rename zfs pool ===<br />
<br />
<pre><br />
zpool export oldname<br />
zpool import oldname z6tb<br />
</pre><br />
<br />
=== Quotas and disk use ===<br />
<br />
* zfs userspace zssd/home1 -s used<br />
<br />
=== Misc ===<br />
<br />
<pre><br />
ZFS tunable parameters for hopefully speeding up resilvering:<br />
<br />
https://www.reddit.com/r/zfs/comments/4192js/resilvering_raidz_why_so_incredibly_slow/<br />
echo 0 > /sys/module/zfs/parameters/zfs_resilver_delay<br />
echo 512 > /sys/module/zfs/parameters/zfs_top_maxinflight<br />
echo 5000 > /sys/module/zfs/parameters/zfs_resilver_min_time_ms<br />
</pre><br />
<br />
Enable periodic scrub:<br />
<br />
<pre><br />
cd ~/git/scripts<br />
git pull<br />
cd zfs<br />
make install<br />
</pre><br />
<br />
Working with ZFS snapshots:<br />
<br />
* zfs list -t snapshot<br />
* cd ~/git; git clone https://github.com/zfsonlinux/zfs-auto-snapshot.git; cd zfs-auto-snapshot; make install<br />
<br />
If ZFS becomes 100% full, "rm" will stop working, but space can still be freed by using "echo > bigfile", afterwards "rm" works again.</div>
Lindner
https://daq00.triumf.ca/DaqWiki/index.php?title=Ubuntu&diff=8308
Ubuntu
2025-02-25T00:07:11Z
<p>Lindner: /* move /home/wheel (U-24) */</p>
<hr />
<div>= Prerequisites =<br />
<br />
* before setting up new machine run memory test<br />
* prepare flash drive with free version of memtest86: https://www.memtest86.com<br />
* test boot from flash drive, test takes ~ few hours<br />
* test will end with summary page, if passed continue with Ubuntu<br />
* number that might be worth noting is memory latency<br />
<br />
= Ubuntu version =<br />
<br />
<pre><br />
lsb_release -a<br />
uname -a<br />
</pre><br />
<br />
= Ubuntu installer =<br />
<br />
* updated for Ububtu LTS 20.04.01, 22.04.1, 24.04 (only minor differences)<br />
<br />
* download the latest Ubuntu LTS desktop installer iso image<br />
* dd the image to a USB key<br />
* power down, disconnect all disks (all HDDs, all SSDs, all M.2)<br />
* connect the SSD to be used as system disk<br />
* if system will use mirrored SSDs (using ZFS mirror), leave second SSD disconnected, we will activate it later<br />
* power up<br />
* boot from USB key in legacy mode or UEFI mode (select this in the BIOS boot menu - F8 for ASUS, F11 for Supermicro)<br />
* follow the instruction:<br />
* "try ubuntu or install ubuntu" - choose "install"<br />
* select language - accept default<br />
* "updates and other software" - accept default settings ("normal install")<br />
* "installation type" - select "advanced features" and "experimental: use ZFS"<br />
* accept partition choice<br />
* "where are you?" - select "Vancouver" (PST time zone)<br />
* "who are you?" - leave all fields blank, except "username" set to "wheel", "password" set to the root password. hostname will be set later after configuring the network<br />
* don't install third party sw<br />
* installation runs in a few minutes, when finished, reboot<br />
* login as user wheel<br />
* answer annouying questions:<br />
* "livepatch" - say "next"<br />
* "help improve" - select "do not send", say "next"<br />
* "privacy" - leave "location" as "off", say "next"<br />
* "ready to go", say "done"<br />
* right-click on the desktop, say "open in terminal", a shell will open<br />
* say "sudo /bin/bash", enter the root password, you now have the root shell<br />
* run nm-connection-editor to configure the network. use netmask 255.255.224.0, gateway 142.90.100.18, DNS 142.90.100.19, search path "triumf.ca"<br />
* after network is up (can ping ladd00), continue with post-installation steps below<br />
<br />
= Install instructions =<br />
<br />
== prepare ==<br />
<pre><br />
apt update<br />
apt upgrade<br />
</pre><br />
<br />
== install ssh ==<br />
<pre><br />
apt install ssh<br />
</pre><br />
<br />
== install git/scripts ==<br />
<pre><br />
apt -y install git<br />
mkdir ~root/git<br />
cd ~root/git<br />
git clone https://daq00.triumf.ca/~olchansk/git/scripts.git<br />
cd scripts<br />
git pull<br />
</pre><br />
<br />
* if needed, update git/scripts repository from ladd00 to daq00:<br />
* git remote -v ### if it says daq00, we are good<br />
* git remote set-url origin https://daq00.triumf.ca/~olchansk/git/scripts.git<br />
* git pull ### check that it works<br />
<br />
== configure hostname ==<br />
<pre><br />
vi /etc/hostname<br />
</pre><br />
<br />
== disable swap ==<br />
<br />
ubuntu installer creates a 2 GB swap partition, not useful<br />
on 32-64 GB machine, disable it:<br />
<pre><br />
vi /etc/fstab ### comment out the "swap" line<br />
</pre><br />
<br />
* on 64 GB RAM machines swap is not useful<br />
* on machines booted from network (NFS-ROOT), swap does not work<br />
* on machines running from flash (RPi, etc), flash is too slow for useful swap<br />
* swap configured by linux installers invariably has wrong size and is not useful<br />
<br />
<pre><br />
systemctl disable dphys-swapfile<br />
systemctl stop dphys-swapfile<br />
dphys-swapfile uninstall<br />
</pre><br />
<br />
== maybe reboot ==<br />
<br />
this is a good point to reboot the machine to boot<br />
the latest kernel and to set the correct hostname<br />
<br />
== install etckeeper ==<br />
<br />
keep contents of /etc in a git repository:<br />
<br />
<pre><br />
apt -y install etckeeper<br />
</pre><br />
<br />
== set timezone ==<br />
<pre><br />
timedatectl list-timezones | grep -i vancouver<br />
timedatectl set-timezone America/Vancouver<br />
</pre><br />
<br />
== install time synchronization ==<br />
<br />
check if chrony is installed correctly and is synched to TRIUMF time servers:<br />
<br />
<pre><br />
chronyc sources<br />
chronyc tracking<br />
</pre><br />
<br />
if not, remove old chrony and<br />
<br />
<pre><br />
apt -y remove chrony<br />
apt -y purge chrony<br />
</pre><br />
<br />
and install it from scratch:<br />
<br />
<pre><br />
apt -y install chrony<br />
cd ~/git/scripts<br />
git pull<br />
cd ~<br />
cp ~/git/scripts/etc/triumf.sources /etc/chrony/sources.d/<br />
systemctl disable systemd-timesyncd.service<br />
systemctl stop systemd-timesyncd.service<br />
systemctl disable ntp<br />
systemctl stop ntp<br />
systemctl enable chrony<br />
systemctl restart chrony<br />
chronyc sources<br />
chronyc tracking<br />
</pre><br />
<br />
== reenable systemd-timesyncd ==<br />
<br />
ONLY IF CHRONY DOES NOT WORK<br />
<br />
To configure systemd-timesyncd, set "NTP=" in /etc/systemd/timesyncd.conf<br />
<br />
<pre><br />
apt remove chrony<br />
cat /etc/systemd/timesyncd.conf<br />
systemctl enable systemd-timesyncd.service<br />
systemctl restart systemd-timesyncd.service<br />
systemctl status systemd-timesyncd.service<br />
timedatectl status<br />
timedatectl timesync-status<br />
</pre><br />
<br />
== enable outgoing email (debian 11) ==<br />
<br />
this is different from ubuntu 20. it uses /etc/mailname and it hardwires the hostname into main.cf.<br />
<br />
== enable outgoing email ==<br />
<br />
we have an unusual email configuration. outgoing email should work to deliver error messages, notices, etc. incoming email is disabled, we do not receive email for local users.<br />
<br />
this causes problems with TRIUMF smtp server. if our message cannot be delivered (wrong email address or receipient computer is turned off), TRIUMF smtp server will generate a delivery failure notification email and try to send it to the "from" address of the failed message. but the "from" address does not receive any email, so another delivery failure notification email is generated and an attempt to deliver it. which again fails, rinse and repeat.<br />
<br />
as solution, kray created a special rule, email from scrap.triumf.ca does not generate delivery failure notices. failed messages sit in the queue for 5 days, then they are deleted. (K.O. - confirmed with kray 3jan2024).<br />
<br />
to make this work we use the msmtp MTA package.<br />
<br />
<pre><br />
cd ~<br />
apt -y remove postfix<br />
apt -y purge postfix # remove old config files<br />
apt -y install mailutils msmtp msmtp-mta # say "no" to apparmor support<br />
apt -y install bsd-mailx<br />
cd ~/git/scripts/etc<br />
git pull<br />
/bin/cp -fv aliases /etc/aliases<br />
/bin/cp -fv msmtprc /etc/msmtprc<br />
/bin/rm -vf ~root/.forward<br />
/bin/rm -vf /etc/mailname<br />
Mail root<br />
Subject: test<br />
test<br />
^D<br />
CC: <CR><br />
</pre><br />
<br />
== enable outgoing email (postfix) ==<br />
<br />
THIS IS OBSOLETE!!!<br />
<br />
* TRIUMF: use smtp.triumf.ca<br />
* CERN: use cernmx.cern.ch<br />
<br />
<pre><br />
apt install postfix ### select "satellite system", enter full hostname "xxx.triumf.ca", enter "smtp.triumf.ca"<br />
apt install mailutils<br />
dpkg-reconfigure postfix ### (if postfix already installed)<br />
</pre><br />
<pre><br />
echo olchansk@triumf.ca lindner@triumf.ca bsmith@triumf.ca >> ~root/.forward<br />
mailx root<br />
test<br />
^D<br />
</pre><br />
<br />
== enable ping for all users (debian 11) ==<br />
<br />
Without this tweak, Debian will report "operation not permitted" if a user tries to ping somewhere.<br />
<br />
<pre><br />
echo 'net.ipv4.ping_group_range = 0 1000' > /etc/sysctl.d/99-ping.conf<br />
</pre><br />
<br />
== disable apparmor ==<br />
<br />
On NFS-Root network booted machines!<br />
<br />
If "man man" returns "permission denied" and syslog reports apparmor "sendmsg DENIED" errors, disable apparmor. This is supposedly fixed in kernel 6.0 and later (to be confirmed), see https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1784499<br />
<br />
Disable apparmor, see https://ubuntu.com/server/docs/security-apparmor<br />
<br />
This takes effect after a reboot.<br />
<br />
<pre><br />
systemctl stop apparmor.service<br />
systemctl disable apparmor.service<br />
</pre><br />
<br />
== install missing packages ==<br />
<br />
(apt eats terminal input, even the "yes |" trick does not quite work,<br />
repeat the following commands until they report that everything<br />
is installed)<br />
<br />
<pre><br />
yes | apt -y install ssh tcsh ethtool ncat rsync strace net-tools traceroute time minicom screen git lsof debsums tmux iptables telnet pax rpm mtools at gdisk<br />
yes | apt -y install sysstat smartmontools lm-sensors<br />
yes | apt -y install lsb-release<br />
apt -y install vim # in addition to default vim-tiny, requested by IRIS<br />
apt -y install gedit # requested by TACTIC<br />
apt -y install tcl<br />
apt -y install pax rpm alien ### package converter tools<br />
yes | apt -y install flex bison<br />
yes | apt -y install neofetch<br />
yes | apt -y install snmp snmp-mibs-downloader<br />
yes | apt -y install git subversion g++ gfortran cmake doxygen<br />
yes | apt -y install curl libcurl4 libcurl4-openssl-dev<br />
yes | apt -y install mariadb-client ### mysql client<br />
yes | apt -y install libz-dev libzstd-dev sqlite3 libsqlite3-dev unixodbc-dev<br />
yes | apt -y install libssl-dev<br />
yes | apt -y install emacs xemacs21 joe<br />
yes | apt -y install gnuplot dos2unix<br />
yes | apt -y install mutt bsd-mailx # email clients<br />
yes | apt -y install liblz4-tool pbzip2<br />
yes | apt -y install libc6-dev-i386 # otherwise no /usr/include/sys/types.h<br />
yes | apt -y install libreadline-dev<br />
yes | apt -y install ubuntu-mate-themes<br />
yes | apt -y install libmotif-dev libxmu-dev<br />
yes | apt -y install libusb-dev libusb-1.0-0-dev<br />
yes | apt -y install i2c-tools libi2c-dev libi2c0<br />
yes | apt -y install xfig gsfonts-x11 gsfonts-other # install fonts for xfig<br />
yes | apt -y install libjson-perl<br />
yes | apt -y install libgsl-dev # additional GNU Scientific Library<br />
yes | apt -y install qt5-default # Qt development<br />
yes | apt -y install python3-full python3-dev python3-dbg python3-pip ### for pyROOT<br />
yes | apt -y install imagemagick imagemagick-common ckeditor # for elog<br />
yes | apt -y install libjpeg-dev libjpeg-progs libjpeg-tools<br />
yes | apt -y install linux-tools-common linux-tools-generic # cpupower frequency-info<br />
yes | apt -y install rdesktop remmina remmina-plugin"*" # requested by POL<br />
yes | apt -y install nlohmann-json3-dev # required to build MIDAS with ROOT 6.30 on Ubuntu-22<br />
apt -y install dpkg-dev cmake g++ gcc binutils libx11-dev libxpm-dev libxft-dev libxext-dev python3 libssl-dev libafterimage0 # from https://root.cern/install/dependencies/<br />
apt -y install gfortran libpcre3-dev xlibmesa-glu-dev libglew-dev libftgl-dev libmysqlclient-dev libfftw3-dev libcfitsio-dev graphviz-dev libldap2-dev python3-dev python3-numpy libxml2-dev libkrb5-dev libgsl0-dev qtwebengine5-dev nlohmann-json3-dev libtbb-dev libavahi-compat-libdnssd-dev # from https://root.cern/install/dependencies/<br />
apt -y install libvdt-dev # for ROOT 6.32 on Ubuntu-24<br />
apt -y install autoconf automake gperf # gnu package build tools<br />
apt -y install u-boot-tools # for Xilinx petalinux<br />
#apt -y install linux-headers-generic # to build linux kernel drivers<br />
</pre><br />
<br />
Ubuntu LTS 20.04:<br />
<pre><br />
yes | apt -y install linux-image-generic-hwe-20.04 linux-tools-virtual-hwe-20.04 # enable linux 5.11 series kernel<br />
</pre><br />
<br />
Ubuntu LTS 22.04:<br />
<pre><br />
apt -y install linux-generic-hwe-22.04 # enable linux 6.2.0 series kernel<br />
</pre><br />
<br />
Ubuntu LTS 24.04:<br />
<pre><br />
apt -y install linux-generic-hwe-24.04 # enable linux 6.8.0 series kernel<br />
</pre><br />
<br />
== install non-snap firefox ==<br />
<br />
See https://askubuntu.com/questions/1399383/how-to-install-firefox-as-a-traditional-deb-package-without-snap-in-ubuntu-22<br />
<br />
<pre><br />
add-apt-repository ppa:mozillateam/ppa<br />
apt install firefox-esr<br />
echo run firefox-esr<br />
</pre><br />
<br />
== configure DNS ==<br />
<br />
<pre><br />
cd ~/git/scripts<br />
git pull<br />
mkdir /etc/systemd/resolved.conf.d<br />
cp etc/resolved-triumf.conf /etc/systemd/resolved.conf.d/<br />
systemctl restart systemd-resolved<br />
resolvectl<br />
#systemd-analyze cat-config systemd/resolved.conf<br />
</pre><br />
<br />
== install ganglia ==<br />
<br />
<pre><br />
apt -y install ganglia-monitor<br />
cd ~root/git/scripts/ganglia<br />
git pull<br />
make install<br />
./ganglia-all.perl<br />
</pre><br />
<br />
fix gmond start before network is ready:<br />
<br />
<pre><br />
mkdir /etc/systemd/system/ganglia-monitor.service.d<br />
echo -e "[Unit]\nAfter=network-online.target\n" > /etc/systemd/system/ganglia-monitor.service.d/local.conf<br />
systemctl daemon-reload<br />
systemctl cat ganglia-monitor.service<br />
</pre><br />
<br />
== install gonodeinfo ==<br />
<br />
* go to https://bitbucket.org/dd1/gonodeinfo follow instructions:<br />
<pre><br />
yes | apt-get -y install golang<br />
mkdir ~/git<br />
cd ~/git<br />
#git clone https://bitbucket.org/dd1/gonodeinfo.git<br />
git clone https://daq00.triumf.ca/~olchansk/git/gonodeinfo.git<br />
cd gonodeinfo<br />
git remote set-url origin https://daq00.triumf.ca/~olchansk/git/gonodeinfo.git<br />
git pull<br />
make<br />
make install # install gonodeinfo agent<br />
cd ~ # this is important<br />
</pre><br />
* edit /etc/gonodeinfo.conf<br />
* change "Description", "Location", "User" and "Administrator" as appropriate (or delete them)<br />
* change "Servers" to read: Servers: daq00.triumf.ca:8601<br />
* run "gonodeinfo -v"<br />
* if error is "connection refused". go to the nodeinfo server to add this client to the access control list:<br />
* on the gonodeinfo server: run /opt/gonodeinfo/gonodereceive.exe -a daq13<br />
* try gonodeinfo again, there should be no error<br />
* on the gonodeinfo server: run gonodereport, look at the web pages, the new machine should be listed now<br />
<br />
== install emailonreboot ==<br />
<br />
send an email if computer is rebooted<br />
<br />
<pre><br />
ssh root<br />
mkdir -p ~/git<br />
cd ~/git<br />
git clone https://daq00.triumf.ca/~olchansk/git/rpms.git<br />
cd rpms/emailonreboot<br />
git pull<br />
make<br />
make install<br />
</pre><br />
<br />
== install monitor_nfs ==<br />
<br />
monitor NFS mounts and complain about dead, stale and hung mounts<br />
<br />
<pre><br />
ssh root<br />
mkdir -p ~/git<br />
cd ~/git<br />
git clone https://daq00.triumf.ca/~olchansk/git/rpms.git<br />
cd rpms/monitor_nfs<br />
git pull<br />
make<br />
make install<br />
</pre><br />
<br />
== install fonts for EPICS ==<br />
<br />
* apt -y install xfonts-100dpi xfonts-75dpi<br />
* restart Xorg (i.e. "killall Xorg", this will log you out from the console)<br />
* xlsfonts | grep -i helvetica ### should show fonts with different sizes, not just size 0 (scalable)<br />
<br />
== install libz.so.1 for CentOS compatibility ==<br />
<br />
KO - confirm which versions on quartus need this.<br />
<br />
<pre><br />
yes | apt-get -y install zlib1g<br />
yes | apt-get -y install zlib1g:i386 libc6:i386 libgcc1:i386 gcc-6-base:i386<br />
</pre><br />
<br />
== install ld-ldb-x86-64.so.3 for Quartus compatibility ==<br />
<br />
Not clear from package this is supposed to come from. Copied from U-20.<br />
<br />
Without this, Quartus lmgrd does not run.<br />
<br />
<pre><br />
cd /lib64<br />
ln -s ld-linux-x86-64.so.2 ld-lsb-x86-64.so.2<br />
ln -s ld-linux-x86-64.so.2 ld-lsb-x86-64.so.3<br />
</pre><br />
<br />
should look like this:<br />
<pre><br />
root@daq13:/lib64# ls -l<br />
total 3<br />
lrwxrwxrwx 1 root root 44 Jan 28 09:07 ld-linux-x86-64.so.2 -> ../lib/x86_64-linux-gnu/ld-linux-x86-64.so.2<br />
lrwxrwxrwx 1 root root 20 Feb 18 16:45 ld-lsb-x86-64.so.2 -> ld-linux-x86-64.so.2<br />
lrwxrwxrwx 1 root root 20 Feb 18 16:45 ld-lsb-x86-64.so.3 -> ld-linux-x86-64.so.2<br />
root@daq13:/lib64# <br />
</pre><br />
<br />
== install libpng12.so.0 for Quartus compatibility ==<br />
<br />
(does not work anymore!!!)<br />
<br />
<pre><br />
wget http://ftp.ca.debian.org/debian/pool/main/libp/libpng/libpng12-0_1.2.50-2+deb8u2_amd64.deb<br />
dpkg --install libpng12-0_1.2.50-2+deb8u2_amd64.deb<br />
</pre><br />
<br />
== install libpng12.so.0 for Quartus 13.0sp1 ==<br />
<br />
<pre><br />
wget https://daq00.triumf.ca/~olchansk/linux/libpng12.so.0<br />
wget https://daq00.triumf.ca/~olchansk/linux/libpng12.so.0.50.0<br />
/bin/cp -pv libpng12.so.0 libpng12.so.0.50.0 /lib/x86_64-linux-gnu/<br />
</pre><br />
<br />
== install packages for Xilinx ==<br />
<br />
ubuntu LTS 22.04 vivado 2020.1<br />
<br />
<pre><br />
apt install autoconf libtool<br />
apt install libtinfo5<br />
apt install texinfo<br />
apt install zlib1g:i386<br />
</pre><br />
<br />
== install packages for building ROOT ==<br />
<br />
<pre><br />
apt -y install libx11-dev libxpm-dev libxft-dev libxext-dev libpng-dev libjpeg-dev xlibmesa-glu-dev libxml2-dev libgsl-dev cmake<br />
</pre><br />
<br />
== install 32-bit libraries for PHYSICA ==<br />
<br />
these instructions are for running 32-bit physica executable built for SL6 on ubuntu LTS 20.04<br />
<br />
install physica sources (cannot build, do not have g77)<br />
<br />
<pre><br />
cd ~/packages<br />
git clone https://bitbucket.org/ttriumfdaq/physica.git<br />
</pre><br />
<br />
install 32-bit libraries using ubuntu package manager:<br />
<br />
<pre><br />
apt install lib32z1 # libz.so<br />
</pre><br />
<br />
copy 32-bit SL6 shared libraries to /lib32<br />
<br />
<pre><br />
root@trinatdaq:~# cp /daq/daqstore/olchansk/daq/physica-SL6/libX11.so.6 /lib32/<br />
root@trinatdaq:~# cp /daq/daqstore/olchansk/daq/physica-SL6/libgd.so.2 /lib32/<br />
root@trinatdaq:~# cp /daq/daqstore/olchansk/daq/physica-SL6/libpng12.so.0 /lib32/<br />
root@trinatdaq:~# cp /daq/daqstore/olchansk/daq/physica-SL6/libreadline.so.6 /lib32/<br />
root@trinatdaq:~# cp /daq/daqstore/olchansk/daq/physica-SL6/libncurses.so.5 /lib32/<br />
root@trinatdaq:~# cp /daq/daqstore/olchansk/daq/physica-SL6/libg2c.so.0 /lib32/<br />
root@trinatdaq:~# cp /daq/daqstore/olchansk/daq/physica-SL6/libxcb.so.1 /lib32/<br />
root@trinatdaq:~# cp /daq/daqstore/olchansk/daq/physica-SL6/libXpm.so.4 /lib32/<br />
root@trinatdaq:~# cp /daq/daqstore/olchansk/daq/physica-SL6/libjpeg.so.62 /lib32/<br />
root@trinatdaq:~# cp /daq/daqstore/olchansk/daq/physica-SL6/libfontconfig.so.1 /lib32/<br />
root@trinatdaq:~# cp /daq/daqstore/olchansk/daq/physica-SL6/libfreetype.so.6 /lib32/<br />
root@trinatdaq:~# cp /daq/daqstore/olchansk/daq/physica-SL6/libtinfo.so.5 /lib32/<br />
root@trinatdaq:~# cp /daq/daqstore/olchansk/daq/physica-SL6/libXau.so.6 /lib32/<br />
root@trinatdaq:~# cp /daq/daqstore/olchansk/daq/physica-SL6/libexpat.so.1 /lib32/<br />
</pre><br />
<br />
ldd should report:<br />
<br />
<pre><br />
trinatdaq:trinat> ldd /usr/local/physica/physica.exe<br />
linux-gate.so.1 (0xf7fa2000)<br />
libX11.so.6 => /lib32/libX11.so.6 (0xf7e43000)<br />
libgd.so.2 => /lib32/libgd.so.2 (0xf7dfe000)<br />
libpng12.so.0 => /lib32/libpng12.so.0 (0xf7dd6000)<br />
libz.so.1 => /lib32/libz.so.1 (0xf7db8000)<br />
libreadline.so.6 => /lib32/libreadline.so.6 (0xf7d7e000)<br />
libncurses.so.5 => /lib32/libncurses.so.5 (0xf7d5b000)<br />
libg2c.so.0 => /lib32/libg2c.so.0 (0xf7d3d000)<br />
libm.so.6 => /lib32/libm.so.6 (0xf7c39000)<br />
libgcc_s.so.1 => /lib32/libgcc_s.so.1 (0xf7c1a000)<br />
libc.so.6 => /lib32/libc.so.6 (0xf7a2f000)<br />
libxcb.so.1 => /lib32/libxcb.so.1 (0xf7a05000)<br />
libdl.so.2 => /lib32/libdl.so.2 (0xf79ff000)<br />
libXpm.so.4 => /lib32/libXpm.so.4 (0xf79ee000)<br />
libjpeg.so.62 => /lib32/libjpeg.so.62 (0xf7997000)<br />
libfontconfig.so.1 => /lib32/libfontconfig.so.1 (0xf7962000)<br />
libfreetype.so.6 => /lib32/libfreetype.so.6 (0xf78c9000)<br />
libtinfo.so.5 => /lib32/libtinfo.so.5 (0xf78b0000)<br />
/lib/ld-linux.so.2 (0xf7fa4000)<br />
libXau.so.6 => /lib32/libXau.so.6 (0xf78ad000)<br />
libexpat.so.1 => /lib32/libexpat.so.1 (0xf7885000)<br />
trinatdaq:trinat> <br />
</pre><br />
<br />
set login environment:<br />
<br />
<pre><br />
setenv TRIUMF_FONTS $HOME/packages/physica/fonts<br />
setenv PHYSICA_DIR $HOME/packages/physica<br />
alias physica $PHYSICA_DIR/physica-SL6-32<br />
</pre><br />
<br />
test:<br />
<br />
<pre><br />
cd ~/packages/physica<br />
physica<br />
@rangauss.pcm<br />
</pre><br />
<br />
== install wine ==<br />
<br />
As far as I know, only needed for BNMR/BNQR<br />
<br />
<pre><br />
apt install wine winetricks<br />
</pre><br />
<br />
== install lightdm ==<br />
<br />
unlike the default gdm login manager, lightdm shows the machine hostname and does not require an extra mouse click to swicth from screen saver to login mode.<br />
<br />
<pre><br />
apt -y install lightdm<br />
# select lightdm<br />
</pre><br />
<br />
== install desktop environments ==<br />
<br />
note: default display manager and default desktop are deficient, please do not skip this step.<br />
<br />
note: if apt asks to choose the display manager, select "lightdm"<br />
<br />
note: KO - I recommend the "MATE" desktop.<br />
<br />
note: you will have to cut-and-paste this several times because "apt" eats commands, even with "-y" and even piped from "yes".<br />
<br />
<pre><br />
# install MATE desktop<br />
apt -y install ubuntu-mate-core ubuntu-mate-desktop ubuntu-mate-themes<br />
# install Cinnamon desktop<br />
apt -y install cinnamon<br />
# install KDE desktop<br />
apt -y install kde-standard kubuntu-settings-desktop<br />
# install Lxqt desktop<br />
# apt -y install lxqt # conflict over kubuntu-desktop, kubuntu-settings-desktop and desktop-base<br />
# install Xfce4 desktop<br />
apt -y install xfce4<br />
</pre><br />
<br />
== install ROOT ==<br />
<br />
Please install ROOT per instructions at https://root.cern.ch.<br />
<br />
NOTE1: The ROOT package available from Ubuntu repositories is severely out of date and cannot be used with MIDAS and ROOTANA. ### DO NOT DO THIS! apt-get install root-system<br />
<br />
NOTE2: as of 2017-Jan-09, ROOT binary kits for Ubuntu do not work (use GCC 5 instead of GCC6), build from source instead.<br />
<br />
== Install x2go ==<br />
<br />
<pre><br />
apt-get update<br />
apt-get install x2goserver x2goserver-xsession<br />
</pre><br />
<br />
== enable root login from ladd00/daq00 ==<br />
<pre><br />
ssh localhost<br />
CTRL-C<br />
/bin/cp ~root/git/scripts/etc/authorized_keys ~root/.ssh/<br />
</pre><br />
<br />
== disable ssh access from outside of TRIUMF ==<br />
<br />
to stop ssh login spam, disable ssh access from outside of TRIUMF. this can be done by requesting a firewall block through the helpdesk or by local firewall rule:<br />
<br />
<pre><br />
echo iptables -I INPUT ! -s 142.90.0.0/255.255.0.0 -p tcp --dport 22 -j REJECT >> /etc/rc.local<br />
/etc/rc.local<br />
</pre><br />
<br />
== install smart-status ==<br />
<pre><br />
ln -s ~/git/scripts/smart-status/smart-status.perl ~root/<br />
</pre><br />
<br />
== enable boot menu and boot messages ==<br />
<br />
This will enable the grub menu (with a 10 sec timeout) and<br />
replace black screen with exciting linux boot messages.<br />
<br />
* emacs -nw /etc/default/grub<br />
<pre><br />
GRUB_DEFAULT=0<br />
#GRUB_TIMEOUT_STYLE=hidden<br />
GRUB_TIMEOUT=10<br />
GRUB_DISTRIBUTOR=`lsb_release -i -s 2> /dev/null || echo Debian`<br />
#GRUB_CMDLINE_LINUX_DEFAULT="vga=769 video=640x480"<br />
GRUB_CMDLINE_LINUX_DEFAULT=""<br />
GRUB_CMDLINE_LINUX=""<br />
#GRUB_GFXMODE=640x480<br />
</pre><br />
* update grub config:<br />
<pre><br />
grub-mkconfig -o /boot/grub/grub.cfg<br />
</pre><br />
<br />
= Enable automatic updates =<br />
<br />
<pre><br />
apt install unattended-upgrades<br />
cd ~/git/scripts<br />
git pull<br />
/bin/cp -v etc/99apt-conf-ko /etc/apt/apt.conf.d/<br />
apt-config dump | grep Unattended<br />
</pre><br />
<br />
Following is obsolete:<br />
<br />
* emacs -nw /etc/apt/apt.conf.d/50unattended-upgrades<br />
** uncomment in Allowed-Origins "-security" and "-updates"<br />
** add in Allowed-Origins: "Google LLC:stable";<br />
** uncomment/add: "Unattended-Upgrade::Mail "root";<br />
* emacs -nw /etc/apt/apt.conf.d/10periodic<br />
<pre><br />
APT::Periodic::Update-Package-Lists "1";<br />
APT::Periodic::Download-Upgradeable-Packages "1";<br />
APT::Periodic::AutocleanInterval "7";<br />
APT::Periodic::Unattended-Upgrade "1";<br />
</pre><br />
* test: unattended-upgrade --dry-run -v<br />
<br />
NOTE: update-on-shutdown is disabled.<br />
<br />
NOTE: there is no update-on-boot, but:<br />
<br />
NOTE: if machine was off for a long time, the systemd update timer would have expired and it will fire soon after reboot, causing an automatic update run. this is unwanted, and there is no fix or workaround for it. K.O. June-2023.<br />
<br />
= Fix bpool is full (obsolete) =<br />
<br />
THIS IS CAUSED BY OBSOLETE PACKAGE zsys. PLEASE: apt remove zsys<br />
<br />
= IPMI instructions =<br />
<br />
IPMI is the board management hardware on Supermicro and other server motherboards. This includes hardware sensors - fan rotation speed, temperatures and power supply voltages.<br />
<br />
<pre><br />
apt-get install ipmitool<br />
systemctl enable ipmievd<br />
systemctl restart ipmievd<br />
</pre><br />
<br />
Run:<br />
* ipmitool sel list ### event list<br />
* ipmitool sel elist ### event list<br />
* ipmitool sel clear ### clear event list (if it becomes full)<br />
* ipmitool sensor ### report hardware sensors<br />
<br />
= move /home/wheel (U-24) =<br />
<br />
Ubuntu LTS 24 installed on ZFS has rpool/USERDATA/home_xxx mounted on /home,<br />
has to be moved or autofs /home will not work.<br />
<br />
<pre><br />
zfs list | grep USERDATA | grep home | cut -f1 -d" "<br />
zfs set -u mountpoint=/home1 `zfs list | grep USERDATA | grep home | cut -f1 -d" "`<br />
emacs -nw /etc/passwd # change mount for wheel account to /home1/wheel<br />
</pre><br />
<br />
This will not take effect until rebooting. So reboot now and make sure that when you login as wheel that home directory is /home1/wheel. Please ensure that ssh from root@daq00 to this computer works before trying this; if ssh from root@daq00 doesn't work and you mess this up you will be locked out of wheel account<br />
<br />
= move /home/wheel =<br />
<br />
note: this MUST be done if ZFS root and NIS/autofs with /home.<br />
<br />
Default location of wheel's home directory will collide with autofs /home, it has to be moved,<br />
for example to /wheel.<br />
<br />
<pre><br />
# logout from the wheel user<br />
# go to another computer<br />
ssh root@daqubuntuxxx<br />
zfs list | grep wheel ### identify zfs name wheel_xxxxxx<br />
#zfs set mountpoint=/wheel rpool/USERDATA/wheel_hm8fzh<br />
zfs set mountpoint=/wheel `zfs list | grep wheel | cut -f1 -d" "`<br />
zfs list | grep wheel<br />
emacs -nw /etc/passwd ### change wheel's home directory from /home/wheel to /wheel<br />
su - wheel ### check that user wheel still works<br />
</pre><br />
<br />
This will break wheel's ability to run snap programs, such as firefox, install chrome as listed below.<br />
<br />
= enable NIS (ubuntu 22.04, 24.04, debian 11, 12) =<br />
<br />
<pre><br />
apt -y install rpcbind nis<br />
echo DAQ-NIS >> /etc/defaultdomain<br />
echo ypserver daq00.triumf.ca >> /etc/yp.conf<br />
systemctl enable ypbind.service<br />
systemctl restart ypbind.service<br />
systemctl status ypbind.service<br />
ypwhich -m<br />
</pre><br />
<br />
enable ypserv:<br />
<br />
<pre><br />
sed -i s/NISSERVER=false/NISSERVER=slave/ /etc/default/nis<br />
/usr/lib/yp/ypinit -s daq00<br />
echo ypserver localhost >> /etc/yp.conf<br />
sed -i "s/ypserver .*/ypserver localhost/" /etc/yp.conf<br />
systemctl enable ypserv<br />
systemctl restart ypserv<br />
systemctl restart ypbind<br />
</pre><br />
<br />
edit /etc/nsswitch.conf to read:<br />
<br />
<pre><br />
# begin get data from nis<br />
passwd: files nis<br />
group: files nis<br />
shadow: files nis<br />
automount: files nis<br />
netgroup: files nis<br />
# end get data from nis<br />
<br />
#passwd: ...<br />
#group: ...<br />
#shadow: ...<br />
<br />
#netgroup: ...<br />
#automount: ...<br />
</pre><br />
<br />
enable hourly update of nis maps:<br />
<br />
<pre><br />
mkdir ~root/git<br />
cd ~root/git<br />
git clone https://daq00.triumf.ca/~olchansk/git/scripts.git<br />
cd ~/git/scripts/etc<br />
git pull<br />
ln -s $PWD/ypxfr-cron-hourly /etc/cron.hourly<br />
</pre><br />
<br />
If this is a new machine, then on the master NIS node (daq00), add this new node to /etc/netgroup, and update NIS maps (cd /var/yp; make)<br />
<br />
= enable NIS (ubuntu 20.04) =<br />
<br />
* apt-get -y install portmap nis ### will ask for NIS domain (DAQ-NIS)<br />
* dpkg-reconfigure nis ### reconfigure if already installed<br />
* ypwhich -m<br />
* edit /etc/default/nis<br />
** set "NISSERVER=slave"<br />
** Ubuntu LTS 20.04, check that "YPBINDARGS=" is blank, remove "-no-dbus" if it is there<br />
* #edit /etc/yp.conf, comment-out everything, add "domain DAQ-NIS server localhost"<br />
* edit /etc/yp.conf, comment-out everything, add "ypserver localhost"<br />
* /usr/lib/yp/ypinit -s daq00<br />
* systemctl enable nis<br />
* systemctl restart nis<br />
* ypwhich<br />
* ypwhich -m<br />
* ypcat -k passwd<br />
* vi /etc/nsswitch.conf ### add the automount line, modify the passwd, group and shadow lines to read this:<br />
<pre><br />
# begin get data from nis<br />
passwd: files nis<br />
group: files nis<br />
shadow: files nis<br />
automount: files nis<br />
netgroup: files nis<br />
# end get data from nis<br />
</pre><br />
* enable hourly update of NIS maps<br />
<pre><br />
mkdir ~root/git<br />
cd ~root/git<br />
git clone https://daq00.triumf.ca/~olchansk/git/scripts.git<br />
cd ~/git/scripts/etc<br />
git pull<br />
ln -s $PWD/ypxfr-cron-hourly /etc/cron.hourly<br />
</pre><br />
* ### NOT NEEDED sudo vi /etc/idmapd.conf ### add line: "Domain = triumf.ca"<br />
<br />
= enable autofs =<br />
<br />
<pre><br />
apt -y install autofs<br />
systemctl enable autofs<br />
systemctl restart autofs<br />
ls -l /home/olchansk ### test autofs, check file owner is correct<br />
</pre><br />
<br />
= enable NFS server =<br />
<br />
<pre><br />
apt install nfs-kernel-server<br />
#edit /etc/exports<br />
systemctl enable nfs-server<br />
systemctl restart nfs-server<br />
</pre><br />
<br />
= NIS master =<br />
<br />
notes for setting up the NIS master<br />
<br />
== wheel user ==<br />
<br />
"wheel" is the default administrative user. We do not want it's password exported to NIS (encrypted password hash is world visible) and we do not want it's home directory exported to NFS (~wheel/.ssh is world visible and potentially writable: anybody can change ~wheel/.ssh/authorized_keys).<br />
<br />
* move wheel's home directory from /home/wheel to /wheel (see special section about this)<br />
* change wheel's UID and GID from 1000 to a value below MINUID in /var/yp/Makefile<br />
<br />
== coherent uids ==<br />
<br />
we do not want system accounts defined in /etc/passwd of the NIS master<br />
to be included in the NIS map "passwd". this causes trouble on NIS clients<br />
where newly installed packages fail to create local system users because same<br />
user already exists in NIS.<br />
<br />
This is controlled by MINUID in /var/yp/Makefile.<br />
<br />
Historical TRIUMF uids start from around 200, but several clusters do not have any historic TRIUMF uids below 500 and MINUID is set to:<br />
* DAQ-NIS: MINUID=200<br />
* ISAC-NIS: MINUID=500<br />
* TITAN-NIS: MINUID=500<br />
* MUSR-NIS: MINUID=500<br />
* TIG-NIS: MINUID=500 (100 on SL6 mother8pi)<br />
<br />
Ubuntu 20 has two programs to create users:<br />
* adduser - creates new users with UID 1000 and up as specified in /etc/adduser.conf. No problems here.<br />
* adduser --system - creates new system users with UID 100 and up as specified in /etc/adduser.conf. No problems here.<br />
* useradd - creates new users with UID 1000 and up as specified in /etc/login.defs. No problems here.<br />
* useradd --system - creates new system users with UID 999 and down (read "man useradd", section at the end about SYS_UID_MAX). This collides with NIS MINUID, these system users will be included in the NIS map and cause trouble.<br />
<br />
This problem cannot be fixed, SYS_UID_MIN, SYS_UID_MAX and UID_MIN in /etc/login.defs do not seem<br />
to have any effect on UIDs chosen by "useradd --system". (tested on Ubuntu LTS 20.04).<br />
<br />
So far only these system accounts seem to be affected by this:<br />
* systemd-coredump<br />
* ganglia<br />
<br />
To fix:<br />
* run "sort -r -n -t: -k3 /etc/passwd" to identify the last unused system user uid (range 100..200)<br />
* run "sort -r -n -t: -k3 /etc/group" to identify the last unused system user gid (range 100.200)<br />
* systemd-coredump: manually change UID and GID (package systemd-coredump is usually not installed)<br />
* ganglia: same thing, then change ownership on all ganglia files.<br />
<br />
Also read systemd author's opinion on system vs user UIDs:<br />
https://github.com/systemd/systemd/issues/4850#issuecomment-265698275<br />
<br />
= Fix systemd-logind NIS breakage =<br />
<br />
!!! THIS IS NOT NEEDED FOR UBUNTU LTS 20.04 !!!<br />
<br />
there is a delay in ssh logins for normal users. "ssh -v" shows the delay is after "pledge...". this<br />
fix removes the delay.<br />
<br />
systemd developers think that we should not use NIS and made sure there are<br />
problems if we do. To give them credit, they do offer a workaround. Read this:<br />
https://github.com/poettering/systemd/commit/695fe4078f0df6564a1be1c4a6a9e8a640d23b67<br />
<br />
<pre><br />
mkdir /etc/systemd/system/systemd-logind.service.d<br />
echo -e "[Service]\nIPAddressDeny=\n" > /etc/systemd/system/systemd-logind.service.d/local.conf<br />
systemctl daemon-reload<br />
systemctl cat systemd-logind.service<br />
</pre><br />
<br />
= Fix systemd-udevd NIS breakage =<br />
<br />
see same problem as above with udev getting stuck. ubuntu lts 20.04.<br />
<br />
<pre><br />
mkdir /etc/systemd/system/systemd-udevd.service.d<br />
echo -e "[Service]\nIPAddressDeny=\n" > /etc/systemd/system/systemd-udevd.service.d/local.conf<br />
systemctl daemon-reload<br />
systemctl cat systemd-udevd.service<br />
</pre><br />
<br />
= Configure USB device permissions =<br />
<br />
Configure USB device permissions for user access to USB-serial devices, Altera USB Blaster, etc.<br />
<br />
* create file /etc/udev/rules.d/99-usb-chmod.rules with this contents:<br />
<br />
<pre><br />
emacs -nw /etc/udev/rules.d/99-usb-chmod.rules<br />
ACTION=="add", SUBSYSTEM=="usbmisc", RUN+="/bin/chmod a+wr $env{DEVNAME}" <br />
ACTION=="add", SUBSYSTEM=="usb_device", RUN+="/bin/chmod a+wr /dev/%c"<br />
ACTION=="add", SUBSYSTEM=="usb_device", RUN+="/bin/chmod a+wr /proc/%c"<br />
ACTION=="add", ENV{DEVTYPE}=="usb_device", RUN+="/bin/chmod a+wr $env{DEVNAME}"<br />
ACTION=="add", ENV{DEVTYPE}=="usb_device", RUN+="/bin/chmod a+wr $env{DEVICE}"<br />
ACTION=="add", ENV{PHYSDEVBUS}=="usb-serial", RUN+="/bin/chmod a+wr $env{DEVNAME}"<br />
ACTION=="add", ENV{DEVPATH}=="/class/tty/ttyS*", RUN+="/bin/chmod a+wr $env{DEVNAME}"<br />
ACTION=="add", SUBSYSTEM=="tty", DEVPATH=="*ttyUSB*", RUN+="/bin/chmod a+rw $env{DEVNAME}"<br />
ACTION=="add", SUBSYSTEM=="tty", DEVPATH=="*ttyACM*", RUN+="/bin/chmod a+rw $env{DEVNAME}"<br />
ACTION=="add", SUBSYSTEM=="tty", DEVPATH=="*ttyS*", RUN+="/bin/chmod a+rw $env{DEVNAME}"<br />
ACTION=="add", DEVPATH=="*video*", RUN+="/bin/chmod a+rw $env{DEVNAME}"<br />
</pre><br />
<br />
* reload udev rules: udevadm control --reload-rules<br />
* apply new permissions: udevadm trigger --action=add<br />
* watch udev activity: udevadm monitor -p<br />
<br />
= Configure lightdm display manager =<br />
<br />
* enable it<br />
<pre><br />
echo lightdm | dpkg-reconfigure -fteletype lightdm<br />
systemctl disable gdm<br />
systemctl disable sddm<br />
systemctl enable lightdm<br />
</pre><br />
<br />
* make the MATE desktop as default<br />
<pre><br />
cd ~root/git/scripts/<br />
git pull<br />
/bin/cp -v etc/lightdm_default_mate.conf /etc/lightdm/lightdm.conf.d/<br />
</pre><br />
<br />
* enable login by NIS users<br />
<pre><br />
/bin/cp -v etc/lightdm_enable_nis_login.conf /etc/lightdm/lightdm.conf.d/<br />
</pre><br />
<br />
* restart lightdm<br />
<pre><br />
systemctl stop gdm<br />
systemctl restart lightdm<br />
</pre><br />
<br />
= Install libpng12.so.0 =<br />
<br />
Quartus 16 needs libpng12:<br />
<br />
<pre><br />
wget http://mirrors.kernel.org/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.54-1ubuntu1_amd64.deb<br />
dpkg --install libpng12-0_1.2.54-1ubuntu1_amd64.deb<br />
</pre><br />
<br />
= Install google-chrome =<br />
<br />
<pre><br />
wget https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb<br />
dpkg -i google-chrome-stable_current_amd64.deb<br />
</pre><br />
<br />
confirm autoupdate is enabled, observe dl.google.com is present in the list of repositories:<br />
<pre><br />
apt update<br />
...<br />
Get:5 https://dl.google.com/linux/chrome/deb stable/main amd64 Packages [1,094 B]<br />
...<br />
</pre><br />
<br />
FOLLOWING IS OBSOLETE:<br />
<br />
Instructions from here:<br />
https://www.ubuntuupdates.org/ppa/google_chrome?dist=stable<br />
<br />
<pre><br />
wget -q -O - https://dl-ssl.google.com/linux/linux_signing_key.pub | apt-key add -<br />
sh -c 'echo "deb [arch=amd64] http://dl.google.com/linux/chrome/deb/ stable main" >> /etc/apt/sources.list.d/google-tmp.list'<br />
apt update<br />
apt install google-chrome-stable<br />
/bin/rm -f /etc/apt/sources.list.d/google-tmp.list<br />
</pre><br />
<br />
= Install amanda client =<br />
<br />
ONLY ON MACHINES THAT HOST HOME DIRECTORIES<br />
<br />
* apt install amanda-client<br />
* edit /etc/amandahosts<br />
<pre><br />
amanda.triumf.ca amanda amdump<br />
</pre><br />
* check permissions on /etc/amandahosts:<br />
<pre><br />
root@daq00:/var/log/amanda# ls -l /etc/amandahosts<br />
-rw------- 1 backup backup 49 Jan 27 10:48 /etc/amandahosts<br />
</pre><br />
* fix if needed: chown backup.backup /etc/amandahosts; chmod a= /etc/amandahosts; chmod u=wr /etc/amandahosts<br />
* edit /etc/amanda-security.conf, add this line:<br />
<pre><br />
runtar:gnutar_path=/usr/bin/tar<br />
</pre><br />
<br />
On the amanda machine:<br />
<br />
* in amanda disklist, use dump type "bsdtcp-comp-user-tar"<br />
* su - amanda and run amcheck -c daily daq00<br />
<pre><br />
-bash-4.1$ amcheck -c daily daq00<br />
<br />
Amanda Backup Client Hosts Check<br />
--------------------------------<br />
Client check: 1 host checked in 0.092 seconds. 0 problems found.<br />
<br />
(brought to you by Amanda 3.3.7p1.git.685ff76d)<br />
</pre><br />
<br />
= Enable rc.local =<br />
<br />
For reasons unknown, Ubuntu LTS 20.04 does not enable /etc/rc.local. Do this:<br />
<br />
<pre><br />
cd ~/git/scripts<br />
git pull<br />
cp -n -v etc/rc.local /etc/<br />
chmod a+rx /etc/rc.local<br />
cp etc/rc-local.service /etc/systemd/system/<br />
systemctl daemon-reload<br />
systemctl enable rc-local<br />
systemctl start rc-local<br />
systemctl status rc-local<br />
</pre><br />
<br />
= Remove unwanted packages =<br />
<br />
<pre><br />
apt purge bash-completion # broken, adds unwanted "\" if "ls -l $ROOTSYS/<tab>"<br />
apt purge zsys # broken, do not use<br />
apt purge sddm # login manager<br />
apt purge avahi-daemon avahi-autoipd # not sure what it does, observed using 100% CPU<br />
apt purge modemmanager # probes all serial ports to see if it's a modem<br />
</pre><br />
<br />
= Disable unwanted services =<br />
<br />
<pre><br />
systemctl disable mpd<br />
systemctl disable snapd<br />
systemctl disable ModemManager<br />
systemctl --global mask tracker-extract-3.service<br />
systemctl --global mask tracker-miner-fs-3.service<br />
systemctl daemon-reload<br />
</pre><br />
<br />
= Disable sleep and suspend =<br />
<br />
note: we see some computers randomly shutdown or go to sleep, log files indicates the "sleep" or "suspend" button was pushed by user, but no such buttons actually exist. this is the fix for this:<br />
<br />
<pre><br />
systemctl mask sleep.target suspend.target hibernate.target hybrid-sleep.target systemd-suspend.service systemd-hybrid-sleep.service<br />
</pre><br />
<br />
= Enable crontab @reboot for MIDAS =<br />
<br />
startup scripts have a bug - cron @reboot entries for normal users can run before autofs is ready, so if the home directory is on autofs/NFS, it cannot be accessed and the cron job fails. If MIDAS is supposed to be started by cron @reboot, it will not start (there *will* be an error message in /var/log/cron).<br />
<br />
<pre><br />
mkdir /etc/systemd/system/cron.service.d<br />
echo -e "[Unit]\nAfter=ypbind.service autofs.service\n" > /etc/systemd/system/cron.service.d/local.conf<br />
systemctl daemon-reload<br />
systemctl cat cron.service<br />
</pre><br />
<br />
Explore the systemd dependency tree using "systemctl list-dependencies" maybe with "--all".<br />
<br />
Visualize the exact boot sequence from previous boot: "systemd-analyze plot > xxx.svg", look at the svg file using a web browser.<br />
<br />
Crontab entry to start midas: (install in the midas user crontab, not root crontab)<br />
<br />
<pre><br />
su - midasuser<br />
crontab -l<br />
#@reboot /bin/bash -l -c "/home/trinat/bin/start-daq-applications"<br />
#@reboot /bin/tcsh -c "/home/trinat/bin/start-daq-applications"<br />
</pre><br />
<br />
= Install apache httpd proxy for midas and elog =<br />
<br />
This will configure the HTTPS/SSL certificate using "certbot" and "letsencrypt" and configure an HTTPS web server using apache2.<br />
<br />
First, configure apache2:<br />
<br />
* execute these commands:<br />
<pre><br />
apt -y install apache2<br />
cd /etc/apache2<br />
</pre><br />
* create new file conf-available/ssl-daq14.conf # use actual hostname instead of daq14<br />
<pre><br />
SSLSessionCache shmcb:/run/httpd/sslcache(512000)<br />
SSLSessionCacheTimeout 300<br />
SSLRandomSeed startup file:/dev/urandom 256<br />
SSLRandomSeed connect builtin<br />
SSLCryptoDevice builtin<br />
</pre><br />
* create new file sites-available/daq14-ssl.conf # use actual hostname instead of daq14<br />
<pre><br />
<IfModule mod_ssl.c><br />
<VirtualHost *:443><br />
ServerName daq14.triumf.ca<br />
DocumentRoot /var/www/html<br />
ErrorLog /var/log/apache2/daq14.log<br />
SSLEngine on<br />
# note SSLProtocol, SSLCipherSuite and some other settings are overwritten by /etc/letsencrypt/options-ssl-apache.conf<br />
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1<br />
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!SEED:!IDEA:!RC4<br />
## use port specified in elogd.cfg<br />
#ProxyPass /elog/ http://localhost:8082/ retry=1 <br />
## use mhttpd port<br />
#ProxyPass / http://localhost:8080/ retry=1 <br />
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"<br />
<Location /><br />
SSLRequireSSL<br />
AuthType Basic<br />
AuthName "DAQ password protected site"<br />
Require valid-user<br />
# create password file: touch /etc/apache2/htpasswd<br />
# to add new user or change password: htpasswd /etc/apache2/htpasswd username<br />
AuthUserFile /etc/apache2/htpasswd<br />
</Location><br />
</VirtualHost><br />
</IfModule><br />
</pre><br />
* stop apache2 from listening on port 80: edit /etc/apache2/ports.conf, comment-out the line "Listen 80"<br />
* stop apache2 from listening on port 80: edit /etc/apache2/ports.conf, comment-out the line "Listen 80"<br />
* enable ssl module<br />
* enable new configurations<br />
<pre><br />
a2enmod ssl<br />
a2enmod headers<br />
a2enmod proxy<br />
a2enmod proxy_http<br />
a2enconf ssl-daq14<br />
a2ensite daq14-ssl<br />
</pre><br />
* disable default ssl sites<br />
<pre><br />
a2dissite 000-default-le-ssl<br />
a2dissite 000-default<br />
ls -l /etc/apache2/sites-enabled/ ### should show only daq14-ssl.conf<br />
</pre><br />
* check that there are no syntax problems<br />
<pre><br />
apache2ctl configtest<br />
</pre><br />
* enable and start apache2:<br />
<pre><br />
systemctl enable apache2<br />
systemctl restart apache2<br />
systemctl status apache2<br />
</pre><br />
* apache2 may fail to start, look in /var/log/apache2/error.log and /var/log/apache2/daq14.log<br />
* if it says "Failed to configure ... certificate", proceed to the step for setting certbot.<br />
* try to access https://daq14.triumf.ca<br />
** you should see a complaint about self-signed certificate<br />
** you should see a request for password (do not login yet)<br />
** if you get "connection refused", HTTPS port 443 may need to be enabled in the local firewall, look at documentation for ufw.<br />
Second, configure certbot:<br />
<br />
(Note: as of 2018-01-18 certbot requires use of http port 80 to get the initial https certificate,<br />
renewal can continue to use the https port 443)<br />
<br />
(Note: as of 2019-01-?? certbot requires use of port 80 for renewals)<br />
<br />
(Note: unsurprisingly, this requires outside access to connect with letsencrypt, so won't work if PC is only accessible from on-site network)<br />
<br />
* check that port 80 is not used by anything:<br />
* netstat -an | grep LISTEN | grep ^tcp | grep 80<br />
* lsof -P | grep -i tcp | grep LISTEN | grep 80<br />
* if lsof reports that apache2 is listening on port 80, follow the apache2 instructions above (remove "listen 80" from apache2.conf<br />
<br />
* install certbot (if necessary open tcp port 80 in the firewall, see documentation for ufw):<br />
<pre><br />
apt install certbot python3-certbot-apache<br />
certbot certonly --standalone --installer apache<br />
</pre><br />
* then answer questions:<br />
* "activate HTTPS for daq14.triumf.ca" - say ok<br />
* "enter email address" - enter your own email address<br />
* "please read terms..." - read the terms and say "agree"<br />
* it will take a few moments...<br />
* "congratulations..." - say ok.<br />
<pre><br />
certbot install --apache --cert-name daq14.triumf.ca<br />
</pre><br />
* then answer questions:<br />
* "choose redirect..." - say "1" (no redirect)<br />
* look inside /etc/apache2/sites-enabled/daq14-ssl.conf to see that SSLCertificateFile & co point to certbot certificates in<br />
/etc/letsencrypt/live/daq14.triumf.ca/<br />
* to check current renewal and to update the certbot config file in /etc/letsencrypt/renewal, run this:<br />
<pre><br />
certbot renew --standalone --installer apache --force-renewal<br />
</pre><br />
<br />
NOTE: this certificate will expire in 3 months, automatic renewal should work with current version of certbot<br />
<br />
Third, activate password protection:<br />
<br />
* as shown in the config file above, create password file and initial user: (replace "midas" with specific username)<br />
<pre><br />
touch /etc/apache2/htpasswd<br />
htpasswd /etc/apache2/htpasswd midas<br />
</pre><br />
<br />
* restart apache2<br />
<pre><br />
systemctl restart apache2<br />
systemctl status apache2<br />
</pre><br />
<br />
From here:<br />
* enable proxy for MIDAS mhttpd - uncomment redirect in the config file above<br />
* enable proxy for ELOG - ditto<br />
<pre><br />
a2enmod proxy<br />
a2enmod proxy_http<br />
apache2ctl configtest<br />
systemctl restart apache2<br />
</pre><br />
<br />
* try accessing MIDAS https://daq14.triumf.ca/ (make sure mhttpd is running)<br />
* if it's not working, check odb setting FIXME!<br />
* try accessing ELog https://daq14.triumf.ca/elog/ (make sure elogd is running)<br />
* if it's not working, check elogd.cfg file and make sure<br />
<pre><br />
SSL = 0<br />
</pre><br />
<br />
NOTE: if certbot fails with errors about 'module' object has no attribute 'pyopenssl',<br />
try this: pip install requests==2.6.0<br />
<br />
== generate self-signed certificate ==<br />
<br />
<pre><br />
root@alphacpc05:~# openssl req -nodes -new -x509 -keyout server.key -out server.cert -days 1001<br />
...+....+..+..........+.....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*....+..+...+.........+......+.+...+...+.....+...............+.........+...+.+......+...+...........+....+...+..+......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*....+......+.+...+..+.......+..+...+.......+......+...+..+...+......+....+...............+..+...+....+...........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++<br />
......+......+.+..+......+.+......+.....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+.....+......+.+.........+......+.....+.+..+...+.......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.......+....+......+.....+...+...+.......+..+.+........+.+...+......+..+..........+..+.+...........+...+.......+......+.....+.......+...+.........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++<br />
-----<br />
You are about to be asked to enter information that will be incorporated<br />
into your certificate request.<br />
What you are about to enter is what is called a Distinguished Name or a DN.<br />
There are quite a few fields but you can leave some blank<br />
For some fields there will be a default value,<br />
If you enter '.', the field will be left blank.<br />
-----<br />
Country Name (2 letter code) [AU]:CH<br />
State or Province Name (full name) [Some-State]:Geneve<br />
Locality Name (eg, city) []:CERN<br />
Organization Name (eg, company) [Internet Widgits Pty Ltd]:CERN<br />
Organizational Unit Name (eg, section) []:ALPHA experiment <br />
Common Name (e.g. server FQDN or YOUR name) []:alphacpc05.cern.ch<br />
Email Address []:<br />
root@alphacpc05:~# <br />
root@alphacpc05:~# <br />
root@alphacpc05:~# ls -l<br />
-rw-r--r-- 1 root root 1375 juil. 10 21:43 server.cert<br />
-rw------- 1 root root 1708 juil. 10 21:42 server.key<br />
root@alphacpc05:~# systemctl restart apache2<br />
</pre><br />
<br />
= Enable elog PDF preview =<br />
<br />
NOTE: looks like U-24 already has this correctly.<br />
<br />
see https://stackoverflow.com/questions/52998331/imagemagick-security-policy-pdf-blocking-conversion<br />
<br />
* xemacs -nw /etc/ImageMagick-6/policy.xml<br />
* remove this section at the end:<br />
<pre><br />
<!-- disable ghostscript format types --><br />
<policy domain="coder" rights="none" pattern="PS" /><br />
<policy domain="coder" rights="none" pattern="PS2" /><br />
<policy domain="coder" rights="none" pattern="PS3" /><br />
<policy domain="coder" rights="none" pattern="EPS" /><br />
<policy domain="coder" rights="none" pattern="PDF" /><br />
<policy domain="coder" rights="none" pattern="XPS" /><br />
</pre><br />
<br />
= Install Jupyter notebook =<br />
<br />
<pre><br />
From https://jupyter.org/install<br />
apt install python3-pip<br />
pip install jupyterlab<br />
pip install notebook<br />
~/.local/bin/jupyter notebook<br />
watch the http://localhost:8888 URL that it printed<br />
say "no" to offer to start firefox (it will not work!)<br />
URL is: http://localhost:8888/tree?token=xxx<br />
from the machine where you are running the web browser (i.e. google-chrome), run (replace trinat@trinatdaq with the username and machine name where you started jupyter)<br />
open a new shell and run: ssh -v trinat@trinatdaq -L 8888:localhost:8888<br />
in the web browser, open http://localhost:8888<br />
this gives us the login page<br />
in the password or token entry field, put the token from the "tree?token=xxx" above (printed by jupyter on startup)<br />
push button "login"<br />
jupyter page should open with the list of files in the trinat home directory<br />
congratulate Brian with full success<br />
</pre><br />
<br />
= Install ZFS quota report =<br />
<br />
If there are any ZFS volumes, install script to report disk and quota usage<br />
<br />
<pre><br />
cd ~/git/scripts/quotareport<br />
git pull<br />
mkdir /var/www/html/zfsquotareport<br />
cp -pv ~/git/scripts/quotareport/sorttable.js /var/www/html/zfsquotareport/<br />
ln -s $PWD/zfsquotareport.perl /etc/cron.daily/<br />
touch /etc/crontab<br />
</pre><br />
<br />
If httpd is configured to redirect "/" to MIDAS mhttpd:<br />
* add following to /etc/apache2/sites-enabled/xxx-ssl.conf in front of "ProxyPass / ..."<br />
* run "systemctl reload apache2"<br />
<pre><br />
## do not proxy zfs quota report directory <br />
ProxyPass /zfsquotareport/ ! <br />
</pre><br />
<br />
= Install PHP =<br />
<br />
* apt install php libapache2-mod-php<br />
* systemctl restart apache2<br />
* create /var/www/html/info.php<br />
<pre><br />
<?php <br />
<br />
phpinfo(); <br />
</pre><br />
* open https://daq00.triumf.ca/info.php<br />
<br />
= Configure TRIUMF printers =<br />
<br />
<pre><br />
systemctl stop cups<br />
systemctl stop cups-browsed.service<br />
systemctl disable cups<br />
systemctl disable cups-browsed.service<br />
systemctl stop snap.cups.cupsd.service<br />
systemctl stop snap.cups.cups-browsed.service<br />
systemctl disable snap.cups.cupsd.service<br />
systemctl disable snap.cups.cups-browsed.service<br />
echo "ServerName printers.triumf.ca" > /etc/cups/client.conf<br />
lpstat -a<br />
</pre><br />
<br />
= Enable core dumps =<br />
<br />
By default, Ubuntu LTS 20.04 installs the apport package<br />
which disabled core dumps from user applications. (google it up!).<br />
It is not meant to do this and documentation claims that<br />
it is not installed and not enabled by default. Oh, well...<br />
<br />
<pre><br />
apt remove apport<br />
apt autoremove ### will remove apport-symptoms and a few other packages<br />
</pre><br />
<br />
After this, core dumps are written to file "core" in the current directory.<br />
See /proc/sys/kernel/core_pattern and /proc/sys/kernel/core_uses_pid.<br />
<br />
Enable core dump file names to include process id, add following to /etc/rc.local<br />
<br />
<pre><br />
echo "echo 1 > /proc/sys/kernel/core_uses_pid" >> /etc/rc.local<br />
</pre><br />
<br />
= Enable debugger =<br />
<br />
By default, Ubuntu LTS 20.04 does not permit debugger to attach and debug<br />
already running programs. To enable it, add following to /etc/rc.local<br />
<br />
<pre><br />
echo "echo 0 > /proc/sys/kernel/yama/ptrace_scope" >> /etc/rc.local<br />
</pre><br />
<br />
= Disable Ubuntu Pro nag =<br />
<br />
best I can tell, impossible at this time.<br />
<br />
== do not do this ==<br />
<br />
!!! does nothing !!!<br />
<br />
<pre><br />
pro config set apt_news=false<br />
</pre><br />
<br />
== do not do this ==<br />
<br />
!!! breaks automatic updates because 20apt-esm-hook.conf is missing !!!<br />
<br />
If "apt upgrade" requests Ubuntu Pro or esm-apps, disable the nag:<br />
<pre><br />
/bin/rm /etc/apt/apt.conf.d/20apt-esm-hook.conf<br />
</pre><br />
<br />
== do not do this ==<br />
<br />
!!! likely same as above, breaks automatic updates !!!<br />
<br />
* comment out /etc/apt/apt.conf.d/20apt-esm-hook.conf<br />
<br />
== do not do this ==<br />
<br />
!!! removes too many packages !!!<br />
<br />
<pre><br />
apt remove ubuntu-pro-client<br />
</pre><br />
<br />
= Update packages =<br />
<br />
* apt update # update package list<br />
* apt upgrade # install updated packages and update "kept back" packages<br />
* apt autoremove # remove packages that apt thinks should be removed<br />
<br />
= Finish installation =<br />
<br />
Congratulations. There is nothing more to do!<br />
<br />
* reboot<br />
<pre><br />
shutdown -r now<br />
</pre><br />
<br />
= Update to new version of Ubuntu =<br />
<br />
* run "do-release-upgrade -c"<br />
* if it does not report new release Ubuntu 24, check /etc/update-manager/release-upgrades has "Prompt=lts"<br />
<br />
== Update Ubuntu LTS 20.04 to LTS 22.04 ==<br />
<br />
<pre><br />
apt remove zsys<br />
</pre><br />
<br />
=== daqubuntu ===<br />
<br />
<pre><br />
# reboot to clear out all updates<br />
# vi /etc/update-manager/release-upgrades # set "Prompt=normal"<br />
# do-release-upgrade -c<br />
Checking for a new Ubuntu release<br />
New release '22.04 LTS' available.<br />
Run 'do-release-upgrade' to upgrade to it.<br />
# do-release-upgrade<br />
...<br />
say yes...<br />
...<br />
login.defs, say "Y" (erase local changes, use packaged version)<br />
/etc/systemd/resolved.conf, say "Y" (same as above)<br />
firefox snap, say yes<br />
unable to reach snap store, say "skip"<br />
/etc/gmond.conf, say "Y"<br />
/var/yp/Makefile, say "install the package maintainer's version"<br />
/etc/ypserv.conf, same thing<br />
/etc/ypserv.securenets, same thing<br />
/etc/default/nis, same thing<br />
/etc/speech-dispatcher/modules/mary-generic.conf, same thing<br />
/etc/apt/apt.conf.d/50unattended-upgrades, same thing<br />
...<br />
278 packages are going to be removed, say yes<br />
...<br />
restart required, say yes<br />
...<br />
no ping... yes ping...<br />
...<br />
ssh daqubuntu, ok<br />
apt update, fail, DNS does not work, "host security.ubuntu.com" does not resolve.<br />
fix resolver per https://daq00.triumf.ca/DaqWiki/index.php/Ubuntu#Disable_NetworkManager<br />
apt update, apt upgrade now works, 0 packages to update<br />
NIS does not work.<br />
</pre><br />
<br />
=== midm9a ===<br />
<br />
<pre><br />
login.defs<br />
firefox snap<br />
gmond.conf<br />
ypserv<br />
/etc/default/nis<br />
unattended-upgrades<br />
amanda-security.conf<br />
remove obsolete (no)<br />
reboot<br />
configure dns<br />
reenable nis<br />
</pre><br />
<br />
=== daq17 ===<br />
<br />
<pre><br />
firefox snap<br />
imagemagick policy.xml<br />
gmond.conf<br />
chrony.conf<br />
/var/yp/Makefile<br />
ypserv.conf<br />
ypserv.securenets<br />
/etc/default/nis<br />
50unattended-upgrades<br />
</pre><br />
<br />
=== daq00 ===<br />
<br />
per https://serverpilot.io/docs/how-to-upgrade-ubuntu-20.04-to-22.04/<br />
<br />
<pre><br />
do-release-upgrade -f DistUpgradeViewNonInteractive<br />
</pre><br />
<br />
if it exists "too soon" without doing anything, run it without "-f xxx", most likely it does not like something about this machine. in case of daq00 it did not like how the EFI partitions were mounted. after fixing it, non-interactive upgrade was successful.<br />
<br />
=== isdaq08 ===<br />
<br />
* prepare<br />
<pre><br />
cd ~/git/scripts<br />
git pull<br />
cd ~<br />
apt -y install debsums<br />
</pre><br />
* check for modified config files that make upgrade unhappy, deal with all files reported by debsums.<br />
<pre><br />
root@isdaq08:~# debsums -ce<br />
/etc/ganglia/gmond.conf<br />
/etc/yp.conf<br />
/etc/apt/apt.conf.d/10periodic<br />
root@isdaq08:~# <br />
</pre><br />
* restore original /etc/apt/apt.conf.d/10periodic<br />
<pre><br />
APT::Periodic::Update-Package-Lists "1"; <br />
APT::Periodic::Download-Upgradeable-Packages "0"; <br />
APT::Periodic::AutocleanInterval "0"; <br />
</pre><br />
* apt remove ganglia-monitor<br />
* apt remove nis<br />
* "debsums -ce" is now empty<br />
<br />
Run the upgrade:<br />
<br />
* do-release-upgrade -f DistUpgradeViewNonInteractive<br />
<br />
Post upgrade:<br />
<br />
* configure DNS<br />
* apt -y install linux-generic-hwe-22.04<br />
* /bin/cp -v ~/git/scripts/etc/99apt-conf-ko /etc/apt/apt.conf.d/ # restore nightly updates<br />
* /bin/rm /etc/apt/apt.conf.d/20apt-esm-hook.conf # remove the ubuntu-pro nag<br />
* install missing packages<br />
* restore ganglia<br />
* restore nis<br />
* check zpool status, may need zpool upgrade<br />
* reboot<br />
<br />
== upgrade U-22 to U-24 ==<br />
<br />
generic instructions. below are notes from upgrades of specific machines.<br />
<br />
<pre><br />
apt -y remove desktop-base # causes installer crash<br />
apt -y remove thunderbird # avoid forced conversion to snap<br />
apt update<br />
apt -y upgrade<br />
apt -y autoremove<br />
do-release-upgrade -c # confirm upgrade will be to U-24<br />
do-release-upgrade<br />
# say "y" to all questions<br />
# after installation starts, accept default answers to all questions<br />
# should run for about 1 hour or so<br />
# after upgrade finishes<br />
apt update<br />
apt -y upgrade<br />
apt -y autoremove<br />
shutdown -r now<br />
</pre><br />
<br />
if installation bombs:<br />
<br />
<pre><br />
apt update<br />
apt upgrade # will tell us to run "apt --fix-broken install", do it<br />
apt --fix-broken install<br />
apt update<br />
apt upgrade # should resume the upgrade, will run for a long time<br />
apt update<br />
apt upgrade # should do nothing<br />
apt autoremove<br />
shutdown -r now<br />
</pre><br />
<br />
=== daqubuntu, U-24 ===<br />
<br />
* prepare<br />
<pre><br />
cd ~/git/scripts<br />
git pull<br />
cd ~<br />
apt -y install debsums<br />
</pre><br />
* check for modified config files that make upgrade unhappy, deal with all files reported by debsums.<br />
<pre><br />
root@daqubuntu:~# debsums -ce<br />
/etc/ganglia/gmond.conf<br />
debsums: missing file /etc/init.d/nis (from nis package)<br />
/etc/default/nis<br />
/etc/ypserv.conf<br />
/etc/ypserv.securenets<br />
/var/yp/Makefile<br />
/etc/update-manager/release-upgrades<br />
/etc/apt/apt.conf.d/10periodic<br />
/etc/yp.conf<br />
root@daqubuntu:~# <br />
* restore original /etc/apt/apt.conf.d/10periodic<br />
<pre><br />
APT::Periodic::Update-Package-Lists "1"; <br />
APT::Periodic::Download-Upgradeable-Packages "0"; <br />
APT::Periodic::AutocleanInterval "0"; <br />
</pre><br />
* apt remove ganglia-monitor<br />
* apt remove nis<br />
* apt autoremove<br />
* restore original release-upgrades: "Prompt: lts"<br />
* "debsums -ce" is now empty<br />
<br />
Check for upgrade:<br />
<br />
<pre><br />
root@daqubuntu:~# do-release-upgrade -c<br />
Checking for a new Ubuntu release<br />
There is no development version of an LTS available.<br />
To upgrade to the latest non-LTS development release <br />
set Prompt=normal in /etc/update-manager/release-upgrades.<br />
root@daqubuntu:~# <br />
</pre><br />
<br />
Run the upgrade:<br />
<br />
* do-release-upgrade -f DistUpgradeViewNonInteractive<br />
<br />
Post upgrade:<br />
<br />
* configure DNS<br />
* apt -y install linux-generic-hwe-22.04<br />
* /bin/cp -v ~/git/scripts/etc/99apt-conf-ko /etc/apt/apt.conf.d/ # restore nightly updates<br />
* /bin/rm /etc/apt/apt.conf.d/20apt-esm-hook.conf # remove the ubuntu-pro nag<br />
* install missing packages<br />
* restore ganglia<br />
* restore nis<br />
* check zpool status, may need zpool upgrade<br />
* reboot<br />
<br />
=== daq14, U-20-22-24 ===<br />
<br />
* apt update, apt upgrade<br />
* apt -y install linux-image-generic-hwe-20.04 linux-tools-virtual-hwe-20.04 ### install kernel 5.15<br />
* shutdown -r now<br />
* stuck waiting for daq14 to shutdown...<br />
* reboot into kernel 5.15<br />
* ???<br />
<pre><br />
cd ~/git/scripts<br />
git pull<br />
cd ~<br />
apt -y install debsums<br />
</pre><br />
* debsums -ce<br />
<pre><br />
/etc/apache2/ports.conf<br />
/etc/dnsmasq.conf<br />
/etc/ganglia/gmond.conf<br />
/etc/yp.conf<br />
/etc/sudoers<br />
</pre><br />
* apache2 restore original ports.conf, uncomment "Listen 80"<br />
* cp -pv /etc/dnsmasq.conf.dpkg-dist /etc/dnsmasq.conf<br />
* apt remove ganglia-monitor<br />
* edit /etc/yp.conf, remove everything after "# ypserver ypserver.network.com"<br />
* "debsums -ce" is now empty<br />
* do-release-upgrade -f DistUpgradeViewNonInteractive<br />
* runs for a long time<br />
* stuck on "/etc/default/nis", type "Y", press enter, nothing for a bit, then resumes running<br />
* finished<br />
* configure DNS<br />
* reboot<br />
* have kernel 6.8<br />
* apt update; apt upgrade<br />
* apt upgrade guile-2.2-libs ### would not auto-update, "kept back", has to be done by hand<br />
* apt autoremove<br />
* debsums -ce<br />
<pre><br />
debsums: missing file /etc/init.d/nis (from nis package)<br />
/etc/default/nis<br />
</pre><br />
* diff /etc/default/nis.dpkg-dist /etc/default/nis<br />
* cp -pv /etc/default/nis.dpkg-dist /etc/default/nis<br />
* debsums -ce<br />
<pre><br />
debsums: missing file /etc/init.d/nis (from nis package)<br />
</pre><br />
* we ignore this and run the update<br />
* do-release-upgrade -c<br />
<pre><br />
Checking for a new Ubuntu release<br />
New release '24.04.1 LTS' available.<br />
Run 'do-release-upgrade' to upgrade to it.<br />
</pre><br />
* do-release-upgrade -f DistUpgradeViewNonInteractive<br />
* bombs out without any error messages<br />
* in /var/log/dist-upgrade/main.log reports "Failed to find a replacement for xapp" and other packages<br />
* apt remove xapp usrmerge ureadahead thunderbird-gnome-support<br />
* no go, complains about even more packages.<br />
* apt list | grep installed | grep -v jammy ### show packages installed from non-ubuntu sources<br />
* remove all packages marked "install,local" ### ubuntu updater does not know where they came from and so cannot update them.<br />
* apt remove desktop-base ### not happy about this package in /var/log/dist-upgrade/apt.log<br />
* apt autoremove<br />
* do-release-upgrade -f DistUpgradeViewNonInteractive<br />
* running for a long time...<br />
<br />
=== alpha04 U-20-24 ===<br />
<br />
* apt update, apt upgrade, apt autoremove<br />
* reboot into latest kernel (already done)<br />
* debsums -ce<br />
<pre><br />
root@alpha04:~# debsums -ce<br />
/etc/dnsmasq.conf<br />
/etc/ganglia/gmond.conf<br />
/etc/default/nis<br />
/etc/yp.conf<br />
root@alpha04:~# <br />
</pre><br />
* move /etc/dnsmasq.conf to /etc/dnsmasq.d/alpha04.conf<br />
* apt remove dnsmasq<br />
* apt remove ganglia-monitor<br />
* apt remove nis<br />
* apt autoremove<br />
* debsums -ce ### is now empty<br />
* do-release-upgrade -f DistUpgradeViewNonInteractive<br />
* it runs for a long time...<br />
* complained about /etc/fwupd config files, not sure why...<br />
* finished<br />
* apt update, apt upgrade, apt autoremove<br />
* restore dnsmasq: apt install dnsmasq, systemctl status dnsmasq<br />
* restore ganglia, per instructions<br />
* restore NIS: apt -y install rpcbind nis, ypwhich, ypwhich -m<br />
* zpool upgrade rpool ### also upgrade any other zfs pools, see zpool status<br />
* remove unwanted packages, per instructions<br />
* run gonodeinfo<br />
* reboot<br />
* done<br />
<br />
== vera00 U20-22-24 ==<br />
<br />
* everything same as daq14 for U20-22<br />
* kernel is still 5.15<br />
* U22-24 is going...<br />
* stuck for a few minutes on /etc/fwupd config files<br />
* have kernel 6.8.0-49<br />
* same steps as daq14<br />
* reboot<br />
* same steps as daq14<br />
* done<br />
<br />
== phaarmonster U22-24 ==<br />
<br />
* debsums -ce<br />
<pre><br />
/etc/amandahosts<br />
/etc/apache2/ports.conf<br />
/etc/ganglia/gmond.conf<br />
</pre><br />
* do-release-upgrade -c ### reports U24.04.1<br />
* do-release-upgrade -f DistUpgradeViewNonInteractive ### bombs<br />
* apt remove desktop-base; apt autoremove<br />
* do-release-upgrade ### (interactive) runs ok<br />
* bombed !!!<br />
* apt upgrade spews errors and tells us to run "apt --fix-broken install"<br />
* apt --fix-broken install ### runs<br />
* bombs with thunderbird snap errors<br />
* again... no go<br />
* thunderbird snap complains about mounting /home, but /home is a symlink<br />
* rm /home, mkdir /home<br />
* again, runs ok<br />
* asks about /etc/fwupd/fwupd.conf - say "Y" to install updated package version<br />
* apt install completes<br />
* apt update; apt upgrade ### running for a long time...<br />
* finished<br />
* install missing packages, etc<br />
* reboot<br />
* long wait... came back<br />
* DNS does now work, systemd-resolved missing, apt install systemd-resolved, "configure DNS"<br />
* done.<br />
<br />
== isdaq10 U22-24 ==<br />
<br />
* do-release-upgrade -f DistUpgradeViewNonInteractive<br />
* bombed on desktop-base, "apt remove desktop-base; apt autoremove"<br />
* bombed with errors<br />
* running "apt --fix-broken install"<br />
* complained about thunderbird snap<br />
* complained about /etc/fwupd/fwupd.conf (say Y)<br />
* finished ok<br />
* apt update<br />
* apt upgrade ### reports "1382 upgraded, 140 newly installed, 0 to remove and 29 not upgraded"<br />
<br />
== iris01 ==<br />
<br />
* debsums -ce<br />
<pre><br />
/etc/ganglia/gmond.conf<br />
/etc/default/nis<br />
/etc/yp.conf<br />
</pre><br />
* apt remove desktop-base<br />
* apt remove thunderbird<br />
* apt autoremove<br />
* do-release-upgrade -f DistUpgradeViewNonInteractive<br />
* bombed with dpkg errors:<br />
<pre><br />
hplip wants wrong python<br />
ganglia-monitor wants wrong libapr1<br />
sssd-ad wants bunch of wrong libraries<br />
xemacs21-mule<br />
libnfsidmap1 wants libldap2<br />
adn so forth...<br />
</pre><br />
* apt --fix-broken install -y<br />
* bombs on ganglia - ganglia group absent from /etc/groups<br />
* fix group ganglia by hand, remove ganglia group from NIS on isdaq00<br />
* apt --fix-broken install<br />
* apt upgrade<br />
<br />
== iris00 ==<br />
<br />
* stuck on "autofs: restarting", login as root, kill iris midas, kill automount, systemctl restart autofs, noble got unstuck, ctrl-c systemctl restart autofs<br />
* noble running...<br />
* bombed with dpkg errors<br />
* check ganglia user, group - both ok<br />
* apt --fix-broken install<br />
* apt upgrade<br />
<br />
== tigstore01 ==<br />
<br />
* no bomb-out<br />
<br />
== midm9b ==<br />
<br />
* apt remove desktop-base thunderbird<br />
* bombed<br />
* apt --fix-broken-install<br />
* apt upgrade<br />
<br />
= Upgrade to new version of Debian =<br />
<br />
https://www.debian.org/releases/bookworm/amd64/release-notes/ch-upgrading.en.html<br />
<br />
== 32-bit VME processor Debian 11 to 12 ==<br />
<br />
* cd git/scripts; git pull; cd ~<br />
* apt update<br />
* apt upgrade<br />
* edit /etc/apt/sources.list<br />
<pre><br />
deb http://deb.debian.org/debian/ bookworm main<br />
#deb http://deb.debian.org/debian/ bullseye main<br />
#deb-src http://deb.debian.org/debian/ bullseye main<br />
</pre><br />
* apt update<br />
* apt upgrade --without-new-pkgs<br />
* apt full-upgrade<br />
* apt list '~c'; apt purge '~c' # purge left-over config files [residual-config]<br />
* reboot<br />
<br />
= Ubuntu package manager =<br />
<br />
* apt-get install xxx # install package xxx<br />
* apt-get update<br />
* apt-get upgrade<br />
* apt-get dist-upgrade<br />
* apt-get autoremove # remove automatically installed packages required by a removed package<br />
* apt-get remove xxx # remove package xxx<br />
* apt-cache search . # list all available packages<br />
* apt-cache show "." | grep ^Package # list al available packages<br />
* apt-cache madison root-system # show all available versions of package root-system<br />
* apt list # list all installed packages<br />
* dpkg --listfiles libpng16-16 # list all files from this package<br />
* apt list --installed # list all installed packages<br />
* dpkg -S /bin/bash # what package provides this file?<br />
* dpkg -L bash # what files provided by this package?<br />
* debsums -ce # show modified config files<br />
* apt-config dump # show apt configuration<br />
* apt purge '~c' # purge all [residual-config] packages<br />
<br />
= Ubuntu zsys =<br />
<br />
NOTE: DO NOT USE ZSYS, see https://github.com/ubuntu/zsys/issues/218 and https://github.com/ubuntu/zsys/issues/230<br />
<br />
* scripted removal of old snapshots (replace "echo zfs destroy" with "zfs destroy")<br />
<pre><br />
zfs list -t all | cut -f1 -d " " | grep autozsys | xargs -n1 echo zfs destroy<br />
</pre><br />
<br />
* manual removal of old snapshots<br />
<pre><br />
zsysctl show<br />
zsysctl state remove xy69ye -s<br />
zsysctl state remove xy69ye<br />
zsysctl state remove xy69ye -u wheel<br />
</pre><br />
* apt remove zsys<br />
<br />
NOTE: old zsys snapshots must be cleaned manually, "zsysctl state remove xxx --system" is broken and does not remove user data snapshots<br />
<br />
* manages system snapshots<br />
* documentation: https://github.com/ubuntu/zsys<br />
* documentation: (go to next article via link "newer" at the bottom) https://didrocks.fr/2020/05/21/zfs-focus-on-ubuntu-20.04-lts-whats-new/<br />
* ubuntu 20.04 bug, too many snapshots cause /boot to become full and updates fail. https://github.com/ubuntu/zsys/issues/155<br />
* solution: use custom /etc/zsys.conf, limit number of snapshots to 10, see trinatdaq:/etc/zsys.conf<br />
* zsys commands:<br />
<pre><br />
update-grub # list of all snapshots, errors if some snapshots are broken<br />
zsysctl state remove lnc0k7 --system # remove snapshot<br />
xemacs -nw /etc/zsys.conf; zsysctl service reload; zsysctl service gc # cause gc to run with new settings in zsys.conf<br />
zfs list -r -t snapshot -o name,used,referenced,creation bpool/BOOT # list snapshots<br />
zsysctl show # show snapshots<br />
</pre><br />
<br />
= Ubuntu cloning =<br />
<br />
to clone a ubuntu image:<br />
<br />
<pre><br />
cd /nfsroot/lxcpet<br />
emacs -nw etc/hostname ### change hostname<br />
emacs -nw etc/mailname ### change hostname (debian 11)<br />
emacs -nw etc/defaultdomain ### change the NIS domainname<br />
emacs -nw etc/yp.conf ### change the NIS server<br />
cp -pvf ../lxcpet-SL610/etc/ssh/*key* etc/ssh/ ### preserve the ssh keys<br />
emacs -nw opt/gonodeinfo/gonodeinfo.conf ### update information<br />
emacs -nw root/.ssh/authorized_keys ### update root ssh keys<br />
</pre><br />
<br />
= Ubuntu boot loader =<br />
<br />
== maintenance commands ==<br />
<br />
* update-initramfs -v -u<br />
* grub-install /dev/sda<br />
<br />
= Convert from single to dual mirrored ZFS SSD =<br />
<br />
Assuming Ubuntu LTS 22.04 with "instal on ZFS" option, we will<br />
add a second SSD, configure ZFS to use both SSDs in mirrored<br />
configuration and setup grub to boot from either SSD. This<br />
is intended to create a full redundant system where failure<br />
of either SSD does not break the system.<br />
<br />
* identify first SSD<br />
<pre><br />
root@midm9b:~# ./smart-status.perl <br />
Disk model serial temperature realloc pending uncorr CRC err RRER Errors Link<br />
/dev/sda WD Blue SA510 2.5 250GB 22243Z803769 24 . ? ? . ? . 6.0<br />
root@midm9b:~# <br />
</pre><br />
* connect second SSD of identical size<br />
<pre><br />
root@midm9b:~# ./smart-status.perl <br />
Disk model serial temperature realloc pending uncorr CRC err RRER Errors Link<br />
/dev/sda WD Blue SA510 2.5 250GB 22243Z803769 24 . ? ? . ? . 6.0<br />
/dev/sdb WD Blue SA510 2.5 250GB 22243Z803852 25 . ? ? . ? . 6.0<br />
root@midm9b:~# <br />
</pre><br />
* if second SSD is not autodetected, reboot<br />
* Clone partition table automatically<br />
If both SSDs are identical size, use this simpler method of duplicating the partition table:<br />
<pre><br />
root@midm9b:~# sfdisk -d /dev/sda > part_table<br />
root@midm9b:~# grep -v ^label-id part_table | sed -e 's/, *uuid=[0-9A-F-]*//' | sfdisk /dev/sdb<br />
</pre><br />
The grep and sed in the second command are there to prevent disk ID and partition IDs from being cloned. Alternatively the part_table file can be edited manually to remove the label-id line and the uuid entries from the individual partitions.<br />
<br />
* Clone partition table manually (e.g. for different size disks)<br />
* list partition table of first SSD:<br />
<pre><br />
root@midm9b:~# fdisk -l /dev/sda<br />
Disk /dev/sda: 232.89 GiB, 250059350016 bytes, 488397168 sectors<br />
Disk model: WD Blue SA510 2.<br />
Units: sectors of 1 * 512 = 512 bytes<br />
Sector size (logical/physical): 512 bytes / 512 bytes<br />
I/O size (minimum/optimal): 512 bytes / 512 bytes<br />
Disklabel type: gpt<br />
Disk identifier: 951A4174-B4C6-400D-99F5-BE9B5627FA8E<br />
<br />
Device Start End Sectors Size Type<br />
/dev/sda1 2048 1050623 1048576 512M EFI System<br />
/dev/sda2 1050624 5244927 4194304 2G Linux swap<br />
/dev/sda3 5244928 9439231 4194304 2G Solaris boot<br />
/dev/sda4 9439232 488397134 478957903 228.4G Solaris root<br />
root@midm9b:~# <br />
</pre><br />
* create identical partitions on second SSD, use sector numbers from above.<br />
<pre><br />
root@midm9b:~# gdisk /dev/sdb<br />
GPT fdisk (gdisk) version 1.0.8<br />
<br />
Partition table scan:<br />
MBR: not present<br />
BSD: not present<br />
APM: not present<br />
GPT: not present<br />
<br />
Creating new GPT entries in memory.<br />
<br />
Command (? for help): n<br />
Partition number (1-128, default 1): <br />
First sector (34-488397134, default = 2048) or {+-}size{KMGTP}: <br />
Last sector (2048-488397134, default = 488397134) or {+-}size{KMGTP}: 1050623<br />
Current type is 8300 (Linux filesystem)<br />
Hex code or GUID (L to show codes, Enter = 8300): ef00<br />
Changed type of partition to 'EFI system partition'<br />
<br />
Command (? for help): n<br />
Partition number (2-128, default 2): <br />
First sector (34-488397134, default = 1050624) or {+-}size{KMGTP}: <br />
Last sector (1050624-488397134, default = 488397134) or {+-}size{KMGTP}: 5244927<br />
Current type is 8300 (Linux filesystem)<br />
Hex code or GUID (L to show codes, Enter = 8300): 8200<br />
Changed type of partition to 'Linux swap'<br />
<br />
Command (? for help): n<br />
Partition number (3-128, default 3): <br />
First sector (34-488397134, default = 5244928) or {+-}size{KMGTP}: <br />
Last sector (5244928-488397134, default = 488397134) or {+-}size{KMGTP}: 9439231<br />
Current type is 8300 (Linux filesystem)<br />
Hex code or GUID (L to show codes, Enter = 8300): be00<br />
Changed type of partition to 'Solaris boot'<br />
<br />
Command (? for help): n<br />
Partition number (4-128, default 4): <br />
First sector (34-488397134, default = 9439232) or {+-}size{KMGTP}: <br />
Last sector (9439232-488397134, default = 488397134) or {+-}size{KMGTP}: <br />
Current type is 8300 (Linux filesystem)<br />
Hex code or GUID (L to show codes, Enter = 8300): bf00<br />
Changed type of partition to 'Solaris root'<br />
<br />
Command (? for help): w<br />
<br />
Final checks complete. About to write GPT data. THIS WILL OVERWRITE EXISTING<br />
PARTITIONS!!<br />
<br />
Do you want to proceed? (Y/N): y<br />
OK; writing new GUID partition table (GPT) to /dev/sdb.<br />
The operation has completed successfully.<br />
root@midm9b:~# fdisk -l /dev/sda /dev/sdb<br />
Disk /dev/sda: 232.89 GiB, 250059350016 bytes, 488397168 sectors<br />
Disk model: WD Blue SA510 2.<br />
Units: sectors of 1 * 512 = 512 bytes<br />
Sector size (logical/physical): 512 bytes / 512 bytes<br />
I/O size (minimum/optimal): 512 bytes / 512 bytes<br />
Disklabel type: gpt<br />
Disk identifier: 951A4174-B4C6-400D-99F5-BE9B5627FA8E<br />
<br />
Device Start End Sectors Size Type<br />
/dev/sda1 2048 1050623 1048576 512M EFI System<br />
/dev/sda2 1050624 5244927 4194304 2G Linux swap<br />
/dev/sda3 5244928 9439231 4194304 2G Solaris boot<br />
/dev/sda4 9439232 488397134 478957903 228.4G Solaris root<br />
<br />
<br />
Disk /dev/sdb: 232.89 GiB, 250059350016 bytes, 488397168 sectors<br />
Disk model: WD Blue SA510 2.<br />
Units: sectors of 1 * 512 = 512 bytes<br />
Sector size (logical/physical): 512 bytes / 512 bytes<br />
I/O size (minimum/optimal): 512 bytes / 512 bytes<br />
Disklabel type: gpt<br />
Disk identifier: EB251739-30C6-422F-A505-5887B5A0B603<br />
<br />
Device Start End Sectors Size Type<br />
/dev/sdb1 2048 1050623 1048576 512M EFI System<br />
/dev/sdb2 1050624 5244927 4194304 2G Linux swap<br />
/dev/sdb3 5244928 9439231 4194304 2G Solaris boot<br />
/dev/sdb4 9439232 488397134 478957903 228.4G Solaris root<br />
root@midm9b:~# <br />
</pre><br />
* identify second SSD partitions<br />
<pre><br />
root@midm9b:~# ls -l /dev/disk/by-id/ata*part3<br />
lrwxrwxrwx 1 root root 10 Jan 20 18:37 /dev/disk/by-id/ata-WD_Blue_SA510_2.5_250GB_22243Z803769-part3 -> ../../sda3<br />
lrwxrwxrwx 1 root root 10 Jan 20 19:34 /dev/disk/by-id/ata-WD_Blue_SA510_2.5_250GB_22243Z803852-part3 -> ../../sdb3<br />
root@midm9b:~# ls -l /dev/disk/by-id/ata*part4<br />
lrwxrwxrwx 1 root root 10 Jan 20 18:37 /dev/disk/by-id/ata-WD_Blue_SA510_2.5_250GB_22243Z803769-part4 -> ../../sda4<br />
lrwxrwxrwx 1 root root 10 Jan 20 19:34 /dev/disk/by-id/ata-WD_Blue_SA510_2.5_250GB_22243Z803852-part4 -> ../../sdb4<br />
</pre><br />
* convert bpool from single disk to mirrored disk:<br />
<pre><br />
root@midm9b:~# zpool status<br />
pool: bpool<br />
state: ONLINE<br />
config:<br />
<br />
NAME STATE READ WRITE CKSUM<br />
bpool ONLINE 0 0 0<br />
99e03dc0-7d4d-f24b-8fa1-f042b9f135db ONLINE 0 0 0<br />
<br />
errors: No known data errors<br />
<br />
pool: rpool<br />
state: ONLINE<br />
config:<br />
<br />
NAME STATE READ WRITE CKSUM<br />
rpool ONLINE 0 0 0<br />
f6fd54f8-3af7-b943-ae3d-a4e480537fb9 ONLINE 0 0 0<br />
<br />
errors: No known data errors<br />
root@midm9b:~# zpool attach bpool 99e03dc0-7d4d-f24b-8fa1-f042b9f135db /dev/disk/by-id/ata-WD_Blue_SA510_2.5_250GB_22243Z803852-part3<br />
root@midm9b:~# zpool status bpool<br />
pool: bpool<br />
state: ONLINE<br />
scan: resilvered 247M in 00:00:00 with 0 errors on Fri Jan 20 19:39:40 2023<br />
config:<br />
<br />
NAME STATE READ WRITE CKSUM<br />
bpool ONLINE 0 0 0<br />
mirror-0 ONLINE 0 0 0<br />
99e03dc0-7d4d-f24b-8fa1-f042b9f135db ONLINE 0 0 0<br />
ata-WD_Blue_SA510_2.5_250GB_22243Z803852-part3 ONLINE 0 0 0<br />
<br />
errors: No known data errors<br />
</pre><br />
* convert rpool<br />
<pre><br />
root@midm9b:~# ls -l /dev/disk/by-id/ata*part4<br />
lrwxrwxrwx 1 root root 10 Jan 20 18:37 /dev/disk/by-id/ata-WD_Blue_SA510_2.5_250GB_22243Z803769-part4 -> ../../sda4<br />
lrwxrwxrwx 1 root root 10 Jan 20 19:34 /dev/disk/by-id/ata-WD_Blue_SA510_2.5_250GB_22243Z803852-part4 -> ../../sdb4<br />
root@midm9b:~# zpool attach rpool f6fd54f8-3af7-b943-ae3d-a4e480537fb9 /dev/disk/by-id/ata-WD_Blue_SA510_2.5_250GB_22243Z803852-part4<br />
root@midm9b:~# zpool status rpool<br />
pool: rpool<br />
state: ONLINE<br />
status: One or more devices is currently being resilvered. The pool will<br />
continue to function, possibly in a degraded state.<br />
action: Wait for the resilver to complete.<br />
scan: resilver in progress since Fri Jan 20 19:40:45 2023<br />
5.83G scanned at 664M/s, 2.92M issued at 332K/s, 9.11G total<br />
0B resilvered, 0.03% done, no estimated completion time<br />
config:<br />
<br />
NAME STATE READ WRITE CKSUM<br />
rpool ONLINE 0 0 0<br />
mirror-0 ONLINE 0 0 0<br />
f6fd54f8-3af7-b943-ae3d-a4e480537fb9 ONLINE 0 0 0<br />
ata-WD_Blue_SA510_2.5_250GB_22243Z803852-part4 ONLINE 0 0 0<br />
<br />
errors: No known data errors<br />
root@midm9b:~# <br />
</pre><br />
* wait for resilver to complete<br />
<pre><br />
root@midm9b:~# zpool status<br />
pool: bpool<br />
state: ONLINE<br />
scan: resilvered 247M in 00:00:00 with 0 errors on Fri Jan 20 19:39:40 2023<br />
config:<br />
<br />
NAME STATE READ WRITE CKSUM<br />
bpool ONLINE 0 0 0<br />
mirror-0 ONLINE 0 0 0<br />
99e03dc0-7d4d-f24b-8fa1-f042b9f135db ONLINE 0 0 0<br />
ata-WD_Blue_SA510_2.5_250GB_22243Z803852-part3 ONLINE 0 0 0<br />
<br />
errors: No known data errors<br />
<br />
pool: rpool<br />
state: ONLINE<br />
scan: resilvered 9.65G in 00:00:36 with 0 errors on Fri Jan 20 19:41:21 2023<br />
config:<br />
<br />
NAME STATE READ WRITE CKSUM<br />
rpool ONLINE 0 0 0<br />
mirror-0 ONLINE 0 0 0<br />
f6fd54f8-3af7-b943-ae3d-a4e480537fb9 ONLINE 0 0 0<br />
ata-WD_Blue_SA510_2.5_250GB_22243Z803852-part4 ONLINE 0 0 0<br />
<br />
errors: No known data errors<br />
</pre><br />
* enable booting from second SSD: (instead of /dev/sda1, /dev/sdb1, use UUID=xxx)<br />
<pre><br />
root@midm9b:~# mkfs.msdos /dev/sdb1<br />
root@midm9b:~# mkdir /boot/efi-sda<br />
root@midm9b:~# mkdir /boot/efi-sdb<br />
root@midm20c:~# blkid | grep vfat ### identify UUID<br />
/dev/sdb1: UUID="DD89-5081" BLOCK_SIZE="512" TYPE="vfat" PARTLABEL="EFI System Partition" PARTUUID="d0cb6be4-2f67-5b42-9b26-9e6905e9f774"<br />
/dev/sdc1: UUID="D970-86BA" BLOCK_SIZE="512" TYPE="vfat" PARTLABEL="EFI System Partition" PARTUUID="e6d3b5b9-a512-44a2-9205-1a4db06ed2a2"<br />
/dev/sda1: UUID="DDA1-044C" BLOCK_SIZE="512" TYPE="vfat" PARTLABEL="EFI System Partition" PARTUUID="6dc9dff0-1c13-8045-a906-7803d3074c70"<br />
root@midm20c:~# cat /etc/fstab | grep vfat ### add mount points with correct UUID<br />
#UUID=D970-86BA /boot/efi vfat umask=0022,fmask=0022,dmask=0022 0 1<br />
UUID=DDA1-044C /boot/efi-sda vfat umask=0022,fmask=0022,dmask=0022 0 1<br />
UUID=DD89-5081 /boot/efi-sdb vfat umask=0022,fmask=0022,dmask=0022 0 1<br />
root@midm9b:~# mount -a<br />
root@midm9b:~# df -kl<br />
Filesystem 1K-blocks Used Available Use% Mounted on<br />
...<br />
/dev/sda1 523244 13720 509524 3% /boot/efi<br />
/dev/sdb1 523244 4 523240 1% /boot/efi-sdb<br />
...<br />
root@midm9b:~# rsync -av /boot/efi/ /boot/efi-sdb/<br />
sending incremental file list<br />
EFI/<br />
...<br />
root@midm9b:~# ls -l /boot/efi-sda<br />
total 8<br />
drwxr-xr-x 4 root root 4096 Jan 19 23:26 EFI<br />
drwxr-xr-x 5 root root 4096 Jan 19 23:26 grub<br />
root@midm9b:~# ls -l /boot/efi-sdb<br />
total 8<br />
drwxr-xr-x 4 root root 4096 Jan 19 23:26 EFI<br />
drwxr-xr-x 5 root root 4096 Jan 19 23:26 grub<br />
root@midm9b:~# <br />
</pre><br />
* setup script to update grub on second SSD, it must be run manually after every kernel update<br />
<pre><br />
root@midm9b:~# ln -s ~/git/scripts/etc/update_efi_grub.perl ~/<br />
root@midm9b:~# ~/update_efi_grub.perl -u<br />
EFI dir: /boot/efi-sda<br />
/boot/efi-sda: update grub: rsync -av --delete-after --modify-window=2 /boot/efi/grub/ /boot/efi-sda/grub<br />
building file list ... done<br />
<br />
sent 5,313 bytes received 11 bytes 10,648.00 bytes/sec<br />
total size is 7,944,644 speedup is 1,492.23<br />
/boot/efi-sda: update efi: rsync -av --delete-after --modify-window=2 /boot/efi/EFI/ /boot/efi-sda/EFI<br />
building file list ... done<br />
<br />
sent 216 bytes received 11 bytes 454.00 bytes/sec<br />
total size is 5,452,378 speedup is 24,019.29<br />
EFI dir: /boot/efi-sdb<br />
/boot/efi-sdb: update grub: rsync -av --delete-after --modify-window=2 /boot/efi/grub/ /boot/efi-sdb/grub<br />
building file list ... done<br />
<br />
sent 5,313 bytes received 11 bytes 10,648.00 bytes/sec<br />
total size is 7,944,644 speedup is 1,492.23<br />
/boot/efi-sdb: update efi: rsync -av --delete-after --modify-window=2 /boot/efi/EFI/ /boot/efi-sdb/EFI<br />
building file list ... done<br />
<br />
sent 216 bytes received 11 bytes 454.00 bytes/sec<br />
total size is 5,452,378 speedup is 24,019.29<br />
root@midm9b:~# <br />
</pre><br />
<br />
= Disable NetworkManager =<br />
<br />
== Debian-12 ==<br />
<br />
* use netplan, https://www.debian.org/doc/manuals/debian-reference/ch05.en.html#_the_modern_network_configuration_for_cloud<br />
* apt install netplan.io<br />
* systemctl enable systemd-networkd<br />
* systemctl restart systemd-networkd<br />
* create /etc/netplan/50-dhcp.yaml<br />
<pre><br />
network:<br />
version: 2<br />
ethernets:<br />
all-en:<br />
match:<br />
name: "en*"<br />
dhcp4: true<br />
dhcp6: true<br />
ignore-carrier: true ### do not drop IP address if network link drops<br />
</pre><br />
* netplan apply<br />
* netplan try<br />
* ifconfig -a ### to check IP address settings<br />
* netstat -rn ### to check default route<br />
* cat /etc/resolv.conf ### to check DNS<br />
* ls -l /run/systemd/netif/leases ### systemd-networkd dhcp leases<br />
* NOTE: without "ignore-carrier" it will drop the IP address if network link drops, re-do dhcp when links comes back<br />
* NOTE: wait-network-online will wait for all interfaces to get an IP address<br />
<br />
== Ubuntu-20 ==<br />
<br />
NOTE: THIS IS BROKEN IN UBUNTU LTS 22.04<br />
<br />
NetworkManager is useful for configuring dynamic<br />
network interfaces, i.e. laptops that often move<br />
between networks, or connect to multiple choice<br />
of wifi networks, etc.<br />
<br />
For machines with statically configured network interfaces,<br />
NetworkManager is not necessary.<br />
<br />
As it has been observed to become confused and observed<br />
to malfunction when network links go up and down (it keeps<br />
unnecessarily reconfiguring the ip address, etc), it can<br />
be usefuil to disable it.<br />
<br />
* list all network interfaces<br />
<pre><br />
# /bin/ls -1 /sys/class/net/<br />
enp0s31f6<br />
lo<br />
</pre><br />
* edit /etc/network/interfaces:<br />
<pre><br />
rename enp0s31f6=eth0<br />
auto eth0<br />
iface eth0 inet static<br />
address 142.90.120.94/19<br />
gateway 142.90.100.18<br />
</pre><br />
* statically configure systemd-resolved<br />
** create /etc/systemd/resolved.conf.d/resolved.conf with this contents:<br />
<pre><br />
[Resolve]<br />
DNS=142.90.100.19<br />
Domains=triumf.ca<br />
</pre><br />
** systemctl restart systemd-resolved<br />
** resolvectl<br />
** systemd-analyze cat-config systemd/resolved.conf<br />
* disable NetworkManager<br />
<pre><br />
systemctl disable NetworkManager<br />
</pre><br />
* reboot<br />
<br />
== U-22, U-24 ifup-ko ==<br />
<br />
Network configuration of modern linux is confused. There are at least 3 configuration methods, each with different shortcomings:<br />
* the old ifup method is barely documented<br />
* NetworkManager is well documented and tooled, but sometimes does strange things<br />
* systemd-networkd is mysterious, and likely to do strange stuff, like all systemd stuff<br />
* netplan is the latest method, configuration is simple but uses NetworkManager or systemd-networkd as backend.<br />
<br />
This is a solution for a specific situation of fixed computer with one fixed wired interface and maybe one or more additional interfaces for fixed wired private networks.<br />
<br />
Install /etc/ifup-ko, edit it with IP addresses of main and additional interfaces, let systemd run it in the right place in the boot sequence replacing NetworkManager and NetworkManager-wait-online .<br />
<br />
As bonus, /etc/ifup-ko waits up to 10 seconds for the main interface link to come up. If this is not needed, comment it out from the script.<br />
<br />
* prepare<br />
<pre><br />
cd ~/git/scripts<br />
git pull<br />
cd ifup-ko<br />
make install<br />
</pre><br />
* confirm interface names<br />
<pre><br />
systemctl start ifup-ko ### should finish immediately or after 10 seconds<br />
systemctl status ifup-ko -n 1000 ### observe list of interfaces is correct, name of main interface is correct<br />
</pre><br />
* edit /etc/ifup-ko<br />
** add host IP address to the "ifconfig" line<br />
** add gateway IP address to the "ip route add" line<br />
* test<br />
<pre><br />
systemctl start ifup-ko ### should finish immediately<br />
systemctl status ifup-ko -n 1000 ### observe everything is configured as expected<br />
</pre><br />
* cut-over<br />
<pre><br />
systemctl disable networkd-dispatcher<br />
systemctl disable NetworkManager<br />
systemctl disable wpa_supplicant # if no Wifi or Wifi not in use<br />
</pre><br />
* reboot<br />
<br />
= Configure ECC memory =<br />
<br />
== Configure EDAC ==<br />
<br />
* apt install edac-utils rasdaemon<br />
<br />
=== Intel i3-2120 ===<br />
<pre><br />
root@musr00:~# edac-ctl --mainboard<br />
edac-ctl: mainboard: Supermicro X9SCL/X9SCM<br />
root@musr00:~# edac-ctl --status<br />
edac-ctl: drivers not loaded.<br />
</pre><br />
<br />
=== Intel E-2236 ===<br />
<pre><br />
root@daq00:~# edac-ctl --mainboard<br />
edac-ctl: mainboard: Supermicro X11SCM-F<br />
root@daq00:~# edac-ctl --status<br />
edac-ctl: drivers are loaded.<br />
root@daq00:~# edac-util <br />
edac-util: No errors to report.<br />
root@daq00:~# edac-util -s<br />
edac-util: EDAC drivers are loaded. 1 MC detected<br />
</pre><br />
* check edac sysfs files (Intel)<br />
<pre><br />
root@daq00:~# ls -l /sys/devices/system/edac/mc/mc0<br />
total 0<br />
-r--r--r-- 1 root root 4096 Jan 25 15:10 ce_count<br />
-r--r--r-- 1 root root 4096 Jan 25 15:10 ce_noinfo_count<br />
-r--r--r-- 1 root root 4096 Jan 25 15:10 max_location<br />
-r--r--r-- 1 root root 4096 Jan 25 15:10 mc_name<br />
drwxr-xr-x 2 root root 0 Jan 25 15:10 power<br />
drwxr-xr-x 3 root root 0 Jan 25 15:10 rank0<br />
drwxr-xr-x 3 root root 0 Jan 25 15:10 rank1<br />
drwxr-xr-x 3 root root 0 Jan 25 15:10 rank2<br />
drwxr-xr-x 3 root root 0 Jan 25 15:10 rank3<br />
drwxr-xr-x 3 root root 0 Jan 25 15:10 rank4<br />
drwxr-xr-x 3 root root 0 Jan 25 15:10 rank5<br />
drwxr-xr-x 3 root root 0 Jan 25 15:10 rank6<br />
drwxr-xr-x 3 root root 0 Jan 25 15:10 rank7<br />
--w------- 1 root root 4096 Jan 25 15:10 reset_counters<br />
-r--r--r-- 1 root root 4096 Jan 25 15:10 seconds_since_reset<br />
-r--r--r-- 1 root root 4096 Jan 25 15:10 size_mb<br />
-r--r--r-- 1 root root 4096 Jan 25 15:10 ue_count<br />
-r--r--r-- 1 root root 4096 Jan 25 15:10 ue_noinfo_count<br />
-rw-r--r-- 1 root root 4096 Jan 25 15:10 uevent<br />
root@daq00:~# <br />
</pre><br />
<br />
=== Intel E3-1270 v6 ===<br />
<pre><br />
root@wheel-SYS-5019S-M:~/git/scripts# edac-ctl --mainboard<br />
edac-ctl: mainboard: Supermicro X11SSH-F<br />
root@wheel-SYS-5019S-M:~/git/scripts# edac-ctl --status<br />
edac-ctl: drivers are loaded.<br />
root@grsnis01:~# edac-util<br />
edac-util: No errors to report.<br />
root@grsnis01:~# edac-util -s<br />
edac-util: EDAC drivers are loaded. 1 MC detected<br />
root@grsnis01:~# ls -l /sys/devices/system/edac/mc/mc0<br />
total 0<br />
-r--r--r-- 1 root root 4096 Feb 19 12:35 ce_count<br />
-r--r--r-- 1 root root 4096 Feb 19 12:35 ce_noinfo_count<br />
-r--r--r-- 1 root root 4096 Feb 19 12:35 max_location<br />
-r--r--r-- 1 root root 4096 Feb 19 12:35 mc_name<br />
drwxr-xr-x 2 root root 0 Feb 19 12:35 power<br />
drwxr-xr-x 3 root root 0 Feb 19 12:35 rank0<br />
drwxr-xr-x 3 root root 0 Feb 19 12:35 rank1<br />
drwxr-xr-x 3 root root 0 Feb 19 12:35 rank2<br />
drwxr-xr-x 3 root root 0 Feb 19 12:35 rank3<br />
drwxr-xr-x 3 root root 0 Feb 19 12:35 rank4<br />
drwxr-xr-x 3 root root 0 Feb 19 12:35 rank5<br />
drwxr-xr-x 3 root root 0 Feb 19 12:35 rank6<br />
drwxr-xr-x 3 root root 0 Feb 19 12:35 rank7<br />
--w------- 1 root root 4096 Feb 19 12:35 reset_counters<br />
-r--r--r-- 1 root root 4096 Feb 19 12:35 seconds_since_reset<br />
-r--r--r-- 1 root root 4096 Feb 19 12:35 size_mb<br />
-r--r--r-- 1 root root 4096 Feb 19 12:35 ue_count<br />
-r--r--r-- 1 root root 4096 Feb 19 12:35 ue_noinfo_count<br />
-rw-r--r-- 1 root root 4096 Feb 19 12:35 uevent<br />
root@grsnis01:~# <br />
</pre><br />
<br />
=== Intel E3-1245 v6 ===<br />
<br />
<pre><br />
[root@alphagdaq ~]# edac-ctl --mainboard<br />
edac-ctl: mainboard: Supermicro X11SSH-F<br />
[root@alphagdaq ~]# edac-ctl --mainboard<br />
edac-ctl: mainboard: Supermicro X11SSH-F<br />
[root@alphagdaq ~]# edac-ctl --status<br />
edac-ctl: drivers are loaded.<br />
[root@alphagdaq ~]# edac-util<br />
edac-util: No errors to report.<br />
[root@alphagdaq ~]# edac-util -s<br />
edac-util: EDAC drivers are loaded. 1 MC detected<br />
[root@alphagdaq ~]# ras-mc-ctl --layout<br />
+-----------------------------------------------+<br />
| mc0 |<br />
| csrow0 | csrow1 | csrow2 | csrow3 |<br />
----------+-----------------------------------------------+<br />
channel1: | 8192 MB | 8192 MB | 8192 MB | 8192 MB |<br />
channel0: | 8192 MB | 8192 MB | 8192 MB | 8192 MB |<br />
----------+-----------------------------------------------+<br />
[root@alphagdaq ~]# ras-mc-ctl --error-count<br />
Label CE UE<br />
mc#0csrow#3channel#0 0 0<br />
mc#0csrow#2channel#1 0 0<br />
mc#0csrow#3channel#1 0 0<br />
mc#0csrow#0channel#0 0 0<br />
mc#0csrow#1channel#1 0 0<br />
mc#0csrow#0channel#1 0 0<br />
mc#0csrow#1channel#0 0 0<br />
mc#0csrow#2channel#0 0 0<br />
[root@alphagdaq ~]# ras-mc-ctl --mainboard<br />
ras-mc-ctl: mainboard: Supermicro model X11SSH-F<br />
[root@alphagdaq ~]# ras-mc-ctl --summary<br />
DBD::SQLite::db prepare failed: no such table: mc_event at /usr/sbin/ras-mc-ctl line 1129.<br />
Can't call method "execute" on an undefined value at /usr/sbin/ras-mc-ctl line 1130.<br />
[root@alphagdaq ~]# <br />
</pre><br />
<br />
=== AMD 3700X ===<br />
<br />
(memory is non-ECC)<br />
<br />
<pre><br />
root@daq13:~# edac-ctl --mainboard<br />
edac-ctl: mainboard: ASUSTeK COMPUTER INC. ROG STRIX B550-E GAMING<br />
root@daq13:~# <br />
root@daq13:~# <br />
root@daq13:~# edac-ctl --status<br />
edac-ctl: drivers not loaded.<br />
root@daq13:~# edac-util <br />
edac-util: Error: No memory controller data found.<br />
root@daq13:~# edac-util -s<br />
edac-util: EDAC drivers loaded. No memory controllers found<br />
root@daq13:~# ls -l /sys/devices/system/edac/mc<br />
total 0<br />
drwxr-xr-x 2 root root 0 Jan 25 15:26 power<br />
lrwxrwxrwx 1 root root 0 Jan 21 16:16 subsystem -> ../../../../bus/edac<br />
-rw-r--r-- 1 root root 4096 Jan 21 16:16 uevent<br />
</pre><br />
<br />
(memory is ECC)<br />
<br />
<pre><br />
root@trinatdaq:~# edac-ctl --mainboard<br />
edac-ctl: mainboard: ASUSTeK COMPUTER INC. ROG STRIX B550-E GAMING<br />
root@trinatdaq:~# edac-ctl --status<br />
edac-ctl: drivers are loaded.<br />
root@trinatdaq:~# edac-util <br />
edac-util: No errors to report.<br />
root@trinatdaq:~# edac-util -s<br />
edac-util: EDAC drivers are loaded. 1 MC detected<br />
root@trinatdaq:~# ls -l /sys/devices/system/edac/mc<br />
total 0<br />
drwxr-xr-x 7 root root 0 Dec 15 13:04 mc0<br />
drwxr-xr-x 2 root root 0 Dec 15 13:04 power<br />
lrwxrwxrwx 1 root root 0 Dec 13 18:31 subsystem -> ../../../../bus/edac<br />
-rw-r--r-- 1 root root 4096 Dec 13 18:31 uevent<br />
root@trinatdaq:~# ls -l /sys/devices/system/edac/mc/mc0<br />
total 0<br />
-r--r--r-- 1 root root 4096 Dec 15 13:04 ce_count<br />
-r--r--r-- 1 root root 4096 Dec 15 13:04 ce_noinfo_count<br />
-r--r--r-- 1 root root 4096 Dec 15 13:04 max_location<br />
-r--r--r-- 1 root root 4096 Dec 15 13:04 mc_name<br />
drwxr-xr-x 2 root root 0 Dec 15 13:04 power<br />
drwxr-xr-x 3 root root 0 Dec 15 13:04 rank4<br />
drwxr-xr-x 3 root root 0 Dec 15 13:04 rank5<br />
drwxr-xr-x 3 root root 0 Dec 15 13:04 rank6<br />
drwxr-xr-x 3 root root 0 Dec 15 13:04 rank7<br />
--w------- 1 root root 4096 Dec 15 13:04 reset_counters<br />
-rw-r--r-- 1 root root 4096 Dec 15 13:04 sdram_scrub_rate<br />
-r--r--r-- 1 root root 4096 Dec 15 13:04 seconds_since_reset<br />
-r--r--r-- 1 root root 4096 Dec 15 13:04 size_mb<br />
-r--r--r-- 1 root root 4096 Dec 15 13:04 ue_count<br />
-r--r--r-- 1 root root 4096 Dec 15 13:04 ue_noinfo_count<br />
-rw-r--r-- 1 root root 4096 Dec 15 13:04 uevent<br />
root@trinatdaq:~# <br />
</pre><br />
<br />
=== AMD 5000G ===<br />
<br />
* no linux driver for AMD 5000-series "G" CPU<br />
* no mention of ECC in the BIOS settings<br />
* unclear status of ECC support in AMD documentation (sais only "pro" "G" CPUs have ECC)<br />
* unclear status of ECC support in ASUS documentation (web page out of date)<br />
<br />
=== AMD 5600X ===<br />
<br />
<pre><br />
root@daq17:~# edac-ctl --mainboard<br />
edac-ctl: mainboard: ASUSTeK COMPUTER INC. ROG STRIX B550-XE GAMING WIFI<br />
root@daq17:~# edac-ctl --status<br />
edac-ctl: drivers are loaded.<br />
root@daq17:~# edac-util<br />
edac-util: No errors to report.<br />
root@daq17:~# edac-util -s<br />
edac-util: EDAC drivers are loaded. 1 MC detected<br />
root@daq17:~# ls -l /sys/devices/system/edac/mc<br />
total 0<br />
drwxr-xr-x 7 root root 0 Aug 19 19:27 mc0<br />
drwxr-xr-x 2 root root 0 Aug 19 19:27 power<br />
lrwxrwxrwx 1 root root 0 May 10 10:11 subsystem -> ../../../../bus/edac<br />
-rw-r--r-- 1 root root 4096 May 10 10:11 uevent<br />
root@daq17:~# ls -l /sys/devices/system/edac/mc/mc0<br />
total 0<br />
-r--r--r-- 1 root root 4096 Aug 19 19:27 ce_count<br />
-r--r--r-- 1 root root 4096 Aug 19 19:27 ce_noinfo_count<br />
-r--r--r-- 1 root root 4096 Aug 19 19:27 max_location<br />
-r--r--r-- 1 root root 4096 Aug 19 19:27 mc_name<br />
drwxr-xr-x 2 root root 0 Aug 19 19:27 power<br />
drwxr-xr-x 3 root root 0 Aug 19 19:27 rank4<br />
drwxr-xr-x 3 root root 0 Aug 19 19:27 rank5<br />
drwxr-xr-x 3 root root 0 Aug 19 19:27 rank6<br />
drwxr-xr-x 3 root root 0 Aug 19 19:27 rank7<br />
--w------- 1 root root 4096 Aug 19 19:27 reset_counters<br />
-rw-r--r-- 1 root root 4096 Aug 19 19:27 sdram_scrub_rate<br />
-r--r--r-- 1 root root 4096 Aug 19 19:27 seconds_since_reset<br />
-r--r--r-- 1 root root 4096 Aug 19 19:27 size_mb<br />
-r--r--r-- 1 root root 4096 Aug 19 19:27 ue_count<br />
-r--r--r-- 1 root root 4096 Aug 19 19:27 ue_noinfo_count<br />
-rw-r--r-- 1 root root 4096 Aug 19 19:27 uevent<br />
root@daq17:~# <br />
</pre><br />
<br />
=== AMD 3955WX ===<br />
<br />
<pre><br />
root@alphasuperdaq:~/git/scripts/quotareport# edac-ctl --mainboard<br />
edac-ctl: mainboard: ASUSTeK COMPUTER INC. Pro WS WRX80E-SAGE SE WIFI<br />
root@alphasuperdaq:~/git/scripts/quotareport# edac-ctl --status<br />
edac-ctl: drivers are loaded.<br />
root@alphasuperdaq:~/git/scripts/quotareport# edac-util <br />
edac-util: No errors to report.<br />
root@alphasuperdaq:~/git/scripts/quotareport# edac-util -s<br />
edac-util: EDAC drivers are loaded. 1 MC detected<br />
root@alphasuperdaq:~/git/scripts/quotareport# ls -l /sys/devices/system/edac/mc<br />
total 0<br />
drwxr-xr-x 19 root root 0 Dez 12 04:48 mc0<br />
drwxr-xr-x 2 root root 0 Dez 12 04:48 power<br />
lrwxrwxrwx 1 root root 0 Dez 9 05:31 subsystem -> ../../../../bus/edac<br />
-rw-r--r-- 1 root root 4096 Dez 9 05:31 uevent<br />
root@alphasuperdaq:~/git/scripts/quotareport# <br />
root@alphasuperdaq:~# ls -l /sys/devices/system/edac/mc/mc0<br />
total 0<br />
-r--r--r-- 1 root root 4096 Feb 28 22:19 ce_count<br />
-r--r--r-- 1 root root 4096 Feb 28 22:19 ce_noinfo_count<br />
-r--r--r-- 1 root root 4096 Feb 28 22:19 max_location<br />
-r--r--r-- 1 root root 4096 Feb 28 22:19 mc_name<br />
drwxr-xr-x 2 root root 0 Dez 12 04:48 power<br />
drwxr-xr-x 3 root root 0 Dez 12 04:48 rank0<br />
drwxr-xr-x 3 root root 0 Dez 12 04:48 rank1<br />
drwxr-xr-x 3 root root 0 Dez 12 04:48 rank10<br />
drwxr-xr-x 3 root root 0 Dez 12 04:48 rank11<br />
drwxr-xr-x 3 root root 0 Dez 12 04:48 rank12<br />
drwxr-xr-x 3 root root 0 Dez 12 04:48 rank13<br />
drwxr-xr-x 3 root root 0 Dez 12 04:48 rank14<br />
drwxr-xr-x 3 root root 0 Dez 12 04:48 rank15<br />
drwxr-xr-x 3 root root 0 Dez 12 04:48 rank2<br />
drwxr-xr-x 3 root root 0 Dez 12 04:48 rank3<br />
drwxr-xr-x 3 root root 0 Dez 12 04:48 rank4<br />
drwxr-xr-x 3 root root 0 Dez 12 04:48 rank5<br />
drwxr-xr-x 3 root root 0 Dez 12 04:48 rank6<br />
drwxr-xr-x 3 root root 0 Dez 12 04:48 rank7<br />
drwxr-xr-x 3 root root 0 Dez 12 04:48 rank8<br />
drwxr-xr-x 3 root root 0 Dez 12 04:48 rank9<br />
--w------- 1 root root 4096 Feb 28 22:19 reset_counters<br />
-rw-r--r-- 1 root root 4096 Feb 28 22:19 sdram_scrub_rate<br />
-r--r--r-- 1 root root 4096 Feb 28 22:19 seconds_since_reset<br />
-r--r--r-- 1 root root 4096 Feb 28 22:19 size_mb<br />
-r--r--r-- 1 root root 4096 Feb 28 22:19 ue_count<br />
-r--r--r-- 1 root root 4096 Feb 28 22:19 ue_noinfo_count<br />
-rw-r--r-- 1 root root 4096 Feb 28 22:19 uevent<br />
root@alphasuperdaq:~# <br />
root@alphasuperdaq:~# ras-mc-ctl --layout<br />
Use of uninitialized value $max_pos[3] in modulus (%) at /usr/sbin/ras-mc-ctl line 868.<br />
Use of uninitialized value $d in numeric ge (>=) at /usr/sbin/ras-mc-ctl line 869.<br />
Use of uninitialized value $d in sprintf at /usr/sbin/ras-mc-ctl line 872.<br />
Use of uninitialized value $pos[3] in join or string at /usr/sbin/ras-mc-ctl line 791.<br />
Use of uninitialized value $pos[3] in join or string at /usr/sbin/ras-mc-ctl line 791.<br />
Use of uninitialized value $pos[3] in join or string at /usr/sbin/ras-mc-ctl line 791.<br />
Use of uninitialized value $pos[3] in join or string at /usr/sbin/ras-mc-ctl line 791.<br />
Use of uninitialized value $pos[3] in join or string at /usr/sbin/ras-mc-ctl line 791.<br />
Use of uninitialized value $pos[3] in join or string at /usr/sbin/ras-mc-ctl line 791.<br />
Use of uninitialized value $pos[3] in join or string at /usr/sbin/ras-mc-ctl line 791.<br />
Use of uninitialized value $pos[3] in join or string at /usr/sbin/ras-mc-ctl line 791.<br />
Use of uninitialized value $pos[3] in join or string at /usr/sbin/ras-mc-ctl line 791.<br />
Use of uninitialized value $pos[3] in join or string at /usr/sbin/ras-mc-ctl line 791.<br />
Use of uninitialized value $pos[3] in join or string at /usr/sbin/ras-mc-ctl line 791.<br />
Use of uninitialized value $pos[3] in join or string at /usr/sbin/ras-mc-ctl line 791.<br />
Use of uninitialized value $pos[3] in join or string at /usr/sbin/ras-mc-ctl line 791.<br />
Use of uninitialized value $pos[3] in join or string at /usr/sbin/ras-mc-ctl line 791.<br />
Use of uninitialized value $pos[3] in join or string at /usr/sbin/ras-mc-ctl line 791.<br />
Use of uninitialized value $pos[3] in join or string at /usr/sbin/ras-mc-ctl line 791.<br />
+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+<br />
| mc0 |<br />
| csrow0 | csrow1 |<br />
| channel0 | channel1 | channel2 | channel3 | channel4 | channel5 | channel6 | channel7 | channel0 | channel1 | channel2 | channel3 | channel4 | channel5 | channel6 | channel7 |<br />
----+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+<br />
<br />
0: | 0 MB | 0 MB | 0 MB | 0 MB | 0 MB | 0 MB | 0 MB | 0 MB | 0 MB | 0 MB | 0 MB | 0 MB | 0 MB | 0 MB | 0 MB | 0 MB |<br />
----+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+<br />
root@alphasuperdaq:~# ras-mc-ctl --error-count<br />
Label CE UE<br />
mc#0csrow#0channel#2 0 0<br />
mc#0csrow#1channel#7 0 0<br />
mc#0csrow#0channel#3 0 0<br />
mc#0csrow#1channel#4 0 0<br />
mc#0csrow#1channel#2 0 0<br />
mc#0csrow#0channel#7 0 0<br />
mc#0csrow#1channel#3 0 0<br />
mc#0csrow#0channel#4 0 0<br />
mc#0csrow#1channel#1 0 0<br />
mc#0csrow#1channel#0 0 0<br />
mc#0csrow#1channel#5 0 0<br />
mc#0csrow#0channel#6 0 0<br />
mc#0csrow#0channel#1 0 0<br />
mc#0csrow#0channel#5 0 0<br />
mc#0csrow#0channel#0 0 0<br />
mc#0csrow#1channel#6 0 0<br />
root@alphasuperdaq:~# ras-mc-ctl --mainboard<br />
ras-mc-ctl: mainboard: ASUSTeK COMPUTER INC. model Pro WS WRX80E-SAGE SE WIFI<br />
root@alphasuperdaq:~# ras-mc-ctl --summary<br />
No Memory errors.<br />
<br />
No PCIe AER errors.<br />
<br />
No Extlog errors.<br />
<br />
DBD::SQLite::db prepare failed: no such table: devlink_event at /usr/sbin/ras-mc-ctl line 1181.<br />
Can't call method "execute" on an undefined value at /usr/sbin/ras-mc-ctl line 1182.<br />
root@alphasuperdaq:~#<br />
</pre><br />
<br />
=== AMD 7700X ===<br />
<br />
<pre><br />
root@dsfe05:~# apt install edac-utils<br />
root@dsfe05:~# edac-ctl --mainboard<br />
edac-ctl: mainboard: Supermicro H13SAE-MF<br />
root@dsfe05:~# edac-ctl --status<br />
edac-ctl: drivers are loaded.<br />
root@dsfe05:~# edac-util<br />
edac-util: No errors to report.<br />
root@dsfe05:~# edac-util -s<br />
edac-util: EDAC drivers are loaded. 1 MC detected<br />
root@dsfe05:~# ls -l /sys/devices/system/edac/mc/mc0<br />
total 0<br />
-r--r--r-- 1 root root 4096 May 14 09:33 ce_count<br />
-r--r--r-- 1 root root 4096 May 14 09:33 ce_noinfo_count<br />
-r--r--r-- 1 root root 4096 May 14 09:33 max_location<br />
-r--r--r-- 1 root root 4096 May 14 09:33 mc_name<br />
drwxr-xr-x 2 root root 0 May 14 09:33 power<br />
drwxr-xr-x 3 root root 0 May 14 09:33 rank4<br />
drwxr-xr-x 3 root root 0 May 14 09:33 rank5<br />
--w------- 1 root root 4096 May 14 09:33 reset_counters<br />
-r--r--r-- 1 root root 4096 May 14 09:33 seconds_since_reset<br />
-r--r--r-- 1 root root 4096 May 14 09:33 size_mb<br />
-r--r--r-- 1 root root 4096 May 14 09:33 ue_count<br />
-r--r--r-- 1 root root 4096 May 14 09:33 ue_noinfo_count<br />
-rw-r--r-- 1 root root 4096 May 14 09:33 uevent<br />
root@dsfe05:~# <br />
</pre><br />
<br />
== Configure rasdaemon ==<br />
<br />
<pre><br />
apt install rasdaemon<br />
</pre><br />
<pre><br />
systemctl enable rasdaemon<br />
systemctl restart rasdaemon<br />
systemctl status rasdaemon<br />
</pre><br />
<br />
<pre><br />
● rasdaemon.service - RAS daemon to log the RAS events<br />
Loaded: loaded (/lib/systemd/system/rasdaemon.service; enabled; vendor preset: enabled)<br />
Active: active (running) since Mon 2021-01-25 15:16:37 PST; 3min 5s ago<br />
Main PID: 2477175 (rasdaemon)<br />
Tasks: 1 (limit: 76958)<br />
Memory: 17.1M<br />
CGroup: /system.slice/rasdaemon.service<br />
└─2477175 /usr/sbin/rasdaemon -f -r<br />
<br />
Jan 25 15:16:37 daq00.triumf.ca rasdaemon[2477175]: rasdaemon: ras:extlog_mem_event event enabled<br />
Jan 25 15:16:37 daq00.triumf.ca rasdaemon[2477175]: rasdaemon: Enabled event ras:extlog_mem_event<br />
Jan 25 15:16:37 daq00.triumf.ca rasdaemon[2477175]: ras:extlog_mem_event event enabled<br />
Jan 25 15:16:37 daq00.triumf.ca rasdaemon[2477175]: rasdaemon: Listening to events for cpus 0 to 11<br />
Jan 25 15:16:37 daq00.triumf.ca rasdaemon[2477175]: Enabled event ras:extlog_mem_event<br />
Jan 25 15:16:37 daq00.triumf.ca rasdaemon[2477175]: rasdaemon: Recording mc_event events<br />
Jan 25 15:16:37 daq00.triumf.ca rasdaemon[2477175]: rasdaemon: Recording aer_event events<br />
Jan 25 15:16:37 daq00.triumf.ca rasdaemon[2477175]: rasdaemon: Recording extlog_event events<br />
Jan 25 15:16:37 daq00.triumf.ca rasdaemon[2477175]: rasdaemon: Recording mce_record events<br />
Jan 25 15:16:37 daq00.triumf.ca rasdaemon[2477175]: rasdaemon: Recording arm_event events<br />
</pre><br />
<br />
== Get reports ==<br />
<br />
* Intel 2x32GB ECC DIMMs<br />
<pre><br />
root@daq00:~# ras-mc-ctl --layout<br />
+-------------------------+<br />
| mc0 |<br />
| csrow0 | csrow1 |<br />
----------+-------------------------+<br />
channel1: | 16384 MB | 16384 MB |<br />
channel0: | 16384 MB | 16384 MB |<br />
----------+-------------------------+<br />
root@daq00:~# ras-mc-ctl --error-count<br />
Label CE UE<br />
mc#0csrow#1channel#1 0 0<br />
mc#0csrow#1channel#0 0 0<br />
mc#0csrow#0channel#0 0 0<br />
mc#0csrow#0channel#1 0 0<br />
root@daq00:~# <br />
</pre><br />
<br />
* Intel 4x16GB ECC DIMMs<br />
<pre><br />
root@daq00:~# ras-mc-ctl --error-count<br />
Label CE UE<br />
mc#0csrow#0channel#1 0 0<br />
mc#0csrow#2channel#0 0 0<br />
mc#0csrow#0channel#0 0 0<br />
mc#0csrow#2channel#1 0 0<br />
mc#0csrow#1channel#0 0 0<br />
mc#0csrow#1channel#1 0 0<br />
mc#0csrow#3channel#0 0 0<br />
mc#0csrow#3channel#1 0 0<br />
root@daq00:~# <br />
root@daq00:~# ras-mc-ctl --layout<br />
+-----------------------+<br />
| mc0 |<br />
| csrow0 | csrow1 |<br />
----------+-----------------------+<br />
channel1: | 8192 MB | 8192 MB |<br />
channel0: | 8192 MB | 8192 MB |<br />
----------+-----------------------+<br />
root@daq00:~# <br />
root@daq00:~# <br />
root@daq00:~# <br />
root@daq00:~# ras-mc-ctl --print-labels<br />
ras-mc-ctl: Error: No dimm labels for Supermicro model X11SCM-F<br />
root@daq00:~# ras-mc-ctl --mainboard<br />
ras-mc-ctl: mainboard: Supermicro model X11SCM-F<br />
root@daq00:~# ras-mc-ctl --summary<br />
No Memory errors.<br />
<br />
No PCIe AER errors.<br />
<br />
No Extlog errors.<br />
<br />
DBD::SQLite::db prepare failed: no such table: devlink_event at /usr/sbin/ras-mc-ctl line 1181.<br />
Can't call method "execute" on an undefined value at /usr/sbin/ras-mc-ctl line 1182.<br />
root@daq00:~# <br />
</pre><br />
<br />
note: ubuntu LTS 22.04 DBD::SQLite::db error is not there.<br />
<br />
* AMD 7700 2x32GB DDR5 ECC DIMMs<br />
<br />
<pre><br />
root@dsfe05:~# systemctl status rasdaemon<br />
● rasdaemon.service - RAS daemon to log the RAS events<br />
Loaded: loaded (/lib/systemd/system/rasdaemon.service; enabled; vendor preset: enabled)<br />
Active: active (running) since Tue 2024-05-14 09:36:43 PDT; 33ms ago<br />
Process: 4088418 ExecStartPost=/usr/sbin/rasdaemon --enable (code=exited, status=0/SUCCESS)<br />
Main PID: 4088417 (rasdaemon)<br />
Tasks: 1 (limit: 37300)<br />
Memory: 788.0K<br />
CPU: 5ms<br />
CGroup: /system.slice/rasdaemon.service<br />
└─4088417 /usr/sbin/rasdaemon -f -r<br />
<br />
May 14 09:36:43 dsfe05 rasdaemon[4088417]: ras:aer_event event enabled<br />
May 14 09:36:43 dsfe05 rasdaemon[4088417]: Enabled event ras:aer_event<br />
May 14 09:36:43 dsfe05 rasdaemon[4088417]: mce:mce_record event enabled<br />
May 14 09:36:43 dsfe05 rasdaemon[4088417]: Enabled event mce:mce_record<br />
May 14 09:36:43 dsfe05 rasdaemon[4088417]: ras:extlog_mem_event event enabled<br />
May 14 09:36:43 dsfe05 rasdaemon[4088417]: Enabled event ras:extlog_mem_event<br />
May 14 09:36:43 dsfe05 rasdaemon[4088417]: rasdaemon: Recording mc_event events<br />
May 14 09:36:43 dsfe05 rasdaemon[4088417]: rasdaemon: Recording aer_event events<br />
May 14 09:36:43 dsfe05 rasdaemon[4088417]: rasdaemon: Recording extlog_event events<br />
May 14 09:36:43 dsfe05 rasdaemon[4088417]: rasdaemon: Recording mce_record events<br />
root@dsfe05:~# ras-mc-ctl --layout<br />
Use of uninitialized value $max_pos[3] in modulus (%) at /usr/sbin/ras-mc-ctl line 907.<br />
Use of uninitialized value $d in numeric ge (>=) at /usr/sbin/ras-mc-ctl line 908.<br />
Use of uninitialized value $d in sprintf at /usr/sbin/ras-mc-ctl line 911.<br />
Use of uninitialized value $pos[3] in join or string at /usr/sbin/ras-mc-ctl line 830.<br />
Use of uninitialized value $pos[3] in join or string at /usr/sbin/ras-mc-ctl line 830.<br />
Use of uninitialized value $pos[3] in join or string at /usr/sbin/ras-mc-ctl line 830.<br />
Use of uninitialized value $pos[3] in join or string at /usr/sbin/ras-mc-ctl line 830.<br />
Use of uninitialized value $pos[3] in join or string at /usr/sbin/ras-mc-ctl line 830.<br />
Use of uninitialized value $pos[3] in join or string at /usr/sbin/ras-mc-ctl line 830.<br />
Use of uninitialized value $pos[3] in join or string at /usr/sbin/ras-mc-ctl line 830.<br />
Use of uninitialized value $pos[3] in join or string at /usr/sbin/ras-mc-ctl line 830.<br />
+-----------------------------------------------------------------------------------------------+<br />
| mc0 |<br />
| csrow0 | csrow1 | csrow2 | csrow3 |<br />
| channel0 | channel1 | channel0 | channel1 | channel0 | channel1 | channel0 | channel1 |<br />
----+-----------------------------------------------------------------------------------------------+<br />
<br />
0: | 0 MB | 0 MB | 0 MB | 0 MB | 0 MB | 0 MB | 0 MB | 0 MB |<br />
----+-----------------------------------------------------------------------------------------------+<br />
root@dsfe05:~# ras-mc-ctl --error-count<br />
Label CE UE<br />
mc#0csrow#2channel#1 0 0<br />
mc#0csrow#2channel#0 0 0<br />
root@dsfe05:~# ras-mc-ctl --print-labels<br />
ras-mc-ctl: Error: No dimm labels for Supermicro model H13SAE-MF<br />
root@dsfe05:~# ras-mc-ctl --mainboard<br />
ras-mc-ctl: mainboard: Supermicro model H13SAE-MF<br />
root@dsfe05:~# ras-mc-ctl --summary<br />
No Memory errors.<br />
<br />
No PCIe AER errors.<br />
<br />
No Extlog errors.<br />
<br />
No MCE errors.<br />
root@dsfe05:~# <br />
</pre><br />
<br />
= sensors =<br />
<br />
== VME CPU V7865 ==<br />
<br />
add to /etc/rc.local<br />
<br />
<pre><br />
modprobe coretemp<br />
modprobe lm75<br />
modprobe lm90<br />
modprobe max1668<br />
</pre><br />
<br />
available sensors:<br />
<br />
<pre><br />
root@lxdaq23:~# sensors<br />
max6657-i2c-0-4c<br />
Adapter: SMBus I801 adapter at 0400<br />
temp1: +29.1°C (low = -55.0°C, high = +105.0°C)<br />
(crit = +105.0°C, hyst = +95.0°C)<br />
temp2: +31.5°C (low = -55.0°C, high = +105.0°C)<br />
(crit = +105.0°C, hyst = +95.0°C)<br />
<br />
coretemp-isa-0000<br />
Adapter: ISA adapter<br />
Core 0: +25.0°C (crit = +100.0°C)<br />
Core 1: +25.0°C (crit = +100.0°C)<br />
<br />
max1805-i2c-0-18<br />
Adapter: SMBus I801 adapter at 0400<br />
temp1: +35.0°C (low = -55.0°C, high = +127.0°C)<br />
temp2: +63.0°C (low = -55.0°C, high = +127.0°C)<br />
temp3: FAULT (low = -55.0°C, high = +127.0°C) ALARM (HIGH)<br />
<br />
lm75-i2c-0-48<br />
Adapter: SMBus I801 adapter at 0400<br />
temp1: +34.5°C (high = +80.0°C, hyst = +75.0°C)<br />
<br />
root@lxdaq23:~# <br />
</pre><br />
<br />
== ASUS P7P55D EVO ==<br />
<br />
* BIOS version 2101<br />
<br />
<pre><br />
root@iris01:~# sensors<br />
coretemp-isa-0000<br />
Adapter: ISA adapter<br />
Core 0: +34.0°C (high = +83.0°C, crit = +99.0°C)<br />
Core 1: +37.0°C (high = +83.0°C, crit = +99.0°C)<br />
Core 2: +38.0°C (high = +83.0°C, crit = +99.0°C)<br />
Core 3: +35.0°C (high = +83.0°C, crit = +99.0°C)<br />
<br />
nouveau-pci-0100<br />
Adapter: PCI adapter<br />
GPU core: 900.00 mV (min = +0.85 V, max = +1.05 V)<br />
temp1: +46.0°C (high = +95.0°C, hyst = +3.0°C)<br />
(crit = +105.0°C, hyst = +5.0°C)<br />
(emerg = +135.0°C, hyst = +5.0°C)<br />
<br />
atk0110-acpi-0<br />
Adapter: ACPI interface<br />
Vcore Voltage: 864.00 mV (min = +0.80 V, max = +1.60 V)<br />
+3.3V Voltage: 3.38 V (min = +2.97 V, max = +3.63 V)<br />
+5V Voltage: 5.04 V (min = +4.50 V, max = +5.50 V)<br />
+12V Voltage: 12.15 V (min = +10.20 V, max = +13.80 V)<br />
CPU Fan Speed: 968 RPM (min = 600 RPM, max = 7200 RPM)<br />
Chassis1 Fan Speed: 1288 RPM (min = 600 RPM, max = 7200 RPM)<br />
Chassis2 Fan Speed: 1316 RPM (min = 600 RPM, max = 7200 RPM)<br />
Power Fan Speed: 0 RPM (min = 0 RPM, max = 7200 RPM)<br />
CPU Temperature: +34.0°C (high = +45.0°C, crit = +45.5°C)<br />
MB Temperature: +30.0°C (high = +45.0°C, crit = +46.0°C)<br />
<br />
root@iris01:~# <br />
</pre><br />
<br />
== ASUS Z97-WS ==<br />
<br />
* BIOS version 2704<br />
* load sensors drivers<br />
<pre><br />
echo modprobe coretemp >> /etc/rc.local<br />
echo modprobe nct6775 >> /etc/rc.local<br />
</pre><br />
* in /boot/grub/grub.cfg, add: GRUB_CMDLINE_LINUX_DEFAULT="acpi_enforce_resources=no"<br />
* update grub and reboot: grub-mkconfig -o /boot/grub/grub.cfg<br />
<br />
<pre><br />
root@isdaq08:~# sensors<br />
acpitz-acpi-0<br />
Adapter: ACPI interface<br />
temp1: +27.8°C <br />
temp2: +29.8°C <br />
<br />
nct6791-isa-0290<br />
Adapter: ISA adapter<br />
Vcore: 888.00 mV (min = +0.00 V, max = +1.74 V)<br />
in1: 1.01 V (min = +0.00 V, max = +0.00 V) ALARM<br />
AVCC: 3.36 V (min = +0.00 V, max = +0.00 V) ALARM<br />
+3.3V: 3.36 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in4: 1.02 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in5: 1.99 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in6: 0.00 V (min = +0.00 V, max = +0.00 V)<br />
3VSB: 3.44 V (min = +0.00 V, max = +0.00 V) ALARM<br />
Vbat: 3.33 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in9: 1.01 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in10: 0.00 V (min = +0.00 V, max = +0.00 V)<br />
in11: 840.00 mV (min = +0.00 V, max = +0.00 V) ALARM<br />
in12: 0.00 V (min = +0.00 V, max = +0.00 V)<br />
in13: 0.00 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in14: 0.00 V (min = +0.00 V, max = +0.00 V) ALARM<br />
fan1: 1041 RPM (min = 0 RPM)<br />
fan2: 1040 RPM (min = 0 RPM)<br />
fan3: 0 RPM (min = 0 RPM)<br />
fan4: 0 RPM (min = 0 RPM)<br />
fan5: 0 RPM (min = 0 RPM)<br />
fan6: 0 RPM (min = 0 RPM)<br />
SYSTIN: +34.0°C (high = +0.0°C, hyst = +0.0°C) ALARM sensor = thermistor<br />
CPUTIN: +41.0°C (high = +80.0°C, hyst = +75.0°C) sensor = thermistor<br />
AUXTIN0: -128.0°C sensor = thermistor<br />
AUXTIN1: -128.0°C sensor = thermistor<br />
AUXTIN2: +35.0°C sensor = thermistor<br />
AUXTIN3: +127.0°C sensor = thermistor<br />
PECI Agent 0: +41.0°C <br />
PCH_CHIP_CPU_MAX_TEMP: +0.0°C <br />
PCH_CHIP_TEMP: +0.0°C <br />
PCH_CPU_TEMP: +0.0°C <br />
PCH_MCH_TEMP: +0.0°C <br />
PCH_DIM0_TEMP: +0.0°C <br />
intrusion0: ALARM<br />
intrusion1: ALARM<br />
beep_enable: disabled<br />
<br />
coretemp-isa-0000<br />
Adapter: ISA adapter<br />
Package id 0: +42.0°C (high = +80.0°C, crit = +100.0°C)<br />
Core 0: +42.0°C (high = +80.0°C, crit = +100.0°C)<br />
Core 1: +40.0°C (high = +80.0°C, crit = +100.0°C)<br />
Core 2: +39.0°C (high = +80.0°C, crit = +100.0°C)<br />
Core 3: +39.0°C (high = +80.0°C, crit = +100.0°C)<br />
<br />
root@isdaq08:~# <br />
</pre><br />
<br />
== ASUS Z170-DELUXE ==<br />
<br />
* BIOS version 3801<br />
* load sensors drivers<br />
<pre><br />
echo modprobe coretemp >> /etc/rc.local<br />
echo modprobe jc42 >> /etc/rc.local<br />
echo modprobe lm92 >> /etc/rc.local<br />
echo modprobe nct6775 >> /etc/rc.local<br />
</pre><br />
* in /boot/grub/grub.cfg, add: GRUB_CMDLINE_LINUX_DEFAULT="acpi_enforce_resources=no"<br />
* update grub and reboot: grub-mkconfig -o /boot/grub/grub.cfg<br />
<br />
<pre><br />
root@iris00:~# sensors<br />
nct6793-isa-0290<br />
Adapter: ISA adapter<br />
in0: 600.00 mV (min = +0.00 V, max = +1.74 V)<br />
in1: 1.02 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in2: 3.39 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in3: 3.38 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in4: 1.03 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in5: 144.00 mV (min = +0.00 V, max = +0.00 V) ALARM<br />
in6: 0.00 V (min = +0.00 V, max = +0.00 V)<br />
in7: 3.38 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in8: 3.14 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in9: 1000.00 mV (min = +0.00 V, max = +0.00 V) ALARM<br />
in10: 600.00 mV (min = +0.00 V, max = +0.00 V) ALARM<br />
in11: 1.06 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in12: 1.02 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in13: 592.00 mV (min = +0.00 V, max = +0.00 V) ALARM<br />
in14: 968.00 mV (min = +0.00 V, max = +0.00 V) ALARM<br />
fan1: 1370 RPM (min = 0 RPM)<br />
fan2: 1437 RPM (min = 0 RPM)<br />
fan3: 0 RPM (min = 0 RPM)<br />
fan4: 0 RPM (min = 0 RPM)<br />
fan5: 0 RPM (min = 0 RPM)<br />
fan6: 0 RPM (min = 0 RPM)<br />
SYSTIN: +32.0°C (high = +98.0°C, hyst = +95.0°C) sensor = thermistor<br />
CPUTIN: +42.0°C (high = +80.0°C, hyst = +75.0°C) sensor = thermistor<br />
AUXTIN0: -128.0°C sensor = thermistor<br />
AUXTIN1: +50.0°C sensor = thermistor<br />
AUXTIN2: +22.0°C sensor = thermistor<br />
AUXTIN3: +28.0°C sensor = thermistor<br />
PECI Agent 0: +50.0°C (high = +98.0°C, hyst = +95.0°C)<br />
(crit = +100.0°C)<br />
PECI Agent 0 Calibration: +42.5°C <br />
PCH_CHIP_CPU_MAX_TEMP: +0.0°C <br />
PCH_CHIP_TEMP: +0.0°C <br />
PCH_CPU_TEMP: +0.0°C <br />
PCH_MCH_TEMP: +0.0°C <br />
TSI2_TEMP: +3892314.0°C <br />
TSI3_TEMP: +3892314.0°C <br />
TSI4_TEMP: +3892314.0°C <br />
TSI5_TEMP: +3892314.0°C <br />
TSI6_TEMP: +3892314.0°C <br />
TSI7_TEMP: +3892314.0°C <br />
intrusion0: ALARM<br />
intrusion1: ALARM<br />
beep_enable: disabled<br />
<br />
jc42-i2c-0-1a<br />
Adapter: SMBus I801 adapter at f040<br />
temp1: +36.0°C (low = +0.0°C) ALARM (HIGH, CRIT)<br />
(high = +0.0°C, hyst = +0.0°C)<br />
(crit = +0.0°C, hyst = +0.0°C)<br />
<br />
jc42-i2c-0-18<br />
Adapter: SMBus I801 adapter at f040<br />
temp1: +34.8°C (low = +0.0°C) ALARM (HIGH, CRIT)<br />
(high = +0.0°C, hyst = +0.0°C)<br />
(crit = +0.0°C, hyst = +0.0°C)<br />
<br />
jc42-i2c-0-1b<br />
Adapter: SMBus I801 adapter at f040<br />
temp1: +35.0°C (low = +0.0°C) ALARM (HIGH, CRIT)<br />
(high = +0.0°C, hyst = +0.0°C)<br />
(crit = +0.0°C, hyst = +0.0°C)<br />
<br />
jc42-i2c-0-19<br />
Adapter: SMBus I801 adapter at f040<br />
temp1: +36.0°C (low = +0.0°C) ALARM (HIGH, CRIT)<br />
(high = +0.0°C, hyst = +0.0°C)<br />
(crit = +0.0°C, hyst = +0.0°C)<br />
<br />
coretemp-isa-0000<br />
Adapter: ISA adapter<br />
Package id 0: +52.0°C (high = +84.0°C, crit = +100.0°C)<br />
Core 0: +52.0°C (high = +84.0°C, crit = +100.0°C)<br />
Core 1: +51.0°C (high = +84.0°C, crit = +100.0°C)<br />
Core 2: +48.0°C (high = +84.0°C, crit = +100.0°C)<br />
Core 3: +47.0°C (high = +84.0°C, crit = +100.0°C)<br />
<br />
root@iris00:~# <br />
</pre><br />
<br />
== ASUS Z390M-PRO GAMING (WI-FI) ==<br />
<br />
* BIOS 3006<br />
* load sensors drivers<br />
<pre><br />
echo modprobe coretemp >> /etc/rc.local<br />
echo modprobe nct6775 >> /etc/rc.local<br />
</pre><br />
<br />
<pre><br />
root@daq18:~# sensors<br />
nct6798-isa-0290<br />
Adapter: ISA adapter<br />
in0: 696.00 mV (min = +0.00 V, max = +1.74 V)<br />
in1: 1.02 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in2: 3.42 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in3: 3.41 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in4: 1.03 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in5: 208.00 mV (min = +0.00 V, max = +0.00 V)<br />
in6: 1.02 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in7: 3.42 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in8: 3.17 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in9: 1.07 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in10: 1.36 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in11: 1.33 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in12: 1.06 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in13: 1.02 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in14: 1.03 V (min = +0.00 V, max = +0.00 V) ALARM<br />
fan1: 0 RPM (min = 0 RPM)<br />
fan2: 1131 RPM (min = 0 RPM)<br />
fan3: 0 RPM (min = 0 RPM)<br />
fan4: 0 RPM (min = 0 RPM)<br />
fan5: 1006 RPM (min = 0 RPM)<br />
fan6: 0 RPM (min = 0 RPM)<br />
fan7: 0 RPM (min = 0 RPM)<br />
SYSTIN: +32.0°C (high = +80.0°C, hyst = +75.0°C)<br />
(crit = +100.0°C) sensor = thermistor<br />
CPUTIN: +29.0°C (high = +80.0°C, hyst = +75.0°C)<br />
(crit = +100.0°C) sensor = thermistor<br />
AUXTIN0: +25.0°C (high = +80.0°C, hyst = +75.0°C)<br />
(crit = +100.0°C) sensor = thermistor<br />
AUXTIN1: +7.0°C (high = +80.0°C, hyst = +75.0°C)<br />
(crit = +100.0°C) sensor = thermistor<br />
AUXTIN2: +8.0°C (high = +80.0°C, hyst = +75.0°C)<br />
(crit = +100.0°C) sensor = thermistor<br />
AUXTIN3: +24.0°C (high = +80.0°C, hyst = +75.0°C)<br />
(crit = +100.0°C) sensor = thermistor<br />
AUXTIN4: +83.0°C (high = +80.0°C, hyst = +75.0°C) ALARM<br />
(crit = +100.0°C)<br />
PECI Agent 0 Calibration: +29.0°C (high = +80.0°C, hyst = +75.0°C)<br />
PCH_CHIP_CPU_MAX_TEMP: +0.0°C <br />
PCH_CHIP_TEMP: +0.0°C <br />
PCH_CPU_TEMP: +0.0°C <br />
PCH_MCH_TEMP: +0.0°C <br />
intrusion0: ALARM<br />
intrusion1: ALARM<br />
beep_enable: disabled<br />
<br />
coretemp-isa-0000<br />
Adapter: ISA adapter<br />
Package id 0: +39.0°C (high = +82.0°C, crit = +100.0°C)<br />
Core 0: +39.0°C (high = +82.0°C, crit = +100.0°C)<br />
Core 1: +33.0°C (high = +82.0°C, crit = +100.0°C)<br />
Core 2: +32.0°C (high = +82.0°C, crit = +100.0°C)<br />
Core 3: +31.0°C (high = +82.0°C, crit = +100.0°C)<br />
Core 4: +31.0°C (high = +82.0°C, crit = +100.0°C)<br />
Core 5: +30.0°C (high = +82.0°C, crit = +100.0°C)<br />
<br />
acpitz-acpi-0<br />
Adapter: ACPI interface<br />
temp1: +27.8°C <br />
<br />
iwlwifi_1-virtual-0<br />
Adapter: Virtual device<br />
temp1: +28.0°C <br />
<br />
root@daq18:~# <br />
</pre><br />
<br />
== ASUS H110M-A/M.2 ==<br />
<br />
* BIOS version 4202<br />
* echo modprobe coretemp >> /etc/rc.local<br />
* echo modprobe nct6775 >> /etc/rc.local<br />
<br />
<pre><br />
root@midpol:~# sensors<br />
coretemp-isa-0000<br />
Adapter: ISA adapter<br />
Package id 0: +33.0°C (high = +80.0°C, crit = +100.0°C)<br />
Core 0: +33.0°C (high = +80.0°C, crit = +100.0°C)<br />
Core 1: +30.0°C (high = +80.0°C, crit = +100.0°C)<br />
<br />
acpitz-acpi-0<br />
Adapter: ACPI interface<br />
temp1: +27.8°C (crit = +119.0°C)<br />
temp2: +29.8°C (crit = +119.0°C)<br />
<br />
nct6793-isa-0290<br />
Adapter: ISA adapter<br />
in0: 368.00 mV (min = +0.00 V, max = +1.74 V)<br />
in1: 1.02 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in2: 3.39 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in3: 3.36 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in4: 1.02 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in5: 152.00 mV (min = +0.00 V, max = +0.00 V) ALARM<br />
in6: 928.00 mV (min = +0.00 V, max = +0.00 V) ALARM<br />
in7: 3.39 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in8: 3.14 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in9: 1000.00 mV (min = +0.00 V, max = +0.00 V) ALARM<br />
in10: 152.00 mV (min = +0.00 V, max = +0.00 V) ALARM<br />
in11: 128.00 mV (min = +0.00 V, max = +0.00 V) ALARM<br />
in12: 136.00 mV (min = +0.00 V, max = +0.00 V) ALARM<br />
in13: 120.00 mV (min = +0.00 V, max = +0.00 V) ALARM<br />
in14: 136.00 mV (min = +0.00 V, max = +0.00 V) ALARM<br />
fan1: 1004 RPM (min = 0 RPM)<br />
fan2: 1143 RPM (min = 0 RPM)<br />
fan5: 0 RPM (min = 0 RPM)<br />
fan6: 0 RPM (min = 0 RPM)<br />
SYSTIN: +118.0°C (high = +98.0°C, hyst = +95.0°C) sensor = thermistor<br />
CPUTIN: +29.0°C (high = +80.0°C, hyst = +75.0°C) sensor = thermistor<br />
AUXTIN0: +30.0°C sensor = thermistor<br />
AUXTIN1: +112.0°C sensor = thermistor<br />
AUXTIN2: +111.0°C sensor = thermistor<br />
AUXTIN3: +110.0°C sensor = thermistor<br />
PECI Agent 0: +31.0°C (high = +98.0°C, hyst = +95.0°C)<br />
(crit = +100.0°C)<br />
PECI Agent 0 Calibration: +36.5°C <br />
PCH_CHIP_CPU_MAX_TEMP: +0.0°C <br />
PCH_CHIP_TEMP: +0.0°C <br />
TSI2_TEMP: +3892314.0°C <br />
TSI3_TEMP: +3892314.0°C <br />
TSI4_TEMP: +3892314.0°C <br />
TSI5_TEMP: +3892314.0°C <br />
TSI6_TEMP: +3892314.0°C <br />
TSI7_TEMP: +3892314.0°C <br />
intrusion0: ALARM<br />
intrusion1: ALARM<br />
beep_enable: disabled<br />
<br />
root@midpol:~# <br />
</pre><br />
<br />
== ASUS P9X79 WS ==<br />
<br />
* https://www.asus.com/supportonly/P9X79%20WS/HelpDesk_Manual/<br />
* BIOS version 4802<br />
* modprobe nct6775<br />
* modprobe coretemp<br />
<br />
<pre><br />
root@daq14:~# sensors<br />
coretemp-isa-0000<br />
Adapter: ISA adapter<br />
Package id 0: +35.0°C (high = +82.0°C, crit = +100.0°C)<br />
Core 0: +29.0°C (high = +82.0°C, crit = +100.0°C)<br />
Core 1: +24.0°C (high = +82.0°C, crit = +100.0°C)<br />
Core 2: +35.0°C (high = +82.0°C, crit = +100.0°C)<br />
Core 3: +32.0°C (high = +82.0°C, crit = +100.0°C)<br />
<br />
nouveau-pci-0200<br />
Adapter: PCI adapter<br />
GPU core: 900.00 mV (min = +0.85 V, max = +1.00 V)<br />
temp1: +39.0°C (high = +95.0°C, hyst = +3.0°C)<br />
(crit = +105.0°C, hyst = +5.0°C)<br />
(emerg = +135.0°C, hyst = +5.0°C)<br />
<br />
nct6776-isa-0290<br />
Adapter: ISA adapter<br />
Vcore: 1.04 V (min = +0.00 V, max = +1.74 V)<br />
in1: 1.01 V (min = +0.00 V, max = +0.00 V) ALARM<br />
AVCC: 3.33 V (min = +0.00 V, max = +0.00 V) ALARM<br />
+3.3V: 3.33 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in4: 1.01 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in5: 2.04 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in6: 904.00 mV (min = +0.00 V, max = +0.00 V) ALARM<br />
3VSB: 3.41 V (min = +0.00 V, max = +0.00 V) ALARM<br />
Vbat: 3.30 V (min = +0.00 V, max = +0.00 V) ALARM<br />
fan1: 1265 RPM (min = 0 RPM)<br />
fan2: 1909 RPM (min = 0 RPM)<br />
fan3: 0 RPM (min = 0 RPM)<br />
fan4: 0 RPM (min = 0 RPM)<br />
fan5: 0 RPM (min = 0 RPM)<br />
SYSTIN: +34.0°C (high = +0.0°C, hyst = +0.0°C) ALARM sensor = thermistor<br />
CPUTIN: +58.0°C (high = +80.0°C, hyst = +75.0°C) sensor = thermal diode<br />
AUXTIN: +31.5°C (high = +80.0°C, hyst = +75.0°C) sensor = thermistor<br />
PECI Agent 0: +31.0°C (high = +80.0°C, hyst = +75.0°C)<br />
(crit = +96.0°C)<br />
PCH_CHIP_TEMP: +0.0°C <br />
PCH_CPU_TEMP: +0.0°C <br />
PCH_MCH_TEMP: +0.0°C <br />
intrusion0: ALARM<br />
intrusion1: ALARM<br />
beep_enable: disabled<br />
<br />
root@daq14:~# <br />
</pre><br />
<br />
== ASUS TUF GAMING B550M-PLUS WIFI II ==<br />
<br />
* BIOS 2803, 2806<br />
* echo modprobe nct6775 >> /etc/rc.local<br />
<br />
<pre><br />
root@midm9a:~# sensors<br />
nct6798-isa-0290<br />
Adapter: ISA adapter<br />
in0: 488.00 mV (min = +0.00 V, max = +1.74 V)<br />
in1: 1.02 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in2: 3.41 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in3: 3.38 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in4: 1.01 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in5: 1.01 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in6: 208.00 mV (min = +0.00 V, max = +0.00 V) ALARM<br />
in7: 3.41 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in8: 3.33 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in9: 1.82 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in10: 1.01 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in11: 1.01 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in12: 1.03 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in13: 1.01 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in14: 1.02 V (min = +0.00 V, max = +0.00 V) ALARM<br />
fan1: 0 RPM (min = 0 RPM)<br />
fan2: 760 RPM (min = 0 RPM)<br />
fan3: 0 RPM (min = 0 RPM)<br />
fan7: 1264 RPM (min = 0 RPM)<br />
SYSTIN: +25.0°C (high = +80.0°C, hyst = +75.0°C) sensor = thermistor<br />
CPUTIN: +22.5°C (high = +80.0°C, hyst = +75.0°C) sensor = thermistor<br />
AUXTIN0: +95.0°C sensor = thermistor<br />
AUXTIN1: +25.0°C sensor = thermistor<br />
AUXTIN2: +25.0°C sensor = thermistor<br />
AUXTIN3: +25.0°C sensor = thermistor<br />
PECI Agent 0 Calibration: +23.5°C <br />
PCH_CHIP_CPU_MAX_TEMP: +0.0°C <br />
PCH_CHIP_TEMP: +0.0°C <br />
PCH_CPU_TEMP: +0.0°C <br />
TSI0_TEMP: +32.4°C <br />
intrusion0: ALARM<br />
intrusion1: ALARM<br />
beep_enable: disabled<br />
<br />
amdgpu-pci-0800<br />
Adapter: PCI adapter<br />
vddgfx: 1.45 V <br />
vddnb: 993.00 mV <br />
edge: +28.0°C <br />
PPT: 20.00 W <br />
<br />
k10temp-pci-00c3<br />
Adapter: PCI adapter<br />
Tctl: +33.4°C <br />
<br />
root@midm9a:~# <br />
</pre><br />
<br />
== ASUS ASUS ROG STRIX B550-XE GAMING WIFI ==<br />
<br />
* BIOS 2423, 2604<br />
* echo modprobe nct6775 >> /etc/rc.local<br />
<br />
<pre><br />
root@daq13:~# sensors<br />
nct6798-isa-0290<br />
Adapter: ISA adapter<br />
in0: 344.00 mV (min = +0.00 V, max = +1.74 V)<br />
in1: 992.00 mV (min = +0.00 V, max = +0.00 V) ALARM<br />
in2: 3.41 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in3: 3.39 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in4: 1.02 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in5: 960.00 mV (min = +0.00 V, max = +0.00 V) ALARM<br />
in6: 216.00 mV (min = +0.00 V, max = +0.00 V) ALARM<br />
in7: 3.41 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in8: 3.30 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in9: 1.81 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in10: 960.00 mV (min = +0.00 V, max = +0.00 V) ALARM<br />
in11: 960.00 mV (min = +0.00 V, max = +0.00 V) ALARM<br />
in12: 1.03 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in13: 280.00 mV (min = +0.00 V, max = +0.00 V) ALARM<br />
in14: 208.00 mV (min = +0.00 V, max = +0.00 V) ALARM<br />
fan1: 845 RPM (min = 0 RPM)<br />
fan2: 998 RPM (min = 0 RPM)<br />
fan3: 0 RPM (min = 0 RPM)<br />
fan4: 0 RPM (min = 0 RPM)<br />
fan5: 0 RPM (min = 0 RPM)<br />
SYSTIN: +28.0°C (high = +80.0°C, hyst = +75.0°C) sensor = thermistor<br />
CPUTIN: +27.5°C (high = +80.0°C, hyst = +75.0°C) sensor = thermistor<br />
AUXTIN0: +94.0°C sensor = thermistor<br />
AUXTIN1: +28.0°C sensor = thermistor<br />
AUXTIN2: +28.0°C sensor = thermistor<br />
AUXTIN3: +97.0°C sensor = thermistor<br />
PECI Agent 0 Calibration: +27.5°C <br />
PCH_CHIP_CPU_MAX_TEMP: +0.0°C <br />
PCH_CHIP_TEMP: +0.0°C <br />
PCH_CPU_TEMP: +0.0°C <br />
TSI0_TEMP: +33.6°C <br />
intrusion0: ALARM<br />
intrusion1: ALARM<br />
beep_enable: disabled<br />
<br />
amdgpu-pci-0600<br />
Adapter: PCI adapter<br />
vddgfx: 1.45 V <br />
vddnb: 999.00 mV <br />
edge: +29.0°C <br />
PPT: 14.00 W <br />
<br />
iwlwifi_1-virtual-0<br />
Adapter: Virtual device<br />
temp1: +30.0°C <br />
<br />
k10temp-pci-00c3<br />
Adapter: PCI adapter<br />
Tctl: +33.9°C <br />
<br />
root@daq13:~# <br />
</pre><br />
<br />
== ASUS ASUS ROG STRIX B550-E GAMING ==<br />
<br />
* bios 2803<br />
* echo modprobe jc42 >> /etc/rc.local<br />
* echo modprobe nct6775 >> /etc/rc.local<br />
<br />
<pre><br />
root@daq17:~# sensors<br />
jc42-i2c-1-1b<br />
Adapter: SMBus PIIX4 adapter port 0 at 0b00<br />
temp1: +25.0°C (low = +0.0°C) ALARM (HIGH, CRIT)<br />
(high = +0.0°C, hyst = +0.0°C)<br />
(crit = +0.0°C, hyst = +0.0°C)<br />
<br />
iwlwifi_1-virtual-0<br />
Adapter: Virtual device<br />
temp1: +28.0°C <br />
<br />
nouveau-pci-0800<br />
Adapter: PCI adapter<br />
GPU core: 900.00 mV (min = +0.85 V, max = +1.00 V)<br />
temp1: +34.0°C (high = +95.0°C, hyst = +3.0°C)<br />
(crit = +105.0°C, hyst = +5.0°C)<br />
(emerg = +135.0°C, hyst = +5.0°C)<br />
<br />
nct6798-isa-0290<br />
Adapter: ISA adapter<br />
in0: 288.00 mV (min = +0.00 V, max = +1.74 V)<br />
in1: 1.02 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in2: 3.36 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in3: 3.38 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in4: 1.02 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in5: 1.06 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in6: 224.00 mV (min = +0.00 V, max = +0.00 V) ALARM<br />
in7: 3.36 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in8: 3.31 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in9: 1.79 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in10: 1.06 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in11: 1.06 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in12: 1.02 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in13: 280.00 mV (min = +0.00 V, max = +0.00 V) ALARM<br />
in14: 208.00 mV (min = +0.00 V, max = +0.00 V) ALARM<br />
fan1: 843 RPM (min = 0 RPM)<br />
fan2: 629 RPM (min = 0 RPM)<br />
fan3: 746 RPM (min = 0 RPM)<br />
fan4: 0 RPM (min = 0 RPM)<br />
fan5: 0 RPM (min = 0 RPM)<br />
SYSTIN: +22.0°C (high = +80.0°C, hyst = +75.0°C) sensor = thermistor<br />
CPUTIN: +25.0°C (high = +80.0°C, hyst = +75.0°C) sensor = thermistor<br />
AUXTIN0: +93.0°C sensor = thermistor<br />
AUXTIN1: +22.0°C sensor = thermistor<br />
AUXTIN2: +22.0°C sensor = thermistor<br />
AUXTIN3: +96.0°C sensor = thermistor<br />
PECI Agent 0 Calibration: +25.5°C <br />
PCH_CHIP_CPU_MAX_TEMP: +0.0°C <br />
PCH_CHIP_TEMP: +0.0°C <br />
PCH_CPU_TEMP: +0.0°C <br />
TSI0_TEMP: +27.6°C <br />
intrusion0: ALARM<br />
intrusion1: ALARM<br />
beep_enable: disabled<br />
<br />
jc42-i2c-1-1a<br />
Adapter: SMBus PIIX4 adapter port 0 at 0b00<br />
temp1: +23.2°C (low = +0.0°C) ALARM (HIGH, CRIT)<br />
(high = +0.0°C, hyst = +0.0°C)<br />
(crit = +0.0°C, hyst = +0.0°C)<br />
<br />
asusec-isa-0000<br />
Adapter: ISA adapter<br />
CPU_Opt: 0 RPM<br />
Chipset: +34.0°C <br />
CPU: +25.0°C <br />
Motherboard: +22.0°C <br />
T_Sensor: -40.0°C <br />
VRM: +31.0°C <br />
<br />
k10temp-pci-00c3<br />
Adapter: PCI adapter<br />
Tctl: +28.0°C <br />
Tccd1: +27.5°C <br />
<br />
root@daq17:~# <br />
</pre><br />
<br />
== ASUS PRIME B650-PLUS ==<br />
<br />
* BIOS 1811<br />
* echo modprobe nct6775 >> /etc/rc.local<br />
<br />
<pre><br />
root@dsdaqgw:~# sensors<br />
amdgpu-pci-0b00<br />
Adapter: PCI adapter<br />
vddgfx: 930.00 mV <br />
vddnb: 1.19 V <br />
edge: +38.0°C <br />
PPT: 25.10 W <br />
<br />
nct6799-isa-0290<br />
Adapter: ISA adapter<br />
in0: 920.00 mV (min = +0.00 V, max = +1.74 V)<br />
in1: 1.02 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in2: 3.39 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in3: 3.38 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in4: 1.02 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in5: 1.04 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in6: 320.00 mV (min = +0.00 V, max = +0.00 V) ALARM<br />
in7: 3.39 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in8: 3.28 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in9: 3.38 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in10: 1.28 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in11: 1.10 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in12: 1.04 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in13: 416.00 mV (min = +0.00 V, max = +0.00 V) ALARM<br />
in14: 328.00 mV (min = +0.00 V, max = +0.00 V) ALARM<br />
fan1: 0 RPM (min = 0 RPM)<br />
fan2: 1253 RPM (min = 0 RPM)<br />
fan3: 0 RPM (min = 0 RPM)<br />
fan4: 0 RPM (min = 0 RPM)<br />
fan5: 0 RPM (min = 0 RPM)<br />
fan7: 0 RPM (min = 0 RPM)<br />
SYSTIN: +33.0°C (high = +80.0°C, hyst = +75.0°C) sensor = thermistor<br />
CPUTIN: +35.5°C (high = +80.0°C, hyst = +75.0°C) sensor = thermistor<br />
AUXTIN0: +78.0°C sensor = thermistor<br />
AUXTIN1: +11.0°C sensor = thermistor<br />
AUXTIN2: +20.0°C sensor = thermistor<br />
AUXTIN3: +82.0°C sensor = thermistor<br />
PECI Agent 0 Calibration: +35.5°C <br />
PCH_CHIP_CPU_MAX_TEMP: +0.0°C <br />
PCH_CHIP_TEMP: +0.0°C <br />
PCH_CPU_TEMP: +0.0°C <br />
TSI0_TEMP: +42.6°C <br />
intrusion0: ALARM<br />
intrusion1: OK<br />
beep_enable: disabled<br />
<br />
k10temp-pci-00c3<br />
Adapter: PCI adapter<br />
Tctl: +42.6°C <br />
Tccd1: +36.4°C <br />
<br />
root@dsdaqgw:~# <br />
</pre><br />
<br />
= Enable CPU turbo mode =<br />
<br />
* Intel CPU has a nominal CPU frequency (i.e. 3.4GHz) and a turbo-boost CPU frequency (i.e. 4.0GHz). Here we will enable this turbo-boost mode.<br />
* Find out CPU capability<br />
<pre><br />
root@daq01:~# lscpu | grep Hz<br />
Model name: Intel(R) Core(TM) i7-6700 CPU @ 3.40GHz<br />
CPU MHz: 3965.803<br />
CPU max MHz: 4000.0000<br />
CPU min MHz: 800.0000<br />
root@daq01:~# <br />
</pre><br />
* Look up this CPU in the Intel ARK database - google for the CPU model name, i.e.<br />
https://ark.intel.com/content/www/us/en/ark/products/88196/intel-core-i7-6700-processor-8m-cache-up-to-4-00-ghz.html<br />
* Find current frequency settings:<br />
<pre><br />
root@daq01:~# cpupower frequency-info<br />
analyzing CPU 0:<br />
driver: intel_pstate<br />
CPUs which run at the same hardware frequency: 0<br />
CPUs which need to have their frequency coordinated by software: 0<br />
maximum transition latency: Cannot determine or is not supported.<br />
hardware limits: 800 MHz - 4.00 GHz<br />
available cpufreq governors: performance powersave<br />
current policy: frequency should be within 800 MHz and 4.00 GHz.<br />
The governor "powersave" may decide which speed to use<br />
within this range.<br />
current CPU frequency: Unable to call hardware<br />
current CPU frequency: 2.72 GHz (asserted by call to kernel)<br />
boost state support:<br />
Supported: yes<br />
Active: yes<br />
root@daq01:~# <br />
</pre><br />
* Note the following:<br />
** current governor is "powersave"<br />
** "performance" governor is available<br />
** "boost state support" is supported and active.<br />
* Confirm CPU frequency governor:<br />
<pre><br />
root@daq01:~# cat /sys/devices/system/cpu/cpu*/cpufreq/scaling_governor<br />
powersave<br />
powersave<br />
powersave<br />
powersave<br />
powersave<br />
powersave<br />
powersave<br />
powersave<br />
root@daq01:~# <br />
</pre> <br />
* Change governor to "performance":<br />
<pre><br />
root@daq01:~# cpupower frequency-set --governor performance<br />
Setting cpu: 0<br />
Setting cpu: 1<br />
Setting cpu: 2<br />
Setting cpu: 3<br />
Setting cpu: 4<br />
Setting cpu: 5<br />
Setting cpu: 6<br />
Setting cpu: 7<br />
root@daq01:~# cat /sys/devices/system/cpu/cpu*/cpufreq/scaling_governor<br />
performance<br />
performance<br />
performance<br />
performance<br />
performance<br />
performance<br />
performance<br />
performance<br />
root@daq01:~# cpupower frequency-info<br />
analyzing CPU 0:<br />
driver: intel_pstate<br />
CPUs which run at the same hardware frequency: 0<br />
CPUs which need to have their frequency coordinated by software: 0<br />
maximum transition latency: Cannot determine or is not supported.<br />
hardware limits: 800 MHz - 4.00 GHz<br />
available cpufreq governors: performance powersave<br />
current policy: frequency should be within 800 MHz and 4.00 GHz.<br />
The governor "performance" may decide which speed to use<br />
within this range.<br />
current CPU frequency: Unable to call hardware<br />
current CPU frequency: 3.93 GHz (asserted by call to kernel)<br />
boost state support:<br />
Supported: yes<br />
Active: yes<br />
</pre><br />
* monitor CPU frequency:<br />
<pre><br />
root@daq01:~# cpupower monitor<br />
| Nehalem || Mperf || Idle_Stats <br />
CPU| C3 | C6 | PC3 | PC6 || C0 | Cx | Freq || POLL | C1 | C1E | C3 | C6 | C7s | C8 <br />
0| 0.00| 0.00| 0.00| 0.00|| 88.80| 11.20| 3973|| 0.00| 0.00| 0.01| 0.02| 0.31| 0.00| 4.25<br />
4| 0.00| 0.00| 0.00| 0.00|| 4.70| 95.30| 3945|| 0.00| 0.00| 0.00| 0.00| 0.00| 0.00| 95.03<br />
1| 0.73| 3.70| 0.00| 0.00|| 4.52| 95.48| 3864|| 0.00| 0.01| 1.19| 0.44| 2.82| 0.00| 90.23<br />
5| 0.73| 3.70| 0.00| 0.00|| 0.37| 99.63| 3807|| 0.00| 0.00| 0.03| 0.09| 1.70| 0.00| 97.64<br />
2| 2.28| 12.86| 0.00| 0.00|| 1.41| 98.59| 3829|| 0.00| 0.86| 3.17| 0.46| 7.70| 0.00| 85.87<br />
6| 2.28| 12.86| 0.00| 0.00|| 2.88| 97.12| 3856|| 0.00| 0.11| 4.56| 2.15| 10.31| 0.00| 78.99<br />
3| 1.33| 4.81| 0.00| 0.00|| 0.99| 99.01| 3804|| 0.00| 0.49| 0.79| 0.01| 1.03| 0.00| 96.12<br />
7| 1.34| 4.81| 0.00| 0.00|| 1.26| 98.74| 3818|| 0.00| 0.01| 2.32| 0.47| 5.02| 0.00| 90.06<br />
root@daq01:~# <br />
</pre><br />
* check that the CPU is not overheating:<br />
<pre><br />
root@daq01:~# sensors<br />
coretemp-isa-0000<br />
Adapter: ISA adapter<br />
Package id 0: +51.0°C (high = +84.0°C, crit = +100.0°C)<br />
Core 0: +51.0°C (high = +84.0°C, crit = +100.0°C)<br />
Core 1: +38.0°C (high = +84.0°C, crit = +100.0°C)<br />
Core 2: +34.0°C (high = +84.0°C, crit = +100.0°C)<br />
Core 3: +32.0°C (high = +84.0°C, crit = +100.0°C)<br />
</pre><br />
* congratulations, we are running at 4 GHz now!<br />
<br />
= Setup ubuntu as gateway to private network =<br />
<br />
See also:<br />
* https://daq.triumf.ca/DaqWiki/index.php/VME-CPU#Setup_the_boot_host_computer_.28el7.29<br />
* http://www.triumf.info/wiki/DAQwiki/index.php/Dhcpd_on_eth1<br />
<br />
== Steps to do ==<br />
<br />
!!! UPDATED 16feb2024 Ubuntu-22.04.03 !!!<br />
<br />
* assign network numbers to the private network, i.e. 192.168.1.x, 192.168.2.x, etc<br />
* (on the gateway machine, each private network interface has to have a different network number)<br />
* (each network interface can have multiple networks attached, via VLANs or via eth0:0, eth0:1 constructs)<br />
* assign IP addresses on the private network, save them in /etc/hosts i.e. "hvps 192.168.1.10"<br />
* (for simplicity, assign 192.168.1.1 to the gateway machine itself)<br />
* (IP addresses 192.168.1.0 and 192.168.1.255 are "special", do not use them)<br />
* setup DNS server (dnsmasq) to serve contents of /etc/hosts via DNS (otherwise, many programs will see inconsistent name to IP address mapping)<br />
* setup DHCP server (dnsmasq) to give out the IP addresses<br />
* setup TFTP server (dnsmasq), pxelinux and NFS for diskless booting<br />
* setup time server (chronyd) to provide common time to all devices<br />
* setup NAT so machines on private network can access the internet (to get OS updates, etc)<br />
* setup NIS and NFS so machines on the private network can use common home directories<br />
* setup rsync backup of machines on the private network<br />
<br />
== setup hosts ==<br />
<br />
* edit /etc/hosts<br />
<pre><br />
192.168.1.101 dsfe01<br />
... and so forth<br />
</pre><br />
<br />
== setup dns and dhcp ==<br />
<br />
!!! updated 16feb2024 for Ubuntu 22.04.3 !!!<br />
<br />
!!! note: stock systemd-resolved remains, is configured to forward queries to dnsmasq, configured to forward queries to TRIUMF DNS !!!<br />
<br />
!!! note: per authors of systemd, bare hostnames are not permitted, a DNS domain name must always be used. DNS domain name "dsdaq" is used in this example !!!<br />
<br />
* apt install dnsmasq<br />
* ensure dnsmasq starts after all interfaces are up (Ubuntu-22)<br />
<pre><br />
mkdir /etc/systemd/system/dnsmasq.service.d<br />
echo -e "[Unit]\nAfter=network-online.target\n" > /etc/systemd/system/dnsmasq.service.d/local.conf<br />
</pre><br />
* edit /etc/dnsmasq.conf<br />
<pre><br />
# /etc/dnsmasq.conf<br />
# DNS settings <br />
#port=0 # disable DNS function <br />
port=53 # enable DNS function <br />
bind-interfaces # do not collide with systemd-resolved, we use 127.0.0.1:53, they use 127.0.0.53:53 <br />
domain-needed <br />
bogus-priv <br />
no-resolv <br />
#log-queries # log DNS quesries <br />
<br />
# TRIUMF DNS settings <br />
<br />
server=142.90.100.19 <br />
expand-hosts <br />
domain=dsdaq <br />
local=/dsdaq/ <br />
localmx # do not forward MX queries to TRIUMF <br />
<br />
# DHCP settings <br />
interface=enp1s0f0 # VX network 192.168.0.x <br />
#interface=missing # FEP and TSP network 192.168.1.x <br />
interface=enp1s0f1 # controls network 192.168.2.x <br />
#dhcp-range=192.168.1.50,192.168.1.150,infinite <br />
dhcp-range=192.168.0.0,static <br />
dhcp-range=192.168.2.0,static <br />
log-dhcp # log DHCP queries <br />
#quiet-dhcp <br />
dhcp-ignore=tag:!known <br />
#dhcp-boot=pxelinux.0 <br />
<br />
dhcp-option=option:dns-server,192.168.0.248 <br />
dhcp-option=option:ntp-server,192.168.0.248 <br />
<br />
# TFTP settings <br />
<br />
enable-tftp <br />
tftp-root=/tftpboot <br />
</pre><br />
* #mkdir /tftpboot ### per tftp-root (if no ZFS)<br />
* zfs create -o mountpoint=/tftpboot rpool/tftpboot ### (if root is ZFS)<br />
* create resolved-dsdaq.conf with main IP address of dnsmasq<br />
<pre><br />
[Resolve]<br />
DNS=192.168.0.248<br />
Domains=dsdaq triumf.ca<br />
</pre><br />
* mkdir -p /etc/systemd/resolved.conf.d/<br />
* /bin/rm -f /etc/systemd/resolved.conf.d/*.conf<br />
* cp resolved-dsdaq.conf /etc/systemd/resolved.conf.d/<br />
* systemctl stop systemd-resolved.service<br />
* systemctl disable systemd-resolved.service<br />
* systemctl enable dnsmasq<br />
* systemctl restart dnsmasq<br />
* try to "ping" or "host" some names from /etc/hosts, it should work<br />
* try to ping daq00, daq00.triumf.ca, all should work<br />
* resolved-dsdaq.conf goes into /etc/systemd/resolved.conf.d/ of all machines on the private network<br />
* if not using systemd-resolved, edit /etc/resolv.conf<br />
<br />
== setup chronyd ==<br />
<br />
* enable ntp server:<br />
* disable systemd-timesyncd, configure and enable chronyd per instructions above<br />
* create dsdaq.conf<br />
<pre><br />
# chrony config for dsdaq server<br />
<br />
#allow 192.168.0.0<br />
#allow 192.168.1.0<br />
#allow 192.168.2.0<br />
allow all<br />
<br />
# end<br />
</pre><br />
* cp dsdaq.conf /etc/chrony/conf.d/<br />
* systemctl restart chronyd<br />
* chronyc tracking ### wait until time is synchronized (a few seconds)<br />
* create dsdaq.sources # use hostname or IP address of chronyd server<br />
<pre><br />
# Put this file in /etc/chrony/sources.d<br />
# systemctl restart chrony<br />
# chronyc sources<br />
# chronyc tracking<br />
server dsdaqgw iburst prefer<br />
# end<br />
</pre><br />
* dsdaq.sources goes to /etc/chrony/sources.d of all machines on the private network<br />
<br />
== setup diskless network booting ==<br />
<br />
=== setup pxelinux for legacy pxe boot ===<br />
<br />
* add bits in dnsmasq.conf<br />
<pre><br />
dhcp-host=ac:1f:6b:9e:7f:4a,dsfe01,infinite<br />
dhcp-boot=pxelinux.0<br />
dhcp-option=17,"192.168.0.251:/nfsroot/%s,vers=3"<br />
</pre><br />
* setup pxelinux for Ubuntu-18<br />
<pre><br />
cd ~<br />
wget https://www.kernel.org/pub/linux/utils/boot/syslinux/4.xx/syslinux-4.03.tar.bz2<br />
tar xjvf syslinux-4.03.tar.bz2<br />
cd syslinux-4.03<br />
cp -pv ./core/pxelinux.0 ./com32/hdt/hdt.c32 ./memdisk/memdisk ./com32/menu/menu.c32 /zssd/tftpboot/<br />
</pre><br />
* cd /zssd/tftpboot<br />
<pre><br />
wget http://ladd00.triumf.ca/tftpboot/memtest86+-4.20.iso.zip<br />
wget http://ladd00.triumf.ca/tftpboot/memtest86+-5.01.iso.gz<br />
wget http://ladd00.triumf.ca/tftpboot/modules.alias<br />
wget http://ladd00.triumf.ca/tftpboot/modules.pcimap<br />
wget http://ladd00.triumf.ca/tftpboot/pci.ids<br />
</pre><br />
* mkdir pxelinux.cfg<br />
* emacs -nw pxelinux.cfg/default<br />
<pre><br />
default menu.c32<br />
prompt 0<br />
<br />
menu title Welcome to the DSVSLICE PXE boot menu<br />
<br />
timeout 50<br />
<br />
label hdt<br />
kernel hdt.c32<br />
<br />
label memtest86+-5.01 <br />
kernel memdisk iso initrd=memtest86+-5.01.iso.gz <br />
<br />
label memtest86+-4.20<br />
kernel memdisk iso initrd=memtest86+-4.20.iso.zip<br />
<br />
label vmlinuz-5.3.0-26-generic<br />
menu default<br />
kernel vmlinuz-5.3.0-26-generic<br />
append initrd=initrd.img-5.3.0-26-generic boot=nfs root=/dev/nfs netboot=nfs nfsroot=192.168.1.1:/zssd/nfsroot/dsfe01 toram ip=dhcp panic=60 BOOTIF=enp1s0f0<br />
<br />
#end<br />
</pre><br />
<br />
=== setup pxelinux for efi pxe boot ===<br />
<br />
* https://c-nergy.be/blog/?p=13808<br />
* add dnsmasq.conf bits. note: to use dhcp root-path, see the "nfsroot=auto" patch below and make sure to use the "dhcp-option-force" command (mkinitramfs dhcp client does not ask for root-path, we have to force-feed it).<br />
<pre><br />
# uefi pxe<br />
<br />
dhcp-boot=tag:uefipxe,uefi/syslinux.efi<br />
dhcp-option-force=tag:fe01,option:root-path,192.168.0.248:/nfsroot/fe01<br />
<br />
# VX network 192.168.0.x<br />
<br />
dhcp-host=40:a6:b7:c1:d9:c5,fe01,infinite,set:uefipxe,set:fe01<br />
</pre><br />
* apt install syslinux pxelinux syslinux-common syslinux-efi syslinux-utils<br />
<pre><br />
mkdir /tftpboot/uefi<br />
cp /usr/lib/SYSLINUX.EFI/efi64/syslinux.efi /tftpboot/uefi/<br />
cp /usr/lib/syslinux/modules/efi64/ldlinux.e64 /tftpboot/uefi/<br />
cp /usr/lib/syslinux/modules/efi64/menu.c32 /tftpboot/uefi/<br />
cp /usr/lib/syslinux/modules/efi64/hdt.c32 /tftpboot/uefi/<br />
cp /usr/lib/syslinux/modules/efi64/libutil.c32 /tftpboot/uefi/<br />
cp /usr/lib/syslinux/modules/efi64/libmenu.c32 /tftpboot/uefi/<br />
cp /usr/lib/syslinux/modules/efi64/libcom32.c32 /tftpboot/uefi/<br />
cp /usr/lib/syslinux/modules/efi64/libgpl.c32 /tftpboot/uefi/<br />
</pre><br />
* try to boot, it should bomb with "cannot load pxelinux.cfg/default"<br />
* mkdir /tftpboot/uefi/pxelinux.cfg<br />
* create /tftpboot/uefi/pxelinux.cfg/default, note nfsroot path is hardwired, note "http:" is used to load vmlinuz and initrd files (because tftp is super slow)<br />
<pre><br />
default menu.c32<br />
prompt 0<br />
<br />
menu title Welcome to the DSDAQGW UEFI PXE boot menu<br />
<br />
timeout 50<br />
<br />
label vmlinuz-6.5.0-17-generic<br />
kernel http://192.168.0.248:8088/uefi/vmlinuz-6.5.0-17-generic<br />
append initrd=http://192.168.0.248:8088/uefi/initrd.img-6.5.0-17-generic boot=nfs root=/dev/nfs netboot=nfs nfsroot=auto rw ip=dhcp panic=60<br />
<br />
# append initrd=http://192.168.0.248:8088/uefi/initrd.img-6.5.0-17-generic boot=nfs root=/dev/nfs netboot=nfs nfsroot=192.168.0.248:/nfsroot/fe01 rw ip=dhcp panic=60<br />
<br />
# append initrd=initrd.img-6.5.0-17-generic boot=nfs root=/dev/nfs netboot=nfs nfsroot=192.168.0.248:/nfsroot/fe01 rw ip=dhcp panic=60<br />
# append initrd=initrd.img-6.5.0-17-generic boot=nfs root=/dev/nfs netboot=nfs nfsroot=auto ip=dhcp rw panic=60<br />
<br />
#end<br />
</pre><br />
* try to boot, it will bomb with "cannot load http://...."<br />
* install mini_httpd on port 8088, see https://acme.com/software/mini_httpd/<br />
<pre><br />
apt install mini-httpd<br />
emacs -nw /etc/default/mini-httpd # set "START=1"<br />
emacs -nw /etc/mini-httpd.conf # set "host=192.168.0.248", "port=8088", "data_dir=/tftpboot"<br />
mkdir /etc/systemd/system/mini-httpd.service.d<br />
echo -e "[Unit]\nAfter=network-online.target\n" > /etc/systemd/system/mini-httpd.service.d/local.conf<br />
systemctl enable mini-httpd<br />
systemctl restart mini-httpd<br />
systemctl status mini-httpd<br />
wget http://192.168.0.248:8088/uefi/syslinux.efi<br />
tail -100 /var/log/mini_httpd.log<br />
</pre><br />
* fix U-22 initramfs bug for "nfsroot=auto", otherwise, "nfsroot=" has to be different for each machine and you have to have separate pxelinux config files for each machine<br />
** emacs -nw /usr/lib/initramfs-tools/etc/dhcp/dhclient-enter-hooks.d/config<br />
** add "echo ROOTPATH=..." if it is missing<br />
<pre><br />
echo "ROOTSERVER='${new_routers%% *}'" <br />
echo "ROOTPATH='$new_root_path'" <br />
echo "HOSTNAME='$new_host_name'" <br />
</pre><br />
* fix U-24 initramfs bug for "nfsroot=auto", otherwise, "nfsroot=" has to be different for each machine and you have to have separate pxelinux config files for each machine<br />
** emacs -nw /usr/share/initramfs-tools/dhcpcd-hooks/70-net-conf<br />
** add "ROOTPATH=..." if it is missing<br />
<pre><br />
DNSDOMAIN='${new_domain_name-}' <br />
ROOTSERVER='${new_routers-}' <br />
ROOTPATH='${new_root_path-}' <br />
filename='${new_filename-}' <br />
DHCPLEASETIME='${new_dhcp_lease_time-}' <br />
</pre><br />
** regenerate initramfs (be careful you generate it for the right kernel!)<br />
** see https://bugs.launchpad.net/ubuntu/+source/initramfs-tools/+bug/2054482<br />
<pre><br />
mkinitramfs 6.5.0-18-generic<br />
mkinitramfs 6.8.0-51-generic -o /boot/initrd.img-6.8.0-51-generic<br />
</pre><br />
* copy linux kernel and initrd<br />
<pre><br />
cp /boot/vmlinuz-6.5.0-18-generic /tftpboot/uefi/<br />
cp /boot/initrd.img-6.5.0-18-generic /tftpboot/uefi/<br />
chmod a+r /tftpboot/uefi/*<br />
</pre><br />
* try to boot, should bomb with messages about "trying to mount root filesystem"<br />
* tail /var/log/syslog<br />
<pre><br />
Feb 16 20:43:02 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 available DHCP subnet: 192.168.0.0/255.255.255.0<br />
Feb 16 20:43:02 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 vendor class: PXEClient:Arch:00007:UNDI:003016<br />
Feb 16 20:43:02 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 DHCPDISCOVER(enp1s0f0) 40:a6:b7:c1:d9:c5 <br />
Feb 16 20:43:02 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 tags: uefipxe, fe01, known, enp1s0f0<br />
Feb 16 20:43:02 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 DHCPOFFER(enp1s0f0) 192.168.0.110 40:a6:b7:c1:d9:c5 <br />
Feb 16 20:43:02 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 requested options: 1:netmask, 2:time-offset, 3:router, 4, 5, <br />
Feb 16 20:43:02 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 requested options: 6:dns-server, 12:hostname, 13:boot-file-size, <br />
Feb 16 20:43:02 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 requested options: 15:domain-name, 17:root-path, 18:extension-path, <br />
Feb 16 20:43:02 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 requested options: 22:max-datagram-reassembly, 23:default-ttl, <br />
Feb 16 20:43:02 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 requested options: 28:broadcast, 40:nis-domain, 41:nis-server, <br />
Feb 16 20:43:02 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 requested options: 42:ntp-server, 43:vendor-encap, 50:requested-address, <br />
Feb 16 20:43:02 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 requested options: 51:lease-time, 54:server-identifier, 58:T1, <br />
Feb 16 20:43:02 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 requested options: 59:T2, 60:vendor-class, 66:tftp-server, 67:bootfile-name, <br />
Feb 16 20:43:02 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 requested options: 97:client-machine-id, 128, 129, 130, 131, <br />
Feb 16 20:43:02 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 requested options: 132, 133, 134, 135<br />
Feb 16 20:43:02 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 next server: 192.168.0.248<br />
Feb 16 20:43:02 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 broadcast response<br />
Feb 16 20:43:02 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 sent size: 1 option: 53 message-type 2<br />
Feb 16 20:43:02 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 sent size: 4 option: 54 server-identifier 192.168.0.248<br />
Feb 16 20:43:02 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 sent size: 4 option: 51 lease-time infinite<br />
Feb 16 20:43:02 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 sent size: 18 option: 67 bootfile-name uefi/syslinux.efi<br />
Feb 16 20:43:02 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 sent size: 4 option: 1 netmask 255.255.255.0<br />
Feb 16 20:43:02 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 sent size: 4 option: 28 broadcast 192.168.0.255<br />
Feb 16 20:43:02 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 sent size: 4 option: 3 router 192.168.0.248<br />
Feb 16 20:43:02 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 sent size: 5 option: 15 domain-name dsdaq<br />
Feb 16 20:43:02 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 sent size: 4 option: 12 hostname fe01<br />
Feb 16 20:43:02 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 sent size: 27 option: 17 root-path 192.168.0.248:/nfsroot/fe01<br />
Feb 16 20:43:02 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 sent size: 4 option: 42 ntp-server 192.168.0.248<br />
Feb 16 20:43:02 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 sent size: 4 option: 6 dns-server 192.168.0.248<br />
Feb 16 20:43:05 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 available DHCP subnet: 192.168.0.0/255.255.255.0<br />
Feb 16 20:43:05 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 vendor class: PXEClient:Arch:00007:UNDI:003016<br />
Feb 16 20:43:05 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 DHCPREQUEST(enp1s0f0) 192.168.0.110 40:a6:b7:c1:d9:c5 <br />
Feb 16 20:43:05 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 tags: uefipxe, fe01, known, enp1s0f0<br />
Feb 16 20:43:05 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 DHCPACK(enp1s0f0) 192.168.0.110 40:a6:b7:c1:d9:c5 fe01<br />
Feb 16 20:43:05 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 requested options: 1:netmask, 2:time-offset, 3:router, 4, 5, <br />
Feb 16 20:43:05 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 requested options: 6:dns-server, 12:hostname, 13:boot-file-size, <br />
Feb 16 20:43:05 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 requested options: 15:domain-name, 17:root-path, 18:extension-path, <br />
Feb 16 20:43:05 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 requested options: 22:max-datagram-reassembly, 23:default-ttl, <br />
Feb 16 20:43:05 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 requested options: 28:broadcast, 40:nis-domain, 41:nis-server, <br />
Feb 16 20:43:05 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 requested options: 42:ntp-server, 43:vendor-encap, 50:requested-address, <br />
Feb 16 20:43:05 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 requested options: 51:lease-time, 54:server-identifier, 58:T1, <br />
Feb 16 20:43:05 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 requested options: 59:T2, 60:vendor-class, 66:tftp-server, 67:bootfile-name, <br />
Feb 16 20:43:05 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 requested options: 97:client-machine-id, 128, 129, 130, 131, <br />
Feb 16 20:43:05 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 requested options: 132, 133, 134, 135<br />
Feb 16 20:43:05 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 next server: 192.168.0.248<br />
Feb 16 20:43:05 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 broadcast response<br />
Feb 16 20:43:05 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 sent size: 1 option: 53 message-type 5<br />
Feb 16 20:43:05 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 sent size: 4 option: 54 server-identifier 192.168.0.248<br />
Feb 16 20:43:05 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 sent size: 4 option: 51 lease-time infinite<br />
Feb 16 20:43:05 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 sent size: 18 option: 67 bootfile-name uefi/syslinux.efi<br />
Feb 16 20:43:05 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 sent size: 4 option: 1 netmask 255.255.255.0<br />
Feb 16 20:43:05 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 sent size: 4 option: 28 broadcast 192.168.0.255<br />
Feb 16 20:43:05 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 sent size: 4 option: 3 router 192.168.0.248<br />
Feb 16 20:43:05 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 sent size: 5 option: 15 domain-name dsdaq<br />
Feb 16 20:43:05 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 sent size: 4 option: 12 hostname fe01<br />
Feb 16 20:43:05 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 sent size: 27 option: 17 root-path 192.168.0.248:/nfsroot/fe01<br />
Feb 16 20:43:05 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 sent size: 4 option: 42 ntp-server 192.168.0.248<br />
Feb 16 20:43:05 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 sent size: 4 option: 6 dns-server 192.168.0.248<br />
Feb 16 20:43:05 dsdaqgw dnsmasq-tftp[3629416]: error 8 User aborted the transfer received from 192.168.0.110<br />
Feb 16 20:43:05 dsdaqgw dnsmasq-tftp[3629416]: sent /tftpboot/uefi/syslinux.efi to 192.168.0.110<br />
Feb 16 20:43:05 dsdaqgw dnsmasq-tftp[3629416]: sent /tftpboot/uefi/syslinux.efi to 192.168.0.110<br />
Feb 16 20:43:05 dsdaqgw dnsmasq-dhcp[3629416]: 2348065887 available DHCP subnet: 192.168.0.0/255.255.255.0<br />
Feb 16 20:43:05 dsdaqgw dnsmasq-dhcp[3629416]: 2348065887 DHCPDISCOVER(enp1s0f0) 40:a6:b7:c1:d9:c5 <br />
Feb 16 20:43:05 dsdaqgw dnsmasq-dhcp[3629416]: 2348065887 tags: uefipxe, fe01, known, enp1s0f0<br />
Feb 16 20:43:05 dsdaqgw dnsmasq-dhcp[3629416]: 2348065887 DHCPOFFER(enp1s0f0) 192.168.0.110 40:a6:b7:c1:d9:c5 <br />
Feb 16 20:43:05 dsdaqgw dnsmasq-dhcp[3629416]: 2348065887 requested options: 1:netmask, 3:router, 6:dns-server<br />
Feb 16 20:43:05 dsdaqgw dnsmasq-dhcp[3629416]: 2348065887 bootfile name: uefi/syslinux.efi<br />
Feb 16 20:43:05 dsdaqgw dnsmasq-dhcp[3629416]: 2348065887 next server: 192.168.0.248<br />
Feb 16 20:43:05 dsdaqgw dnsmasq-dhcp[3629416]: 2348065887 broadcast response<br />
Feb 16 20:43:05 dsdaqgw dnsmasq-dhcp[3629416]: 2348065887 sent size: 1 option: 53 message-type 2<br />
Feb 16 20:43:05 dsdaqgw dnsmasq-dhcp[3629416]: 2348065887 sent size: 4 option: 54 server-identifier 192.168.0.248<br />
Feb 16 20:43:05 dsdaqgw dnsmasq-dhcp[3629416]: 2348065887 sent size: 4 option: 51 lease-time infinite<br />
Feb 16 20:43:05 dsdaqgw dnsmasq-dhcp[3629416]: 2348065887 sent size: 4 option: 1 netmask 255.255.255.0<br />
Feb 16 20:43:05 dsdaqgw dnsmasq-dhcp[3629416]: 2348065887 sent size: 4 option: 28 broadcast 192.168.0.255<br />
Feb 16 20:43:05 dsdaqgw dnsmasq-dhcp[3629416]: 2348065887 sent size: 4 option: 3 router 192.168.0.248<br />
Feb 16 20:43:05 dsdaqgw dnsmasq-dhcp[3629416]: 2348065887 sent size: 27 option: 17 root-path 192.168.0.248:/nfsroot/fe01<br />
Feb 16 20:43:05 dsdaqgw dnsmasq-dhcp[3629416]: 2348065887 sent size: 4 option: 6 dns-server 192.168.0.248<br />
Feb 16 20:43:09 dsdaqgw dnsmasq-dhcp[3629416]: 2348065887 available DHCP subnet: 192.168.0.0/255.255.255.0<br />
Feb 16 20:43:09 dsdaqgw dnsmasq-dhcp[3629416]: 2348065887 DHCPREQUEST(enp1s0f0) 192.168.0.110 40:a6:b7:c1:d9:c5 <br />
Feb 16 20:43:09 dsdaqgw dnsmasq-dhcp[3629416]: 2348065887 tags: uefipxe, fe01, known, enp1s0f0<br />
Feb 16 20:43:09 dsdaqgw dnsmasq-dhcp[3629416]: 2348065887 DHCPACK(enp1s0f0) 192.168.0.110 40:a6:b7:c1:d9:c5 fe01<br />
Feb 16 20:43:09 dsdaqgw dnsmasq-dhcp[3629416]: 2348065887 requested options: 1:netmask, 3:router, 6:dns-server<br />
Feb 16 20:43:09 dsdaqgw dnsmasq-dhcp[3629416]: 2348065887 bootfile name: uefi/syslinux.efi<br />
Feb 16 20:43:09 dsdaqgw dnsmasq-dhcp[3629416]: 2348065887 next server: 192.168.0.248<br />
Feb 16 20:43:09 dsdaqgw dnsmasq-dhcp[3629416]: 2348065887 broadcast response<br />
Feb 16 20:43:09 dsdaqgw dnsmasq-dhcp[3629416]: 2348065887 sent size: 1 option: 53 message-type 5<br />
Feb 16 20:43:09 dsdaqgw dnsmasq-dhcp[3629416]: 2348065887 sent size: 4 option: 54 server-identifier 192.168.0.248<br />
Feb 16 20:43:09 dsdaqgw dnsmasq-dhcp[3629416]: 2348065887 sent size: 4 option: 51 lease-time infinite<br />
Feb 16 20:43:09 dsdaqgw dnsmasq-dhcp[3629416]: 2348065887 sent size: 4 option: 1 netmask 255.255.255.0<br />
Feb 16 20:43:09 dsdaqgw dnsmasq-dhcp[3629416]: 2348065887 sent size: 4 option: 28 broadcast 192.168.0.255<br />
Feb 16 20:43:09 dsdaqgw dnsmasq-dhcp[3629416]: 2348065887 sent size: 4 option: 3 router 192.168.0.248<br />
Feb 16 20:43:09 dsdaqgw dnsmasq-dhcp[3629416]: 2348065887 sent size: 27 option: 17 root-path 192.168.0.248:/nfsroot/fe01<br />
Feb 16 20:43:09 dsdaqgw dnsmasq-dhcp[3629416]: 2348065887 sent size: 4 option: 6 dns-server 192.168.0.248<br />
Feb 16 20:43:09 dsdaqgw dnsmasq-tftp[3629416]: sent /tftpboot/uefi/ldlinux.e64 to 192.168.0.110<br />
Feb 16 20:43:09 dsdaqgw dnsmasq-tftp[3629416]: file /tftpboot/uefi/pxelinux.cfg/01-40-a6-b7-c1-d9-c5 not found<br />
Feb 16 20:43:09 dsdaqgw dnsmasq-tftp[3629416]: file /tftpboot/uefi/pxelinux.cfg/C0A8006E not found<br />
Feb 16 20:43:09 dsdaqgw dnsmasq-tftp[3629416]: file /tftpboot/uefi/pxelinux.cfg/C0A8006 not found<br />
Feb 16 20:43:09 dsdaqgw dnsmasq-tftp[3629416]: file /tftpboot/uefi/pxelinux.cfg/C0A800 not found<br />
Feb 16 20:43:09 dsdaqgw dnsmasq-tftp[3629416]: file /tftpboot/uefi/pxelinux.cfg/C0A80 not found<br />
Feb 16 20:43:09 dsdaqgw dnsmasq-tftp[3629416]: file /tftpboot/uefi/pxelinux.cfg/C0A8 not found<br />
Feb 16 20:43:09 dsdaqgw dnsmasq-tftp[3629416]: file /tftpboot/uefi/pxelinux.cfg/C0A not found<br />
Feb 16 20:43:09 dsdaqgw dnsmasq-tftp[3629416]: file /tftpboot/uefi/pxelinux.cfg/C0 not found<br />
Feb 16 20:43:09 dsdaqgw dnsmasq-tftp[3629416]: file /tftpboot/uefi/pxelinux.cfg/C not found<br />
Feb 16 20:43:09 dsdaqgw dnsmasq-tftp[3629416]: sent /tftpboot/uefi/pxelinux.cfg/default to 192.168.0.110<br />
Feb 16 20:43:09 dsdaqgw dnsmasq-tftp[3629416]: sent /tftpboot/uefi/menu.c32 to 192.168.0.110<br />
Feb 16 20:43:10 dsdaqgw dnsmasq-tftp[3629416]: sent /tftpboot/uefi/libutil.c32 to 192.168.0.110<br />
Feb 16 20:43:10 dsdaqgw dnsmasq-tftp[3629416]: sent /tftpboot/uefi/pxelinux.cfg/default to 192.168.0.110<br />
Feb 16 20:44:54 dsdaqgw dnsmasq-dhcp[3629416]: 3693523458 available DHCP subnet: 192.168.0.0/255.255.255.0<br />
Feb 16 20:44:54 dsdaqgw dnsmasq-dhcp[3629416]: 3693523458 client provides name: dsdaqgw.triumf.ca<br />
Feb 16 20:44:54 dsdaqgw dnsmasq-dhcp[3629416]: 3693523458 DHCPDISCOVER(enp1s0f0) 40:a6:b7:c1:d9:c5 <br />
Feb 16 20:44:54 dsdaqgw dnsmasq-dhcp[3629416]: 3693523458 tags: uefipxe, fe01, known, enp1s0f0<br />
Feb 16 20:44:54 dsdaqgw dnsmasq-dhcp[3629416]: 3693523458 DHCPOFFER(enp1s0f0) 192.168.0.110 40:a6:b7:c1:d9:c5 <br />
Feb 16 20:44:54 dsdaqgw dnsmasq-dhcp[3629416]: 3693523458 requested options: 1:netmask, 28:broadcast, 2:time-offset, 3:router, <br />
Feb 16 20:44:54 dsdaqgw dnsmasq-dhcp[3629416]: 3693523458 requested options: 15:domain-name, 6:dns-server, 119:domain-search, <br />
Feb 16 20:44:54 dsdaqgw dnsmasq-dhcp[3629416]: 3693523458 requested options: 12:hostname, 44:netbios-ns, 47:netbios-scope, <br />
Feb 16 20:44:54 dsdaqgw dnsmasq-dhcp[3629416]: 3693523458 requested options: 26:mtu, 121:classless-static-route, 42:ntp-server<br />
Feb 16 20:44:54 dsdaqgw dnsmasq-dhcp[3629416]: 3693523458 bootfile name: uefi/syslinux.efi<br />
Feb 16 20:44:54 dsdaqgw dnsmasq-dhcp[3629416]: 3693523458 next server: 192.168.0.248<br />
Feb 16 20:44:54 dsdaqgw dnsmasq-dhcp[3629416]: 3693523458 sent size: 1 option: 53 message-type 2<br />
Feb 16 20:44:54 dsdaqgw dnsmasq-dhcp[3629416]: 3693523458 sent size: 4 option: 54 server-identifier 192.168.0.248<br />
Feb 16 20:44:54 dsdaqgw dnsmasq-dhcp[3629416]: 3693523458 sent size: 4 option: 51 lease-time infinite<br />
Feb 16 20:44:54 dsdaqgw dnsmasq-dhcp[3629416]: 3693523458 sent size: 4 option: 1 netmask 255.255.255.0<br />
Feb 16 20:44:54 dsdaqgw dnsmasq-dhcp[3629416]: 3693523458 sent size: 4 option: 28 broadcast 192.168.0.255<br />
Feb 16 20:44:54 dsdaqgw dnsmasq-dhcp[3629416]: 3693523458 sent size: 4 option: 3 router 192.168.0.248<br />
Feb 16 20:44:54 dsdaqgw dnsmasq-dhcp[3629416]: 3693523458 sent size: 5 option: 15 domain-name dsdaq<br />
Feb 16 20:44:54 dsdaqgw dnsmasq-dhcp[3629416]: 3693523458 sent size: 27 option: 17 root-path 192.168.0.248:/nfsroot/fe01<br />
Feb 16 20:44:54 dsdaqgw dnsmasq-dhcp[3629416]: 3693523458 sent size: 4 option: 42 ntp-server 192.168.0.248<br />
Feb 16 20:44:54 dsdaqgw dnsmasq-dhcp[3629416]: 3693523458 sent size: 4 option: 6 dns-server 192.168.0.248<br />
Feb 16 20:44:54 dsdaqgw dnsmasq-dhcp[3629416]: 3693523458 available DHCP subnet: 192.168.0.0/255.255.255.0<br />
Feb 16 20:44:54 dsdaqgw dnsmasq-dhcp[3629416]: 3693523458 client provides name: dsdaqgw.triumf.ca<br />
Feb 16 20:44:54 dsdaqgw dnsmasq-dhcp[3629416]: 3693523458 DHCPREQUEST(enp1s0f0) 192.168.0.110 40:a6:b7:c1:d9:c5 <br />
Feb 16 20:44:54 dsdaqgw dnsmasq-dhcp[3629416]: 3693523458 tags: uefipxe, fe01, known, enp1s0f0<br />
Feb 16 20:44:54 dsdaqgw dnsmasq-dhcp[3629416]: 3693523458 DHCPACK(enp1s0f0) 192.168.0.110 40:a6:b7:c1:d9:c5 fe01<br />
Feb 16 20:44:54 dsdaqgw dnsmasq-dhcp[3629416]: 3693523458 requested options: 1:netmask, 28:broadcast, 2:time-offset, 3:router, <br />
Feb 16 20:44:54 dsdaqgw dnsmasq-dhcp[3629416]: 3693523458 requested options: 15:domain-name, 6:dns-server, 119:domain-search, <br />
Feb 16 20:44:54 dsdaqgw dnsmasq-dhcp[3629416]: 3693523458 requested options: 12:hostname, 44:netbios-ns, 47:netbios-scope, <br />
Feb 16 20:44:54 dsdaqgw dnsmasq-dhcp[3629416]: 3693523458 requested options: 26:mtu, 121:classless-static-route, 42:ntp-server<br />
Feb 16 20:44:54 dsdaqgw dnsmasq-dhcp[3629416]: 3693523458 bootfile name: uefi/syslinux.efi<br />
Feb 16 20:44:54 dsdaqgw dnsmasq-dhcp[3629416]: 3693523458 next server: 192.168.0.248<br />
Feb 16 20:44:54 dsdaqgw dnsmasq-dhcp[3629416]: 3693523458 sent size: 1 option: 53 message-type 5<br />
Feb 16 20:44:54 dsdaqgw dnsmasq-dhcp[3629416]: 3693523458 sent size: 4 option: 54 server-identifier 192.168.0.248<br />
Feb 16 20:44:54 dsdaqgw dnsmasq-dhcp[3629416]: 3693523458 sent size: 4 option: 51 lease-time infinite<br />
Feb 16 20:44:54 dsdaqgw dnsmasq-dhcp[3629416]: 3693523458 sent size: 4 option: 1 netmask 255.255.255.0<br />
Feb 16 20:44:54 dsdaqgw dnsmasq-dhcp[3629416]: 3693523458 sent size: 4 option: 28 broadcast 192.168.0.255<br />
Feb 16 20:44:54 dsdaqgw dnsmasq-dhcp[3629416]: 3693523458 sent size: 4 option: 3 router 192.168.0.248<br />
Feb 16 20:44:54 dsdaqgw dnsmasq-dhcp[3629416]: 3693523458 sent size: 5 option: 15 domain-name dsdaq<br />
Feb 16 20:44:54 dsdaqgw dnsmasq-dhcp[3629416]: 3693523458 sent size: 4 option: 12 hostname fe01<br />
Feb 16 20:44:54 dsdaqgw dnsmasq-dhcp[3629416]: 3693523458 sent size: 27 option: 17 root-path 192.168.0.248:/nfsroot/fe01<br />
Feb 16 20:44:54 dsdaqgw dnsmasq-dhcp[3629416]: 3693523458 sent size: 4 option: 42 ntp-server 192.168.0.248<br />
Feb 16 20:44:54 dsdaqgw dnsmasq-dhcp[3629416]: 3693523458 sent size: 4 option: 6 dns-server 192.168.0.248<br />
Feb 16 20:44:54 dsdaqgw rpc.mountd[3350210]: authenticated mount request from 192.168.0.110:981 for /nfsroot/fe01 (/nfsroot/fe01)<br />
Feb 16 20:45:07 dsdaqgw rpc.mountd[3350210]: authenticated unmount request from 192.168.0.110:859 for /nfsroot/fe01/tmp/autoDY4k5u (/nfsroot/fe01)<br />
</pre><br />
* tail /var/log/mini_httpd.log<br />
<pre><br />
192.168.0.110 - - [16/Feb/2024:20:43:15 -0800] "GET /uefi/vmlinuz-6.5.0-17-generic HTTP/1.0" 200 14227944 "" "Syslinux/6.04"<br />
192.168.0.110 - - [16/Feb/2024:20:43:24 -0800] "GET /uefi/initrd.img-6.5.0-17-generic HTTP/1.0" 200 137824833 "" "Syslinux/6.04"<br />
</pre><br />
<br />
=== setup efi http boot ===<br />
<br />
https://documentation.suse.com/sles/15-SP2/html/SLES-all/cha-deployment-prep-uefi-httpboot.html<br />
<br />
=== setup linux kernel ===<br />
<br />
* copy the kernel files<br />
<pre><br />
cd /boot<br />
rsync -av config* initrd* System.map* vmlinuz* /tftpboot/<br />
</pre><br />
* cd /tftpboot<br />
* chmod a+r *<br />
<br />
=== setup nfs ===<br />
<br />
* apt-get install nfs-kernel-server<br />
* enable NFS over UDP, edit /etc/nfs.conf add "udp=y":<br />
<pre><br />
udp=y<br />
</pre><br />
<pre><br />
systemctl restart nfs-server.service<br />
</pre><br />
* emacs -nw /etc/exports<br />
<pre><br />
/nfsroot/dsfe01 dsfe01(rw,no_root_squash,async,no_subtree_check)<br />
</pre><br />
* enable services<br />
<pre><br />
systemctl enable nfs-server<br />
systemctl enable nfs-mountd<br />
systemctl enable nfs-idmapd<br />
systemctl restart nfs-server<br />
systemctl restart nfs-mountd<br />
systemctl restart nfs-idmapd<br />
</pre><br />
* after editing /etc/exports, run<br />
<pre><br />
exportfs -av<br />
</pre><br />
<br />
=== setup userland ===<br />
<br />
!!! ubuntu-18 version !!!<br />
<br />
* zfs create rpool/nfsroot<br />
* zfs set dedup=verify rpool/nfsroot ### enable deduplication to save disk space because most linux images have mostly identical files<br />
* clone ubuntu<br />
<pre><br />
mkdir /nfsroot/dsfe01<br />
cd /<br />
rsync -avx . /nfsroot/dsfe01<br />
</pre><br />
* edit config files:<br />
* cd /nfsroot/dsfe01<br />
* emacs -nw etc/hostname ### change to dsfe01<br />
* emacs -nw etc/mailname ### change to dsfe01<br />
* emacs -nw etc/yp.conf ### change daq00.triumf.ca to musr00.triumf.ca<br />
* emacs -nw etc/defaultdomain ### change to MUSR-NIS<br />
* cp -pvf ../lxcpet-SL610/etc/ssh/*key* etc/ssh/ ### preserve the ssh keys<br />
* emacs -nw opt/gonodeinfo/gonodeinfo.conf ### update information<br />
* emacs -nw root/.ssh/authorized_keys ### update root ssh keys<br />
* emacs -nw etc/fstab ### add this<br />
<pre><br />
192.168.1.1:/nfsroot/dsfe01 / nfs defaults,nolock 0 0<br />
</pre><br />
* emacs -nw etc/chrony/chrony.conf<br />
** comment-out all "pool" and "server" entries<br />
** add entry "server 192.168.1.1 iburst"<br />
<br />
After dsfe01 is booted:<br />
<br />
* disable services:<br />
<pre><br />
systemctl disable apache2<br />
systemctl disable dnsmasq<br />
systemctl disable zfs-import-cache<br />
</pre><br />
<br />
To setup additional machines, clone dsfe01 instead of cloning the gateway machine<br />
<br />
=== Allow manpages to be viewed ===<br />
<br />
If <code>/</code> is mounted over NFS, <code>man</code> will report a permission error. Fix it with:<br />
<br />
<pre><br />
ln -s /etc/apparmor.d/usr.bin.man /etc/apparmor.d/disable/<br />
apparmor_parser -R /etc/apparmor.d/usr.bin.man<br />
</pre><br />
<br />
== setup shared home directory ==<br />
<br />
=== on the gateway machine ===<br />
* define netgroups<br />
* emacs -nw /etc/netgroup<br />
<pre><br />
dsfe (dsfe01,,) (dsfe02,,)<br />
</pre><br />
* emacs -nw /etc/nsswitch.conf ### edit the netgroup line to read:<br />
<pre><br />
netgroup: files<br />
</pre><br />
* export the home directories:<br />
* emacs -nw /etc/exports ### add this:<br />
<pre><br />
/zssd/home1 @dsfe(rw,no_root_squash,async,no_subtree_check)<br />
</pre><br />
* exportfs -rc<br />
<br />
=== on the frontend machine ===<br />
<br />
* mkdir /home<br />
* emacs -nw /etc/fstab ### add this:<br />
<pre><br />
192.168.1.1:/zssd/home1 /home nfs defaults 0 0<br />
</pre><br />
* mount -a<br />
<br />
== setup NAT ==<br />
<br />
NAT allows machines on the private network to connect to the internet: https://en.wikipedia.org/wiki/Network_address_translation<br />
<br />
In these examples:<br />
* replace "eno1" with name of the outgoing interface (the one connected to the TRIUMF network).<br />
* replace "enp11s0" with name of the private network interface (192.168.1.x network)<br />
<br />
* emacs -nw /etc/rc.local ### add this:<br />
<pre><br />
# /etc/rc.local<br />
<br />
# enable NAT<br />
<br />
/sbin/iptables -t nat -A POSTROUTING -o eno1 -j MASQUERADE<br />
iptables -L -v<br />
<br />
# uncomment following lines if machine has prohibitive FORWARD rules:<br />
#/sbin/iptables -I FORWARD -i eno1 -o enp11s0 -m state --state RELATED,ESTABLISHED -j ACCEPT<br />
#/sbin/iptables -I FORWARD -i enp11s0 -o eno1 -j ACCEPT<br />
#iptables -L -v<br />
<br />
iptables -L -v<br />
sysctl -w net.ipv4.ip_forward=1<br />
#sysctl -a | grep forward<br />
<br />
sh /etc/firewall-rfc1918.sh<br />
<br />
# end<br />
</pre><br />
* emacs -nw /etc/firewall-rfc1918.sh<br />
<pre><br />
# firewall-rfc1918.sh<br />
<br />
# prevent RFC1918 private network IP addresses from<br />
# going in and out from our uplink.<br />
<br />
ETH=eno1<br />
<br />
iptables -F in-rfc1918<br />
iptables -N in-rfc1918<br />
iptables -A in-rfc1918 --dst 10.0.0.0/8 -j REJECT<br />
iptables -A in-rfc1918 --dst 172.16.0.0/12 -j REJECT<br />
iptables -A in-rfc1918 --dst 192.168.0.0/16 -j REJECT<br />
<br />
iptables -D INPUT -j in-rfc1918 -i $ETH<br />
iptables -D INPUT -j in-rfc1918 -i $ETH<br />
iptables -I INPUT -j in-rfc1918 -i $ETH<br />
<br />
iptables -F out-rfc1918<br />
iptables -N out-rfc1918<br />
iptables -A out-rfc1918 --dst 10.0.0.0/8 -j REJECT<br />
iptables -A out-rfc1918 --dst 172.16.0.0/12 -j REJECT<br />
iptables -A out-rfc1918 --dst 192.168.0.0/16 -j REJECT<br />
<br />
iptables -D OUTPUT -j out-rfc1918 -o $ETH<br />
iptables -D OUTPUT -j out-rfc1918 -o $ETH<br />
iptables -I OUTPUT -j out-rfc1918 -o $ETH<br />
<br />
iptables -D FORWARD -j out-rfc1918 -o $ETH <br />
iptables -D FORWARD -j out-rfc1918 -o $ETH <br />
iptables -I FORWARD -j out-rfc1918 -o $ETH <br />
<br />
# allow TRIUMF-SECURE network<br />
<br />
iptables -I in-rfc1918 -s 10.90.0.0/255.255.0.0 -j ACCEPT <br />
iptables -I out-rfc1918 -d 10.90.0.0/255.255.0.0 -j ACCEPT <br />
<br />
# show configuration<br />
<br />
iptables -L -v<br />
<br />
#end<br />
</pre><br />
<br />
= KVM =<br />
<br />
<pre><br />
apt install cpu-checker<br />
<br />
root@daq13:~# kvm-ok <br />
INFO: /dev/kvm exists<br />
KVM acceleration can be used<br />
root@daq13:~# <br />
<br />
(if not, shutdown, go into BIOS settings, enable CPU virtualization)<br />
<br />
apt install virtinst ### will install many packages<br />
apt install libvirt-clients libvirt-daemon-system-systemd libvirt-daemon qemu qemu-kvm libvirt-daemon-system virtinst bridge-utils<br />
<br />
root@daq13:/home1/wheel# virsh list --all<br />
Id Name State<br />
------------------------------<br />
1 ubuntu-guest running<br />
<br />
apt install virt-manager<br />
<br />
virt-install --name ubuntu-guest --os-variant ubuntu20.04 --vcpus 2 --ram 2048 --location /daq/daqstore/olchansk/linux/Ubuntu/ubuntu-20.04.3-desktop-amd64.iso --network bridge=virbr0,model=virtio --graphics none --extra-args='console=ttyS0,115200n8 serial'<br />
<br />
virtual machine will start, boot, etc<br />
to get out of it, CTRL + Shift followed by ]<br />
<br />
ssh wheel@daq13<br />
virt-manager<br />
<br />
run virt-install again, omit "--graphics none", open graphics console from virt-manager, it booted into ubuntu installer desktop<br />
<br />
virt-install --name test10 --os-variant centos6.10 --vcpus 2 --ram 2048 --import --filesystem /kvm_ladd00,/ --network bridge=virbr0,model=virtio --boot kernel=/kvm_ladd00/boot/vmlinuz-2.6.32-754.35.1.el6.x86_64,initrd=/kvm_ladd00/boot/initramfs-2.6.32-754.35.1.el6.x86_64.img,kernel_args="root=/dev/sda console=ttyS0,115200n8 serial" --graphics none<br />
<br />
virt-install --name test14 --os-variant centos6.10 --vcpus 2 --ram 2048 --import --disk /tmp/xxx/ladd00.img,bus=sata --network bridge=virbr0,model=virtio --boot kernel=/kvm_ladd00/boot/vmlinuz-2.6.32-754.35.1.el6.x86_64,initrd=/kvm_ladd00/boot/initramfs-2.6.32-754.35.1.el6.x86_64.img,kernel_args="root=/dev/sda console=ttyS0,115200n8 serial rdshell" --graphics none --check path_in_use=off<br />
</pre><br />
<br />
build image<br />
<br />
<pre><br />
dd if=/dev/zero of=/tmp/xxx/ladd00.img bs=1024M count=20<br />
mkfs.ext3 /tmp/xxx/ladd00.img ### ext4 fails to mount by SL6 kernel, "unknown ext4 options"<br />
cd /kvm_ladd00/<br />
mount -o loop /tmp/xxx/ladd00.img /mnt/tmp<br />
rsync -av . /mnt/tmp/ --delete<br />
umount /mnt/tmp<br />
</pre><br />
<br />
on the guest, configure network: /etc/rc.local<br />
<pre><br />
#!/bin/sh<br />
#<br />
# This script will be executed *after* all the other init scripts.<br />
# You can put your own initialization stuff in here if you don't<br />
# want to do the full Sys V style init stuff.<br />
<br />
touch /var/lock/subsys/local<br />
<br />
ifconfig eth2 192.168.122.2<br />
route add -net 0.0.0.0 gw 192.168.122.1<br />
ifconfig -a<br />
netstat -rn<br />
<br />
# end<br />
</pre><br />
<br />
== virtualize SL6 ladd00 ==<br />
<br />
* on ladd00:<br />
<pre><br />
yum install dracut-network<br />
mkinitrd /boot/initramfs-2.6.32-754.35.1.el6.x86_64-netboot.img 2.6.32-754.35.1.el6.x86_64<br />
</pre><br />
* on daq00<br />
<pre><br />
zfs create rpool/kvm-ladd00<br />
cd /kvm-ladd00<br />
rsync -avx ladd00:/ . --exclude nfsroot<br />
brctl addbr virbr0<br />
ifconfig virbr0 192.168.1.1<br />
echo /kvm-ladd00 192.168.1.2(rw,no_root_squash,no_all_squash,async,no_subtree_check) >> /etc/exports<br />
exportfs -rv<br />
</pre><br />
* create virtual machine<br />
<pre><br />
virt-install --name kvm-ladd00 --os-variant centos6.10 --vcpus 2 --ram 2048 --import --network bridge=virbr0,model=virtio --boot kernel=/kvm-ladd00/boot/vmlinuz-2.6.32-754.35.1.el6.x86_64,initrd=/kvm-ladd00/boot/initramfs-2.6.32-754.35.1.el6.x86_64-netboot.img,kernel_args="root=/dev/nfs ip=192.168.1.2:192.168.1.1:192.168.1.1:255.255.255.0:ladd00::off nfsroot=192.168.1.1:/kvm-ladd00 console=ttyS0,115200n8 serial rdshell" --graphics none --nodisks --check path_in_use=off<br />
</pre><br />
* adjust kvm-ladd00 image<br />
<pre><br />
disable network manager<br />
edit fstab<br />
edit yp.conf<br />
edit resolv.conf<br />
edit root/.ssh/authorized_keys<br />
enable rngd or /dev/random does not work, sshd does not work<br />
</pre><br />
* virsh shutdown test24<br />
* virsh --connect qemu:///system start test24<br />
* virsh console test24 ### to exit, ctrl+[ or ctrl+]<br />
* virsh undefine test24<br />
* virsh autostart kvm-ladd00<br />
* virsh dominfo kvm-ladd00<br />
<pre><br />
root@daq00:~# virsh dominfo kvm-ladd00<br />
Id: 1<br />
Name: kvm-ladd00<br />
UUID: 1d1f8fed-8b65-4411-a51b-e0ecf359d2f1<br />
OS Type: hvm<br />
State: running<br />
CPU(s): 2<br />
CPU time: 27.7s<br />
Max memory: 2097152 KiB<br />
Used memory: 2097152 KiB<br />
Persistent: yes<br />
Autostart: enable<br />
Managed save: no<br />
Security model: apparmor<br />
Security DOI: 0<br />
Security label: libvirt-1d1f8fed-8b65-4411-a51b-e0ecf359d2f1 (enforcing)<br />
root@daq00:~# <br />
</pre><br />
* delete unused images in /var/lib/libvirt/images<br />
<br />
= ARM64 cross-compiler =<br />
<br />
* arm64, aarch64 are Xilinx FPGA Cortex-A53, RPi4, RPi5 machines<br />
* install packages:<br />
<pre><br />
apt install g++-12-aarch64-linux-gnu gcc-12-aarch64-linux-gnu-base libstdc++-12-dev-arm64-cross<br />
</pre><br />
* run:<br />
<pre><br />
aarch64-linux-gnu-gcc-12 -o ttcp.aarch64 ttcp.c -static<br />
aarch64-linux-gnu-g++-12 -o fecdm.exe -O2 -g -Wall -Wuninitialized -std=c++20 fecdm.o dsdm.o /home/dsdaqdev/packages_common/midas/linux-aarch64-remoteonly/lib/libmidas.a -pthread -lrt -lutil /nfsroot/gdm00/usr/lib/aarch64-linux-gnu/libi2c.a -static<br />
</pre><br />
<br />
= ARM cross-compiler =<br />
<br />
* armv7 (RPi3, MityARM CAMAC) machines (Debian-12 armhf target, Ubuntu 24.04 host)<br />
* install packages:<br />
<pre><br />
apt install g++-arm-linux-gnueabihf gcc-arm-linux-gnueabihf libstdc++-dev-armhf-cross libc6-dev-armhf-cross<br />
</pre><br />
* build MIDAS frontend (static linking)<br />
<pre><br />
arm-linux-gnueabihf-g++ -std=c++11 -Wall -Wuninitialized -g -O2 -I/home/dldaq/packages/midas/include -I/home/dldaq/packages/midas/mvodb -c koi2c.cxx<br />
arm-linux-gnueabihf-g++ -o fedldb.exe -std=c++11 -Wall -Wuninitialized -g -O2 -I/home/dldaq/packages/midas/include -I/home/dldaq/packages/midas/mvodb fedldb.o koi2c.o /home/dldaq/packages/midas/linux-armv7-remoteonly/lib/libmidas.a -L/usr/arm-linux-gnueabihf/lib -L/nfsroot/dltdc/usr/lib/arm-linux-gnueabihf -static -lm -lz -lutil -lnsl -lpthread -lrt -li2c<br />
/usr/lib/gcc-cross/arm-linux-gnueabihf/13/../../../../arm-linux-gnueabihf/bin/ld: /home/dldaq/packages/midas/linux-armv7-remoteonly/lib/libmidas.a(system.o): in function `ss_socket_connect_tcp(char const*, int, int*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >*)':<br />
/home/dldaq/packages/midas/src/system.cxx:4984:(.text+0x252a): warning: Using 'getaddrinfo' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking<br />
</pre><br />
<br />
= 32-bit intel cross-compiler =<br />
<br />
Ubuntu 22.04:<br />
<br />
<pre><br />
apt install libstdc++-11-dev:i386<br />
apt install zlib1g-dev:i386<br />
</pre><br />
<br />
NOTES:<br />
* "g++ -m32" does not find libstdc++, please use "g++ -m32 -L/usr/lib/gcc/i686-linux-gnu/11/"<br />
* to cross-build 32-bit MIDAS, use "make linux32".<br />
* executables cross-build on Ubuntu-22 do NOT run on 32-bit Debain-11 (GLIBC and GLIBCXX version mismatch)<br />
* executables cross-build on Ubuntu-22 run on 32-bit Debian-12.<br />
<br />
= SSH settings for EPICS =<br />
<br />
* TRIUMF EPICS runs obsolete version of SSH<br />
* add this to the use .ssh/config<br />
<pre><br />
Host sbp1*<br />
HostKeyAlgorithms +ssh-rsa<br />
PubKeyAcceptedAlgorithms +ssh-rsa<br />
KexAlgorithms +diffie-hellman-group1-sha1<br />
ForwardX11 yes<br />
ForwardX11Trusted yes<br />
</pre><br />
<br />
= changes for VME processors =<br />
<br />
<pre><br />
apt -y remove sysstat man-db<br />
apt -y purge dkms<br />
apt -y purge mdadm<br />
apt -y autoremove<br />
</pre><br />
<br />
= remove snap (U-24) =<br />
<br />
Note: snap stores data in $USER/snap/$SNAPNAME, removing a snap on one machine will remove this data from all users even if they want to use snap on some other machine.<br />
<br />
Remove snaps:<br />
<br />
NOTE: first remove chromium and firefox, see below.<br />
<br />
<pre><br />
snap list<br />
echo snap remove chromium ### see below<br />
echo snap remove firefox ### see below<br />
snap remove thunderbird<br />
snap remove cups<br />
snap remove firmware-updater<br />
snap remove gtk-common-themes<br />
snap remove snapd-desktop-integration<br />
snap remove snap-store<br />
snap remove hunspell-dictionaries-1-7-2004<br />
snap remove gnome-system-monitor<br />
snap remove gnome-3-26-1604<br />
snap remove gnome-3-28-1804<br />
snap remove gnome-3-34-1804<br />
snap remove gnome-3-38-2004<br />
snap remove gnome-42-2204<br />
snap remove gnome-46-2404<br />
snap remove mesa-2404<br />
snap remove core<br />
snap remove core18<br />
snap remove core20<br />
snap remove core22<br />
snap remove core24<br />
snap remove bare<br />
snap remove snapd<br />
snap list<br />
</pre><br />
<pre><br />
root@daqubuntu:~# snap list<br />
No snaps are installed yet. Try 'snap install hello-world'.<br />
root@daqubuntu:~# <br />
</pre><br />
<br />
Identify packages that install snaps:<br />
<br />
<pre><br />
apt list | grep snap | grep installed<br />
</pre><br />
<br />
Typical output:<br />
<br />
<pre><br />
firefox/noble,now 1:1snap1-0ubuntu5 amd64 [installed]<br />
gir1.2-snapd-2/noble,now 1.64-0ubuntu5 amd64 [installed,automatic]<br />
libsnapd-glib-2-1/noble,now 1.64-0ubuntu5 amd64 [installed,automatic]<br />
libsnapd-qt-2-1/noble,now 1.64-0ubuntu5 amd64 [installed,automatic]<br />
libsnappy1v5/noble,now 1.1.10-1build1 amd64 [installed,automatic]<br />
plasma-discover-backend-snap/noble,now 5.27.11-0ubuntu2 amd64 [installed]<br />
snapd/noble-updates,now 2.66.1+24.04 amd64 [installed]<br />
</pre><br />
<br />
Remove packages that install snaps:<br />
<br />
<pre><br />
apt remove chromium-browser<br />
apt remove chromium-codecs-ffmpeg-extra<br />
apt remove thunderbird<br />
apt remove firefox<br />
apt remove plasma-discover-backend-snap<br />
apt remove plasma-discover-snap-backend<br />
apt remove snapd<br />
apt purge snapd<br />
# package gir1.2-snapd-2 is required by ubuntu-mate-desktop & co<br />
# libsnapd-glib-2-1 is required by gstreamer, gnome-remote-desktop & co<br />
ls -l /etc/systemd/system/ | grep snap ### remove unwanted stuff<br />
</pre><br />
<br />
Remove Chromium:<br />
<br />
* ls -ld /home/*/snap/chromium/*<br />
* echo /bin/rm -rf `ls -1d /home/*/snap/chromium/*`<br />
* snap remove chromium<br />
<br />
Remove Firefox:<br />
<br />
* ls -ld /home/*/snap/firefox/*<br />
* echo /bin/rm -rf `ls -1d /home/*/snap/firefox/*` ### this will delete "snap firefox" profiles of all users!!!<br />
* snap remove firefox ### this will also delete "snap firefox" profiles of all users!!!<br />
<br />
Remove gir1.2-snapd-2:<br />
* echo rm -vf /usr/lib/x86_64-linux-gnu/girepository-1.0/Snapd-2.typelib<br />
<br />
= boot using syslinux =<br />
<br />
* NOTE: extlinux is not compatible with ext4 "64bit" feature, it should be turned off:<br />
<pre><br />
mkfs.ext4 -O ^64bit /dev/sdX1<br />
resize2fs -s /dev/sdX1<br />
</pre><br />
<br />
* install syslinux and extlinux (THIS DOES NOT WORK!!!)<br />
<br />
<pre><br />
apt -y install syslinux extlinux<br />
dd if=/usr/lib/syslinux/mbr/mbr.bin of=/dev/sdX ### NOT /dev/sdX1 NOT !!!<br />
cd /boot<br />
cp /usr/lib/syslinux/modules/bios/menu.c32 .<br />
extlinux -i .<br />
</pre><br />
<br />
* install syslinux and extlinux<br />
<br />
* copy from old SL6 USB disk (this is extlinux 6.02)<br />
<pre><br />
root@localhost:/boot# ls -l<br />
-rwxr-xr-x 1 root root 218952 Jan 28 17:40 extlinux<br />
-rw-r--r-- 1 root root 402 Jan 29 14:45 extlinux.conf<br />
-rw-r--r-- 1 root root 496 Jan 29 14:39 extlinux.conf~<br />
-r--r--r-- 1 root root 122044 Jan 29 14:39 ldlinux.c32<br />
-r--r--r-- 1 root root 67072 Jan 29 14:39 ldlinux.sys<br />
-rwxr-xr-x 1 root root 24156 Jan 28 17:40 libutil.c32<br />
-rw-r--r-- 1 root root 304 Jan 28 17:40 mbr.bin<br />
-rw-r--r-- 1 root root 26140 Jan 28 17:40 memdisk<br />
-rw-r--r-- 1 root root 69043 Jan 28 17:40 memtest86+-4.20.iso.zip<br />
-rw-r--r-- 1 root root 183012 Jan 28 17:40 memtest86+-5.01<br />
-rw-r--r-- 1 root root 26568 Jan 28 17:40 menu.c32<br />
</pre><br />
<br />
* install<br />
<pre><br />
dd if=mbr.bin of=/dev/sdX ### NOT /dev/sdX1 NOT !!!<br />
extlinux -i .<br />
</pre><br />
* check that partition /dev/sdX1 is marked bootable (fdisk command "a")<br />
<br />
* create /boot/extlinux.conf<br />
<br />
<pre><br />
DEFAULT menu.c32<br />
PROMPT 0<br />
TIMEOUT 50<br />
<br />
MENU TITLE TRIUMF DAQ USB BOOT32 ver K.O. 2025jan28<br />
<br />
LABEL linux<br />
MENU DEFAULT<br />
kernel /vmlinuz<br />
append initrd=/initrd.img panic=60 rootdelay=5 rootwait rw root=/dev/sda1<br />
<br />
LABEL linux-6.1.0-28-686<br />
kernel vmlinuz-6.1.0-28-686<br />
append initrd=initrd.img-6.1.0-28-686 panic=60 rootdelay=5 rootwait rw root=/dev/sda1<br />
<br />
LABEL memtest<br />
kernel memtest86+-1.65<br />
</pre></div>
Lindner
https://daq00.triumf.ca/DaqWiki/index.php?title=Ubuntu&diff=8307
Ubuntu
2025-02-25T00:05:38Z
<p>Lindner: /* move /home/wheel (U-24) */</p>
<hr />
<div>= Prerequisites =<br />
<br />
* before setting up new machine run memory test<br />
* prepare flash drive with free version of memtest86: https://www.memtest86.com<br />
* test boot from flash drive, test takes ~ few hours<br />
* test will end with summary page, if passed continue with Ubuntu<br />
* number that might be worth noting is memory latency<br />
<br />
= Ubuntu version =<br />
<br />
<pre><br />
lsb_release -a<br />
uname -a<br />
</pre><br />
<br />
= Ubuntu installer =<br />
<br />
* updated for Ububtu LTS 20.04.01, 22.04.1, 24.04 (only minor differences)<br />
<br />
* download the latest Ubuntu LTS desktop installer iso image<br />
* dd the image to a USB key<br />
* power down, disconnect all disks (all HDDs, all SSDs, all M.2)<br />
* connect the SSD to be used as system disk<br />
* if system will use mirrored SSDs (using ZFS mirror), leave second SSD disconnected, we will activate it later<br />
* power up<br />
* boot from USB key in legacy mode or UEFI mode (select this in the BIOS boot menu - F8 for ASUS, F11 for Supermicro)<br />
* follow the instruction:<br />
* "try ubuntu or install ubuntu" - choose "install"<br />
* select language - accept default<br />
* "updates and other software" - accept default settings ("normal install")<br />
* "installation type" - select "advanced features" and "experimental: use ZFS"<br />
* accept partition choice<br />
* "where are you?" - select "Vancouver" (PST time zone)<br />
* "who are you?" - leave all fields blank, except "username" set to "wheel", "password" set to the root password. hostname will be set later after configuring the network<br />
* don't install third party sw<br />
* installation runs in a few minutes, when finished, reboot<br />
* login as user wheel<br />
* answer annouying questions:<br />
* "livepatch" - say "next"<br />
* "help improve" - select "do not send", say "next"<br />
* "privacy" - leave "location" as "off", say "next"<br />
* "ready to go", say "done"<br />
* right-click on the desktop, say "open in terminal", a shell will open<br />
* say "sudo /bin/bash", enter the root password, you now have the root shell<br />
* run nm-connection-editor to configure the network. use netmask 255.255.224.0, gateway 142.90.100.18, DNS 142.90.100.19, search path "triumf.ca"<br />
* after network is up (can ping ladd00), continue with post-installation steps below<br />
<br />
= Install instructions =<br />
<br />
== prepare ==<br />
<pre><br />
apt update<br />
apt upgrade<br />
</pre><br />
<br />
== install ssh ==<br />
<pre><br />
apt install ssh<br />
</pre><br />
<br />
== install git/scripts ==<br />
<pre><br />
apt -y install git<br />
mkdir ~root/git<br />
cd ~root/git<br />
git clone https://daq00.triumf.ca/~olchansk/git/scripts.git<br />
cd scripts<br />
git pull<br />
</pre><br />
<br />
* if needed, update git/scripts repository from ladd00 to daq00:<br />
* git remote -v ### if it says daq00, we are good<br />
* git remote set-url origin https://daq00.triumf.ca/~olchansk/git/scripts.git<br />
* git pull ### check that it works<br />
<br />
== configure hostname ==<br />
<pre><br />
vi /etc/hostname<br />
</pre><br />
<br />
== disable swap ==<br />
<br />
ubuntu installer creates a 2 GB swap partition, not useful<br />
on 32-64 GB machine, disable it:<br />
<pre><br />
vi /etc/fstab ### comment out the "swap" line<br />
</pre><br />
<br />
* on 64 GB RAM machines swap is not useful<br />
* on machines booted from network (NFS-ROOT), swap does not work<br />
* on machines running from flash (RPi, etc), flash is too slow for useful swap<br />
* swap configured by linux installers invariably has wrong size and is not useful<br />
<br />
<pre><br />
systemctl disable dphys-swapfile<br />
systemctl stop dphys-swapfile<br />
dphys-swapfile uninstall<br />
</pre><br />
<br />
== maybe reboot ==<br />
<br />
this is a good point to reboot the machine to boot<br />
the latest kernel and to set the correct hostname<br />
<br />
== install etckeeper ==<br />
<br />
keep contents of /etc in a git repository:<br />
<br />
<pre><br />
apt -y install etckeeper<br />
</pre><br />
<br />
== set timezone ==<br />
<pre><br />
timedatectl list-timezones | grep -i vancouver<br />
timedatectl set-timezone America/Vancouver<br />
</pre><br />
<br />
== install time synchronization ==<br />
<br />
check if chrony is installed correctly and is synched to TRIUMF time servers:<br />
<br />
<pre><br />
chronyc sources<br />
chronyc tracking<br />
</pre><br />
<br />
if not, remove old chrony and<br />
<br />
<pre><br />
apt -y remove chrony<br />
apt -y purge chrony<br />
</pre><br />
<br />
and install it from scratch:<br />
<br />
<pre><br />
apt -y install chrony<br />
cd ~/git/scripts<br />
git pull<br />
cd ~<br />
cp ~/git/scripts/etc/triumf.sources /etc/chrony/sources.d/<br />
systemctl disable systemd-timesyncd.service<br />
systemctl stop systemd-timesyncd.service<br />
systemctl disable ntp<br />
systemctl stop ntp<br />
systemctl enable chrony<br />
systemctl restart chrony<br />
chronyc sources<br />
chronyc tracking<br />
</pre><br />
<br />
== reenable systemd-timesyncd ==<br />
<br />
ONLY IF CHRONY DOES NOT WORK<br />
<br />
To configure systemd-timesyncd, set "NTP=" in /etc/systemd/timesyncd.conf<br />
<br />
<pre><br />
apt remove chrony<br />
cat /etc/systemd/timesyncd.conf<br />
systemctl enable systemd-timesyncd.service<br />
systemctl restart systemd-timesyncd.service<br />
systemctl status systemd-timesyncd.service<br />
timedatectl status<br />
timedatectl timesync-status<br />
</pre><br />
<br />
== enable outgoing email (debian 11) ==<br />
<br />
this is different from ubuntu 20. it uses /etc/mailname and it hardwires the hostname into main.cf.<br />
<br />
== enable outgoing email ==<br />
<br />
we have an unusual email configuration. outgoing email should work to deliver error messages, notices, etc. incoming email is disabled, we do not receive email for local users.<br />
<br />
this causes problems with TRIUMF smtp server. if our message cannot be delivered (wrong email address or receipient computer is turned off), TRIUMF smtp server will generate a delivery failure notification email and try to send it to the "from" address of the failed message. but the "from" address does not receive any email, so another delivery failure notification email is generated and an attempt to deliver it. which again fails, rinse and repeat.<br />
<br />
as solution, kray created a special rule, email from scrap.triumf.ca does not generate delivery failure notices. failed messages sit in the queue for 5 days, then they are deleted. (K.O. - confirmed with kray 3jan2024).<br />
<br />
to make this work we use the msmtp MTA package.<br />
<br />
<pre><br />
cd ~<br />
apt -y remove postfix<br />
apt -y purge postfix # remove old config files<br />
apt -y install mailutils msmtp msmtp-mta # say "no" to apparmor support<br />
apt -y install bsd-mailx<br />
cd ~/git/scripts/etc<br />
git pull<br />
/bin/cp -fv aliases /etc/aliases<br />
/bin/cp -fv msmtprc /etc/msmtprc<br />
/bin/rm -vf ~root/.forward<br />
/bin/rm -vf /etc/mailname<br />
Mail root<br />
Subject: test<br />
test<br />
^D<br />
CC: <CR><br />
</pre><br />
<br />
== enable outgoing email (postfix) ==<br />
<br />
THIS IS OBSOLETE!!!<br />
<br />
* TRIUMF: use smtp.triumf.ca<br />
* CERN: use cernmx.cern.ch<br />
<br />
<pre><br />
apt install postfix ### select "satellite system", enter full hostname "xxx.triumf.ca", enter "smtp.triumf.ca"<br />
apt install mailutils<br />
dpkg-reconfigure postfix ### (if postfix already installed)<br />
</pre><br />
<pre><br />
echo olchansk@triumf.ca lindner@triumf.ca bsmith@triumf.ca >> ~root/.forward<br />
mailx root<br />
test<br />
^D<br />
</pre><br />
<br />
== enable ping for all users (debian 11) ==<br />
<br />
Without this tweak, Debian will report "operation not permitted" if a user tries to ping somewhere.<br />
<br />
<pre><br />
echo 'net.ipv4.ping_group_range = 0 1000' > /etc/sysctl.d/99-ping.conf<br />
</pre><br />
<br />
== disable apparmor ==<br />
<br />
On NFS-Root network booted machines!<br />
<br />
If "man man" returns "permission denied" and syslog reports apparmor "sendmsg DENIED" errors, disable apparmor. This is supposedly fixed in kernel 6.0 and later (to be confirmed), see https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1784499<br />
<br />
Disable apparmor, see https://ubuntu.com/server/docs/security-apparmor<br />
<br />
This takes effect after a reboot.<br />
<br />
<pre><br />
systemctl stop apparmor.service<br />
systemctl disable apparmor.service<br />
</pre><br />
<br />
== install missing packages ==<br />
<br />
(apt eats terminal input, even the "yes |" trick does not quite work,<br />
repeat the following commands until they report that everything<br />
is installed)<br />
<br />
<pre><br />
yes | apt -y install ssh tcsh ethtool ncat rsync strace net-tools traceroute time minicom screen git lsof debsums tmux iptables telnet pax rpm mtools at gdisk<br />
yes | apt -y install sysstat smartmontools lm-sensors<br />
yes | apt -y install lsb-release<br />
apt -y install vim # in addition to default vim-tiny, requested by IRIS<br />
apt -y install gedit # requested by TACTIC<br />
apt -y install tcl<br />
apt -y install pax rpm alien ### package converter tools<br />
yes | apt -y install flex bison<br />
yes | apt -y install neofetch<br />
yes | apt -y install snmp snmp-mibs-downloader<br />
yes | apt -y install git subversion g++ gfortran cmake doxygen<br />
yes | apt -y install curl libcurl4 libcurl4-openssl-dev<br />
yes | apt -y install mariadb-client ### mysql client<br />
yes | apt -y install libz-dev libzstd-dev sqlite3 libsqlite3-dev unixodbc-dev<br />
yes | apt -y install libssl-dev<br />
yes | apt -y install emacs xemacs21 joe<br />
yes | apt -y install gnuplot dos2unix<br />
yes | apt -y install mutt bsd-mailx # email clients<br />
yes | apt -y install liblz4-tool pbzip2<br />
yes | apt -y install libc6-dev-i386 # otherwise no /usr/include/sys/types.h<br />
yes | apt -y install libreadline-dev<br />
yes | apt -y install ubuntu-mate-themes<br />
yes | apt -y install libmotif-dev libxmu-dev<br />
yes | apt -y install libusb-dev libusb-1.0-0-dev<br />
yes | apt -y install i2c-tools libi2c-dev libi2c0<br />
yes | apt -y install xfig gsfonts-x11 gsfonts-other # install fonts for xfig<br />
yes | apt -y install libjson-perl<br />
yes | apt -y install libgsl-dev # additional GNU Scientific Library<br />
yes | apt -y install qt5-default # Qt development<br />
yes | apt -y install python3-full python3-dev python3-dbg python3-pip ### for pyROOT<br />
yes | apt -y install imagemagick imagemagick-common ckeditor # for elog<br />
yes | apt -y install libjpeg-dev libjpeg-progs libjpeg-tools<br />
yes | apt -y install linux-tools-common linux-tools-generic # cpupower frequency-info<br />
yes | apt -y install rdesktop remmina remmina-plugin"*" # requested by POL<br />
yes | apt -y install nlohmann-json3-dev # required to build MIDAS with ROOT 6.30 on Ubuntu-22<br />
apt -y install dpkg-dev cmake g++ gcc binutils libx11-dev libxpm-dev libxft-dev libxext-dev python3 libssl-dev libafterimage0 # from https://root.cern/install/dependencies/<br />
apt -y install gfortran libpcre3-dev xlibmesa-glu-dev libglew-dev libftgl-dev libmysqlclient-dev libfftw3-dev libcfitsio-dev graphviz-dev libldap2-dev python3-dev python3-numpy libxml2-dev libkrb5-dev libgsl0-dev qtwebengine5-dev nlohmann-json3-dev libtbb-dev libavahi-compat-libdnssd-dev # from https://root.cern/install/dependencies/<br />
apt -y install libvdt-dev # for ROOT 6.32 on Ubuntu-24<br />
apt -y install autoconf automake gperf # gnu package build tools<br />
apt -y install u-boot-tools # for Xilinx petalinux<br />
#apt -y install linux-headers-generic # to build linux kernel drivers<br />
</pre><br />
<br />
Ubuntu LTS 20.04:<br />
<pre><br />
yes | apt -y install linux-image-generic-hwe-20.04 linux-tools-virtual-hwe-20.04 # enable linux 5.11 series kernel<br />
</pre><br />
<br />
Ubuntu LTS 22.04:<br />
<pre><br />
apt -y install linux-generic-hwe-22.04 # enable linux 6.2.0 series kernel<br />
</pre><br />
<br />
Ubuntu LTS 24.04:<br />
<pre><br />
apt -y install linux-generic-hwe-24.04 # enable linux 6.8.0 series kernel<br />
</pre><br />
<br />
== install non-snap firefox ==<br />
<br />
See https://askubuntu.com/questions/1399383/how-to-install-firefox-as-a-traditional-deb-package-without-snap-in-ubuntu-22<br />
<br />
<pre><br />
add-apt-repository ppa:mozillateam/ppa<br />
apt install firefox-esr<br />
echo run firefox-esr<br />
</pre><br />
<br />
== configure DNS ==<br />
<br />
<pre><br />
cd ~/git/scripts<br />
git pull<br />
mkdir /etc/systemd/resolved.conf.d<br />
cp etc/resolved-triumf.conf /etc/systemd/resolved.conf.d/<br />
systemctl restart systemd-resolved<br />
resolvectl<br />
#systemd-analyze cat-config systemd/resolved.conf<br />
</pre><br />
<br />
== install ganglia ==<br />
<br />
<pre><br />
apt -y install ganglia-monitor<br />
cd ~root/git/scripts/ganglia<br />
git pull<br />
make install<br />
./ganglia-all.perl<br />
</pre><br />
<br />
fix gmond start before network is ready:<br />
<br />
<pre><br />
mkdir /etc/systemd/system/ganglia-monitor.service.d<br />
echo -e "[Unit]\nAfter=network-online.target\n" > /etc/systemd/system/ganglia-monitor.service.d/local.conf<br />
systemctl daemon-reload<br />
systemctl cat ganglia-monitor.service<br />
</pre><br />
<br />
== install gonodeinfo ==<br />
<br />
* go to https://bitbucket.org/dd1/gonodeinfo follow instructions:<br />
<pre><br />
yes | apt-get -y install golang<br />
mkdir ~/git<br />
cd ~/git<br />
#git clone https://bitbucket.org/dd1/gonodeinfo.git<br />
git clone https://daq00.triumf.ca/~olchansk/git/gonodeinfo.git<br />
cd gonodeinfo<br />
git remote set-url origin https://daq00.triumf.ca/~olchansk/git/gonodeinfo.git<br />
git pull<br />
make<br />
make install # install gonodeinfo agent<br />
cd ~ # this is important<br />
</pre><br />
* edit /etc/gonodeinfo.conf<br />
* change "Description", "Location", "User" and "Administrator" as appropriate (or delete them)<br />
* change "Servers" to read: Servers: daq00.triumf.ca:8601<br />
* run "gonodeinfo -v"<br />
* if error is "connection refused". go to the nodeinfo server to add this client to the access control list:<br />
* on the gonodeinfo server: run /opt/gonodeinfo/gonodereceive.exe -a daq13<br />
* try gonodeinfo again, there should be no error<br />
* on the gonodeinfo server: run gonodereport, look at the web pages, the new machine should be listed now<br />
<br />
== install emailonreboot ==<br />
<br />
send an email if computer is rebooted<br />
<br />
<pre><br />
ssh root<br />
mkdir -p ~/git<br />
cd ~/git<br />
git clone https://daq00.triumf.ca/~olchansk/git/rpms.git<br />
cd rpms/emailonreboot<br />
git pull<br />
make<br />
make install<br />
</pre><br />
<br />
== install monitor_nfs ==<br />
<br />
monitor NFS mounts and complain about dead, stale and hung mounts<br />
<br />
<pre><br />
ssh root<br />
mkdir -p ~/git<br />
cd ~/git<br />
git clone https://daq00.triumf.ca/~olchansk/git/rpms.git<br />
cd rpms/monitor_nfs<br />
git pull<br />
make<br />
make install<br />
</pre><br />
<br />
== install fonts for EPICS ==<br />
<br />
* apt -y install xfonts-100dpi xfonts-75dpi<br />
* restart Xorg (i.e. "killall Xorg", this will log you out from the console)<br />
* xlsfonts | grep -i helvetica ### should show fonts with different sizes, not just size 0 (scalable)<br />
<br />
== install libz.so.1 for CentOS compatibility ==<br />
<br />
KO - confirm which versions on quartus need this.<br />
<br />
<pre><br />
yes | apt-get -y install zlib1g<br />
yes | apt-get -y install zlib1g:i386 libc6:i386 libgcc1:i386 gcc-6-base:i386<br />
</pre><br />
<br />
== install ld-ldb-x86-64.so.3 for Quartus compatibility ==<br />
<br />
Not clear from package this is supposed to come from. Copied from U-20.<br />
<br />
Without this, Quartus lmgrd does not run.<br />
<br />
<pre><br />
cd /lib64<br />
ln -s ld-linux-x86-64.so.2 ld-lsb-x86-64.so.2<br />
ln -s ld-linux-x86-64.so.2 ld-lsb-x86-64.so.3<br />
</pre><br />
<br />
should look like this:<br />
<pre><br />
root@daq13:/lib64# ls -l<br />
total 3<br />
lrwxrwxrwx 1 root root 44 Jan 28 09:07 ld-linux-x86-64.so.2 -> ../lib/x86_64-linux-gnu/ld-linux-x86-64.so.2<br />
lrwxrwxrwx 1 root root 20 Feb 18 16:45 ld-lsb-x86-64.so.2 -> ld-linux-x86-64.so.2<br />
lrwxrwxrwx 1 root root 20 Feb 18 16:45 ld-lsb-x86-64.so.3 -> ld-linux-x86-64.so.2<br />
root@daq13:/lib64# <br />
</pre><br />
<br />
== install libpng12.so.0 for Quartus compatibility ==<br />
<br />
(does not work anymore!!!)<br />
<br />
<pre><br />
wget http://ftp.ca.debian.org/debian/pool/main/libp/libpng/libpng12-0_1.2.50-2+deb8u2_amd64.deb<br />
dpkg --install libpng12-0_1.2.50-2+deb8u2_amd64.deb<br />
</pre><br />
<br />
== install libpng12.so.0 for Quartus 13.0sp1 ==<br />
<br />
<pre><br />
wget https://daq00.triumf.ca/~olchansk/linux/libpng12.so.0<br />
wget https://daq00.triumf.ca/~olchansk/linux/libpng12.so.0.50.0<br />
/bin/cp -pv libpng12.so.0 libpng12.so.0.50.0 /lib/x86_64-linux-gnu/<br />
</pre><br />
<br />
== install packages for Xilinx ==<br />
<br />
ubuntu LTS 22.04 vivado 2020.1<br />
<br />
<pre><br />
apt install autoconf libtool<br />
apt install libtinfo5<br />
apt install texinfo<br />
apt install zlib1g:i386<br />
</pre><br />
<br />
== install packages for building ROOT ==<br />
<br />
<pre><br />
apt -y install libx11-dev libxpm-dev libxft-dev libxext-dev libpng-dev libjpeg-dev xlibmesa-glu-dev libxml2-dev libgsl-dev cmake<br />
</pre><br />
<br />
== install 32-bit libraries for PHYSICA ==<br />
<br />
these instructions are for running 32-bit physica executable built for SL6 on ubuntu LTS 20.04<br />
<br />
install physica sources (cannot build, do not have g77)<br />
<br />
<pre><br />
cd ~/packages<br />
git clone https://bitbucket.org/ttriumfdaq/physica.git<br />
</pre><br />
<br />
install 32-bit libraries using ubuntu package manager:<br />
<br />
<pre><br />
apt install lib32z1 # libz.so<br />
</pre><br />
<br />
copy 32-bit SL6 shared libraries to /lib32<br />
<br />
<pre><br />
root@trinatdaq:~# cp /daq/daqstore/olchansk/daq/physica-SL6/libX11.so.6 /lib32/<br />
root@trinatdaq:~# cp /daq/daqstore/olchansk/daq/physica-SL6/libgd.so.2 /lib32/<br />
root@trinatdaq:~# cp /daq/daqstore/olchansk/daq/physica-SL6/libpng12.so.0 /lib32/<br />
root@trinatdaq:~# cp /daq/daqstore/olchansk/daq/physica-SL6/libreadline.so.6 /lib32/<br />
root@trinatdaq:~# cp /daq/daqstore/olchansk/daq/physica-SL6/libncurses.so.5 /lib32/<br />
root@trinatdaq:~# cp /daq/daqstore/olchansk/daq/physica-SL6/libg2c.so.0 /lib32/<br />
root@trinatdaq:~# cp /daq/daqstore/olchansk/daq/physica-SL6/libxcb.so.1 /lib32/<br />
root@trinatdaq:~# cp /daq/daqstore/olchansk/daq/physica-SL6/libXpm.so.4 /lib32/<br />
root@trinatdaq:~# cp /daq/daqstore/olchansk/daq/physica-SL6/libjpeg.so.62 /lib32/<br />
root@trinatdaq:~# cp /daq/daqstore/olchansk/daq/physica-SL6/libfontconfig.so.1 /lib32/<br />
root@trinatdaq:~# cp /daq/daqstore/olchansk/daq/physica-SL6/libfreetype.so.6 /lib32/<br />
root@trinatdaq:~# cp /daq/daqstore/olchansk/daq/physica-SL6/libtinfo.so.5 /lib32/<br />
root@trinatdaq:~# cp /daq/daqstore/olchansk/daq/physica-SL6/libXau.so.6 /lib32/<br />
root@trinatdaq:~# cp /daq/daqstore/olchansk/daq/physica-SL6/libexpat.so.1 /lib32/<br />
</pre><br />
<br />
ldd should report:<br />
<br />
<pre><br />
trinatdaq:trinat> ldd /usr/local/physica/physica.exe<br />
linux-gate.so.1 (0xf7fa2000)<br />
libX11.so.6 => /lib32/libX11.so.6 (0xf7e43000)<br />
libgd.so.2 => /lib32/libgd.so.2 (0xf7dfe000)<br />
libpng12.so.0 => /lib32/libpng12.so.0 (0xf7dd6000)<br />
libz.so.1 => /lib32/libz.so.1 (0xf7db8000)<br />
libreadline.so.6 => /lib32/libreadline.so.6 (0xf7d7e000)<br />
libncurses.so.5 => /lib32/libncurses.so.5 (0xf7d5b000)<br />
libg2c.so.0 => /lib32/libg2c.so.0 (0xf7d3d000)<br />
libm.so.6 => /lib32/libm.so.6 (0xf7c39000)<br />
libgcc_s.so.1 => /lib32/libgcc_s.so.1 (0xf7c1a000)<br />
libc.so.6 => /lib32/libc.so.6 (0xf7a2f000)<br />
libxcb.so.1 => /lib32/libxcb.so.1 (0xf7a05000)<br />
libdl.so.2 => /lib32/libdl.so.2 (0xf79ff000)<br />
libXpm.so.4 => /lib32/libXpm.so.4 (0xf79ee000)<br />
libjpeg.so.62 => /lib32/libjpeg.so.62 (0xf7997000)<br />
libfontconfig.so.1 => /lib32/libfontconfig.so.1 (0xf7962000)<br />
libfreetype.so.6 => /lib32/libfreetype.so.6 (0xf78c9000)<br />
libtinfo.so.5 => /lib32/libtinfo.so.5 (0xf78b0000)<br />
/lib/ld-linux.so.2 (0xf7fa4000)<br />
libXau.so.6 => /lib32/libXau.so.6 (0xf78ad000)<br />
libexpat.so.1 => /lib32/libexpat.so.1 (0xf7885000)<br />
trinatdaq:trinat> <br />
</pre><br />
<br />
set login environment:<br />
<br />
<pre><br />
setenv TRIUMF_FONTS $HOME/packages/physica/fonts<br />
setenv PHYSICA_DIR $HOME/packages/physica<br />
alias physica $PHYSICA_DIR/physica-SL6-32<br />
</pre><br />
<br />
test:<br />
<br />
<pre><br />
cd ~/packages/physica<br />
physica<br />
@rangauss.pcm<br />
</pre><br />
<br />
== install wine ==<br />
<br />
As far as I know, only needed for BNMR/BNQR<br />
<br />
<pre><br />
apt install wine winetricks<br />
</pre><br />
<br />
== install lightdm ==<br />
<br />
unlike the default gdm login manager, lightdm shows the machine hostname and does not require an extra mouse click to swicth from screen saver to login mode.<br />
<br />
<pre><br />
apt -y install lightdm<br />
# select lightdm<br />
</pre><br />
<br />
== install desktop environments ==<br />
<br />
note: default display manager and default desktop are deficient, please do not skip this step.<br />
<br />
note: if apt asks to choose the display manager, select "lightdm"<br />
<br />
note: KO - I recommend the "MATE" desktop.<br />
<br />
note: you will have to cut-and-paste this several times because "apt" eats commands, even with "-y" and even piped from "yes".<br />
<br />
<pre><br />
# install MATE desktop<br />
apt -y install ubuntu-mate-core ubuntu-mate-desktop ubuntu-mate-themes<br />
# install Cinnamon desktop<br />
apt -y install cinnamon<br />
# install KDE desktop<br />
apt -y install kde-standard kubuntu-settings-desktop<br />
# install Lxqt desktop<br />
# apt -y install lxqt # conflict over kubuntu-desktop, kubuntu-settings-desktop and desktop-base<br />
# install Xfce4 desktop<br />
apt -y install xfce4<br />
</pre><br />
<br />
== install ROOT ==<br />
<br />
Please install ROOT per instructions at https://root.cern.ch.<br />
<br />
NOTE1: The ROOT package available from Ubuntu repositories is severely out of date and cannot be used with MIDAS and ROOTANA. ### DO NOT DO THIS! apt-get install root-system<br />
<br />
NOTE2: as of 2017-Jan-09, ROOT binary kits for Ubuntu do not work (use GCC 5 instead of GCC6), build from source instead.<br />
<br />
== Install x2go ==<br />
<br />
<pre><br />
apt-get update<br />
apt-get install x2goserver x2goserver-xsession<br />
</pre><br />
<br />
== enable root login from ladd00/daq00 ==<br />
<pre><br />
ssh localhost<br />
CTRL-C<br />
/bin/cp ~root/git/scripts/etc/authorized_keys ~root/.ssh/<br />
</pre><br />
<br />
== disable ssh access from outside of TRIUMF ==<br />
<br />
to stop ssh login spam, disable ssh access from outside of TRIUMF. this can be done by requesting a firewall block through the helpdesk or by local firewall rule:<br />
<br />
<pre><br />
echo iptables -I INPUT ! -s 142.90.0.0/255.255.0.0 -p tcp --dport 22 -j REJECT >> /etc/rc.local<br />
/etc/rc.local<br />
</pre><br />
<br />
== install smart-status ==<br />
<pre><br />
ln -s ~/git/scripts/smart-status/smart-status.perl ~root/<br />
</pre><br />
<br />
== enable boot menu and boot messages ==<br />
<br />
This will enable the grub menu (with a 10 sec timeout) and<br />
replace black screen with exciting linux boot messages.<br />
<br />
* emacs -nw /etc/default/grub<br />
<pre><br />
GRUB_DEFAULT=0<br />
#GRUB_TIMEOUT_STYLE=hidden<br />
GRUB_TIMEOUT=10<br />
GRUB_DISTRIBUTOR=`lsb_release -i -s 2> /dev/null || echo Debian`<br />
#GRUB_CMDLINE_LINUX_DEFAULT="vga=769 video=640x480"<br />
GRUB_CMDLINE_LINUX_DEFAULT=""<br />
GRUB_CMDLINE_LINUX=""<br />
#GRUB_GFXMODE=640x480<br />
</pre><br />
* update grub config:<br />
<pre><br />
grub-mkconfig -o /boot/grub/grub.cfg<br />
</pre><br />
<br />
= Enable automatic updates =<br />
<br />
<pre><br />
apt install unattended-upgrades<br />
cd ~/git/scripts<br />
git pull<br />
/bin/cp -v etc/99apt-conf-ko /etc/apt/apt.conf.d/<br />
apt-config dump | grep Unattended<br />
</pre><br />
<br />
Following is obsolete:<br />
<br />
* emacs -nw /etc/apt/apt.conf.d/50unattended-upgrades<br />
** uncomment in Allowed-Origins "-security" and "-updates"<br />
** add in Allowed-Origins: "Google LLC:stable";<br />
** uncomment/add: "Unattended-Upgrade::Mail "root";<br />
* emacs -nw /etc/apt/apt.conf.d/10periodic<br />
<pre><br />
APT::Periodic::Update-Package-Lists "1";<br />
APT::Periodic::Download-Upgradeable-Packages "1";<br />
APT::Periodic::AutocleanInterval "7";<br />
APT::Periodic::Unattended-Upgrade "1";<br />
</pre><br />
* test: unattended-upgrade --dry-run -v<br />
<br />
NOTE: update-on-shutdown is disabled.<br />
<br />
NOTE: there is no update-on-boot, but:<br />
<br />
NOTE: if machine was off for a long time, the systemd update timer would have expired and it will fire soon after reboot, causing an automatic update run. this is unwanted, and there is no fix or workaround for it. K.O. June-2023.<br />
<br />
= Fix bpool is full (obsolete) =<br />
<br />
THIS IS CAUSED BY OBSOLETE PACKAGE zsys. PLEASE: apt remove zsys<br />
<br />
= IPMI instructions =<br />
<br />
IPMI is the board management hardware on Supermicro and other server motherboards. This includes hardware sensors - fan rotation speed, temperatures and power supply voltages.<br />
<br />
<pre><br />
apt-get install ipmitool<br />
systemctl enable ipmievd<br />
systemctl restart ipmievd<br />
</pre><br />
<br />
Run:<br />
* ipmitool sel list ### event list<br />
* ipmitool sel elist ### event list<br />
* ipmitool sel clear ### clear event list (if it becomes full)<br />
* ipmitool sensor ### report hardware sensors<br />
<br />
= move /home/wheel (U-24) =<br />
<br />
Ubuntu LTS 24 installed on ZFS has rpool/USERDATA/home_xxx mounted on /home,<br />
has to be moved or autofs /home will not work.<br />
<br />
<pre><br />
zfs list | grep USERDATA | grep home | cut -f1 -d" "<br />
zfs set -u mountpoint=/home1 `zfs list | grep USERDATA | grep home | cut -f1 -d" "`<br />
emacs -nw /etc/passwd # change mount for wheel account to /home1/wheel<br />
</pre><br />
<br />
= move /home/wheel =<br />
<br />
note: this MUST be done if ZFS root and NIS/autofs with /home.<br />
<br />
Default location of wheel's home directory will collide with autofs /home, it has to be moved,<br />
for example to /wheel.<br />
<br />
<pre><br />
# logout from the wheel user<br />
# go to another computer<br />
ssh root@daqubuntuxxx<br />
zfs list | grep wheel ### identify zfs name wheel_xxxxxx<br />
#zfs set mountpoint=/wheel rpool/USERDATA/wheel_hm8fzh<br />
zfs set mountpoint=/wheel `zfs list | grep wheel | cut -f1 -d" "`<br />
zfs list | grep wheel<br />
emacs -nw /etc/passwd ### change wheel's home directory from /home/wheel to /wheel<br />
su - wheel ### check that user wheel still works<br />
</pre><br />
<br />
This will break wheel's ability to run snap programs, such as firefox, install chrome as listed below.<br />
<br />
= enable NIS (ubuntu 22.04, 24.04, debian 11, 12) =<br />
<br />
<pre><br />
apt -y install rpcbind nis<br />
echo DAQ-NIS >> /etc/defaultdomain<br />
echo ypserver daq00.triumf.ca >> /etc/yp.conf<br />
systemctl enable ypbind.service<br />
systemctl restart ypbind.service<br />
systemctl status ypbind.service<br />
ypwhich -m<br />
</pre><br />
<br />
enable ypserv:<br />
<br />
<pre><br />
sed -i s/NISSERVER=false/NISSERVER=slave/ /etc/default/nis<br />
/usr/lib/yp/ypinit -s daq00<br />
echo ypserver localhost >> /etc/yp.conf<br />
sed -i "s/ypserver .*/ypserver localhost/" /etc/yp.conf<br />
systemctl enable ypserv<br />
systemctl restart ypserv<br />
systemctl restart ypbind<br />
</pre><br />
<br />
edit /etc/nsswitch.conf to read:<br />
<br />
<pre><br />
# begin get data from nis<br />
passwd: files nis<br />
group: files nis<br />
shadow: files nis<br />
automount: files nis<br />
netgroup: files nis<br />
# end get data from nis<br />
<br />
#passwd: ...<br />
#group: ...<br />
#shadow: ...<br />
<br />
#netgroup: ...<br />
#automount: ...<br />
</pre><br />
<br />
enable hourly update of nis maps:<br />
<br />
<pre><br />
mkdir ~root/git<br />
cd ~root/git<br />
git clone https://daq00.triumf.ca/~olchansk/git/scripts.git<br />
cd ~/git/scripts/etc<br />
git pull<br />
ln -s $PWD/ypxfr-cron-hourly /etc/cron.hourly<br />
</pre><br />
<br />
If this is a new machine, then on the master NIS node (daq00), add this new node to /etc/netgroup, and update NIS maps (cd /var/yp; make)<br />
<br />
= enable NIS (ubuntu 20.04) =<br />
<br />
* apt-get -y install portmap nis ### will ask for NIS domain (DAQ-NIS)<br />
* dpkg-reconfigure nis ### reconfigure if already installed<br />
* ypwhich -m<br />
* edit /etc/default/nis<br />
** set "NISSERVER=slave"<br />
** Ubuntu LTS 20.04, check that "YPBINDARGS=" is blank, remove "-no-dbus" if it is there<br />
* #edit /etc/yp.conf, comment-out everything, add "domain DAQ-NIS server localhost"<br />
* edit /etc/yp.conf, comment-out everything, add "ypserver localhost"<br />
* /usr/lib/yp/ypinit -s daq00<br />
* systemctl enable nis<br />
* systemctl restart nis<br />
* ypwhich<br />
* ypwhich -m<br />
* ypcat -k passwd<br />
* vi /etc/nsswitch.conf ### add the automount line, modify the passwd, group and shadow lines to read this:<br />
<pre><br />
# begin get data from nis<br />
passwd: files nis<br />
group: files nis<br />
shadow: files nis<br />
automount: files nis<br />
netgroup: files nis<br />
# end get data from nis<br />
</pre><br />
* enable hourly update of NIS maps<br />
<pre><br />
mkdir ~root/git<br />
cd ~root/git<br />
git clone https://daq00.triumf.ca/~olchansk/git/scripts.git<br />
cd ~/git/scripts/etc<br />
git pull<br />
ln -s $PWD/ypxfr-cron-hourly /etc/cron.hourly<br />
</pre><br />
* ### NOT NEEDED sudo vi /etc/idmapd.conf ### add line: "Domain = triumf.ca"<br />
<br />
= enable autofs =<br />
<br />
<pre><br />
apt -y install autofs<br />
systemctl enable autofs<br />
systemctl restart autofs<br />
ls -l /home/olchansk ### test autofs, check file owner is correct<br />
</pre><br />
<br />
= enable NFS server =<br />
<br />
<pre><br />
apt install nfs-kernel-server<br />
#edit /etc/exports<br />
systemctl enable nfs-server<br />
systemctl restart nfs-server<br />
</pre><br />
<br />
= NIS master =<br />
<br />
notes for setting up the NIS master<br />
<br />
== wheel user ==<br />
<br />
"wheel" is the default administrative user. We do not want it's password exported to NIS (encrypted password hash is world visible) and we do not want it's home directory exported to NFS (~wheel/.ssh is world visible and potentially writable: anybody can change ~wheel/.ssh/authorized_keys).<br />
<br />
* move wheel's home directory from /home/wheel to /wheel (see special section about this)<br />
* change wheel's UID and GID from 1000 to a value below MINUID in /var/yp/Makefile<br />
<br />
== coherent uids ==<br />
<br />
we do not want system accounts defined in /etc/passwd of the NIS master<br />
to be included in the NIS map "passwd". this causes trouble on NIS clients<br />
where newly installed packages fail to create local system users because same<br />
user already exists in NIS.<br />
<br />
This is controlled by MINUID in /var/yp/Makefile.<br />
<br />
Historical TRIUMF uids start from around 200, but several clusters do not have any historic TRIUMF uids below 500 and MINUID is set to:<br />
* DAQ-NIS: MINUID=200<br />
* ISAC-NIS: MINUID=500<br />
* TITAN-NIS: MINUID=500<br />
* MUSR-NIS: MINUID=500<br />
* TIG-NIS: MINUID=500 (100 on SL6 mother8pi)<br />
<br />
Ubuntu 20 has two programs to create users:<br />
* adduser - creates new users with UID 1000 and up as specified in /etc/adduser.conf. No problems here.<br />
* adduser --system - creates new system users with UID 100 and up as specified in /etc/adduser.conf. No problems here.<br />
* useradd - creates new users with UID 1000 and up as specified in /etc/login.defs. No problems here.<br />
* useradd --system - creates new system users with UID 999 and down (read "man useradd", section at the end about SYS_UID_MAX). This collides with NIS MINUID, these system users will be included in the NIS map and cause trouble.<br />
<br />
This problem cannot be fixed, SYS_UID_MIN, SYS_UID_MAX and UID_MIN in /etc/login.defs do not seem<br />
to have any effect on UIDs chosen by "useradd --system". (tested on Ubuntu LTS 20.04).<br />
<br />
So far only these system accounts seem to be affected by this:<br />
* systemd-coredump<br />
* ganglia<br />
<br />
To fix:<br />
* run "sort -r -n -t: -k3 /etc/passwd" to identify the last unused system user uid (range 100..200)<br />
* run "sort -r -n -t: -k3 /etc/group" to identify the last unused system user gid (range 100.200)<br />
* systemd-coredump: manually change UID and GID (package systemd-coredump is usually not installed)<br />
* ganglia: same thing, then change ownership on all ganglia files.<br />
<br />
Also read systemd author's opinion on system vs user UIDs:<br />
https://github.com/systemd/systemd/issues/4850#issuecomment-265698275<br />
<br />
= Fix systemd-logind NIS breakage =<br />
<br />
!!! THIS IS NOT NEEDED FOR UBUNTU LTS 20.04 !!!<br />
<br />
there is a delay in ssh logins for normal users. "ssh -v" shows the delay is after "pledge...". this<br />
fix removes the delay.<br />
<br />
systemd developers think that we should not use NIS and made sure there are<br />
problems if we do. To give them credit, they do offer a workaround. Read this:<br />
https://github.com/poettering/systemd/commit/695fe4078f0df6564a1be1c4a6a9e8a640d23b67<br />
<br />
<pre><br />
mkdir /etc/systemd/system/systemd-logind.service.d<br />
echo -e "[Service]\nIPAddressDeny=\n" > /etc/systemd/system/systemd-logind.service.d/local.conf<br />
systemctl daemon-reload<br />
systemctl cat systemd-logind.service<br />
</pre><br />
<br />
= Fix systemd-udevd NIS breakage =<br />
<br />
see same problem as above with udev getting stuck. ubuntu lts 20.04.<br />
<br />
<pre><br />
mkdir /etc/systemd/system/systemd-udevd.service.d<br />
echo -e "[Service]\nIPAddressDeny=\n" > /etc/systemd/system/systemd-udevd.service.d/local.conf<br />
systemctl daemon-reload<br />
systemctl cat systemd-udevd.service<br />
</pre><br />
<br />
= Configure USB device permissions =<br />
<br />
Configure USB device permissions for user access to USB-serial devices, Altera USB Blaster, etc.<br />
<br />
* create file /etc/udev/rules.d/99-usb-chmod.rules with this contents:<br />
<br />
<pre><br />
emacs -nw /etc/udev/rules.d/99-usb-chmod.rules<br />
ACTION=="add", SUBSYSTEM=="usbmisc", RUN+="/bin/chmod a+wr $env{DEVNAME}" <br />
ACTION=="add", SUBSYSTEM=="usb_device", RUN+="/bin/chmod a+wr /dev/%c"<br />
ACTION=="add", SUBSYSTEM=="usb_device", RUN+="/bin/chmod a+wr /proc/%c"<br />
ACTION=="add", ENV{DEVTYPE}=="usb_device", RUN+="/bin/chmod a+wr $env{DEVNAME}"<br />
ACTION=="add", ENV{DEVTYPE}=="usb_device", RUN+="/bin/chmod a+wr $env{DEVICE}"<br />
ACTION=="add", ENV{PHYSDEVBUS}=="usb-serial", RUN+="/bin/chmod a+wr $env{DEVNAME}"<br />
ACTION=="add", ENV{DEVPATH}=="/class/tty/ttyS*", RUN+="/bin/chmod a+wr $env{DEVNAME}"<br />
ACTION=="add", SUBSYSTEM=="tty", DEVPATH=="*ttyUSB*", RUN+="/bin/chmod a+rw $env{DEVNAME}"<br />
ACTION=="add", SUBSYSTEM=="tty", DEVPATH=="*ttyACM*", RUN+="/bin/chmod a+rw $env{DEVNAME}"<br />
ACTION=="add", SUBSYSTEM=="tty", DEVPATH=="*ttyS*", RUN+="/bin/chmod a+rw $env{DEVNAME}"<br />
ACTION=="add", DEVPATH=="*video*", RUN+="/bin/chmod a+rw $env{DEVNAME}"<br />
</pre><br />
<br />
* reload udev rules: udevadm control --reload-rules<br />
* apply new permissions: udevadm trigger --action=add<br />
* watch udev activity: udevadm monitor -p<br />
<br />
= Configure lightdm display manager =<br />
<br />
* enable it<br />
<pre><br />
echo lightdm | dpkg-reconfigure -fteletype lightdm<br />
systemctl disable gdm<br />
systemctl disable sddm<br />
systemctl enable lightdm<br />
</pre><br />
<br />
* make the MATE desktop as default<br />
<pre><br />
cd ~root/git/scripts/<br />
git pull<br />
/bin/cp -v etc/lightdm_default_mate.conf /etc/lightdm/lightdm.conf.d/<br />
</pre><br />
<br />
* enable login by NIS users<br />
<pre><br />
/bin/cp -v etc/lightdm_enable_nis_login.conf /etc/lightdm/lightdm.conf.d/<br />
</pre><br />
<br />
* restart lightdm<br />
<pre><br />
systemctl stop gdm<br />
systemctl restart lightdm<br />
</pre><br />
<br />
= Install libpng12.so.0 =<br />
<br />
Quartus 16 needs libpng12:<br />
<br />
<pre><br />
wget http://mirrors.kernel.org/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.54-1ubuntu1_amd64.deb<br />
dpkg --install libpng12-0_1.2.54-1ubuntu1_amd64.deb<br />
</pre><br />
<br />
= Install google-chrome =<br />
<br />
<pre><br />
wget https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb<br />
dpkg -i google-chrome-stable_current_amd64.deb<br />
</pre><br />
<br />
confirm autoupdate is enabled, observe dl.google.com is present in the list of repositories:<br />
<pre><br />
apt update<br />
...<br />
Get:5 https://dl.google.com/linux/chrome/deb stable/main amd64 Packages [1,094 B]<br />
...<br />
</pre><br />
<br />
FOLLOWING IS OBSOLETE:<br />
<br />
Instructions from here:<br />
https://www.ubuntuupdates.org/ppa/google_chrome?dist=stable<br />
<br />
<pre><br />
wget -q -O - https://dl-ssl.google.com/linux/linux_signing_key.pub | apt-key add -<br />
sh -c 'echo "deb [arch=amd64] http://dl.google.com/linux/chrome/deb/ stable main" >> /etc/apt/sources.list.d/google-tmp.list'<br />
apt update<br />
apt install google-chrome-stable<br />
/bin/rm -f /etc/apt/sources.list.d/google-tmp.list<br />
</pre><br />
<br />
= Install amanda client =<br />
<br />
ONLY ON MACHINES THAT HOST HOME DIRECTORIES<br />
<br />
* apt install amanda-client<br />
* edit /etc/amandahosts<br />
<pre><br />
amanda.triumf.ca amanda amdump<br />
</pre><br />
* check permissions on /etc/amandahosts:<br />
<pre><br />
root@daq00:/var/log/amanda# ls -l /etc/amandahosts<br />
-rw------- 1 backup backup 49 Jan 27 10:48 /etc/amandahosts<br />
</pre><br />
* fix if needed: chown backup.backup /etc/amandahosts; chmod a= /etc/amandahosts; chmod u=wr /etc/amandahosts<br />
* edit /etc/amanda-security.conf, add this line:<br />
<pre><br />
runtar:gnutar_path=/usr/bin/tar<br />
</pre><br />
<br />
On the amanda machine:<br />
<br />
* in amanda disklist, use dump type "bsdtcp-comp-user-tar"<br />
* su - amanda and run amcheck -c daily daq00<br />
<pre><br />
-bash-4.1$ amcheck -c daily daq00<br />
<br />
Amanda Backup Client Hosts Check<br />
--------------------------------<br />
Client check: 1 host checked in 0.092 seconds. 0 problems found.<br />
<br />
(brought to you by Amanda 3.3.7p1.git.685ff76d)<br />
</pre><br />
<br />
= Enable rc.local =<br />
<br />
For reasons unknown, Ubuntu LTS 20.04 does not enable /etc/rc.local. Do this:<br />
<br />
<pre><br />
cd ~/git/scripts<br />
git pull<br />
cp -n -v etc/rc.local /etc/<br />
chmod a+rx /etc/rc.local<br />
cp etc/rc-local.service /etc/systemd/system/<br />
systemctl daemon-reload<br />
systemctl enable rc-local<br />
systemctl start rc-local<br />
systemctl status rc-local<br />
</pre><br />
<br />
= Remove unwanted packages =<br />
<br />
<pre><br />
apt purge bash-completion # broken, adds unwanted "\" if "ls -l $ROOTSYS/<tab>"<br />
apt purge zsys # broken, do not use<br />
apt purge sddm # login manager<br />
apt purge avahi-daemon avahi-autoipd # not sure what it does, observed using 100% CPU<br />
apt purge modemmanager # probes all serial ports to see if it's a modem<br />
</pre><br />
<br />
= Disable unwanted services =<br />
<br />
<pre><br />
systemctl disable mpd<br />
systemctl disable snapd<br />
systemctl disable ModemManager<br />
systemctl --global mask tracker-extract-3.service<br />
systemctl --global mask tracker-miner-fs-3.service<br />
systemctl daemon-reload<br />
</pre><br />
<br />
= Disable sleep and suspend =<br />
<br />
note: we see some computers randomly shutdown or go to sleep, log files indicates the "sleep" or "suspend" button was pushed by user, but no such buttons actually exist. this is the fix for this:<br />
<br />
<pre><br />
systemctl mask sleep.target suspend.target hibernate.target hybrid-sleep.target systemd-suspend.service systemd-hybrid-sleep.service<br />
</pre><br />
<br />
= Enable crontab @reboot for MIDAS =<br />
<br />
startup scripts have a bug - cron @reboot entries for normal users can run before autofs is ready, so if the home directory is on autofs/NFS, it cannot be accessed and the cron job fails. If MIDAS is supposed to be started by cron @reboot, it will not start (there *will* be an error message in /var/log/cron).<br />
<br />
<pre><br />
mkdir /etc/systemd/system/cron.service.d<br />
echo -e "[Unit]\nAfter=ypbind.service autofs.service\n" > /etc/systemd/system/cron.service.d/local.conf<br />
systemctl daemon-reload<br />
systemctl cat cron.service<br />
</pre><br />
<br />
Explore the systemd dependency tree using "systemctl list-dependencies" maybe with "--all".<br />
<br />
Visualize the exact boot sequence from previous boot: "systemd-analyze plot > xxx.svg", look at the svg file using a web browser.<br />
<br />
Crontab entry to start midas: (install in the midas user crontab, not root crontab)<br />
<br />
<pre><br />
su - midasuser<br />
crontab -l<br />
#@reboot /bin/bash -l -c "/home/trinat/bin/start-daq-applications"<br />
#@reboot /bin/tcsh -c "/home/trinat/bin/start-daq-applications"<br />
</pre><br />
<br />
= Install apache httpd proxy for midas and elog =<br />
<br />
This will configure the HTTPS/SSL certificate using "certbot" and "letsencrypt" and configure an HTTPS web server using apache2.<br />
<br />
First, configure apache2:<br />
<br />
* execute these commands:<br />
<pre><br />
apt -y install apache2<br />
cd /etc/apache2<br />
</pre><br />
* create new file conf-available/ssl-daq14.conf # use actual hostname instead of daq14<br />
<pre><br />
SSLSessionCache shmcb:/run/httpd/sslcache(512000)<br />
SSLSessionCacheTimeout 300<br />
SSLRandomSeed startup file:/dev/urandom 256<br />
SSLRandomSeed connect builtin<br />
SSLCryptoDevice builtin<br />
</pre><br />
* create new file sites-available/daq14-ssl.conf # use actual hostname instead of daq14<br />
<pre><br />
<IfModule mod_ssl.c><br />
<VirtualHost *:443><br />
ServerName daq14.triumf.ca<br />
DocumentRoot /var/www/html<br />
ErrorLog /var/log/apache2/daq14.log<br />
SSLEngine on<br />
# note SSLProtocol, SSLCipherSuite and some other settings are overwritten by /etc/letsencrypt/options-ssl-apache.conf<br />
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1<br />
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!SEED:!IDEA:!RC4<br />
## use port specified in elogd.cfg<br />
#ProxyPass /elog/ http://localhost:8082/ retry=1 <br />
## use mhttpd port<br />
#ProxyPass / http://localhost:8080/ retry=1 <br />
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"<br />
<Location /><br />
SSLRequireSSL<br />
AuthType Basic<br />
AuthName "DAQ password protected site"<br />
Require valid-user<br />
# create password file: touch /etc/apache2/htpasswd<br />
# to add new user or change password: htpasswd /etc/apache2/htpasswd username<br />
AuthUserFile /etc/apache2/htpasswd<br />
</Location><br />
</VirtualHost><br />
</IfModule><br />
</pre><br />
* stop apache2 from listening on port 80: edit /etc/apache2/ports.conf, comment-out the line "Listen 80"<br />
* stop apache2 from listening on port 80: edit /etc/apache2/ports.conf, comment-out the line "Listen 80"<br />
* enable ssl module<br />
* enable new configurations<br />
<pre><br />
a2enmod ssl<br />
a2enmod headers<br />
a2enmod proxy<br />
a2enmod proxy_http<br />
a2enconf ssl-daq14<br />
a2ensite daq14-ssl<br />
</pre><br />
* disable default ssl sites<br />
<pre><br />
a2dissite 000-default-le-ssl<br />
a2dissite 000-default<br />
ls -l /etc/apache2/sites-enabled/ ### should show only daq14-ssl.conf<br />
</pre><br />
* check that there are no syntax problems<br />
<pre><br />
apache2ctl configtest<br />
</pre><br />
* enable and start apache2:<br />
<pre><br />
systemctl enable apache2<br />
systemctl restart apache2<br />
systemctl status apache2<br />
</pre><br />
* apache2 may fail to start, look in /var/log/apache2/error.log and /var/log/apache2/daq14.log<br />
* if it says "Failed to configure ... certificate", proceed to the step for setting certbot.<br />
* try to access https://daq14.triumf.ca<br />
** you should see a complaint about self-signed certificate<br />
** you should see a request for password (do not login yet)<br />
** if you get "connection refused", HTTPS port 443 may need to be enabled in the local firewall, look at documentation for ufw.<br />
Second, configure certbot:<br />
<br />
(Note: as of 2018-01-18 certbot requires use of http port 80 to get the initial https certificate,<br />
renewal can continue to use the https port 443)<br />
<br />
(Note: as of 2019-01-?? certbot requires use of port 80 for renewals)<br />
<br />
(Note: unsurprisingly, this requires outside access to connect with letsencrypt, so won't work if PC is only accessible from on-site network)<br />
<br />
* check that port 80 is not used by anything:<br />
* netstat -an | grep LISTEN | grep ^tcp | grep 80<br />
* lsof -P | grep -i tcp | grep LISTEN | grep 80<br />
* if lsof reports that apache2 is listening on port 80, follow the apache2 instructions above (remove "listen 80" from apache2.conf<br />
<br />
* install certbot (if necessary open tcp port 80 in the firewall, see documentation for ufw):<br />
<pre><br />
apt install certbot python3-certbot-apache<br />
certbot certonly --standalone --installer apache<br />
</pre><br />
* then answer questions:<br />
* "activate HTTPS for daq14.triumf.ca" - say ok<br />
* "enter email address" - enter your own email address<br />
* "please read terms..." - read the terms and say "agree"<br />
* it will take a few moments...<br />
* "congratulations..." - say ok.<br />
<pre><br />
certbot install --apache --cert-name daq14.triumf.ca<br />
</pre><br />
* then answer questions:<br />
* "choose redirect..." - say "1" (no redirect)<br />
* look inside /etc/apache2/sites-enabled/daq14-ssl.conf to see that SSLCertificateFile & co point to certbot certificates in<br />
/etc/letsencrypt/live/daq14.triumf.ca/<br />
* to check current renewal and to update the certbot config file in /etc/letsencrypt/renewal, run this:<br />
<pre><br />
certbot renew --standalone --installer apache --force-renewal<br />
</pre><br />
<br />
NOTE: this certificate will expire in 3 months, automatic renewal should work with current version of certbot<br />
<br />
Third, activate password protection:<br />
<br />
* as shown in the config file above, create password file and initial user: (replace "midas" with specific username)<br />
<pre><br />
touch /etc/apache2/htpasswd<br />
htpasswd /etc/apache2/htpasswd midas<br />
</pre><br />
<br />
* restart apache2<br />
<pre><br />
systemctl restart apache2<br />
systemctl status apache2<br />
</pre><br />
<br />
From here:<br />
* enable proxy for MIDAS mhttpd - uncomment redirect in the config file above<br />
* enable proxy for ELOG - ditto<br />
<pre><br />
a2enmod proxy<br />
a2enmod proxy_http<br />
apache2ctl configtest<br />
systemctl restart apache2<br />
</pre><br />
<br />
* try accessing MIDAS https://daq14.triumf.ca/ (make sure mhttpd is running)<br />
* if it's not working, check odb setting FIXME!<br />
* try accessing ELog https://daq14.triumf.ca/elog/ (make sure elogd is running)<br />
* if it's not working, check elogd.cfg file and make sure<br />
<pre><br />
SSL = 0<br />
</pre><br />
<br />
NOTE: if certbot fails with errors about 'module' object has no attribute 'pyopenssl',<br />
try this: pip install requests==2.6.0<br />
<br />
== generate self-signed certificate ==<br />
<br />
<pre><br />
root@alphacpc05:~# openssl req -nodes -new -x509 -keyout server.key -out server.cert -days 1001<br />
...+....+..+..........+.....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*....+..+...+.........+......+.+...+...+.....+...............+.........+...+.+......+...+...........+....+...+..+......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*....+......+.+...+..+.......+..+...+.......+......+...+..+...+......+....+...............+..+...+....+...........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++<br />
......+......+.+..+......+.+......+.....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+.....+......+.+.........+......+.....+.+..+...+.......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.......+....+......+.....+...+...+.......+..+.+........+.+...+......+..+..........+..+.+...........+...+.......+......+.....+.......+...+.........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++<br />
-----<br />
You are about to be asked to enter information that will be incorporated<br />
into your certificate request.<br />
What you are about to enter is what is called a Distinguished Name or a DN.<br />
There are quite a few fields but you can leave some blank<br />
For some fields there will be a default value,<br />
If you enter '.', the field will be left blank.<br />
-----<br />
Country Name (2 letter code) [AU]:CH<br />
State or Province Name (full name) [Some-State]:Geneve<br />
Locality Name (eg, city) []:CERN<br />
Organization Name (eg, company) [Internet Widgits Pty Ltd]:CERN<br />
Organizational Unit Name (eg, section) []:ALPHA experiment <br />
Common Name (e.g. server FQDN or YOUR name) []:alphacpc05.cern.ch<br />
Email Address []:<br />
root@alphacpc05:~# <br />
root@alphacpc05:~# <br />
root@alphacpc05:~# ls -l<br />
-rw-r--r-- 1 root root 1375 juil. 10 21:43 server.cert<br />
-rw------- 1 root root 1708 juil. 10 21:42 server.key<br />
root@alphacpc05:~# systemctl restart apache2<br />
</pre><br />
<br />
= Enable elog PDF preview =<br />
<br />
NOTE: looks like U-24 already has this correctly.<br />
<br />
see https://stackoverflow.com/questions/52998331/imagemagick-security-policy-pdf-blocking-conversion<br />
<br />
* xemacs -nw /etc/ImageMagick-6/policy.xml<br />
* remove this section at the end:<br />
<pre><br />
<!-- disable ghostscript format types --><br />
<policy domain="coder" rights="none" pattern="PS" /><br />
<policy domain="coder" rights="none" pattern="PS2" /><br />
<policy domain="coder" rights="none" pattern="PS3" /><br />
<policy domain="coder" rights="none" pattern="EPS" /><br />
<policy domain="coder" rights="none" pattern="PDF" /><br />
<policy domain="coder" rights="none" pattern="XPS" /><br />
</pre><br />
<br />
= Install Jupyter notebook =<br />
<br />
<pre><br />
From https://jupyter.org/install<br />
apt install python3-pip<br />
pip install jupyterlab<br />
pip install notebook<br />
~/.local/bin/jupyter notebook<br />
watch the http://localhost:8888 URL that it printed<br />
say "no" to offer to start firefox (it will not work!)<br />
URL is: http://localhost:8888/tree?token=xxx<br />
from the machine where you are running the web browser (i.e. google-chrome), run (replace trinat@trinatdaq with the username and machine name where you started jupyter)<br />
open a new shell and run: ssh -v trinat@trinatdaq -L 8888:localhost:8888<br />
in the web browser, open http://localhost:8888<br />
this gives us the login page<br />
in the password or token entry field, put the token from the "tree?token=xxx" above (printed by jupyter on startup)<br />
push button "login"<br />
jupyter page should open with the list of files in the trinat home directory<br />
congratulate Brian with full success<br />
</pre><br />
<br />
= Install ZFS quota report =<br />
<br />
If there are any ZFS volumes, install script to report disk and quota usage<br />
<br />
<pre><br />
cd ~/git/scripts/quotareport<br />
git pull<br />
mkdir /var/www/html/zfsquotareport<br />
cp -pv ~/git/scripts/quotareport/sorttable.js /var/www/html/zfsquotareport/<br />
ln -s $PWD/zfsquotareport.perl /etc/cron.daily/<br />
touch /etc/crontab<br />
</pre><br />
<br />
If httpd is configured to redirect "/" to MIDAS mhttpd:<br />
* add following to /etc/apache2/sites-enabled/xxx-ssl.conf in front of "ProxyPass / ..."<br />
* run "systemctl reload apache2"<br />
<pre><br />
## do not proxy zfs quota report directory <br />
ProxyPass /zfsquotareport/ ! <br />
</pre><br />
<br />
= Install PHP =<br />
<br />
* apt install php libapache2-mod-php<br />
* systemctl restart apache2<br />
* create /var/www/html/info.php<br />
<pre><br />
<?php <br />
<br />
phpinfo(); <br />
</pre><br />
* open https://daq00.triumf.ca/info.php<br />
<br />
= Configure TRIUMF printers =<br />
<br />
<pre><br />
systemctl stop cups<br />
systemctl stop cups-browsed.service<br />
systemctl disable cups<br />
systemctl disable cups-browsed.service<br />
systemctl stop snap.cups.cupsd.service<br />
systemctl stop snap.cups.cups-browsed.service<br />
systemctl disable snap.cups.cupsd.service<br />
systemctl disable snap.cups.cups-browsed.service<br />
echo "ServerName printers.triumf.ca" > /etc/cups/client.conf<br />
lpstat -a<br />
</pre><br />
<br />
= Enable core dumps =<br />
<br />
By default, Ubuntu LTS 20.04 installs the apport package<br />
which disabled core dumps from user applications. (google it up!).<br />
It is not meant to do this and documentation claims that<br />
it is not installed and not enabled by default. Oh, well...<br />
<br />
<pre><br />
apt remove apport<br />
apt autoremove ### will remove apport-symptoms and a few other packages<br />
</pre><br />
<br />
After this, core dumps are written to file "core" in the current directory.<br />
See /proc/sys/kernel/core_pattern and /proc/sys/kernel/core_uses_pid.<br />
<br />
Enable core dump file names to include process id, add following to /etc/rc.local<br />
<br />
<pre><br />
echo "echo 1 > /proc/sys/kernel/core_uses_pid" >> /etc/rc.local<br />
</pre><br />
<br />
= Enable debugger =<br />
<br />
By default, Ubuntu LTS 20.04 does not permit debugger to attach and debug<br />
already running programs. To enable it, add following to /etc/rc.local<br />
<br />
<pre><br />
echo "echo 0 > /proc/sys/kernel/yama/ptrace_scope" >> /etc/rc.local<br />
</pre><br />
<br />
= Disable Ubuntu Pro nag =<br />
<br />
best I can tell, impossible at this time.<br />
<br />
== do not do this ==<br />
<br />
!!! does nothing !!!<br />
<br />
<pre><br />
pro config set apt_news=false<br />
</pre><br />
<br />
== do not do this ==<br />
<br />
!!! breaks automatic updates because 20apt-esm-hook.conf is missing !!!<br />
<br />
If "apt upgrade" requests Ubuntu Pro or esm-apps, disable the nag:<br />
<pre><br />
/bin/rm /etc/apt/apt.conf.d/20apt-esm-hook.conf<br />
</pre><br />
<br />
== do not do this ==<br />
<br />
!!! likely same as above, breaks automatic updates !!!<br />
<br />
* comment out /etc/apt/apt.conf.d/20apt-esm-hook.conf<br />
<br />
== do not do this ==<br />
<br />
!!! removes too many packages !!!<br />
<br />
<pre><br />
apt remove ubuntu-pro-client<br />
</pre><br />
<br />
= Update packages =<br />
<br />
* apt update # update package list<br />
* apt upgrade # install updated packages and update "kept back" packages<br />
* apt autoremove # remove packages that apt thinks should be removed<br />
<br />
= Finish installation =<br />
<br />
Congratulations. There is nothing more to do!<br />
<br />
* reboot<br />
<pre><br />
shutdown -r now<br />
</pre><br />
<br />
= Update to new version of Ubuntu =<br />
<br />
* run "do-release-upgrade -c"<br />
* if it does not report new release Ubuntu 24, check /etc/update-manager/release-upgrades has "Prompt=lts"<br />
<br />
== Update Ubuntu LTS 20.04 to LTS 22.04 ==<br />
<br />
<pre><br />
apt remove zsys<br />
</pre><br />
<br />
=== daqubuntu ===<br />
<br />
<pre><br />
# reboot to clear out all updates<br />
# vi /etc/update-manager/release-upgrades # set "Prompt=normal"<br />
# do-release-upgrade -c<br />
Checking for a new Ubuntu release<br />
New release '22.04 LTS' available.<br />
Run 'do-release-upgrade' to upgrade to it.<br />
# do-release-upgrade<br />
...<br />
say yes...<br />
...<br />
login.defs, say "Y" (erase local changes, use packaged version)<br />
/etc/systemd/resolved.conf, say "Y" (same as above)<br />
firefox snap, say yes<br />
unable to reach snap store, say "skip"<br />
/etc/gmond.conf, say "Y"<br />
/var/yp/Makefile, say "install the package maintainer's version"<br />
/etc/ypserv.conf, same thing<br />
/etc/ypserv.securenets, same thing<br />
/etc/default/nis, same thing<br />
/etc/speech-dispatcher/modules/mary-generic.conf, same thing<br />
/etc/apt/apt.conf.d/50unattended-upgrades, same thing<br />
...<br />
278 packages are going to be removed, say yes<br />
...<br />
restart required, say yes<br />
...<br />
no ping... yes ping...<br />
...<br />
ssh daqubuntu, ok<br />
apt update, fail, DNS does not work, "host security.ubuntu.com" does not resolve.<br />
fix resolver per https://daq00.triumf.ca/DaqWiki/index.php/Ubuntu#Disable_NetworkManager<br />
apt update, apt upgrade now works, 0 packages to update<br />
NIS does not work.<br />
</pre><br />
<br />
=== midm9a ===<br />
<br />
<pre><br />
login.defs<br />
firefox snap<br />
gmond.conf<br />
ypserv<br />
/etc/default/nis<br />
unattended-upgrades<br />
amanda-security.conf<br />
remove obsolete (no)<br />
reboot<br />
configure dns<br />
reenable nis<br />
</pre><br />
<br />
=== daq17 ===<br />
<br />
<pre><br />
firefox snap<br />
imagemagick policy.xml<br />
gmond.conf<br />
chrony.conf<br />
/var/yp/Makefile<br />
ypserv.conf<br />
ypserv.securenets<br />
/etc/default/nis<br />
50unattended-upgrades<br />
</pre><br />
<br />
=== daq00 ===<br />
<br />
per https://serverpilot.io/docs/how-to-upgrade-ubuntu-20.04-to-22.04/<br />
<br />
<pre><br />
do-release-upgrade -f DistUpgradeViewNonInteractive<br />
</pre><br />
<br />
if it exists "too soon" without doing anything, run it without "-f xxx", most likely it does not like something about this machine. in case of daq00 it did not like how the EFI partitions were mounted. after fixing it, non-interactive upgrade was successful.<br />
<br />
=== isdaq08 ===<br />
<br />
* prepare<br />
<pre><br />
cd ~/git/scripts<br />
git pull<br />
cd ~<br />
apt -y install debsums<br />
</pre><br />
* check for modified config files that make upgrade unhappy, deal with all files reported by debsums.<br />
<pre><br />
root@isdaq08:~# debsums -ce<br />
/etc/ganglia/gmond.conf<br />
/etc/yp.conf<br />
/etc/apt/apt.conf.d/10periodic<br />
root@isdaq08:~# <br />
</pre><br />
* restore original /etc/apt/apt.conf.d/10periodic<br />
<pre><br />
APT::Periodic::Update-Package-Lists "1"; <br />
APT::Periodic::Download-Upgradeable-Packages "0"; <br />
APT::Periodic::AutocleanInterval "0"; <br />
</pre><br />
* apt remove ganglia-monitor<br />
* apt remove nis<br />
* "debsums -ce" is now empty<br />
<br />
Run the upgrade:<br />
<br />
* do-release-upgrade -f DistUpgradeViewNonInteractive<br />
<br />
Post upgrade:<br />
<br />
* configure DNS<br />
* apt -y install linux-generic-hwe-22.04<br />
* /bin/cp -v ~/git/scripts/etc/99apt-conf-ko /etc/apt/apt.conf.d/ # restore nightly updates<br />
* /bin/rm /etc/apt/apt.conf.d/20apt-esm-hook.conf # remove the ubuntu-pro nag<br />
* install missing packages<br />
* restore ganglia<br />
* restore nis<br />
* check zpool status, may need zpool upgrade<br />
* reboot<br />
<br />
== upgrade U-22 to U-24 ==<br />
<br />
generic instructions. below are notes from upgrades of specific machines.<br />
<br />
<pre><br />
apt -y remove desktop-base # causes installer crash<br />
apt -y remove thunderbird # avoid forced conversion to snap<br />
apt update<br />
apt -y upgrade<br />
apt -y autoremove<br />
do-release-upgrade -c # confirm upgrade will be to U-24<br />
do-release-upgrade<br />
# say "y" to all questions<br />
# after installation starts, accept default answers to all questions<br />
# should run for about 1 hour or so<br />
# after upgrade finishes<br />
apt update<br />
apt -y upgrade<br />
apt -y autoremove<br />
shutdown -r now<br />
</pre><br />
<br />
if installation bombs:<br />
<br />
<pre><br />
apt update<br />
apt upgrade # will tell us to run "apt --fix-broken install", do it<br />
apt --fix-broken install<br />
apt update<br />
apt upgrade # should resume the upgrade, will run for a long time<br />
apt update<br />
apt upgrade # should do nothing<br />
apt autoremove<br />
shutdown -r now<br />
</pre><br />
<br />
=== daqubuntu, U-24 ===<br />
<br />
* prepare<br />
<pre><br />
cd ~/git/scripts<br />
git pull<br />
cd ~<br />
apt -y install debsums<br />
</pre><br />
* check for modified config files that make upgrade unhappy, deal with all files reported by debsums.<br />
<pre><br />
root@daqubuntu:~# debsums -ce<br />
/etc/ganglia/gmond.conf<br />
debsums: missing file /etc/init.d/nis (from nis package)<br />
/etc/default/nis<br />
/etc/ypserv.conf<br />
/etc/ypserv.securenets<br />
/var/yp/Makefile<br />
/etc/update-manager/release-upgrades<br />
/etc/apt/apt.conf.d/10periodic<br />
/etc/yp.conf<br />
root@daqubuntu:~# <br />
* restore original /etc/apt/apt.conf.d/10periodic<br />
<pre><br />
APT::Periodic::Update-Package-Lists "1"; <br />
APT::Periodic::Download-Upgradeable-Packages "0"; <br />
APT::Periodic::AutocleanInterval "0"; <br />
</pre><br />
* apt remove ganglia-monitor<br />
* apt remove nis<br />
* apt autoremove<br />
* restore original release-upgrades: "Prompt: lts"<br />
* "debsums -ce" is now empty<br />
<br />
Check for upgrade:<br />
<br />
<pre><br />
root@daqubuntu:~# do-release-upgrade -c<br />
Checking for a new Ubuntu release<br />
There is no development version of an LTS available.<br />
To upgrade to the latest non-LTS development release <br />
set Prompt=normal in /etc/update-manager/release-upgrades.<br />
root@daqubuntu:~# <br />
</pre><br />
<br />
Run the upgrade:<br />
<br />
* do-release-upgrade -f DistUpgradeViewNonInteractive<br />
<br />
Post upgrade:<br />
<br />
* configure DNS<br />
* apt -y install linux-generic-hwe-22.04<br />
* /bin/cp -v ~/git/scripts/etc/99apt-conf-ko /etc/apt/apt.conf.d/ # restore nightly updates<br />
* /bin/rm /etc/apt/apt.conf.d/20apt-esm-hook.conf # remove the ubuntu-pro nag<br />
* install missing packages<br />
* restore ganglia<br />
* restore nis<br />
* check zpool status, may need zpool upgrade<br />
* reboot<br />
<br />
=== daq14, U-20-22-24 ===<br />
<br />
* apt update, apt upgrade<br />
* apt -y install linux-image-generic-hwe-20.04 linux-tools-virtual-hwe-20.04 ### install kernel 5.15<br />
* shutdown -r now<br />
* stuck waiting for daq14 to shutdown...<br />
* reboot into kernel 5.15<br />
* ???<br />
<pre><br />
cd ~/git/scripts<br />
git pull<br />
cd ~<br />
apt -y install debsums<br />
</pre><br />
* debsums -ce<br />
<pre><br />
/etc/apache2/ports.conf<br />
/etc/dnsmasq.conf<br />
/etc/ganglia/gmond.conf<br />
/etc/yp.conf<br />
/etc/sudoers<br />
</pre><br />
* apache2 restore original ports.conf, uncomment "Listen 80"<br />
* cp -pv /etc/dnsmasq.conf.dpkg-dist /etc/dnsmasq.conf<br />
* apt remove ganglia-monitor<br />
* edit /etc/yp.conf, remove everything after "# ypserver ypserver.network.com"<br />
* "debsums -ce" is now empty<br />
* do-release-upgrade -f DistUpgradeViewNonInteractive<br />
* runs for a long time<br />
* stuck on "/etc/default/nis", type "Y", press enter, nothing for a bit, then resumes running<br />
* finished<br />
* configure DNS<br />
* reboot<br />
* have kernel 6.8<br />
* apt update; apt upgrade<br />
* apt upgrade guile-2.2-libs ### would not auto-update, "kept back", has to be done by hand<br />
* apt autoremove<br />
* debsums -ce<br />
<pre><br />
debsums: missing file /etc/init.d/nis (from nis package)<br />
/etc/default/nis<br />
</pre><br />
* diff /etc/default/nis.dpkg-dist /etc/default/nis<br />
* cp -pv /etc/default/nis.dpkg-dist /etc/default/nis<br />
* debsums -ce<br />
<pre><br />
debsums: missing file /etc/init.d/nis (from nis package)<br />
</pre><br />
* we ignore this and run the update<br />
* do-release-upgrade -c<br />
<pre><br />
Checking for a new Ubuntu release<br />
New release '24.04.1 LTS' available.<br />
Run 'do-release-upgrade' to upgrade to it.<br />
</pre><br />
* do-release-upgrade -f DistUpgradeViewNonInteractive<br />
* bombs out without any error messages<br />
* in /var/log/dist-upgrade/main.log reports "Failed to find a replacement for xapp" and other packages<br />
* apt remove xapp usrmerge ureadahead thunderbird-gnome-support<br />
* no go, complains about even more packages.<br />
* apt list | grep installed | grep -v jammy ### show packages installed from non-ubuntu sources<br />
* remove all packages marked "install,local" ### ubuntu updater does not know where they came from and so cannot update them.<br />
* apt remove desktop-base ### not happy about this package in /var/log/dist-upgrade/apt.log<br />
* apt autoremove<br />
* do-release-upgrade -f DistUpgradeViewNonInteractive<br />
* running for a long time...<br />
<br />
=== alpha04 U-20-24 ===<br />
<br />
* apt update, apt upgrade, apt autoremove<br />
* reboot into latest kernel (already done)<br />
* debsums -ce<br />
<pre><br />
root@alpha04:~# debsums -ce<br />
/etc/dnsmasq.conf<br />
/etc/ganglia/gmond.conf<br />
/etc/default/nis<br />
/etc/yp.conf<br />
root@alpha04:~# <br />
</pre><br />
* move /etc/dnsmasq.conf to /etc/dnsmasq.d/alpha04.conf<br />
* apt remove dnsmasq<br />
* apt remove ganglia-monitor<br />
* apt remove nis<br />
* apt autoremove<br />
* debsums -ce ### is now empty<br />
* do-release-upgrade -f DistUpgradeViewNonInteractive<br />
* it runs for a long time...<br />
* complained about /etc/fwupd config files, not sure why...<br />
* finished<br />
* apt update, apt upgrade, apt autoremove<br />
* restore dnsmasq: apt install dnsmasq, systemctl status dnsmasq<br />
* restore ganglia, per instructions<br />
* restore NIS: apt -y install rpcbind nis, ypwhich, ypwhich -m<br />
* zpool upgrade rpool ### also upgrade any other zfs pools, see zpool status<br />
* remove unwanted packages, per instructions<br />
* run gonodeinfo<br />
* reboot<br />
* done<br />
<br />
== vera00 U20-22-24 ==<br />
<br />
* everything same as daq14 for U20-22<br />
* kernel is still 5.15<br />
* U22-24 is going...<br />
* stuck for a few minutes on /etc/fwupd config files<br />
* have kernel 6.8.0-49<br />
* same steps as daq14<br />
* reboot<br />
* same steps as daq14<br />
* done<br />
<br />
== phaarmonster U22-24 ==<br />
<br />
* debsums -ce<br />
<pre><br />
/etc/amandahosts<br />
/etc/apache2/ports.conf<br />
/etc/ganglia/gmond.conf<br />
</pre><br />
* do-release-upgrade -c ### reports U24.04.1<br />
* do-release-upgrade -f DistUpgradeViewNonInteractive ### bombs<br />
* apt remove desktop-base; apt autoremove<br />
* do-release-upgrade ### (interactive) runs ok<br />
* bombed !!!<br />
* apt upgrade spews errors and tells us to run "apt --fix-broken install"<br />
* apt --fix-broken install ### runs<br />
* bombs with thunderbird snap errors<br />
* again... no go<br />
* thunderbird snap complains about mounting /home, but /home is a symlink<br />
* rm /home, mkdir /home<br />
* again, runs ok<br />
* asks about /etc/fwupd/fwupd.conf - say "Y" to install updated package version<br />
* apt install completes<br />
* apt update; apt upgrade ### running for a long time...<br />
* finished<br />
* install missing packages, etc<br />
* reboot<br />
* long wait... came back<br />
* DNS does now work, systemd-resolved missing, apt install systemd-resolved, "configure DNS"<br />
* done.<br />
<br />
== isdaq10 U22-24 ==<br />
<br />
* do-release-upgrade -f DistUpgradeViewNonInteractive<br />
* bombed on desktop-base, "apt remove desktop-base; apt autoremove"<br />
* bombed with errors<br />
* running "apt --fix-broken install"<br />
* complained about thunderbird snap<br />
* complained about /etc/fwupd/fwupd.conf (say Y)<br />
* finished ok<br />
* apt update<br />
* apt upgrade ### reports "1382 upgraded, 140 newly installed, 0 to remove and 29 not upgraded"<br />
<br />
== iris01 ==<br />
<br />
* debsums -ce<br />
<pre><br />
/etc/ganglia/gmond.conf<br />
/etc/default/nis<br />
/etc/yp.conf<br />
</pre><br />
* apt remove desktop-base<br />
* apt remove thunderbird<br />
* apt autoremove<br />
* do-release-upgrade -f DistUpgradeViewNonInteractive<br />
* bombed with dpkg errors:<br />
<pre><br />
hplip wants wrong python<br />
ganglia-monitor wants wrong libapr1<br />
sssd-ad wants bunch of wrong libraries<br />
xemacs21-mule<br />
libnfsidmap1 wants libldap2<br />
adn so forth...<br />
</pre><br />
* apt --fix-broken install -y<br />
* bombs on ganglia - ganglia group absent from /etc/groups<br />
* fix group ganglia by hand, remove ganglia group from NIS on isdaq00<br />
* apt --fix-broken install<br />
* apt upgrade<br />
<br />
== iris00 ==<br />
<br />
* stuck on "autofs: restarting", login as root, kill iris midas, kill automount, systemctl restart autofs, noble got unstuck, ctrl-c systemctl restart autofs<br />
* noble running...<br />
* bombed with dpkg errors<br />
* check ganglia user, group - both ok<br />
* apt --fix-broken install<br />
* apt upgrade<br />
<br />
== tigstore01 ==<br />
<br />
* no bomb-out<br />
<br />
== midm9b ==<br />
<br />
* apt remove desktop-base thunderbird<br />
* bombed<br />
* apt --fix-broken-install<br />
* apt upgrade<br />
<br />
= Upgrade to new version of Debian =<br />
<br />
https://www.debian.org/releases/bookworm/amd64/release-notes/ch-upgrading.en.html<br />
<br />
== 32-bit VME processor Debian 11 to 12 ==<br />
<br />
* cd git/scripts; git pull; cd ~<br />
* apt update<br />
* apt upgrade<br />
* edit /etc/apt/sources.list<br />
<pre><br />
deb http://deb.debian.org/debian/ bookworm main<br />
#deb http://deb.debian.org/debian/ bullseye main<br />
#deb-src http://deb.debian.org/debian/ bullseye main<br />
</pre><br />
* apt update<br />
* apt upgrade --without-new-pkgs<br />
* apt full-upgrade<br />
* apt list '~c'; apt purge '~c' # purge left-over config files [residual-config]<br />
* reboot<br />
<br />
= Ubuntu package manager =<br />
<br />
* apt-get install xxx # install package xxx<br />
* apt-get update<br />
* apt-get upgrade<br />
* apt-get dist-upgrade<br />
* apt-get autoremove # remove automatically installed packages required by a removed package<br />
* apt-get remove xxx # remove package xxx<br />
* apt-cache search . # list all available packages<br />
* apt-cache show "." | grep ^Package # list al available packages<br />
* apt-cache madison root-system # show all available versions of package root-system<br />
* apt list # list all installed packages<br />
* dpkg --listfiles libpng16-16 # list all files from this package<br />
* apt list --installed # list all installed packages<br />
* dpkg -S /bin/bash # what package provides this file?<br />
* dpkg -L bash # what files provided by this package?<br />
* debsums -ce # show modified config files<br />
* apt-config dump # show apt configuration<br />
* apt purge '~c' # purge all [residual-config] packages<br />
<br />
= Ubuntu zsys =<br />
<br />
NOTE: DO NOT USE ZSYS, see https://github.com/ubuntu/zsys/issues/218 and https://github.com/ubuntu/zsys/issues/230<br />
<br />
* scripted removal of old snapshots (replace "echo zfs destroy" with "zfs destroy")<br />
<pre><br />
zfs list -t all | cut -f1 -d " " | grep autozsys | xargs -n1 echo zfs destroy<br />
</pre><br />
<br />
* manual removal of old snapshots<br />
<pre><br />
zsysctl show<br />
zsysctl state remove xy69ye -s<br />
zsysctl state remove xy69ye<br />
zsysctl state remove xy69ye -u wheel<br />
</pre><br />
* apt remove zsys<br />
<br />
NOTE: old zsys snapshots must be cleaned manually, "zsysctl state remove xxx --system" is broken and does not remove user data snapshots<br />
<br />
* manages system snapshots<br />
* documentation: https://github.com/ubuntu/zsys<br />
* documentation: (go to next article via link "newer" at the bottom) https://didrocks.fr/2020/05/21/zfs-focus-on-ubuntu-20.04-lts-whats-new/<br />
* ubuntu 20.04 bug, too many snapshots cause /boot to become full and updates fail. https://github.com/ubuntu/zsys/issues/155<br />
* solution: use custom /etc/zsys.conf, limit number of snapshots to 10, see trinatdaq:/etc/zsys.conf<br />
* zsys commands:<br />
<pre><br />
update-grub # list of all snapshots, errors if some snapshots are broken<br />
zsysctl state remove lnc0k7 --system # remove snapshot<br />
xemacs -nw /etc/zsys.conf; zsysctl service reload; zsysctl service gc # cause gc to run with new settings in zsys.conf<br />
zfs list -r -t snapshot -o name,used,referenced,creation bpool/BOOT # list snapshots<br />
zsysctl show # show snapshots<br />
</pre><br />
<br />
= Ubuntu cloning =<br />
<br />
to clone a ubuntu image:<br />
<br />
<pre><br />
cd /nfsroot/lxcpet<br />
emacs -nw etc/hostname ### change hostname<br />
emacs -nw etc/mailname ### change hostname (debian 11)<br />
emacs -nw etc/defaultdomain ### change the NIS domainname<br />
emacs -nw etc/yp.conf ### change the NIS server<br />
cp -pvf ../lxcpet-SL610/etc/ssh/*key* etc/ssh/ ### preserve the ssh keys<br />
emacs -nw opt/gonodeinfo/gonodeinfo.conf ### update information<br />
emacs -nw root/.ssh/authorized_keys ### update root ssh keys<br />
</pre><br />
<br />
= Ubuntu boot loader =<br />
<br />
== maintenance commands ==<br />
<br />
* update-initramfs -v -u<br />
* grub-install /dev/sda<br />
<br />
= Convert from single to dual mirrored ZFS SSD =<br />
<br />
Assuming Ubuntu LTS 22.04 with "instal on ZFS" option, we will<br />
add a second SSD, configure ZFS to use both SSDs in mirrored<br />
configuration and setup grub to boot from either SSD. This<br />
is intended to create a full redundant system where failure<br />
of either SSD does not break the system.<br />
<br />
* identify first SSD<br />
<pre><br />
root@midm9b:~# ./smart-status.perl <br />
Disk model serial temperature realloc pending uncorr CRC err RRER Errors Link<br />
/dev/sda WD Blue SA510 2.5 250GB 22243Z803769 24 . ? ? . ? . 6.0<br />
root@midm9b:~# <br />
</pre><br />
* connect second SSD of identical size<br />
<pre><br />
root@midm9b:~# ./smart-status.perl <br />
Disk model serial temperature realloc pending uncorr CRC err RRER Errors Link<br />
/dev/sda WD Blue SA510 2.5 250GB 22243Z803769 24 . ? ? . ? . 6.0<br />
/dev/sdb WD Blue SA510 2.5 250GB 22243Z803852 25 . ? ? . ? . 6.0<br />
root@midm9b:~# <br />
</pre><br />
* if second SSD is not autodetected, reboot<br />
* Clone partition table automatically<br />
If both SSDs are identical size, use this simpler method of duplicating the partition table:<br />
<pre><br />
root@midm9b:~# sfdisk -d /dev/sda > part_table<br />
root@midm9b:~# grep -v ^label-id part_table | sed -e 's/, *uuid=[0-9A-F-]*//' | sfdisk /dev/sdb<br />
</pre><br />
The grep and sed in the second command are there to prevent disk ID and partition IDs from being cloned. Alternatively the part_table file can be edited manually to remove the label-id line and the uuid entries from the individual partitions.<br />
<br />
* Clone partition table manually (e.g. for different size disks)<br />
* list partition table of first SSD:<br />
<pre><br />
root@midm9b:~# fdisk -l /dev/sda<br />
Disk /dev/sda: 232.89 GiB, 250059350016 bytes, 488397168 sectors<br />
Disk model: WD Blue SA510 2.<br />
Units: sectors of 1 * 512 = 512 bytes<br />
Sector size (logical/physical): 512 bytes / 512 bytes<br />
I/O size (minimum/optimal): 512 bytes / 512 bytes<br />
Disklabel type: gpt<br />
Disk identifier: 951A4174-B4C6-400D-99F5-BE9B5627FA8E<br />
<br />
Device Start End Sectors Size Type<br />
/dev/sda1 2048 1050623 1048576 512M EFI System<br />
/dev/sda2 1050624 5244927 4194304 2G Linux swap<br />
/dev/sda3 5244928 9439231 4194304 2G Solaris boot<br />
/dev/sda4 9439232 488397134 478957903 228.4G Solaris root<br />
root@midm9b:~# <br />
</pre><br />
* create identical partitions on second SSD, use sector numbers from above.<br />
<pre><br />
root@midm9b:~# gdisk /dev/sdb<br />
GPT fdisk (gdisk) version 1.0.8<br />
<br />
Partition table scan:<br />
MBR: not present<br />
BSD: not present<br />
APM: not present<br />
GPT: not present<br />
<br />
Creating new GPT entries in memory.<br />
<br />
Command (? for help): n<br />
Partition number (1-128, default 1): <br />
First sector (34-488397134, default = 2048) or {+-}size{KMGTP}: <br />
Last sector (2048-488397134, default = 488397134) or {+-}size{KMGTP}: 1050623<br />
Current type is 8300 (Linux filesystem)<br />
Hex code or GUID (L to show codes, Enter = 8300): ef00<br />
Changed type of partition to 'EFI system partition'<br />
<br />
Command (? for help): n<br />
Partition number (2-128, default 2): <br />
First sector (34-488397134, default = 1050624) or {+-}size{KMGTP}: <br />
Last sector (1050624-488397134, default = 488397134) or {+-}size{KMGTP}: 5244927<br />
Current type is 8300 (Linux filesystem)<br />
Hex code or GUID (L to show codes, Enter = 8300): 8200<br />
Changed type of partition to 'Linux swap'<br />
<br />
Command (? for help): n<br />
Partition number (3-128, default 3): <br />
First sector (34-488397134, default = 5244928) or {+-}size{KMGTP}: <br />
Last sector (5244928-488397134, default = 488397134) or {+-}size{KMGTP}: 9439231<br />
Current type is 8300 (Linux filesystem)<br />
Hex code or GUID (L to show codes, Enter = 8300): be00<br />
Changed type of partition to 'Solaris boot'<br />
<br />
Command (? for help): n<br />
Partition number (4-128, default 4): <br />
First sector (34-488397134, default = 9439232) or {+-}size{KMGTP}: <br />
Last sector (9439232-488397134, default = 488397134) or {+-}size{KMGTP}: <br />
Current type is 8300 (Linux filesystem)<br />
Hex code or GUID (L to show codes, Enter = 8300): bf00<br />
Changed type of partition to 'Solaris root'<br />
<br />
Command (? for help): w<br />
<br />
Final checks complete. About to write GPT data. THIS WILL OVERWRITE EXISTING<br />
PARTITIONS!!<br />
<br />
Do you want to proceed? (Y/N): y<br />
OK; writing new GUID partition table (GPT) to /dev/sdb.<br />
The operation has completed successfully.<br />
root@midm9b:~# fdisk -l /dev/sda /dev/sdb<br />
Disk /dev/sda: 232.89 GiB, 250059350016 bytes, 488397168 sectors<br />
Disk model: WD Blue SA510 2.<br />
Units: sectors of 1 * 512 = 512 bytes<br />
Sector size (logical/physical): 512 bytes / 512 bytes<br />
I/O size (minimum/optimal): 512 bytes / 512 bytes<br />
Disklabel type: gpt<br />
Disk identifier: 951A4174-B4C6-400D-99F5-BE9B5627FA8E<br />
<br />
Device Start End Sectors Size Type<br />
/dev/sda1 2048 1050623 1048576 512M EFI System<br />
/dev/sda2 1050624 5244927 4194304 2G Linux swap<br />
/dev/sda3 5244928 9439231 4194304 2G Solaris boot<br />
/dev/sda4 9439232 488397134 478957903 228.4G Solaris root<br />
<br />
<br />
Disk /dev/sdb: 232.89 GiB, 250059350016 bytes, 488397168 sectors<br />
Disk model: WD Blue SA510 2.<br />
Units: sectors of 1 * 512 = 512 bytes<br />
Sector size (logical/physical): 512 bytes / 512 bytes<br />
I/O size (minimum/optimal): 512 bytes / 512 bytes<br />
Disklabel type: gpt<br />
Disk identifier: EB251739-30C6-422F-A505-5887B5A0B603<br />
<br />
Device Start End Sectors Size Type<br />
/dev/sdb1 2048 1050623 1048576 512M EFI System<br />
/dev/sdb2 1050624 5244927 4194304 2G Linux swap<br />
/dev/sdb3 5244928 9439231 4194304 2G Solaris boot<br />
/dev/sdb4 9439232 488397134 478957903 228.4G Solaris root<br />
root@midm9b:~# <br />
</pre><br />
* identify second SSD partitions<br />
<pre><br />
root@midm9b:~# ls -l /dev/disk/by-id/ata*part3<br />
lrwxrwxrwx 1 root root 10 Jan 20 18:37 /dev/disk/by-id/ata-WD_Blue_SA510_2.5_250GB_22243Z803769-part3 -> ../../sda3<br />
lrwxrwxrwx 1 root root 10 Jan 20 19:34 /dev/disk/by-id/ata-WD_Blue_SA510_2.5_250GB_22243Z803852-part3 -> ../../sdb3<br />
root@midm9b:~# ls -l /dev/disk/by-id/ata*part4<br />
lrwxrwxrwx 1 root root 10 Jan 20 18:37 /dev/disk/by-id/ata-WD_Blue_SA510_2.5_250GB_22243Z803769-part4 -> ../../sda4<br />
lrwxrwxrwx 1 root root 10 Jan 20 19:34 /dev/disk/by-id/ata-WD_Blue_SA510_2.5_250GB_22243Z803852-part4 -> ../../sdb4<br />
</pre><br />
* convert bpool from single disk to mirrored disk:<br />
<pre><br />
root@midm9b:~# zpool status<br />
pool: bpool<br />
state: ONLINE<br />
config:<br />
<br />
NAME STATE READ WRITE CKSUM<br />
bpool ONLINE 0 0 0<br />
99e03dc0-7d4d-f24b-8fa1-f042b9f135db ONLINE 0 0 0<br />
<br />
errors: No known data errors<br />
<br />
pool: rpool<br />
state: ONLINE<br />
config:<br />
<br />
NAME STATE READ WRITE CKSUM<br />
rpool ONLINE 0 0 0<br />
f6fd54f8-3af7-b943-ae3d-a4e480537fb9 ONLINE 0 0 0<br />
<br />
errors: No known data errors<br />
root@midm9b:~# zpool attach bpool 99e03dc0-7d4d-f24b-8fa1-f042b9f135db /dev/disk/by-id/ata-WD_Blue_SA510_2.5_250GB_22243Z803852-part3<br />
root@midm9b:~# zpool status bpool<br />
pool: bpool<br />
state: ONLINE<br />
scan: resilvered 247M in 00:00:00 with 0 errors on Fri Jan 20 19:39:40 2023<br />
config:<br />
<br />
NAME STATE READ WRITE CKSUM<br />
bpool ONLINE 0 0 0<br />
mirror-0 ONLINE 0 0 0<br />
99e03dc0-7d4d-f24b-8fa1-f042b9f135db ONLINE 0 0 0<br />
ata-WD_Blue_SA510_2.5_250GB_22243Z803852-part3 ONLINE 0 0 0<br />
<br />
errors: No known data errors<br />
</pre><br />
* convert rpool<br />
<pre><br />
root@midm9b:~# ls -l /dev/disk/by-id/ata*part4<br />
lrwxrwxrwx 1 root root 10 Jan 20 18:37 /dev/disk/by-id/ata-WD_Blue_SA510_2.5_250GB_22243Z803769-part4 -> ../../sda4<br />
lrwxrwxrwx 1 root root 10 Jan 20 19:34 /dev/disk/by-id/ata-WD_Blue_SA510_2.5_250GB_22243Z803852-part4 -> ../../sdb4<br />
root@midm9b:~# zpool attach rpool f6fd54f8-3af7-b943-ae3d-a4e480537fb9 /dev/disk/by-id/ata-WD_Blue_SA510_2.5_250GB_22243Z803852-part4<br />
root@midm9b:~# zpool status rpool<br />
pool: rpool<br />
state: ONLINE<br />
status: One or more devices is currently being resilvered. The pool will<br />
continue to function, possibly in a degraded state.<br />
action: Wait for the resilver to complete.<br />
scan: resilver in progress since Fri Jan 20 19:40:45 2023<br />
5.83G scanned at 664M/s, 2.92M issued at 332K/s, 9.11G total<br />
0B resilvered, 0.03% done, no estimated completion time<br />
config:<br />
<br />
NAME STATE READ WRITE CKSUM<br />
rpool ONLINE 0 0 0<br />
mirror-0 ONLINE 0 0 0<br />
f6fd54f8-3af7-b943-ae3d-a4e480537fb9 ONLINE 0 0 0<br />
ata-WD_Blue_SA510_2.5_250GB_22243Z803852-part4 ONLINE 0 0 0<br />
<br />
errors: No known data errors<br />
root@midm9b:~# <br />
</pre><br />
* wait for resilver to complete<br />
<pre><br />
root@midm9b:~# zpool status<br />
pool: bpool<br />
state: ONLINE<br />
scan: resilvered 247M in 00:00:00 with 0 errors on Fri Jan 20 19:39:40 2023<br />
config:<br />
<br />
NAME STATE READ WRITE CKSUM<br />
bpool ONLINE 0 0 0<br />
mirror-0 ONLINE 0 0 0<br />
99e03dc0-7d4d-f24b-8fa1-f042b9f135db ONLINE 0 0 0<br />
ata-WD_Blue_SA510_2.5_250GB_22243Z803852-part3 ONLINE 0 0 0<br />
<br />
errors: No known data errors<br />
<br />
pool: rpool<br />
state: ONLINE<br />
scan: resilvered 9.65G in 00:00:36 with 0 errors on Fri Jan 20 19:41:21 2023<br />
config:<br />
<br />
NAME STATE READ WRITE CKSUM<br />
rpool ONLINE 0 0 0<br />
mirror-0 ONLINE 0 0 0<br />
f6fd54f8-3af7-b943-ae3d-a4e480537fb9 ONLINE 0 0 0<br />
ata-WD_Blue_SA510_2.5_250GB_22243Z803852-part4 ONLINE 0 0 0<br />
<br />
errors: No known data errors<br />
</pre><br />
* enable booting from second SSD: (instead of /dev/sda1, /dev/sdb1, use UUID=xxx)<br />
<pre><br />
root@midm9b:~# mkfs.msdos /dev/sdb1<br />
root@midm9b:~# mkdir /boot/efi-sda<br />
root@midm9b:~# mkdir /boot/efi-sdb<br />
root@midm20c:~# blkid | grep vfat ### identify UUID<br />
/dev/sdb1: UUID="DD89-5081" BLOCK_SIZE="512" TYPE="vfat" PARTLABEL="EFI System Partition" PARTUUID="d0cb6be4-2f67-5b42-9b26-9e6905e9f774"<br />
/dev/sdc1: UUID="D970-86BA" BLOCK_SIZE="512" TYPE="vfat" PARTLABEL="EFI System Partition" PARTUUID="e6d3b5b9-a512-44a2-9205-1a4db06ed2a2"<br />
/dev/sda1: UUID="DDA1-044C" BLOCK_SIZE="512" TYPE="vfat" PARTLABEL="EFI System Partition" PARTUUID="6dc9dff0-1c13-8045-a906-7803d3074c70"<br />
root@midm20c:~# cat /etc/fstab | grep vfat ### add mount points with correct UUID<br />
#UUID=D970-86BA /boot/efi vfat umask=0022,fmask=0022,dmask=0022 0 1<br />
UUID=DDA1-044C /boot/efi-sda vfat umask=0022,fmask=0022,dmask=0022 0 1<br />
UUID=DD89-5081 /boot/efi-sdb vfat umask=0022,fmask=0022,dmask=0022 0 1<br />
root@midm9b:~# mount -a<br />
root@midm9b:~# df -kl<br />
Filesystem 1K-blocks Used Available Use% Mounted on<br />
...<br />
/dev/sda1 523244 13720 509524 3% /boot/efi<br />
/dev/sdb1 523244 4 523240 1% /boot/efi-sdb<br />
...<br />
root@midm9b:~# rsync -av /boot/efi/ /boot/efi-sdb/<br />
sending incremental file list<br />
EFI/<br />
...<br />
root@midm9b:~# ls -l /boot/efi-sda<br />
total 8<br />
drwxr-xr-x 4 root root 4096 Jan 19 23:26 EFI<br />
drwxr-xr-x 5 root root 4096 Jan 19 23:26 grub<br />
root@midm9b:~# ls -l /boot/efi-sdb<br />
total 8<br />
drwxr-xr-x 4 root root 4096 Jan 19 23:26 EFI<br />
drwxr-xr-x 5 root root 4096 Jan 19 23:26 grub<br />
root@midm9b:~# <br />
</pre><br />
* setup script to update grub on second SSD, it must be run manually after every kernel update<br />
<pre><br />
root@midm9b:~# ln -s ~/git/scripts/etc/update_efi_grub.perl ~/<br />
root@midm9b:~# ~/update_efi_grub.perl -u<br />
EFI dir: /boot/efi-sda<br />
/boot/efi-sda: update grub: rsync -av --delete-after --modify-window=2 /boot/efi/grub/ /boot/efi-sda/grub<br />
building file list ... done<br />
<br />
sent 5,313 bytes received 11 bytes 10,648.00 bytes/sec<br />
total size is 7,944,644 speedup is 1,492.23<br />
/boot/efi-sda: update efi: rsync -av --delete-after --modify-window=2 /boot/efi/EFI/ /boot/efi-sda/EFI<br />
building file list ... done<br />
<br />
sent 216 bytes received 11 bytes 454.00 bytes/sec<br />
total size is 5,452,378 speedup is 24,019.29<br />
EFI dir: /boot/efi-sdb<br />
/boot/efi-sdb: update grub: rsync -av --delete-after --modify-window=2 /boot/efi/grub/ /boot/efi-sdb/grub<br />
building file list ... done<br />
<br />
sent 5,313 bytes received 11 bytes 10,648.00 bytes/sec<br />
total size is 7,944,644 speedup is 1,492.23<br />
/boot/efi-sdb: update efi: rsync -av --delete-after --modify-window=2 /boot/efi/EFI/ /boot/efi-sdb/EFI<br />
building file list ... done<br />
<br />
sent 216 bytes received 11 bytes 454.00 bytes/sec<br />
total size is 5,452,378 speedup is 24,019.29<br />
root@midm9b:~# <br />
</pre><br />
<br />
= Disable NetworkManager =<br />
<br />
== Debian-12 ==<br />
<br />
* use netplan, https://www.debian.org/doc/manuals/debian-reference/ch05.en.html#_the_modern_network_configuration_for_cloud<br />
* apt install netplan.io<br />
* systemctl enable systemd-networkd<br />
* systemctl restart systemd-networkd<br />
* create /etc/netplan/50-dhcp.yaml<br />
<pre><br />
network:<br />
version: 2<br />
ethernets:<br />
all-en:<br />
match:<br />
name: "en*"<br />
dhcp4: true<br />
dhcp6: true<br />
ignore-carrier: true ### do not drop IP address if network link drops<br />
</pre><br />
* netplan apply<br />
* netplan try<br />
* ifconfig -a ### to check IP address settings<br />
* netstat -rn ### to check default route<br />
* cat /etc/resolv.conf ### to check DNS<br />
* ls -l /run/systemd/netif/leases ### systemd-networkd dhcp leases<br />
* NOTE: without "ignore-carrier" it will drop the IP address if network link drops, re-do dhcp when links comes back<br />
* NOTE: wait-network-online will wait for all interfaces to get an IP address<br />
<br />
== Ubuntu-20 ==<br />
<br />
NOTE: THIS IS BROKEN IN UBUNTU LTS 22.04<br />
<br />
NetworkManager is useful for configuring dynamic<br />
network interfaces, i.e. laptops that often move<br />
between networks, or connect to multiple choice<br />
of wifi networks, etc.<br />
<br />
For machines with statically configured network interfaces,<br />
NetworkManager is not necessary.<br />
<br />
As it has been observed to become confused and observed<br />
to malfunction when network links go up and down (it keeps<br />
unnecessarily reconfiguring the ip address, etc), it can<br />
be usefuil to disable it.<br />
<br />
* list all network interfaces<br />
<pre><br />
# /bin/ls -1 /sys/class/net/<br />
enp0s31f6<br />
lo<br />
</pre><br />
* edit /etc/network/interfaces:<br />
<pre><br />
rename enp0s31f6=eth0<br />
auto eth0<br />
iface eth0 inet static<br />
address 142.90.120.94/19<br />
gateway 142.90.100.18<br />
</pre><br />
* statically configure systemd-resolved<br />
** create /etc/systemd/resolved.conf.d/resolved.conf with this contents:<br />
<pre><br />
[Resolve]<br />
DNS=142.90.100.19<br />
Domains=triumf.ca<br />
</pre><br />
** systemctl restart systemd-resolved<br />
** resolvectl<br />
** systemd-analyze cat-config systemd/resolved.conf<br />
* disable NetworkManager<br />
<pre><br />
systemctl disable NetworkManager<br />
</pre><br />
* reboot<br />
<br />
== U-22, U-24 ifup-ko ==<br />
<br />
Network configuration of modern linux is confused. There are at least 3 configuration methods, each with different shortcomings:<br />
* the old ifup method is barely documented<br />
* NetworkManager is well documented and tooled, but sometimes does strange things<br />
* systemd-networkd is mysterious, and likely to do strange stuff, like all systemd stuff<br />
* netplan is the latest method, configuration is simple but uses NetworkManager or systemd-networkd as backend.<br />
<br />
This is a solution for a specific situation of fixed computer with one fixed wired interface and maybe one or more additional interfaces for fixed wired private networks.<br />
<br />
Install /etc/ifup-ko, edit it with IP addresses of main and additional interfaces, let systemd run it in the right place in the boot sequence replacing NetworkManager and NetworkManager-wait-online .<br />
<br />
As bonus, /etc/ifup-ko waits up to 10 seconds for the main interface link to come up. If this is not needed, comment it out from the script.<br />
<br />
* prepare<br />
<pre><br />
cd ~/git/scripts<br />
git pull<br />
cd ifup-ko<br />
make install<br />
</pre><br />
* confirm interface names<br />
<pre><br />
systemctl start ifup-ko ### should finish immediately or after 10 seconds<br />
systemctl status ifup-ko -n 1000 ### observe list of interfaces is correct, name of main interface is correct<br />
</pre><br />
* edit /etc/ifup-ko<br />
** add host IP address to the "ifconfig" line<br />
** add gateway IP address to the "ip route add" line<br />
* test<br />
<pre><br />
systemctl start ifup-ko ### should finish immediately<br />
systemctl status ifup-ko -n 1000 ### observe everything is configured as expected<br />
</pre><br />
* cut-over<br />
<pre><br />
systemctl disable networkd-dispatcher<br />
systemctl disable NetworkManager<br />
systemctl disable wpa_supplicant # if no Wifi or Wifi not in use<br />
</pre><br />
* reboot<br />
<br />
= Configure ECC memory =<br />
<br />
== Configure EDAC ==<br />
<br />
* apt install edac-utils rasdaemon<br />
<br />
=== Intel i3-2120 ===<br />
<pre><br />
root@musr00:~# edac-ctl --mainboard<br />
edac-ctl: mainboard: Supermicro X9SCL/X9SCM<br />
root@musr00:~# edac-ctl --status<br />
edac-ctl: drivers not loaded.<br />
</pre><br />
<br />
=== Intel E-2236 ===<br />
<pre><br />
root@daq00:~# edac-ctl --mainboard<br />
edac-ctl: mainboard: Supermicro X11SCM-F<br />
root@daq00:~# edac-ctl --status<br />
edac-ctl: drivers are loaded.<br />
root@daq00:~# edac-util <br />
edac-util: No errors to report.<br />
root@daq00:~# edac-util -s<br />
edac-util: EDAC drivers are loaded. 1 MC detected<br />
</pre><br />
* check edac sysfs files (Intel)<br />
<pre><br />
root@daq00:~# ls -l /sys/devices/system/edac/mc/mc0<br />
total 0<br />
-r--r--r-- 1 root root 4096 Jan 25 15:10 ce_count<br />
-r--r--r-- 1 root root 4096 Jan 25 15:10 ce_noinfo_count<br />
-r--r--r-- 1 root root 4096 Jan 25 15:10 max_location<br />
-r--r--r-- 1 root root 4096 Jan 25 15:10 mc_name<br />
drwxr-xr-x 2 root root 0 Jan 25 15:10 power<br />
drwxr-xr-x 3 root root 0 Jan 25 15:10 rank0<br />
drwxr-xr-x 3 root root 0 Jan 25 15:10 rank1<br />
drwxr-xr-x 3 root root 0 Jan 25 15:10 rank2<br />
drwxr-xr-x 3 root root 0 Jan 25 15:10 rank3<br />
drwxr-xr-x 3 root root 0 Jan 25 15:10 rank4<br />
drwxr-xr-x 3 root root 0 Jan 25 15:10 rank5<br />
drwxr-xr-x 3 root root 0 Jan 25 15:10 rank6<br />
drwxr-xr-x 3 root root 0 Jan 25 15:10 rank7<br />
--w------- 1 root root 4096 Jan 25 15:10 reset_counters<br />
-r--r--r-- 1 root root 4096 Jan 25 15:10 seconds_since_reset<br />
-r--r--r-- 1 root root 4096 Jan 25 15:10 size_mb<br />
-r--r--r-- 1 root root 4096 Jan 25 15:10 ue_count<br />
-r--r--r-- 1 root root 4096 Jan 25 15:10 ue_noinfo_count<br />
-rw-r--r-- 1 root root 4096 Jan 25 15:10 uevent<br />
root@daq00:~# <br />
</pre><br />
<br />
=== Intel E3-1270 v6 ===<br />
<pre><br />
root@wheel-SYS-5019S-M:~/git/scripts# edac-ctl --mainboard<br />
edac-ctl: mainboard: Supermicro X11SSH-F<br />
root@wheel-SYS-5019S-M:~/git/scripts# edac-ctl --status<br />
edac-ctl: drivers are loaded.<br />
root@grsnis01:~# edac-util<br />
edac-util: No errors to report.<br />
root@grsnis01:~# edac-util -s<br />
edac-util: EDAC drivers are loaded. 1 MC detected<br />
root@grsnis01:~# ls -l /sys/devices/system/edac/mc/mc0<br />
total 0<br />
-r--r--r-- 1 root root 4096 Feb 19 12:35 ce_count<br />
-r--r--r-- 1 root root 4096 Feb 19 12:35 ce_noinfo_count<br />
-r--r--r-- 1 root root 4096 Feb 19 12:35 max_location<br />
-r--r--r-- 1 root root 4096 Feb 19 12:35 mc_name<br />
drwxr-xr-x 2 root root 0 Feb 19 12:35 power<br />
drwxr-xr-x 3 root root 0 Feb 19 12:35 rank0<br />
drwxr-xr-x 3 root root 0 Feb 19 12:35 rank1<br />
drwxr-xr-x 3 root root 0 Feb 19 12:35 rank2<br />
drwxr-xr-x 3 root root 0 Feb 19 12:35 rank3<br />
drwxr-xr-x 3 root root 0 Feb 19 12:35 rank4<br />
drwxr-xr-x 3 root root 0 Feb 19 12:35 rank5<br />
drwxr-xr-x 3 root root 0 Feb 19 12:35 rank6<br />
drwxr-xr-x 3 root root 0 Feb 19 12:35 rank7<br />
--w------- 1 root root 4096 Feb 19 12:35 reset_counters<br />
-r--r--r-- 1 root root 4096 Feb 19 12:35 seconds_since_reset<br />
-r--r--r-- 1 root root 4096 Feb 19 12:35 size_mb<br />
-r--r--r-- 1 root root 4096 Feb 19 12:35 ue_count<br />
-r--r--r-- 1 root root 4096 Feb 19 12:35 ue_noinfo_count<br />
-rw-r--r-- 1 root root 4096 Feb 19 12:35 uevent<br />
root@grsnis01:~# <br />
</pre><br />
<br />
=== Intel E3-1245 v6 ===<br />
<br />
<pre><br />
[root@alphagdaq ~]# edac-ctl --mainboard<br />
edac-ctl: mainboard: Supermicro X11SSH-F<br />
[root@alphagdaq ~]# edac-ctl --mainboard<br />
edac-ctl: mainboard: Supermicro X11SSH-F<br />
[root@alphagdaq ~]# edac-ctl --status<br />
edac-ctl: drivers are loaded.<br />
[root@alphagdaq ~]# edac-util<br />
edac-util: No errors to report.<br />
[root@alphagdaq ~]# edac-util -s<br />
edac-util: EDAC drivers are loaded. 1 MC detected<br />
[root@alphagdaq ~]# ras-mc-ctl --layout<br />
+-----------------------------------------------+<br />
| mc0 |<br />
| csrow0 | csrow1 | csrow2 | csrow3 |<br />
----------+-----------------------------------------------+<br />
channel1: | 8192 MB | 8192 MB | 8192 MB | 8192 MB |<br />
channel0: | 8192 MB | 8192 MB | 8192 MB | 8192 MB |<br />
----------+-----------------------------------------------+<br />
[root@alphagdaq ~]# ras-mc-ctl --error-count<br />
Label CE UE<br />
mc#0csrow#3channel#0 0 0<br />
mc#0csrow#2channel#1 0 0<br />
mc#0csrow#3channel#1 0 0<br />
mc#0csrow#0channel#0 0 0<br />
mc#0csrow#1channel#1 0 0<br />
mc#0csrow#0channel#1 0 0<br />
mc#0csrow#1channel#0 0 0<br />
mc#0csrow#2channel#0 0 0<br />
[root@alphagdaq ~]# ras-mc-ctl --mainboard<br />
ras-mc-ctl: mainboard: Supermicro model X11SSH-F<br />
[root@alphagdaq ~]# ras-mc-ctl --summary<br />
DBD::SQLite::db prepare failed: no such table: mc_event at /usr/sbin/ras-mc-ctl line 1129.<br />
Can't call method "execute" on an undefined value at /usr/sbin/ras-mc-ctl line 1130.<br />
[root@alphagdaq ~]# <br />
</pre><br />
<br />
=== AMD 3700X ===<br />
<br />
(memory is non-ECC)<br />
<br />
<pre><br />
root@daq13:~# edac-ctl --mainboard<br />
edac-ctl: mainboard: ASUSTeK COMPUTER INC. ROG STRIX B550-E GAMING<br />
root@daq13:~# <br />
root@daq13:~# <br />
root@daq13:~# edac-ctl --status<br />
edac-ctl: drivers not loaded.<br />
root@daq13:~# edac-util <br />
edac-util: Error: No memory controller data found.<br />
root@daq13:~# edac-util -s<br />
edac-util: EDAC drivers loaded. No memory controllers found<br />
root@daq13:~# ls -l /sys/devices/system/edac/mc<br />
total 0<br />
drwxr-xr-x 2 root root 0 Jan 25 15:26 power<br />
lrwxrwxrwx 1 root root 0 Jan 21 16:16 subsystem -> ../../../../bus/edac<br />
-rw-r--r-- 1 root root 4096 Jan 21 16:16 uevent<br />
</pre><br />
<br />
(memory is ECC)<br />
<br />
<pre><br />
root@trinatdaq:~# edac-ctl --mainboard<br />
edac-ctl: mainboard: ASUSTeK COMPUTER INC. ROG STRIX B550-E GAMING<br />
root@trinatdaq:~# edac-ctl --status<br />
edac-ctl: drivers are loaded.<br />
root@trinatdaq:~# edac-util <br />
edac-util: No errors to report.<br />
root@trinatdaq:~# edac-util -s<br />
edac-util: EDAC drivers are loaded. 1 MC detected<br />
root@trinatdaq:~# ls -l /sys/devices/system/edac/mc<br />
total 0<br />
drwxr-xr-x 7 root root 0 Dec 15 13:04 mc0<br />
drwxr-xr-x 2 root root 0 Dec 15 13:04 power<br />
lrwxrwxrwx 1 root root 0 Dec 13 18:31 subsystem -> ../../../../bus/edac<br />
-rw-r--r-- 1 root root 4096 Dec 13 18:31 uevent<br />
root@trinatdaq:~# ls -l /sys/devices/system/edac/mc/mc0<br />
total 0<br />
-r--r--r-- 1 root root 4096 Dec 15 13:04 ce_count<br />
-r--r--r-- 1 root root 4096 Dec 15 13:04 ce_noinfo_count<br />
-r--r--r-- 1 root root 4096 Dec 15 13:04 max_location<br />
-r--r--r-- 1 root root 4096 Dec 15 13:04 mc_name<br />
drwxr-xr-x 2 root root 0 Dec 15 13:04 power<br />
drwxr-xr-x 3 root root 0 Dec 15 13:04 rank4<br />
drwxr-xr-x 3 root root 0 Dec 15 13:04 rank5<br />
drwxr-xr-x 3 root root 0 Dec 15 13:04 rank6<br />
drwxr-xr-x 3 root root 0 Dec 15 13:04 rank7<br />
--w------- 1 root root 4096 Dec 15 13:04 reset_counters<br />
-rw-r--r-- 1 root root 4096 Dec 15 13:04 sdram_scrub_rate<br />
-r--r--r-- 1 root root 4096 Dec 15 13:04 seconds_since_reset<br />
-r--r--r-- 1 root root 4096 Dec 15 13:04 size_mb<br />
-r--r--r-- 1 root root 4096 Dec 15 13:04 ue_count<br />
-r--r--r-- 1 root root 4096 Dec 15 13:04 ue_noinfo_count<br />
-rw-r--r-- 1 root root 4096 Dec 15 13:04 uevent<br />
root@trinatdaq:~# <br />
</pre><br />
<br />
=== AMD 5000G ===<br />
<br />
* no linux driver for AMD 5000-series "G" CPU<br />
* no mention of ECC in the BIOS settings<br />
* unclear status of ECC support in AMD documentation (sais only "pro" "G" CPUs have ECC)<br />
* unclear status of ECC support in ASUS documentation (web page out of date)<br />
<br />
=== AMD 5600X ===<br />
<br />
<pre><br />
root@daq17:~# edac-ctl --mainboard<br />
edac-ctl: mainboard: ASUSTeK COMPUTER INC. ROG STRIX B550-XE GAMING WIFI<br />
root@daq17:~# edac-ctl --status<br />
edac-ctl: drivers are loaded.<br />
root@daq17:~# edac-util<br />
edac-util: No errors to report.<br />
root@daq17:~# edac-util -s<br />
edac-util: EDAC drivers are loaded. 1 MC detected<br />
root@daq17:~# ls -l /sys/devices/system/edac/mc<br />
total 0<br />
drwxr-xr-x 7 root root 0 Aug 19 19:27 mc0<br />
drwxr-xr-x 2 root root 0 Aug 19 19:27 power<br />
lrwxrwxrwx 1 root root 0 May 10 10:11 subsystem -> ../../../../bus/edac<br />
-rw-r--r-- 1 root root 4096 May 10 10:11 uevent<br />
root@daq17:~# ls -l /sys/devices/system/edac/mc/mc0<br />
total 0<br />
-r--r--r-- 1 root root 4096 Aug 19 19:27 ce_count<br />
-r--r--r-- 1 root root 4096 Aug 19 19:27 ce_noinfo_count<br />
-r--r--r-- 1 root root 4096 Aug 19 19:27 max_location<br />
-r--r--r-- 1 root root 4096 Aug 19 19:27 mc_name<br />
drwxr-xr-x 2 root root 0 Aug 19 19:27 power<br />
drwxr-xr-x 3 root root 0 Aug 19 19:27 rank4<br />
drwxr-xr-x 3 root root 0 Aug 19 19:27 rank5<br />
drwxr-xr-x 3 root root 0 Aug 19 19:27 rank6<br />
drwxr-xr-x 3 root root 0 Aug 19 19:27 rank7<br />
--w------- 1 root root 4096 Aug 19 19:27 reset_counters<br />
-rw-r--r-- 1 root root 4096 Aug 19 19:27 sdram_scrub_rate<br />
-r--r--r-- 1 root root 4096 Aug 19 19:27 seconds_since_reset<br />
-r--r--r-- 1 root root 4096 Aug 19 19:27 size_mb<br />
-r--r--r-- 1 root root 4096 Aug 19 19:27 ue_count<br />
-r--r--r-- 1 root root 4096 Aug 19 19:27 ue_noinfo_count<br />
-rw-r--r-- 1 root root 4096 Aug 19 19:27 uevent<br />
root@daq17:~# <br />
</pre><br />
<br />
=== AMD 3955WX ===<br />
<br />
<pre><br />
root@alphasuperdaq:~/git/scripts/quotareport# edac-ctl --mainboard<br />
edac-ctl: mainboard: ASUSTeK COMPUTER INC. Pro WS WRX80E-SAGE SE WIFI<br />
root@alphasuperdaq:~/git/scripts/quotareport# edac-ctl --status<br />
edac-ctl: drivers are loaded.<br />
root@alphasuperdaq:~/git/scripts/quotareport# edac-util <br />
edac-util: No errors to report.<br />
root@alphasuperdaq:~/git/scripts/quotareport# edac-util -s<br />
edac-util: EDAC drivers are loaded. 1 MC detected<br />
root@alphasuperdaq:~/git/scripts/quotareport# ls -l /sys/devices/system/edac/mc<br />
total 0<br />
drwxr-xr-x 19 root root 0 Dez 12 04:48 mc0<br />
drwxr-xr-x 2 root root 0 Dez 12 04:48 power<br />
lrwxrwxrwx 1 root root 0 Dez 9 05:31 subsystem -> ../../../../bus/edac<br />
-rw-r--r-- 1 root root 4096 Dez 9 05:31 uevent<br />
root@alphasuperdaq:~/git/scripts/quotareport# <br />
root@alphasuperdaq:~# ls -l /sys/devices/system/edac/mc/mc0<br />
total 0<br />
-r--r--r-- 1 root root 4096 Feb 28 22:19 ce_count<br />
-r--r--r-- 1 root root 4096 Feb 28 22:19 ce_noinfo_count<br />
-r--r--r-- 1 root root 4096 Feb 28 22:19 max_location<br />
-r--r--r-- 1 root root 4096 Feb 28 22:19 mc_name<br />
drwxr-xr-x 2 root root 0 Dez 12 04:48 power<br />
drwxr-xr-x 3 root root 0 Dez 12 04:48 rank0<br />
drwxr-xr-x 3 root root 0 Dez 12 04:48 rank1<br />
drwxr-xr-x 3 root root 0 Dez 12 04:48 rank10<br />
drwxr-xr-x 3 root root 0 Dez 12 04:48 rank11<br />
drwxr-xr-x 3 root root 0 Dez 12 04:48 rank12<br />
drwxr-xr-x 3 root root 0 Dez 12 04:48 rank13<br />
drwxr-xr-x 3 root root 0 Dez 12 04:48 rank14<br />
drwxr-xr-x 3 root root 0 Dez 12 04:48 rank15<br />
drwxr-xr-x 3 root root 0 Dez 12 04:48 rank2<br />
drwxr-xr-x 3 root root 0 Dez 12 04:48 rank3<br />
drwxr-xr-x 3 root root 0 Dez 12 04:48 rank4<br />
drwxr-xr-x 3 root root 0 Dez 12 04:48 rank5<br />
drwxr-xr-x 3 root root 0 Dez 12 04:48 rank6<br />
drwxr-xr-x 3 root root 0 Dez 12 04:48 rank7<br />
drwxr-xr-x 3 root root 0 Dez 12 04:48 rank8<br />
drwxr-xr-x 3 root root 0 Dez 12 04:48 rank9<br />
--w------- 1 root root 4096 Feb 28 22:19 reset_counters<br />
-rw-r--r-- 1 root root 4096 Feb 28 22:19 sdram_scrub_rate<br />
-r--r--r-- 1 root root 4096 Feb 28 22:19 seconds_since_reset<br />
-r--r--r-- 1 root root 4096 Feb 28 22:19 size_mb<br />
-r--r--r-- 1 root root 4096 Feb 28 22:19 ue_count<br />
-r--r--r-- 1 root root 4096 Feb 28 22:19 ue_noinfo_count<br />
-rw-r--r-- 1 root root 4096 Feb 28 22:19 uevent<br />
root@alphasuperdaq:~# <br />
root@alphasuperdaq:~# ras-mc-ctl --layout<br />
Use of uninitialized value $max_pos[3] in modulus (%) at /usr/sbin/ras-mc-ctl line 868.<br />
Use of uninitialized value $d in numeric ge (>=) at /usr/sbin/ras-mc-ctl line 869.<br />
Use of uninitialized value $d in sprintf at /usr/sbin/ras-mc-ctl line 872.<br />
Use of uninitialized value $pos[3] in join or string at /usr/sbin/ras-mc-ctl line 791.<br />
Use of uninitialized value $pos[3] in join or string at /usr/sbin/ras-mc-ctl line 791.<br />
Use of uninitialized value $pos[3] in join or string at /usr/sbin/ras-mc-ctl line 791.<br />
Use of uninitialized value $pos[3] in join or string at /usr/sbin/ras-mc-ctl line 791.<br />
Use of uninitialized value $pos[3] in join or string at /usr/sbin/ras-mc-ctl line 791.<br />
Use of uninitialized value $pos[3] in join or string at /usr/sbin/ras-mc-ctl line 791.<br />
Use of uninitialized value $pos[3] in join or string at /usr/sbin/ras-mc-ctl line 791.<br />
Use of uninitialized value $pos[3] in join or string at /usr/sbin/ras-mc-ctl line 791.<br />
Use of uninitialized value $pos[3] in join or string at /usr/sbin/ras-mc-ctl line 791.<br />
Use of uninitialized value $pos[3] in join or string at /usr/sbin/ras-mc-ctl line 791.<br />
Use of uninitialized value $pos[3] in join or string at /usr/sbin/ras-mc-ctl line 791.<br />
Use of uninitialized value $pos[3] in join or string at /usr/sbin/ras-mc-ctl line 791.<br />
Use of uninitialized value $pos[3] in join or string at /usr/sbin/ras-mc-ctl line 791.<br />
Use of uninitialized value $pos[3] in join or string at /usr/sbin/ras-mc-ctl line 791.<br />
Use of uninitialized value $pos[3] in join or string at /usr/sbin/ras-mc-ctl line 791.<br />
Use of uninitialized value $pos[3] in join or string at /usr/sbin/ras-mc-ctl line 791.<br />
+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+<br />
| mc0 |<br />
| csrow0 | csrow1 |<br />
| channel0 | channel1 | channel2 | channel3 | channel4 | channel5 | channel6 | channel7 | channel0 | channel1 | channel2 | channel3 | channel4 | channel5 | channel6 | channel7 |<br />
----+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+<br />
<br />
0: | 0 MB | 0 MB | 0 MB | 0 MB | 0 MB | 0 MB | 0 MB | 0 MB | 0 MB | 0 MB | 0 MB | 0 MB | 0 MB | 0 MB | 0 MB | 0 MB |<br />
----+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+<br />
root@alphasuperdaq:~# ras-mc-ctl --error-count<br />
Label CE UE<br />
mc#0csrow#0channel#2 0 0<br />
mc#0csrow#1channel#7 0 0<br />
mc#0csrow#0channel#3 0 0<br />
mc#0csrow#1channel#4 0 0<br />
mc#0csrow#1channel#2 0 0<br />
mc#0csrow#0channel#7 0 0<br />
mc#0csrow#1channel#3 0 0<br />
mc#0csrow#0channel#4 0 0<br />
mc#0csrow#1channel#1 0 0<br />
mc#0csrow#1channel#0 0 0<br />
mc#0csrow#1channel#5 0 0<br />
mc#0csrow#0channel#6 0 0<br />
mc#0csrow#0channel#1 0 0<br />
mc#0csrow#0channel#5 0 0<br />
mc#0csrow#0channel#0 0 0<br />
mc#0csrow#1channel#6 0 0<br />
root@alphasuperdaq:~# ras-mc-ctl --mainboard<br />
ras-mc-ctl: mainboard: ASUSTeK COMPUTER INC. model Pro WS WRX80E-SAGE SE WIFI<br />
root@alphasuperdaq:~# ras-mc-ctl --summary<br />
No Memory errors.<br />
<br />
No PCIe AER errors.<br />
<br />
No Extlog errors.<br />
<br />
DBD::SQLite::db prepare failed: no such table: devlink_event at /usr/sbin/ras-mc-ctl line 1181.<br />
Can't call method "execute" on an undefined value at /usr/sbin/ras-mc-ctl line 1182.<br />
root@alphasuperdaq:~#<br />
</pre><br />
<br />
=== AMD 7700X ===<br />
<br />
<pre><br />
root@dsfe05:~# apt install edac-utils<br />
root@dsfe05:~# edac-ctl --mainboard<br />
edac-ctl: mainboard: Supermicro H13SAE-MF<br />
root@dsfe05:~# edac-ctl --status<br />
edac-ctl: drivers are loaded.<br />
root@dsfe05:~# edac-util<br />
edac-util: No errors to report.<br />
root@dsfe05:~# edac-util -s<br />
edac-util: EDAC drivers are loaded. 1 MC detected<br />
root@dsfe05:~# ls -l /sys/devices/system/edac/mc/mc0<br />
total 0<br />
-r--r--r-- 1 root root 4096 May 14 09:33 ce_count<br />
-r--r--r-- 1 root root 4096 May 14 09:33 ce_noinfo_count<br />
-r--r--r-- 1 root root 4096 May 14 09:33 max_location<br />
-r--r--r-- 1 root root 4096 May 14 09:33 mc_name<br />
drwxr-xr-x 2 root root 0 May 14 09:33 power<br />
drwxr-xr-x 3 root root 0 May 14 09:33 rank4<br />
drwxr-xr-x 3 root root 0 May 14 09:33 rank5<br />
--w------- 1 root root 4096 May 14 09:33 reset_counters<br />
-r--r--r-- 1 root root 4096 May 14 09:33 seconds_since_reset<br />
-r--r--r-- 1 root root 4096 May 14 09:33 size_mb<br />
-r--r--r-- 1 root root 4096 May 14 09:33 ue_count<br />
-r--r--r-- 1 root root 4096 May 14 09:33 ue_noinfo_count<br />
-rw-r--r-- 1 root root 4096 May 14 09:33 uevent<br />
root@dsfe05:~# <br />
</pre><br />
<br />
== Configure rasdaemon ==<br />
<br />
<pre><br />
apt install rasdaemon<br />
</pre><br />
<pre><br />
systemctl enable rasdaemon<br />
systemctl restart rasdaemon<br />
systemctl status rasdaemon<br />
</pre><br />
<br />
<pre><br />
● rasdaemon.service - RAS daemon to log the RAS events<br />
Loaded: loaded (/lib/systemd/system/rasdaemon.service; enabled; vendor preset: enabled)<br />
Active: active (running) since Mon 2021-01-25 15:16:37 PST; 3min 5s ago<br />
Main PID: 2477175 (rasdaemon)<br />
Tasks: 1 (limit: 76958)<br />
Memory: 17.1M<br />
CGroup: /system.slice/rasdaemon.service<br />
└─2477175 /usr/sbin/rasdaemon -f -r<br />
<br />
Jan 25 15:16:37 daq00.triumf.ca rasdaemon[2477175]: rasdaemon: ras:extlog_mem_event event enabled<br />
Jan 25 15:16:37 daq00.triumf.ca rasdaemon[2477175]: rasdaemon: Enabled event ras:extlog_mem_event<br />
Jan 25 15:16:37 daq00.triumf.ca rasdaemon[2477175]: ras:extlog_mem_event event enabled<br />
Jan 25 15:16:37 daq00.triumf.ca rasdaemon[2477175]: rasdaemon: Listening to events for cpus 0 to 11<br />
Jan 25 15:16:37 daq00.triumf.ca rasdaemon[2477175]: Enabled event ras:extlog_mem_event<br />
Jan 25 15:16:37 daq00.triumf.ca rasdaemon[2477175]: rasdaemon: Recording mc_event events<br />
Jan 25 15:16:37 daq00.triumf.ca rasdaemon[2477175]: rasdaemon: Recording aer_event events<br />
Jan 25 15:16:37 daq00.triumf.ca rasdaemon[2477175]: rasdaemon: Recording extlog_event events<br />
Jan 25 15:16:37 daq00.triumf.ca rasdaemon[2477175]: rasdaemon: Recording mce_record events<br />
Jan 25 15:16:37 daq00.triumf.ca rasdaemon[2477175]: rasdaemon: Recording arm_event events<br />
</pre><br />
<br />
== Get reports ==<br />
<br />
* Intel 2x32GB ECC DIMMs<br />
<pre><br />
root@daq00:~# ras-mc-ctl --layout<br />
+-------------------------+<br />
| mc0 |<br />
| csrow0 | csrow1 |<br />
----------+-------------------------+<br />
channel1: | 16384 MB | 16384 MB |<br />
channel0: | 16384 MB | 16384 MB |<br />
----------+-------------------------+<br />
root@daq00:~# ras-mc-ctl --error-count<br />
Label CE UE<br />
mc#0csrow#1channel#1 0 0<br />
mc#0csrow#1channel#0 0 0<br />
mc#0csrow#0channel#0 0 0<br />
mc#0csrow#0channel#1 0 0<br />
root@daq00:~# <br />
</pre><br />
<br />
* Intel 4x16GB ECC DIMMs<br />
<pre><br />
root@daq00:~# ras-mc-ctl --error-count<br />
Label CE UE<br />
mc#0csrow#0channel#1 0 0<br />
mc#0csrow#2channel#0 0 0<br />
mc#0csrow#0channel#0 0 0<br />
mc#0csrow#2channel#1 0 0<br />
mc#0csrow#1channel#0 0 0<br />
mc#0csrow#1channel#1 0 0<br />
mc#0csrow#3channel#0 0 0<br />
mc#0csrow#3channel#1 0 0<br />
root@daq00:~# <br />
root@daq00:~# ras-mc-ctl --layout<br />
+-----------------------+<br />
| mc0 |<br />
| csrow0 | csrow1 |<br />
----------+-----------------------+<br />
channel1: | 8192 MB | 8192 MB |<br />
channel0: | 8192 MB | 8192 MB |<br />
----------+-----------------------+<br />
root@daq00:~# <br />
root@daq00:~# <br />
root@daq00:~# <br />
root@daq00:~# ras-mc-ctl --print-labels<br />
ras-mc-ctl: Error: No dimm labels for Supermicro model X11SCM-F<br />
root@daq00:~# ras-mc-ctl --mainboard<br />
ras-mc-ctl: mainboard: Supermicro model X11SCM-F<br />
root@daq00:~# ras-mc-ctl --summary<br />
No Memory errors.<br />
<br />
No PCIe AER errors.<br />
<br />
No Extlog errors.<br />
<br />
DBD::SQLite::db prepare failed: no such table: devlink_event at /usr/sbin/ras-mc-ctl line 1181.<br />
Can't call method "execute" on an undefined value at /usr/sbin/ras-mc-ctl line 1182.<br />
root@daq00:~# <br />
</pre><br />
<br />
note: ubuntu LTS 22.04 DBD::SQLite::db error is not there.<br />
<br />
* AMD 7700 2x32GB DDR5 ECC DIMMs<br />
<br />
<pre><br />
root@dsfe05:~# systemctl status rasdaemon<br />
● rasdaemon.service - RAS daemon to log the RAS events<br />
Loaded: loaded (/lib/systemd/system/rasdaemon.service; enabled; vendor preset: enabled)<br />
Active: active (running) since Tue 2024-05-14 09:36:43 PDT; 33ms ago<br />
Process: 4088418 ExecStartPost=/usr/sbin/rasdaemon --enable (code=exited, status=0/SUCCESS)<br />
Main PID: 4088417 (rasdaemon)<br />
Tasks: 1 (limit: 37300)<br />
Memory: 788.0K<br />
CPU: 5ms<br />
CGroup: /system.slice/rasdaemon.service<br />
└─4088417 /usr/sbin/rasdaemon -f -r<br />
<br />
May 14 09:36:43 dsfe05 rasdaemon[4088417]: ras:aer_event event enabled<br />
May 14 09:36:43 dsfe05 rasdaemon[4088417]: Enabled event ras:aer_event<br />
May 14 09:36:43 dsfe05 rasdaemon[4088417]: mce:mce_record event enabled<br />
May 14 09:36:43 dsfe05 rasdaemon[4088417]: Enabled event mce:mce_record<br />
May 14 09:36:43 dsfe05 rasdaemon[4088417]: ras:extlog_mem_event event enabled<br />
May 14 09:36:43 dsfe05 rasdaemon[4088417]: Enabled event ras:extlog_mem_event<br />
May 14 09:36:43 dsfe05 rasdaemon[4088417]: rasdaemon: Recording mc_event events<br />
May 14 09:36:43 dsfe05 rasdaemon[4088417]: rasdaemon: Recording aer_event events<br />
May 14 09:36:43 dsfe05 rasdaemon[4088417]: rasdaemon: Recording extlog_event events<br />
May 14 09:36:43 dsfe05 rasdaemon[4088417]: rasdaemon: Recording mce_record events<br />
root@dsfe05:~# ras-mc-ctl --layout<br />
Use of uninitialized value $max_pos[3] in modulus (%) at /usr/sbin/ras-mc-ctl line 907.<br />
Use of uninitialized value $d in numeric ge (>=) at /usr/sbin/ras-mc-ctl line 908.<br />
Use of uninitialized value $d in sprintf at /usr/sbin/ras-mc-ctl line 911.<br />
Use of uninitialized value $pos[3] in join or string at /usr/sbin/ras-mc-ctl line 830.<br />
Use of uninitialized value $pos[3] in join or string at /usr/sbin/ras-mc-ctl line 830.<br />
Use of uninitialized value $pos[3] in join or string at /usr/sbin/ras-mc-ctl line 830.<br />
Use of uninitialized value $pos[3] in join or string at /usr/sbin/ras-mc-ctl line 830.<br />
Use of uninitialized value $pos[3] in join or string at /usr/sbin/ras-mc-ctl line 830.<br />
Use of uninitialized value $pos[3] in join or string at /usr/sbin/ras-mc-ctl line 830.<br />
Use of uninitialized value $pos[3] in join or string at /usr/sbin/ras-mc-ctl line 830.<br />
Use of uninitialized value $pos[3] in join or string at /usr/sbin/ras-mc-ctl line 830.<br />
+-----------------------------------------------------------------------------------------------+<br />
| mc0 |<br />
| csrow0 | csrow1 | csrow2 | csrow3 |<br />
| channel0 | channel1 | channel0 | channel1 | channel0 | channel1 | channel0 | channel1 |<br />
----+-----------------------------------------------------------------------------------------------+<br />
<br />
0: | 0 MB | 0 MB | 0 MB | 0 MB | 0 MB | 0 MB | 0 MB | 0 MB |<br />
----+-----------------------------------------------------------------------------------------------+<br />
root@dsfe05:~# ras-mc-ctl --error-count<br />
Label CE UE<br />
mc#0csrow#2channel#1 0 0<br />
mc#0csrow#2channel#0 0 0<br />
root@dsfe05:~# ras-mc-ctl --print-labels<br />
ras-mc-ctl: Error: No dimm labels for Supermicro model H13SAE-MF<br />
root@dsfe05:~# ras-mc-ctl --mainboard<br />
ras-mc-ctl: mainboard: Supermicro model H13SAE-MF<br />
root@dsfe05:~# ras-mc-ctl --summary<br />
No Memory errors.<br />
<br />
No PCIe AER errors.<br />
<br />
No Extlog errors.<br />
<br />
No MCE errors.<br />
root@dsfe05:~# <br />
</pre><br />
<br />
= sensors =<br />
<br />
== VME CPU V7865 ==<br />
<br />
add to /etc/rc.local<br />
<br />
<pre><br />
modprobe coretemp<br />
modprobe lm75<br />
modprobe lm90<br />
modprobe max1668<br />
</pre><br />
<br />
available sensors:<br />
<br />
<pre><br />
root@lxdaq23:~# sensors<br />
max6657-i2c-0-4c<br />
Adapter: SMBus I801 adapter at 0400<br />
temp1: +29.1°C (low = -55.0°C, high = +105.0°C)<br />
(crit = +105.0°C, hyst = +95.0°C)<br />
temp2: +31.5°C (low = -55.0°C, high = +105.0°C)<br />
(crit = +105.0°C, hyst = +95.0°C)<br />
<br />
coretemp-isa-0000<br />
Adapter: ISA adapter<br />
Core 0: +25.0°C (crit = +100.0°C)<br />
Core 1: +25.0°C (crit = +100.0°C)<br />
<br />
max1805-i2c-0-18<br />
Adapter: SMBus I801 adapter at 0400<br />
temp1: +35.0°C (low = -55.0°C, high = +127.0°C)<br />
temp2: +63.0°C (low = -55.0°C, high = +127.0°C)<br />
temp3: FAULT (low = -55.0°C, high = +127.0°C) ALARM (HIGH)<br />
<br />
lm75-i2c-0-48<br />
Adapter: SMBus I801 adapter at 0400<br />
temp1: +34.5°C (high = +80.0°C, hyst = +75.0°C)<br />
<br />
root@lxdaq23:~# <br />
</pre><br />
<br />
== ASUS P7P55D EVO ==<br />
<br />
* BIOS version 2101<br />
<br />
<pre><br />
root@iris01:~# sensors<br />
coretemp-isa-0000<br />
Adapter: ISA adapter<br />
Core 0: +34.0°C (high = +83.0°C, crit = +99.0°C)<br />
Core 1: +37.0°C (high = +83.0°C, crit = +99.0°C)<br />
Core 2: +38.0°C (high = +83.0°C, crit = +99.0°C)<br />
Core 3: +35.0°C (high = +83.0°C, crit = +99.0°C)<br />
<br />
nouveau-pci-0100<br />
Adapter: PCI adapter<br />
GPU core: 900.00 mV (min = +0.85 V, max = +1.05 V)<br />
temp1: +46.0°C (high = +95.0°C, hyst = +3.0°C)<br />
(crit = +105.0°C, hyst = +5.0°C)<br />
(emerg = +135.0°C, hyst = +5.0°C)<br />
<br />
atk0110-acpi-0<br />
Adapter: ACPI interface<br />
Vcore Voltage: 864.00 mV (min = +0.80 V, max = +1.60 V)<br />
+3.3V Voltage: 3.38 V (min = +2.97 V, max = +3.63 V)<br />
+5V Voltage: 5.04 V (min = +4.50 V, max = +5.50 V)<br />
+12V Voltage: 12.15 V (min = +10.20 V, max = +13.80 V)<br />
CPU Fan Speed: 968 RPM (min = 600 RPM, max = 7200 RPM)<br />
Chassis1 Fan Speed: 1288 RPM (min = 600 RPM, max = 7200 RPM)<br />
Chassis2 Fan Speed: 1316 RPM (min = 600 RPM, max = 7200 RPM)<br />
Power Fan Speed: 0 RPM (min = 0 RPM, max = 7200 RPM)<br />
CPU Temperature: +34.0°C (high = +45.0°C, crit = +45.5°C)<br />
MB Temperature: +30.0°C (high = +45.0°C, crit = +46.0°C)<br />
<br />
root@iris01:~# <br />
</pre><br />
<br />
== ASUS Z97-WS ==<br />
<br />
* BIOS version 2704<br />
* load sensors drivers<br />
<pre><br />
echo modprobe coretemp >> /etc/rc.local<br />
echo modprobe nct6775 >> /etc/rc.local<br />
</pre><br />
* in /boot/grub/grub.cfg, add: GRUB_CMDLINE_LINUX_DEFAULT="acpi_enforce_resources=no"<br />
* update grub and reboot: grub-mkconfig -o /boot/grub/grub.cfg<br />
<br />
<pre><br />
root@isdaq08:~# sensors<br />
acpitz-acpi-0<br />
Adapter: ACPI interface<br />
temp1: +27.8°C <br />
temp2: +29.8°C <br />
<br />
nct6791-isa-0290<br />
Adapter: ISA adapter<br />
Vcore: 888.00 mV (min = +0.00 V, max = +1.74 V)<br />
in1: 1.01 V (min = +0.00 V, max = +0.00 V) ALARM<br />
AVCC: 3.36 V (min = +0.00 V, max = +0.00 V) ALARM<br />
+3.3V: 3.36 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in4: 1.02 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in5: 1.99 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in6: 0.00 V (min = +0.00 V, max = +0.00 V)<br />
3VSB: 3.44 V (min = +0.00 V, max = +0.00 V) ALARM<br />
Vbat: 3.33 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in9: 1.01 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in10: 0.00 V (min = +0.00 V, max = +0.00 V)<br />
in11: 840.00 mV (min = +0.00 V, max = +0.00 V) ALARM<br />
in12: 0.00 V (min = +0.00 V, max = +0.00 V)<br />
in13: 0.00 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in14: 0.00 V (min = +0.00 V, max = +0.00 V) ALARM<br />
fan1: 1041 RPM (min = 0 RPM)<br />
fan2: 1040 RPM (min = 0 RPM)<br />
fan3: 0 RPM (min = 0 RPM)<br />
fan4: 0 RPM (min = 0 RPM)<br />
fan5: 0 RPM (min = 0 RPM)<br />
fan6: 0 RPM (min = 0 RPM)<br />
SYSTIN: +34.0°C (high = +0.0°C, hyst = +0.0°C) ALARM sensor = thermistor<br />
CPUTIN: +41.0°C (high = +80.0°C, hyst = +75.0°C) sensor = thermistor<br />
AUXTIN0: -128.0°C sensor = thermistor<br />
AUXTIN1: -128.0°C sensor = thermistor<br />
AUXTIN2: +35.0°C sensor = thermistor<br />
AUXTIN3: +127.0°C sensor = thermistor<br />
PECI Agent 0: +41.0°C <br />
PCH_CHIP_CPU_MAX_TEMP: +0.0°C <br />
PCH_CHIP_TEMP: +0.0°C <br />
PCH_CPU_TEMP: +0.0°C <br />
PCH_MCH_TEMP: +0.0°C <br />
PCH_DIM0_TEMP: +0.0°C <br />
intrusion0: ALARM<br />
intrusion1: ALARM<br />
beep_enable: disabled<br />
<br />
coretemp-isa-0000<br />
Adapter: ISA adapter<br />
Package id 0: +42.0°C (high = +80.0°C, crit = +100.0°C)<br />
Core 0: +42.0°C (high = +80.0°C, crit = +100.0°C)<br />
Core 1: +40.0°C (high = +80.0°C, crit = +100.0°C)<br />
Core 2: +39.0°C (high = +80.0°C, crit = +100.0°C)<br />
Core 3: +39.0°C (high = +80.0°C, crit = +100.0°C)<br />
<br />
root@isdaq08:~# <br />
</pre><br />
<br />
== ASUS Z170-DELUXE ==<br />
<br />
* BIOS version 3801<br />
* load sensors drivers<br />
<pre><br />
echo modprobe coretemp >> /etc/rc.local<br />
echo modprobe jc42 >> /etc/rc.local<br />
echo modprobe lm92 >> /etc/rc.local<br />
echo modprobe nct6775 >> /etc/rc.local<br />
</pre><br />
* in /boot/grub/grub.cfg, add: GRUB_CMDLINE_LINUX_DEFAULT="acpi_enforce_resources=no"<br />
* update grub and reboot: grub-mkconfig -o /boot/grub/grub.cfg<br />
<br />
<pre><br />
root@iris00:~# sensors<br />
nct6793-isa-0290<br />
Adapter: ISA adapter<br />
in0: 600.00 mV (min = +0.00 V, max = +1.74 V)<br />
in1: 1.02 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in2: 3.39 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in3: 3.38 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in4: 1.03 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in5: 144.00 mV (min = +0.00 V, max = +0.00 V) ALARM<br />
in6: 0.00 V (min = +0.00 V, max = +0.00 V)<br />
in7: 3.38 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in8: 3.14 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in9: 1000.00 mV (min = +0.00 V, max = +0.00 V) ALARM<br />
in10: 600.00 mV (min = +0.00 V, max = +0.00 V) ALARM<br />
in11: 1.06 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in12: 1.02 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in13: 592.00 mV (min = +0.00 V, max = +0.00 V) ALARM<br />
in14: 968.00 mV (min = +0.00 V, max = +0.00 V) ALARM<br />
fan1: 1370 RPM (min = 0 RPM)<br />
fan2: 1437 RPM (min = 0 RPM)<br />
fan3: 0 RPM (min = 0 RPM)<br />
fan4: 0 RPM (min = 0 RPM)<br />
fan5: 0 RPM (min = 0 RPM)<br />
fan6: 0 RPM (min = 0 RPM)<br />
SYSTIN: +32.0°C (high = +98.0°C, hyst = +95.0°C) sensor = thermistor<br />
CPUTIN: +42.0°C (high = +80.0°C, hyst = +75.0°C) sensor = thermistor<br />
AUXTIN0: -128.0°C sensor = thermistor<br />
AUXTIN1: +50.0°C sensor = thermistor<br />
AUXTIN2: +22.0°C sensor = thermistor<br />
AUXTIN3: +28.0°C sensor = thermistor<br />
PECI Agent 0: +50.0°C (high = +98.0°C, hyst = +95.0°C)<br />
(crit = +100.0°C)<br />
PECI Agent 0 Calibration: +42.5°C <br />
PCH_CHIP_CPU_MAX_TEMP: +0.0°C <br />
PCH_CHIP_TEMP: +0.0°C <br />
PCH_CPU_TEMP: +0.0°C <br />
PCH_MCH_TEMP: +0.0°C <br />
TSI2_TEMP: +3892314.0°C <br />
TSI3_TEMP: +3892314.0°C <br />
TSI4_TEMP: +3892314.0°C <br />
TSI5_TEMP: +3892314.0°C <br />
TSI6_TEMP: +3892314.0°C <br />
TSI7_TEMP: +3892314.0°C <br />
intrusion0: ALARM<br />
intrusion1: ALARM<br />
beep_enable: disabled<br />
<br />
jc42-i2c-0-1a<br />
Adapter: SMBus I801 adapter at f040<br />
temp1: +36.0°C (low = +0.0°C) ALARM (HIGH, CRIT)<br />
(high = +0.0°C, hyst = +0.0°C)<br />
(crit = +0.0°C, hyst = +0.0°C)<br />
<br />
jc42-i2c-0-18<br />
Adapter: SMBus I801 adapter at f040<br />
temp1: +34.8°C (low = +0.0°C) ALARM (HIGH, CRIT)<br />
(high = +0.0°C, hyst = +0.0°C)<br />
(crit = +0.0°C, hyst = +0.0°C)<br />
<br />
jc42-i2c-0-1b<br />
Adapter: SMBus I801 adapter at f040<br />
temp1: +35.0°C (low = +0.0°C) ALARM (HIGH, CRIT)<br />
(high = +0.0°C, hyst = +0.0°C)<br />
(crit = +0.0°C, hyst = +0.0°C)<br />
<br />
jc42-i2c-0-19<br />
Adapter: SMBus I801 adapter at f040<br />
temp1: +36.0°C (low = +0.0°C) ALARM (HIGH, CRIT)<br />
(high = +0.0°C, hyst = +0.0°C)<br />
(crit = +0.0°C, hyst = +0.0°C)<br />
<br />
coretemp-isa-0000<br />
Adapter: ISA adapter<br />
Package id 0: +52.0°C (high = +84.0°C, crit = +100.0°C)<br />
Core 0: +52.0°C (high = +84.0°C, crit = +100.0°C)<br />
Core 1: +51.0°C (high = +84.0°C, crit = +100.0°C)<br />
Core 2: +48.0°C (high = +84.0°C, crit = +100.0°C)<br />
Core 3: +47.0°C (high = +84.0°C, crit = +100.0°C)<br />
<br />
root@iris00:~# <br />
</pre><br />
<br />
== ASUS Z390M-PRO GAMING (WI-FI) ==<br />
<br />
* BIOS 3006<br />
* load sensors drivers<br />
<pre><br />
echo modprobe coretemp >> /etc/rc.local<br />
echo modprobe nct6775 >> /etc/rc.local<br />
</pre><br />
<br />
<pre><br />
root@daq18:~# sensors<br />
nct6798-isa-0290<br />
Adapter: ISA adapter<br />
in0: 696.00 mV (min = +0.00 V, max = +1.74 V)<br />
in1: 1.02 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in2: 3.42 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in3: 3.41 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in4: 1.03 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in5: 208.00 mV (min = +0.00 V, max = +0.00 V)<br />
in6: 1.02 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in7: 3.42 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in8: 3.17 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in9: 1.07 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in10: 1.36 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in11: 1.33 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in12: 1.06 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in13: 1.02 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in14: 1.03 V (min = +0.00 V, max = +0.00 V) ALARM<br />
fan1: 0 RPM (min = 0 RPM)<br />
fan2: 1131 RPM (min = 0 RPM)<br />
fan3: 0 RPM (min = 0 RPM)<br />
fan4: 0 RPM (min = 0 RPM)<br />
fan5: 1006 RPM (min = 0 RPM)<br />
fan6: 0 RPM (min = 0 RPM)<br />
fan7: 0 RPM (min = 0 RPM)<br />
SYSTIN: +32.0°C (high = +80.0°C, hyst = +75.0°C)<br />
(crit = +100.0°C) sensor = thermistor<br />
CPUTIN: +29.0°C (high = +80.0°C, hyst = +75.0°C)<br />
(crit = +100.0°C) sensor = thermistor<br />
AUXTIN0: +25.0°C (high = +80.0°C, hyst = +75.0°C)<br />
(crit = +100.0°C) sensor = thermistor<br />
AUXTIN1: +7.0°C (high = +80.0°C, hyst = +75.0°C)<br />
(crit = +100.0°C) sensor = thermistor<br />
AUXTIN2: +8.0°C (high = +80.0°C, hyst = +75.0°C)<br />
(crit = +100.0°C) sensor = thermistor<br />
AUXTIN3: +24.0°C (high = +80.0°C, hyst = +75.0°C)<br />
(crit = +100.0°C) sensor = thermistor<br />
AUXTIN4: +83.0°C (high = +80.0°C, hyst = +75.0°C) ALARM<br />
(crit = +100.0°C)<br />
PECI Agent 0 Calibration: +29.0°C (high = +80.0°C, hyst = +75.0°C)<br />
PCH_CHIP_CPU_MAX_TEMP: +0.0°C <br />
PCH_CHIP_TEMP: +0.0°C <br />
PCH_CPU_TEMP: +0.0°C <br />
PCH_MCH_TEMP: +0.0°C <br />
intrusion0: ALARM<br />
intrusion1: ALARM<br />
beep_enable: disabled<br />
<br />
coretemp-isa-0000<br />
Adapter: ISA adapter<br />
Package id 0: +39.0°C (high = +82.0°C, crit = +100.0°C)<br />
Core 0: +39.0°C (high = +82.0°C, crit = +100.0°C)<br />
Core 1: +33.0°C (high = +82.0°C, crit = +100.0°C)<br />
Core 2: +32.0°C (high = +82.0°C, crit = +100.0°C)<br />
Core 3: +31.0°C (high = +82.0°C, crit = +100.0°C)<br />
Core 4: +31.0°C (high = +82.0°C, crit = +100.0°C)<br />
Core 5: +30.0°C (high = +82.0°C, crit = +100.0°C)<br />
<br />
acpitz-acpi-0<br />
Adapter: ACPI interface<br />
temp1: +27.8°C <br />
<br />
iwlwifi_1-virtual-0<br />
Adapter: Virtual device<br />
temp1: +28.0°C <br />
<br />
root@daq18:~# <br />
</pre><br />
<br />
== ASUS H110M-A/M.2 ==<br />
<br />
* BIOS version 4202<br />
* echo modprobe coretemp >> /etc/rc.local<br />
* echo modprobe nct6775 >> /etc/rc.local<br />
<br />
<pre><br />
root@midpol:~# sensors<br />
coretemp-isa-0000<br />
Adapter: ISA adapter<br />
Package id 0: +33.0°C (high = +80.0°C, crit = +100.0°C)<br />
Core 0: +33.0°C (high = +80.0°C, crit = +100.0°C)<br />
Core 1: +30.0°C (high = +80.0°C, crit = +100.0°C)<br />
<br />
acpitz-acpi-0<br />
Adapter: ACPI interface<br />
temp1: +27.8°C (crit = +119.0°C)<br />
temp2: +29.8°C (crit = +119.0°C)<br />
<br />
nct6793-isa-0290<br />
Adapter: ISA adapter<br />
in0: 368.00 mV (min = +0.00 V, max = +1.74 V)<br />
in1: 1.02 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in2: 3.39 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in3: 3.36 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in4: 1.02 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in5: 152.00 mV (min = +0.00 V, max = +0.00 V) ALARM<br />
in6: 928.00 mV (min = +0.00 V, max = +0.00 V) ALARM<br />
in7: 3.39 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in8: 3.14 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in9: 1000.00 mV (min = +0.00 V, max = +0.00 V) ALARM<br />
in10: 152.00 mV (min = +0.00 V, max = +0.00 V) ALARM<br />
in11: 128.00 mV (min = +0.00 V, max = +0.00 V) ALARM<br />
in12: 136.00 mV (min = +0.00 V, max = +0.00 V) ALARM<br />
in13: 120.00 mV (min = +0.00 V, max = +0.00 V) ALARM<br />
in14: 136.00 mV (min = +0.00 V, max = +0.00 V) ALARM<br />
fan1: 1004 RPM (min = 0 RPM)<br />
fan2: 1143 RPM (min = 0 RPM)<br />
fan5: 0 RPM (min = 0 RPM)<br />
fan6: 0 RPM (min = 0 RPM)<br />
SYSTIN: +118.0°C (high = +98.0°C, hyst = +95.0°C) sensor = thermistor<br />
CPUTIN: +29.0°C (high = +80.0°C, hyst = +75.0°C) sensor = thermistor<br />
AUXTIN0: +30.0°C sensor = thermistor<br />
AUXTIN1: +112.0°C sensor = thermistor<br />
AUXTIN2: +111.0°C sensor = thermistor<br />
AUXTIN3: +110.0°C sensor = thermistor<br />
PECI Agent 0: +31.0°C (high = +98.0°C, hyst = +95.0°C)<br />
(crit = +100.0°C)<br />
PECI Agent 0 Calibration: +36.5°C <br />
PCH_CHIP_CPU_MAX_TEMP: +0.0°C <br />
PCH_CHIP_TEMP: +0.0°C <br />
TSI2_TEMP: +3892314.0°C <br />
TSI3_TEMP: +3892314.0°C <br />
TSI4_TEMP: +3892314.0°C <br />
TSI5_TEMP: +3892314.0°C <br />
TSI6_TEMP: +3892314.0°C <br />
TSI7_TEMP: +3892314.0°C <br />
intrusion0: ALARM<br />
intrusion1: ALARM<br />
beep_enable: disabled<br />
<br />
root@midpol:~# <br />
</pre><br />
<br />
== ASUS P9X79 WS ==<br />
<br />
* https://www.asus.com/supportonly/P9X79%20WS/HelpDesk_Manual/<br />
* BIOS version 4802<br />
* modprobe nct6775<br />
* modprobe coretemp<br />
<br />
<pre><br />
root@daq14:~# sensors<br />
coretemp-isa-0000<br />
Adapter: ISA adapter<br />
Package id 0: +35.0°C (high = +82.0°C, crit = +100.0°C)<br />
Core 0: +29.0°C (high = +82.0°C, crit = +100.0°C)<br />
Core 1: +24.0°C (high = +82.0°C, crit = +100.0°C)<br />
Core 2: +35.0°C (high = +82.0°C, crit = +100.0°C)<br />
Core 3: +32.0°C (high = +82.0°C, crit = +100.0°C)<br />
<br />
nouveau-pci-0200<br />
Adapter: PCI adapter<br />
GPU core: 900.00 mV (min = +0.85 V, max = +1.00 V)<br />
temp1: +39.0°C (high = +95.0°C, hyst = +3.0°C)<br />
(crit = +105.0°C, hyst = +5.0°C)<br />
(emerg = +135.0°C, hyst = +5.0°C)<br />
<br />
nct6776-isa-0290<br />
Adapter: ISA adapter<br />
Vcore: 1.04 V (min = +0.00 V, max = +1.74 V)<br />
in1: 1.01 V (min = +0.00 V, max = +0.00 V) ALARM<br />
AVCC: 3.33 V (min = +0.00 V, max = +0.00 V) ALARM<br />
+3.3V: 3.33 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in4: 1.01 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in5: 2.04 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in6: 904.00 mV (min = +0.00 V, max = +0.00 V) ALARM<br />
3VSB: 3.41 V (min = +0.00 V, max = +0.00 V) ALARM<br />
Vbat: 3.30 V (min = +0.00 V, max = +0.00 V) ALARM<br />
fan1: 1265 RPM (min = 0 RPM)<br />
fan2: 1909 RPM (min = 0 RPM)<br />
fan3: 0 RPM (min = 0 RPM)<br />
fan4: 0 RPM (min = 0 RPM)<br />
fan5: 0 RPM (min = 0 RPM)<br />
SYSTIN: +34.0°C (high = +0.0°C, hyst = +0.0°C) ALARM sensor = thermistor<br />
CPUTIN: +58.0°C (high = +80.0°C, hyst = +75.0°C) sensor = thermal diode<br />
AUXTIN: +31.5°C (high = +80.0°C, hyst = +75.0°C) sensor = thermistor<br />
PECI Agent 0: +31.0°C (high = +80.0°C, hyst = +75.0°C)<br />
(crit = +96.0°C)<br />
PCH_CHIP_TEMP: +0.0°C <br />
PCH_CPU_TEMP: +0.0°C <br />
PCH_MCH_TEMP: +0.0°C <br />
intrusion0: ALARM<br />
intrusion1: ALARM<br />
beep_enable: disabled<br />
<br />
root@daq14:~# <br />
</pre><br />
<br />
== ASUS TUF GAMING B550M-PLUS WIFI II ==<br />
<br />
* BIOS 2803, 2806<br />
* echo modprobe nct6775 >> /etc/rc.local<br />
<br />
<pre><br />
root@midm9a:~# sensors<br />
nct6798-isa-0290<br />
Adapter: ISA adapter<br />
in0: 488.00 mV (min = +0.00 V, max = +1.74 V)<br />
in1: 1.02 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in2: 3.41 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in3: 3.38 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in4: 1.01 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in5: 1.01 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in6: 208.00 mV (min = +0.00 V, max = +0.00 V) ALARM<br />
in7: 3.41 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in8: 3.33 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in9: 1.82 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in10: 1.01 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in11: 1.01 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in12: 1.03 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in13: 1.01 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in14: 1.02 V (min = +0.00 V, max = +0.00 V) ALARM<br />
fan1: 0 RPM (min = 0 RPM)<br />
fan2: 760 RPM (min = 0 RPM)<br />
fan3: 0 RPM (min = 0 RPM)<br />
fan7: 1264 RPM (min = 0 RPM)<br />
SYSTIN: +25.0°C (high = +80.0°C, hyst = +75.0°C) sensor = thermistor<br />
CPUTIN: +22.5°C (high = +80.0°C, hyst = +75.0°C) sensor = thermistor<br />
AUXTIN0: +95.0°C sensor = thermistor<br />
AUXTIN1: +25.0°C sensor = thermistor<br />
AUXTIN2: +25.0°C sensor = thermistor<br />
AUXTIN3: +25.0°C sensor = thermistor<br />
PECI Agent 0 Calibration: +23.5°C <br />
PCH_CHIP_CPU_MAX_TEMP: +0.0°C <br />
PCH_CHIP_TEMP: +0.0°C <br />
PCH_CPU_TEMP: +0.0°C <br />
TSI0_TEMP: +32.4°C <br />
intrusion0: ALARM<br />
intrusion1: ALARM<br />
beep_enable: disabled<br />
<br />
amdgpu-pci-0800<br />
Adapter: PCI adapter<br />
vddgfx: 1.45 V <br />
vddnb: 993.00 mV <br />
edge: +28.0°C <br />
PPT: 20.00 W <br />
<br />
k10temp-pci-00c3<br />
Adapter: PCI adapter<br />
Tctl: +33.4°C <br />
<br />
root@midm9a:~# <br />
</pre><br />
<br />
== ASUS ASUS ROG STRIX B550-XE GAMING WIFI ==<br />
<br />
* BIOS 2423, 2604<br />
* echo modprobe nct6775 >> /etc/rc.local<br />
<br />
<pre><br />
root@daq13:~# sensors<br />
nct6798-isa-0290<br />
Adapter: ISA adapter<br />
in0: 344.00 mV (min = +0.00 V, max = +1.74 V)<br />
in1: 992.00 mV (min = +0.00 V, max = +0.00 V) ALARM<br />
in2: 3.41 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in3: 3.39 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in4: 1.02 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in5: 960.00 mV (min = +0.00 V, max = +0.00 V) ALARM<br />
in6: 216.00 mV (min = +0.00 V, max = +0.00 V) ALARM<br />
in7: 3.41 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in8: 3.30 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in9: 1.81 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in10: 960.00 mV (min = +0.00 V, max = +0.00 V) ALARM<br />
in11: 960.00 mV (min = +0.00 V, max = +0.00 V) ALARM<br />
in12: 1.03 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in13: 280.00 mV (min = +0.00 V, max = +0.00 V) ALARM<br />
in14: 208.00 mV (min = +0.00 V, max = +0.00 V) ALARM<br />
fan1: 845 RPM (min = 0 RPM)<br />
fan2: 998 RPM (min = 0 RPM)<br />
fan3: 0 RPM (min = 0 RPM)<br />
fan4: 0 RPM (min = 0 RPM)<br />
fan5: 0 RPM (min = 0 RPM)<br />
SYSTIN: +28.0°C (high = +80.0°C, hyst = +75.0°C) sensor = thermistor<br />
CPUTIN: +27.5°C (high = +80.0°C, hyst = +75.0°C) sensor = thermistor<br />
AUXTIN0: +94.0°C sensor = thermistor<br />
AUXTIN1: +28.0°C sensor = thermistor<br />
AUXTIN2: +28.0°C sensor = thermistor<br />
AUXTIN3: +97.0°C sensor = thermistor<br />
PECI Agent 0 Calibration: +27.5°C <br />
PCH_CHIP_CPU_MAX_TEMP: +0.0°C <br />
PCH_CHIP_TEMP: +0.0°C <br />
PCH_CPU_TEMP: +0.0°C <br />
TSI0_TEMP: +33.6°C <br />
intrusion0: ALARM<br />
intrusion1: ALARM<br />
beep_enable: disabled<br />
<br />
amdgpu-pci-0600<br />
Adapter: PCI adapter<br />
vddgfx: 1.45 V <br />
vddnb: 999.00 mV <br />
edge: +29.0°C <br />
PPT: 14.00 W <br />
<br />
iwlwifi_1-virtual-0<br />
Adapter: Virtual device<br />
temp1: +30.0°C <br />
<br />
k10temp-pci-00c3<br />
Adapter: PCI adapter<br />
Tctl: +33.9°C <br />
<br />
root@daq13:~# <br />
</pre><br />
<br />
== ASUS ASUS ROG STRIX B550-E GAMING ==<br />
<br />
* bios 2803<br />
* echo modprobe jc42 >> /etc/rc.local<br />
* echo modprobe nct6775 >> /etc/rc.local<br />
<br />
<pre><br />
root@daq17:~# sensors<br />
jc42-i2c-1-1b<br />
Adapter: SMBus PIIX4 adapter port 0 at 0b00<br />
temp1: +25.0°C (low = +0.0°C) ALARM (HIGH, CRIT)<br />
(high = +0.0°C, hyst = +0.0°C)<br />
(crit = +0.0°C, hyst = +0.0°C)<br />
<br />
iwlwifi_1-virtual-0<br />
Adapter: Virtual device<br />
temp1: +28.0°C <br />
<br />
nouveau-pci-0800<br />
Adapter: PCI adapter<br />
GPU core: 900.00 mV (min = +0.85 V, max = +1.00 V)<br />
temp1: +34.0°C (high = +95.0°C, hyst = +3.0°C)<br />
(crit = +105.0°C, hyst = +5.0°C)<br />
(emerg = +135.0°C, hyst = +5.0°C)<br />
<br />
nct6798-isa-0290<br />
Adapter: ISA adapter<br />
in0: 288.00 mV (min = +0.00 V, max = +1.74 V)<br />
in1: 1.02 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in2: 3.36 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in3: 3.38 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in4: 1.02 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in5: 1.06 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in6: 224.00 mV (min = +0.00 V, max = +0.00 V) ALARM<br />
in7: 3.36 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in8: 3.31 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in9: 1.79 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in10: 1.06 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in11: 1.06 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in12: 1.02 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in13: 280.00 mV (min = +0.00 V, max = +0.00 V) ALARM<br />
in14: 208.00 mV (min = +0.00 V, max = +0.00 V) ALARM<br />
fan1: 843 RPM (min = 0 RPM)<br />
fan2: 629 RPM (min = 0 RPM)<br />
fan3: 746 RPM (min = 0 RPM)<br />
fan4: 0 RPM (min = 0 RPM)<br />
fan5: 0 RPM (min = 0 RPM)<br />
SYSTIN: +22.0°C (high = +80.0°C, hyst = +75.0°C) sensor = thermistor<br />
CPUTIN: +25.0°C (high = +80.0°C, hyst = +75.0°C) sensor = thermistor<br />
AUXTIN0: +93.0°C sensor = thermistor<br />
AUXTIN1: +22.0°C sensor = thermistor<br />
AUXTIN2: +22.0°C sensor = thermistor<br />
AUXTIN3: +96.0°C sensor = thermistor<br />
PECI Agent 0 Calibration: +25.5°C <br />
PCH_CHIP_CPU_MAX_TEMP: +0.0°C <br />
PCH_CHIP_TEMP: +0.0°C <br />
PCH_CPU_TEMP: +0.0°C <br />
TSI0_TEMP: +27.6°C <br />
intrusion0: ALARM<br />
intrusion1: ALARM<br />
beep_enable: disabled<br />
<br />
jc42-i2c-1-1a<br />
Adapter: SMBus PIIX4 adapter port 0 at 0b00<br />
temp1: +23.2°C (low = +0.0°C) ALARM (HIGH, CRIT)<br />
(high = +0.0°C, hyst = +0.0°C)<br />
(crit = +0.0°C, hyst = +0.0°C)<br />
<br />
asusec-isa-0000<br />
Adapter: ISA adapter<br />
CPU_Opt: 0 RPM<br />
Chipset: +34.0°C <br />
CPU: +25.0°C <br />
Motherboard: +22.0°C <br />
T_Sensor: -40.0°C <br />
VRM: +31.0°C <br />
<br />
k10temp-pci-00c3<br />
Adapter: PCI adapter<br />
Tctl: +28.0°C <br />
Tccd1: +27.5°C <br />
<br />
root@daq17:~# <br />
</pre><br />
<br />
== ASUS PRIME B650-PLUS ==<br />
<br />
* BIOS 1811<br />
* echo modprobe nct6775 >> /etc/rc.local<br />
<br />
<pre><br />
root@dsdaqgw:~# sensors<br />
amdgpu-pci-0b00<br />
Adapter: PCI adapter<br />
vddgfx: 930.00 mV <br />
vddnb: 1.19 V <br />
edge: +38.0°C <br />
PPT: 25.10 W <br />
<br />
nct6799-isa-0290<br />
Adapter: ISA adapter<br />
in0: 920.00 mV (min = +0.00 V, max = +1.74 V)<br />
in1: 1.02 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in2: 3.39 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in3: 3.38 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in4: 1.02 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in5: 1.04 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in6: 320.00 mV (min = +0.00 V, max = +0.00 V) ALARM<br />
in7: 3.39 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in8: 3.28 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in9: 3.38 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in10: 1.28 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in11: 1.10 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in12: 1.04 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in13: 416.00 mV (min = +0.00 V, max = +0.00 V) ALARM<br />
in14: 328.00 mV (min = +0.00 V, max = +0.00 V) ALARM<br />
fan1: 0 RPM (min = 0 RPM)<br />
fan2: 1253 RPM (min = 0 RPM)<br />
fan3: 0 RPM (min = 0 RPM)<br />
fan4: 0 RPM (min = 0 RPM)<br />
fan5: 0 RPM (min = 0 RPM)<br />
fan7: 0 RPM (min = 0 RPM)<br />
SYSTIN: +33.0°C (high = +80.0°C, hyst = +75.0°C) sensor = thermistor<br />
CPUTIN: +35.5°C (high = +80.0°C, hyst = +75.0°C) sensor = thermistor<br />
AUXTIN0: +78.0°C sensor = thermistor<br />
AUXTIN1: +11.0°C sensor = thermistor<br />
AUXTIN2: +20.0°C sensor = thermistor<br />
AUXTIN3: +82.0°C sensor = thermistor<br />
PECI Agent 0 Calibration: +35.5°C <br />
PCH_CHIP_CPU_MAX_TEMP: +0.0°C <br />
PCH_CHIP_TEMP: +0.0°C <br />
PCH_CPU_TEMP: +0.0°C <br />
TSI0_TEMP: +42.6°C <br />
intrusion0: ALARM<br />
intrusion1: OK<br />
beep_enable: disabled<br />
<br />
k10temp-pci-00c3<br />
Adapter: PCI adapter<br />
Tctl: +42.6°C <br />
Tccd1: +36.4°C <br />
<br />
root@dsdaqgw:~# <br />
</pre><br />
<br />
= Enable CPU turbo mode =<br />
<br />
* Intel CPU has a nominal CPU frequency (i.e. 3.4GHz) and a turbo-boost CPU frequency (i.e. 4.0GHz). Here we will enable this turbo-boost mode.<br />
* Find out CPU capability<br />
<pre><br />
root@daq01:~# lscpu | grep Hz<br />
Model name: Intel(R) Core(TM) i7-6700 CPU @ 3.40GHz<br />
CPU MHz: 3965.803<br />
CPU max MHz: 4000.0000<br />
CPU min MHz: 800.0000<br />
root@daq01:~# <br />
</pre><br />
* Look up this CPU in the Intel ARK database - google for the CPU model name, i.e.<br />
https://ark.intel.com/content/www/us/en/ark/products/88196/intel-core-i7-6700-processor-8m-cache-up-to-4-00-ghz.html<br />
* Find current frequency settings:<br />
<pre><br />
root@daq01:~# cpupower frequency-info<br />
analyzing CPU 0:<br />
driver: intel_pstate<br />
CPUs which run at the same hardware frequency: 0<br />
CPUs which need to have their frequency coordinated by software: 0<br />
maximum transition latency: Cannot determine or is not supported.<br />
hardware limits: 800 MHz - 4.00 GHz<br />
available cpufreq governors: performance powersave<br />
current policy: frequency should be within 800 MHz and 4.00 GHz.<br />
The governor "powersave" may decide which speed to use<br />
within this range.<br />
current CPU frequency: Unable to call hardware<br />
current CPU frequency: 2.72 GHz (asserted by call to kernel)<br />
boost state support:<br />
Supported: yes<br />
Active: yes<br />
root@daq01:~# <br />
</pre><br />
* Note the following:<br />
** current governor is "powersave"<br />
** "performance" governor is available<br />
** "boost state support" is supported and active.<br />
* Confirm CPU frequency governor:<br />
<pre><br />
root@daq01:~# cat /sys/devices/system/cpu/cpu*/cpufreq/scaling_governor<br />
powersave<br />
powersave<br />
powersave<br />
powersave<br />
powersave<br />
powersave<br />
powersave<br />
powersave<br />
root@daq01:~# <br />
</pre> <br />
* Change governor to "performance":<br />
<pre><br />
root@daq01:~# cpupower frequency-set --governor performance<br />
Setting cpu: 0<br />
Setting cpu: 1<br />
Setting cpu: 2<br />
Setting cpu: 3<br />
Setting cpu: 4<br />
Setting cpu: 5<br />
Setting cpu: 6<br />
Setting cpu: 7<br />
root@daq01:~# cat /sys/devices/system/cpu/cpu*/cpufreq/scaling_governor<br />
performance<br />
performance<br />
performance<br />
performance<br />
performance<br />
performance<br />
performance<br />
performance<br />
root@daq01:~# cpupower frequency-info<br />
analyzing CPU 0:<br />
driver: intel_pstate<br />
CPUs which run at the same hardware frequency: 0<br />
CPUs which need to have their frequency coordinated by software: 0<br />
maximum transition latency: Cannot determine or is not supported.<br />
hardware limits: 800 MHz - 4.00 GHz<br />
available cpufreq governors: performance powersave<br />
current policy: frequency should be within 800 MHz and 4.00 GHz.<br />
The governor "performance" may decide which speed to use<br />
within this range.<br />
current CPU frequency: Unable to call hardware<br />
current CPU frequency: 3.93 GHz (asserted by call to kernel)<br />
boost state support:<br />
Supported: yes<br />
Active: yes<br />
</pre><br />
* monitor CPU frequency:<br />
<pre><br />
root@daq01:~# cpupower monitor<br />
| Nehalem || Mperf || Idle_Stats <br />
CPU| C3 | C6 | PC3 | PC6 || C0 | Cx | Freq || POLL | C1 | C1E | C3 | C6 | C7s | C8 <br />
0| 0.00| 0.00| 0.00| 0.00|| 88.80| 11.20| 3973|| 0.00| 0.00| 0.01| 0.02| 0.31| 0.00| 4.25<br />
4| 0.00| 0.00| 0.00| 0.00|| 4.70| 95.30| 3945|| 0.00| 0.00| 0.00| 0.00| 0.00| 0.00| 95.03<br />
1| 0.73| 3.70| 0.00| 0.00|| 4.52| 95.48| 3864|| 0.00| 0.01| 1.19| 0.44| 2.82| 0.00| 90.23<br />
5| 0.73| 3.70| 0.00| 0.00|| 0.37| 99.63| 3807|| 0.00| 0.00| 0.03| 0.09| 1.70| 0.00| 97.64<br />
2| 2.28| 12.86| 0.00| 0.00|| 1.41| 98.59| 3829|| 0.00| 0.86| 3.17| 0.46| 7.70| 0.00| 85.87<br />
6| 2.28| 12.86| 0.00| 0.00|| 2.88| 97.12| 3856|| 0.00| 0.11| 4.56| 2.15| 10.31| 0.00| 78.99<br />
3| 1.33| 4.81| 0.00| 0.00|| 0.99| 99.01| 3804|| 0.00| 0.49| 0.79| 0.01| 1.03| 0.00| 96.12<br />
7| 1.34| 4.81| 0.00| 0.00|| 1.26| 98.74| 3818|| 0.00| 0.01| 2.32| 0.47| 5.02| 0.00| 90.06<br />
root@daq01:~# <br />
</pre><br />
* check that the CPU is not overheating:<br />
<pre><br />
root@daq01:~# sensors<br />
coretemp-isa-0000<br />
Adapter: ISA adapter<br />
Package id 0: +51.0°C (high = +84.0°C, crit = +100.0°C)<br />
Core 0: +51.0°C (high = +84.0°C, crit = +100.0°C)<br />
Core 1: +38.0°C (high = +84.0°C, crit = +100.0°C)<br />
Core 2: +34.0°C (high = +84.0°C, crit = +100.0°C)<br />
Core 3: +32.0°C (high = +84.0°C, crit = +100.0°C)<br />
</pre><br />
* congratulations, we are running at 4 GHz now!<br />
<br />
= Setup ubuntu as gateway to private network =<br />
<br />
See also:<br />
* https://daq.triumf.ca/DaqWiki/index.php/VME-CPU#Setup_the_boot_host_computer_.28el7.29<br />
* http://www.triumf.info/wiki/DAQwiki/index.php/Dhcpd_on_eth1<br />
<br />
== Steps to do ==<br />
<br />
!!! UPDATED 16feb2024 Ubuntu-22.04.03 !!!<br />
<br />
* assign network numbers to the private network, i.e. 192.168.1.x, 192.168.2.x, etc<br />
* (on the gateway machine, each private network interface has to have a different network number)<br />
* (each network interface can have multiple networks attached, via VLANs or via eth0:0, eth0:1 constructs)<br />
* assign IP addresses on the private network, save them in /etc/hosts i.e. "hvps 192.168.1.10"<br />
* (for simplicity, assign 192.168.1.1 to the gateway machine itself)<br />
* (IP addresses 192.168.1.0 and 192.168.1.255 are "special", do not use them)<br />
* setup DNS server (dnsmasq) to serve contents of /etc/hosts via DNS (otherwise, many programs will see inconsistent name to IP address mapping)<br />
* setup DHCP server (dnsmasq) to give out the IP addresses<br />
* setup TFTP server (dnsmasq), pxelinux and NFS for diskless booting<br />
* setup time server (chronyd) to provide common time to all devices<br />
* setup NAT so machines on private network can access the internet (to get OS updates, etc)<br />
* setup NIS and NFS so machines on the private network can use common home directories<br />
* setup rsync backup of machines on the private network<br />
<br />
== setup hosts ==<br />
<br />
* edit /etc/hosts<br />
<pre><br />
192.168.1.101 dsfe01<br />
... and so forth<br />
</pre><br />
<br />
== setup dns and dhcp ==<br />
<br />
!!! updated 16feb2024 for Ubuntu 22.04.3 !!!<br />
<br />
!!! note: stock systemd-resolved remains, is configured to forward queries to dnsmasq, configured to forward queries to TRIUMF DNS !!!<br />
<br />
!!! note: per authors of systemd, bare hostnames are not permitted, a DNS domain name must always be used. DNS domain name "dsdaq" is used in this example !!!<br />
<br />
* apt install dnsmasq<br />
* ensure dnsmasq starts after all interfaces are up (Ubuntu-22)<br />
<pre><br />
mkdir /etc/systemd/system/dnsmasq.service.d<br />
echo -e "[Unit]\nAfter=network-online.target\n" > /etc/systemd/system/dnsmasq.service.d/local.conf<br />
</pre><br />
* edit /etc/dnsmasq.conf<br />
<pre><br />
# /etc/dnsmasq.conf<br />
# DNS settings <br />
#port=0 # disable DNS function <br />
port=53 # enable DNS function <br />
bind-interfaces # do not collide with systemd-resolved, we use 127.0.0.1:53, they use 127.0.0.53:53 <br />
domain-needed <br />
bogus-priv <br />
no-resolv <br />
#log-queries # log DNS quesries <br />
<br />
# TRIUMF DNS settings <br />
<br />
server=142.90.100.19 <br />
expand-hosts <br />
domain=dsdaq <br />
local=/dsdaq/ <br />
localmx # do not forward MX queries to TRIUMF <br />
<br />
# DHCP settings <br />
interface=enp1s0f0 # VX network 192.168.0.x <br />
#interface=missing # FEP and TSP network 192.168.1.x <br />
interface=enp1s0f1 # controls network 192.168.2.x <br />
#dhcp-range=192.168.1.50,192.168.1.150,infinite <br />
dhcp-range=192.168.0.0,static <br />
dhcp-range=192.168.2.0,static <br />
log-dhcp # log DHCP queries <br />
#quiet-dhcp <br />
dhcp-ignore=tag:!known <br />
#dhcp-boot=pxelinux.0 <br />
<br />
dhcp-option=option:dns-server,192.168.0.248 <br />
dhcp-option=option:ntp-server,192.168.0.248 <br />
<br />
# TFTP settings <br />
<br />
enable-tftp <br />
tftp-root=/tftpboot <br />
</pre><br />
* #mkdir /tftpboot ### per tftp-root (if no ZFS)<br />
* zfs create -o mountpoint=/tftpboot rpool/tftpboot ### (if root is ZFS)<br />
* create resolved-dsdaq.conf with main IP address of dnsmasq<br />
<pre><br />
[Resolve]<br />
DNS=192.168.0.248<br />
Domains=dsdaq triumf.ca<br />
</pre><br />
* mkdir -p /etc/systemd/resolved.conf.d/<br />
* /bin/rm -f /etc/systemd/resolved.conf.d/*.conf<br />
* cp resolved-dsdaq.conf /etc/systemd/resolved.conf.d/<br />
* systemctl stop systemd-resolved.service<br />
* systemctl disable systemd-resolved.service<br />
* systemctl enable dnsmasq<br />
* systemctl restart dnsmasq<br />
* try to "ping" or "host" some names from /etc/hosts, it should work<br />
* try to ping daq00, daq00.triumf.ca, all should work<br />
* resolved-dsdaq.conf goes into /etc/systemd/resolved.conf.d/ of all machines on the private network<br />
* if not using systemd-resolved, edit /etc/resolv.conf<br />
<br />
== setup chronyd ==<br />
<br />
* enable ntp server:<br />
* disable systemd-timesyncd, configure and enable chronyd per instructions above<br />
* create dsdaq.conf<br />
<pre><br />
# chrony config for dsdaq server<br />
<br />
#allow 192.168.0.0<br />
#allow 192.168.1.0<br />
#allow 192.168.2.0<br />
allow all<br />
<br />
# end<br />
</pre><br />
* cp dsdaq.conf /etc/chrony/conf.d/<br />
* systemctl restart chronyd<br />
* chronyc tracking ### wait until time is synchronized (a few seconds)<br />
* create dsdaq.sources # use hostname or IP address of chronyd server<br />
<pre><br />
# Put this file in /etc/chrony/sources.d<br />
# systemctl restart chrony<br />
# chronyc sources<br />
# chronyc tracking<br />
server dsdaqgw iburst prefer<br />
# end<br />
</pre><br />
* dsdaq.sources goes to /etc/chrony/sources.d of all machines on the private network<br />
<br />
== setup diskless network booting ==<br />
<br />
=== setup pxelinux for legacy pxe boot ===<br />
<br />
* add bits in dnsmasq.conf<br />
<pre><br />
dhcp-host=ac:1f:6b:9e:7f:4a,dsfe01,infinite<br />
dhcp-boot=pxelinux.0<br />
dhcp-option=17,"192.168.0.251:/nfsroot/%s,vers=3"<br />
</pre><br />
* setup pxelinux for Ubuntu-18<br />
<pre><br />
cd ~<br />
wget https://www.kernel.org/pub/linux/utils/boot/syslinux/4.xx/syslinux-4.03.tar.bz2<br />
tar xjvf syslinux-4.03.tar.bz2<br />
cd syslinux-4.03<br />
cp -pv ./core/pxelinux.0 ./com32/hdt/hdt.c32 ./memdisk/memdisk ./com32/menu/menu.c32 /zssd/tftpboot/<br />
</pre><br />
* cd /zssd/tftpboot<br />
<pre><br />
wget http://ladd00.triumf.ca/tftpboot/memtest86+-4.20.iso.zip<br />
wget http://ladd00.triumf.ca/tftpboot/memtest86+-5.01.iso.gz<br />
wget http://ladd00.triumf.ca/tftpboot/modules.alias<br />
wget http://ladd00.triumf.ca/tftpboot/modules.pcimap<br />
wget http://ladd00.triumf.ca/tftpboot/pci.ids<br />
</pre><br />
* mkdir pxelinux.cfg<br />
* emacs -nw pxelinux.cfg/default<br />
<pre><br />
default menu.c32<br />
prompt 0<br />
<br />
menu title Welcome to the DSVSLICE PXE boot menu<br />
<br />
timeout 50<br />
<br />
label hdt<br />
kernel hdt.c32<br />
<br />
label memtest86+-5.01 <br />
kernel memdisk iso initrd=memtest86+-5.01.iso.gz <br />
<br />
label memtest86+-4.20<br />
kernel memdisk iso initrd=memtest86+-4.20.iso.zip<br />
<br />
label vmlinuz-5.3.0-26-generic<br />
menu default<br />
kernel vmlinuz-5.3.0-26-generic<br />
append initrd=initrd.img-5.3.0-26-generic boot=nfs root=/dev/nfs netboot=nfs nfsroot=192.168.1.1:/zssd/nfsroot/dsfe01 toram ip=dhcp panic=60 BOOTIF=enp1s0f0<br />
<br />
#end<br />
</pre><br />
<br />
=== setup pxelinux for efi pxe boot ===<br />
<br />
* https://c-nergy.be/blog/?p=13808<br />
* add dnsmasq.conf bits. note: to use dhcp root-path, see the "nfsroot=auto" patch below and make sure to use the "dhcp-option-force" command (mkinitramfs dhcp client does not ask for root-path, we have to force-feed it).<br />
<pre><br />
# uefi pxe<br />
<br />
dhcp-boot=tag:uefipxe,uefi/syslinux.efi<br />
dhcp-option-force=tag:fe01,option:root-path,192.168.0.248:/nfsroot/fe01<br />
<br />
# VX network 192.168.0.x<br />
<br />
dhcp-host=40:a6:b7:c1:d9:c5,fe01,infinite,set:uefipxe,set:fe01<br />
</pre><br />
* apt install syslinux pxelinux syslinux-common syslinux-efi syslinux-utils<br />
<pre><br />
mkdir /tftpboot/uefi<br />
cp /usr/lib/SYSLINUX.EFI/efi64/syslinux.efi /tftpboot/uefi/<br />
cp /usr/lib/syslinux/modules/efi64/ldlinux.e64 /tftpboot/uefi/<br />
cp /usr/lib/syslinux/modules/efi64/menu.c32 /tftpboot/uefi/<br />
cp /usr/lib/syslinux/modules/efi64/hdt.c32 /tftpboot/uefi/<br />
cp /usr/lib/syslinux/modules/efi64/libutil.c32 /tftpboot/uefi/<br />
cp /usr/lib/syslinux/modules/efi64/libmenu.c32 /tftpboot/uefi/<br />
cp /usr/lib/syslinux/modules/efi64/libcom32.c32 /tftpboot/uefi/<br />
cp /usr/lib/syslinux/modules/efi64/libgpl.c32 /tftpboot/uefi/<br />
</pre><br />
* try to boot, it should bomb with "cannot load pxelinux.cfg/default"<br />
* mkdir /tftpboot/uefi/pxelinux.cfg<br />
* create /tftpboot/uefi/pxelinux.cfg/default, note nfsroot path is hardwired, note "http:" is used to load vmlinuz and initrd files (because tftp is super slow)<br />
<pre><br />
default menu.c32<br />
prompt 0<br />
<br />
menu title Welcome to the DSDAQGW UEFI PXE boot menu<br />
<br />
timeout 50<br />
<br />
label vmlinuz-6.5.0-17-generic<br />
kernel http://192.168.0.248:8088/uefi/vmlinuz-6.5.0-17-generic<br />
append initrd=http://192.168.0.248:8088/uefi/initrd.img-6.5.0-17-generic boot=nfs root=/dev/nfs netboot=nfs nfsroot=auto rw ip=dhcp panic=60<br />
<br />
# append initrd=http://192.168.0.248:8088/uefi/initrd.img-6.5.0-17-generic boot=nfs root=/dev/nfs netboot=nfs nfsroot=192.168.0.248:/nfsroot/fe01 rw ip=dhcp panic=60<br />
<br />
# append initrd=initrd.img-6.5.0-17-generic boot=nfs root=/dev/nfs netboot=nfs nfsroot=192.168.0.248:/nfsroot/fe01 rw ip=dhcp panic=60<br />
# append initrd=initrd.img-6.5.0-17-generic boot=nfs root=/dev/nfs netboot=nfs nfsroot=auto ip=dhcp rw panic=60<br />
<br />
#end<br />
</pre><br />
* try to boot, it will bomb with "cannot load http://...."<br />
* install mini_httpd on port 8088, see https://acme.com/software/mini_httpd/<br />
<pre><br />
apt install mini-httpd<br />
emacs -nw /etc/default/mini-httpd # set "START=1"<br />
emacs -nw /etc/mini-httpd.conf # set "host=192.168.0.248", "port=8088", "data_dir=/tftpboot"<br />
mkdir /etc/systemd/system/mini-httpd.service.d<br />
echo -e "[Unit]\nAfter=network-online.target\n" > /etc/systemd/system/mini-httpd.service.d/local.conf<br />
systemctl enable mini-httpd<br />
systemctl restart mini-httpd<br />
systemctl status mini-httpd<br />
wget http://192.168.0.248:8088/uefi/syslinux.efi<br />
tail -100 /var/log/mini_httpd.log<br />
</pre><br />
* fix U-22 initramfs bug for "nfsroot=auto", otherwise, "nfsroot=" has to be different for each machine and you have to have separate pxelinux config files for each machine<br />
** emacs -nw /usr/lib/initramfs-tools/etc/dhcp/dhclient-enter-hooks.d/config<br />
** add "echo ROOTPATH=..." if it is missing<br />
<pre><br />
echo "ROOTSERVER='${new_routers%% *}'" <br />
echo "ROOTPATH='$new_root_path'" <br />
echo "HOSTNAME='$new_host_name'" <br />
</pre><br />
* fix U-24 initramfs bug for "nfsroot=auto", otherwise, "nfsroot=" has to be different for each machine and you have to have separate pxelinux config files for each machine<br />
** emacs -nw /usr/share/initramfs-tools/dhcpcd-hooks/70-net-conf<br />
** add "ROOTPATH=..." if it is missing<br />
<pre><br />
DNSDOMAIN='${new_domain_name-}' <br />
ROOTSERVER='${new_routers-}' <br />
ROOTPATH='${new_root_path-}' <br />
filename='${new_filename-}' <br />
DHCPLEASETIME='${new_dhcp_lease_time-}' <br />
</pre><br />
** regenerate initramfs (be careful you generate it for the right kernel!)<br />
** see https://bugs.launchpad.net/ubuntu/+source/initramfs-tools/+bug/2054482<br />
<pre><br />
mkinitramfs 6.5.0-18-generic<br />
mkinitramfs 6.8.0-51-generic -o /boot/initrd.img-6.8.0-51-generic<br />
</pre><br />
* copy linux kernel and initrd<br />
<pre><br />
cp /boot/vmlinuz-6.5.0-18-generic /tftpboot/uefi/<br />
cp /boot/initrd.img-6.5.0-18-generic /tftpboot/uefi/<br />
chmod a+r /tftpboot/uefi/*<br />
</pre><br />
* try to boot, should bomb with messages about "trying to mount root filesystem"<br />
* tail /var/log/syslog<br />
<pre><br />
Feb 16 20:43:02 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 available DHCP subnet: 192.168.0.0/255.255.255.0<br />
Feb 16 20:43:02 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 vendor class: PXEClient:Arch:00007:UNDI:003016<br />
Feb 16 20:43:02 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 DHCPDISCOVER(enp1s0f0) 40:a6:b7:c1:d9:c5 <br />
Feb 16 20:43:02 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 tags: uefipxe, fe01, known, enp1s0f0<br />
Feb 16 20:43:02 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 DHCPOFFER(enp1s0f0) 192.168.0.110 40:a6:b7:c1:d9:c5 <br />
Feb 16 20:43:02 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 requested options: 1:netmask, 2:time-offset, 3:router, 4, 5, <br />
Feb 16 20:43:02 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 requested options: 6:dns-server, 12:hostname, 13:boot-file-size, <br />
Feb 16 20:43:02 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 requested options: 15:domain-name, 17:root-path, 18:extension-path, <br />
Feb 16 20:43:02 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 requested options: 22:max-datagram-reassembly, 23:default-ttl, <br />
Feb 16 20:43:02 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 requested options: 28:broadcast, 40:nis-domain, 41:nis-server, <br />
Feb 16 20:43:02 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 requested options: 42:ntp-server, 43:vendor-encap, 50:requested-address, <br />
Feb 16 20:43:02 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 requested options: 51:lease-time, 54:server-identifier, 58:T1, <br />
Feb 16 20:43:02 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 requested options: 59:T2, 60:vendor-class, 66:tftp-server, 67:bootfile-name, <br />
Feb 16 20:43:02 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 requested options: 97:client-machine-id, 128, 129, 130, 131, <br />
Feb 16 20:43:02 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 requested options: 132, 133, 134, 135<br />
Feb 16 20:43:02 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 next server: 192.168.0.248<br />
Feb 16 20:43:02 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 broadcast response<br />
Feb 16 20:43:02 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 sent size: 1 option: 53 message-type 2<br />
Feb 16 20:43:02 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 sent size: 4 option: 54 server-identifier 192.168.0.248<br />
Feb 16 20:43:02 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 sent size: 4 option: 51 lease-time infinite<br />
Feb 16 20:43:02 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 sent size: 18 option: 67 bootfile-name uefi/syslinux.efi<br />
Feb 16 20:43:02 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 sent size: 4 option: 1 netmask 255.255.255.0<br />
Feb 16 20:43:02 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 sent size: 4 option: 28 broadcast 192.168.0.255<br />
Feb 16 20:43:02 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 sent size: 4 option: 3 router 192.168.0.248<br />
Feb 16 20:43:02 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 sent size: 5 option: 15 domain-name dsdaq<br />
Feb 16 20:43:02 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 sent size: 4 option: 12 hostname fe01<br />
Feb 16 20:43:02 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 sent size: 27 option: 17 root-path 192.168.0.248:/nfsroot/fe01<br />
Feb 16 20:43:02 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 sent size: 4 option: 42 ntp-server 192.168.0.248<br />
Feb 16 20:43:02 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 sent size: 4 option: 6 dns-server 192.168.0.248<br />
Feb 16 20:43:05 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 available DHCP subnet: 192.168.0.0/255.255.255.0<br />
Feb 16 20:43:05 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 vendor class: PXEClient:Arch:00007:UNDI:003016<br />
Feb 16 20:43:05 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 DHCPREQUEST(enp1s0f0) 192.168.0.110 40:a6:b7:c1:d9:c5 <br />
Feb 16 20:43:05 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 tags: uefipxe, fe01, known, enp1s0f0<br />
Feb 16 20:43:05 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 DHCPACK(enp1s0f0) 192.168.0.110 40:a6:b7:c1:d9:c5 fe01<br />
Feb 16 20:43:05 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 requested options: 1:netmask, 2:time-offset, 3:router, 4, 5, <br />
Feb 16 20:43:05 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 requested options: 6:dns-server, 12:hostname, 13:boot-file-size, <br />
Feb 16 20:43:05 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 requested options: 15:domain-name, 17:root-path, 18:extension-path, <br />
Feb 16 20:43:05 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 requested options: 22:max-datagram-reassembly, 23:default-ttl, <br />
Feb 16 20:43:05 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 requested options: 28:broadcast, 40:nis-domain, 41:nis-server, <br />
Feb 16 20:43:05 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 requested options: 42:ntp-server, 43:vendor-encap, 50:requested-address, <br />
Feb 16 20:43:05 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 requested options: 51:lease-time, 54:server-identifier, 58:T1, <br />
Feb 16 20:43:05 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 requested options: 59:T2, 60:vendor-class, 66:tftp-server, 67:bootfile-name, <br />
Feb 16 20:43:05 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 requested options: 97:client-machine-id, 128, 129, 130, 131, <br />
Feb 16 20:43:05 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 requested options: 132, 133, 134, 135<br />
Feb 16 20:43:05 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 next server: 192.168.0.248<br />
Feb 16 20:43:05 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 broadcast response<br />
Feb 16 20:43:05 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 sent size: 1 option: 53 message-type 5<br />
Feb 16 20:43:05 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 sent size: 4 option: 54 server-identifier 192.168.0.248<br />
Feb 16 20:43:05 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 sent size: 4 option: 51 lease-time infinite<br />
Feb 16 20:43:05 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 sent size: 18 option: 67 bootfile-name uefi/syslinux.efi<br />
Feb 16 20:43:05 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 sent size: 4 option: 1 netmask 255.255.255.0<br />
Feb 16 20:43:05 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 sent size: 4 option: 28 broadcast 192.168.0.255<br />
Feb 16 20:43:05 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 sent size: 4 option: 3 router 192.168.0.248<br />
Feb 16 20:43:05 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 sent size: 5 option: 15 domain-name dsdaq<br />
Feb 16 20:43:05 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 sent size: 4 option: 12 hostname fe01<br />
Feb 16 20:43:05 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 sent size: 27 option: 17 root-path 192.168.0.248:/nfsroot/fe01<br />
Feb 16 20:43:05 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 sent size: 4 option: 42 ntp-server 192.168.0.248<br />
Feb 16 20:43:05 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 sent size: 4 option: 6 dns-server 192.168.0.248<br />
Feb 16 20:43:05 dsdaqgw dnsmasq-tftp[3629416]: error 8 User aborted the transfer received from 192.168.0.110<br />
Feb 16 20:43:05 dsdaqgw dnsmasq-tftp[3629416]: sent /tftpboot/uefi/syslinux.efi to 192.168.0.110<br />
Feb 16 20:43:05 dsdaqgw dnsmasq-tftp[3629416]: sent /tftpboot/uefi/syslinux.efi to 192.168.0.110<br />
Feb 16 20:43:05 dsdaqgw dnsmasq-dhcp[3629416]: 2348065887 available DHCP subnet: 192.168.0.0/255.255.255.0<br />
Feb 16 20:43:05 dsdaqgw dnsmasq-dhcp[3629416]: 2348065887 DHCPDISCOVER(enp1s0f0) 40:a6:b7:c1:d9:c5 <br />
Feb 16 20:43:05 dsdaqgw dnsmasq-dhcp[3629416]: 2348065887 tags: uefipxe, fe01, known, enp1s0f0<br />
Feb 16 20:43:05 dsdaqgw dnsmasq-dhcp[3629416]: 2348065887 DHCPOFFER(enp1s0f0) 192.168.0.110 40:a6:b7:c1:d9:c5 <br />
Feb 16 20:43:05 dsdaqgw dnsmasq-dhcp[3629416]: 2348065887 requested options: 1:netmask, 3:router, 6:dns-server<br />
Feb 16 20:43:05 dsdaqgw dnsmasq-dhcp[3629416]: 2348065887 bootfile name: uefi/syslinux.efi<br />
Feb 16 20:43:05 dsdaqgw dnsmasq-dhcp[3629416]: 2348065887 next server: 192.168.0.248<br />
Feb 16 20:43:05 dsdaqgw dnsmasq-dhcp[3629416]: 2348065887 broadcast response<br />
Feb 16 20:43:05 dsdaqgw dnsmasq-dhcp[3629416]: 2348065887 sent size: 1 option: 53 message-type 2<br />
Feb 16 20:43:05 dsdaqgw dnsmasq-dhcp[3629416]: 2348065887 sent size: 4 option: 54 server-identifier 192.168.0.248<br />
Feb 16 20:43:05 dsdaqgw dnsmasq-dhcp[3629416]: 2348065887 sent size: 4 option: 51 lease-time infinite<br />
Feb 16 20:43:05 dsdaqgw dnsmasq-dhcp[3629416]: 2348065887 sent size: 4 option: 1 netmask 255.255.255.0<br />
Feb 16 20:43:05 dsdaqgw dnsmasq-dhcp[3629416]: 2348065887 sent size: 4 option: 28 broadcast 192.168.0.255<br />
Feb 16 20:43:05 dsdaqgw dnsmasq-dhcp[3629416]: 2348065887 sent size: 4 option: 3 router 192.168.0.248<br />
Feb 16 20:43:05 dsdaqgw dnsmasq-dhcp[3629416]: 2348065887 sent size: 27 option: 17 root-path 192.168.0.248:/nfsroot/fe01<br />
Feb 16 20:43:05 dsdaqgw dnsmasq-dhcp[3629416]: 2348065887 sent size: 4 option: 6 dns-server 192.168.0.248<br />
Feb 16 20:43:09 dsdaqgw dnsmasq-dhcp[3629416]: 2348065887 available DHCP subnet: 192.168.0.0/255.255.255.0<br />
Feb 16 20:43:09 dsdaqgw dnsmasq-dhcp[3629416]: 2348065887 DHCPREQUEST(enp1s0f0) 192.168.0.110 40:a6:b7:c1:d9:c5 <br />
Feb 16 20:43:09 dsdaqgw dnsmasq-dhcp[3629416]: 2348065887 tags: uefipxe, fe01, known, enp1s0f0<br />
Feb 16 20:43:09 dsdaqgw dnsmasq-dhcp[3629416]: 2348065887 DHCPACK(enp1s0f0) 192.168.0.110 40:a6:b7:c1:d9:c5 fe01<br />
Feb 16 20:43:09 dsdaqgw dnsmasq-dhcp[3629416]: 2348065887 requested options: 1:netmask, 3:router, 6:dns-server<br />
Feb 16 20:43:09 dsdaqgw dnsmasq-dhcp[3629416]: 2348065887 bootfile name: uefi/syslinux.efi<br />
Feb 16 20:43:09 dsdaqgw dnsmasq-dhcp[3629416]: 2348065887 next server: 192.168.0.248<br />
Feb 16 20:43:09 dsdaqgw dnsmasq-dhcp[3629416]: 2348065887 broadcast response<br />
Feb 16 20:43:09 dsdaqgw dnsmasq-dhcp[3629416]: 2348065887 sent size: 1 option: 53 message-type 5<br />
Feb 16 20:43:09 dsdaqgw dnsmasq-dhcp[3629416]: 2348065887 sent size: 4 option: 54 server-identifier 192.168.0.248<br />
Feb 16 20:43:09 dsdaqgw dnsmasq-dhcp[3629416]: 2348065887 sent size: 4 option: 51 lease-time infinite<br />
Feb 16 20:43:09 dsdaqgw dnsmasq-dhcp[3629416]: 2348065887 sent size: 4 option: 1 netmask 255.255.255.0<br />
Feb 16 20:43:09 dsdaqgw dnsmasq-dhcp[3629416]: 2348065887 sent size: 4 option: 28 broadcast 192.168.0.255<br />
Feb 16 20:43:09 dsdaqgw dnsmasq-dhcp[3629416]: 2348065887 sent size: 4 option: 3 router 192.168.0.248<br />
Feb 16 20:43:09 dsdaqgw dnsmasq-dhcp[3629416]: 2348065887 sent size: 27 option: 17 root-path 192.168.0.248:/nfsroot/fe01<br />
Feb 16 20:43:09 dsdaqgw dnsmasq-dhcp[3629416]: 2348065887 sent size: 4 option: 6 dns-server 192.168.0.248<br />
Feb 16 20:43:09 dsdaqgw dnsmasq-tftp[3629416]: sent /tftpboot/uefi/ldlinux.e64 to 192.168.0.110<br />
Feb 16 20:43:09 dsdaqgw dnsmasq-tftp[3629416]: file /tftpboot/uefi/pxelinux.cfg/01-40-a6-b7-c1-d9-c5 not found<br />
Feb 16 20:43:09 dsdaqgw dnsmasq-tftp[3629416]: file /tftpboot/uefi/pxelinux.cfg/C0A8006E not found<br />
Feb 16 20:43:09 dsdaqgw dnsmasq-tftp[3629416]: file /tftpboot/uefi/pxelinux.cfg/C0A8006 not found<br />
Feb 16 20:43:09 dsdaqgw dnsmasq-tftp[3629416]: file /tftpboot/uefi/pxelinux.cfg/C0A800 not found<br />
Feb 16 20:43:09 dsdaqgw dnsmasq-tftp[3629416]: file /tftpboot/uefi/pxelinux.cfg/C0A80 not found<br />
Feb 16 20:43:09 dsdaqgw dnsmasq-tftp[3629416]: file /tftpboot/uefi/pxelinux.cfg/C0A8 not found<br />
Feb 16 20:43:09 dsdaqgw dnsmasq-tftp[3629416]: file /tftpboot/uefi/pxelinux.cfg/C0A not found<br />
Feb 16 20:43:09 dsdaqgw dnsmasq-tftp[3629416]: file /tftpboot/uefi/pxelinux.cfg/C0 not found<br />
Feb 16 20:43:09 dsdaqgw dnsmasq-tftp[3629416]: file /tftpboot/uefi/pxelinux.cfg/C not found<br />
Feb 16 20:43:09 dsdaqgw dnsmasq-tftp[3629416]: sent /tftpboot/uefi/pxelinux.cfg/default to 192.168.0.110<br />
Feb 16 20:43:09 dsdaqgw dnsmasq-tftp[3629416]: sent /tftpboot/uefi/menu.c32 to 192.168.0.110<br />
Feb 16 20:43:10 dsdaqgw dnsmasq-tftp[3629416]: sent /tftpboot/uefi/libutil.c32 to 192.168.0.110<br />
Feb 16 20:43:10 dsdaqgw dnsmasq-tftp[3629416]: sent /tftpboot/uefi/pxelinux.cfg/default to 192.168.0.110<br />
Feb 16 20:44:54 dsdaqgw dnsmasq-dhcp[3629416]: 3693523458 available DHCP subnet: 192.168.0.0/255.255.255.0<br />
Feb 16 20:44:54 dsdaqgw dnsmasq-dhcp[3629416]: 3693523458 client provides name: dsdaqgw.triumf.ca<br />
Feb 16 20:44:54 dsdaqgw dnsmasq-dhcp[3629416]: 3693523458 DHCPDISCOVER(enp1s0f0) 40:a6:b7:c1:d9:c5 <br />
Feb 16 20:44:54 dsdaqgw dnsmasq-dhcp[3629416]: 3693523458 tags: uefipxe, fe01, known, enp1s0f0<br />
Feb 16 20:44:54 dsdaqgw dnsmasq-dhcp[3629416]: 3693523458 DHCPOFFER(enp1s0f0) 192.168.0.110 40:a6:b7:c1:d9:c5 <br />
Feb 16 20:44:54 dsdaqgw dnsmasq-dhcp[3629416]: 3693523458 requested options: 1:netmask, 28:broadcast, 2:time-offset, 3:router, <br />
Feb 16 20:44:54 dsdaqgw dnsmasq-dhcp[3629416]: 3693523458 requested options: 15:domain-name, 6:dns-server, 119:domain-search, <br />
Feb 16 20:44:54 dsdaqgw dnsmasq-dhcp[3629416]: 3693523458 requested options: 12:hostname, 44:netbios-ns, 47:netbios-scope, <br />
Feb 16 20:44:54 dsdaqgw dnsmasq-dhcp[3629416]: 3693523458 requested options: 26:mtu, 121:classless-static-route, 42:ntp-server<br />
Feb 16 20:44:54 dsdaqgw dnsmasq-dhcp[3629416]: 3693523458 bootfile name: uefi/syslinux.efi<br />
Feb 16 20:44:54 dsdaqgw dnsmasq-dhcp[3629416]: 3693523458 next server: 192.168.0.248<br />
Feb 16 20:44:54 dsdaqgw dnsmasq-dhcp[3629416]: 3693523458 sent size: 1 option: 53 message-type 2<br />
Feb 16 20:44:54 dsdaqgw dnsmasq-dhcp[3629416]: 3693523458 sent size: 4 option: 54 server-identifier 192.168.0.248<br />
Feb 16 20:44:54 dsdaqgw dnsmasq-dhcp[3629416]: 3693523458 sent size: 4 option: 51 lease-time infinite<br />
Feb 16 20:44:54 dsdaqgw dnsmasq-dhcp[3629416]: 3693523458 sent size: 4 option: 1 netmask 255.255.255.0<br />
Feb 16 20:44:54 dsdaqgw dnsmasq-dhcp[3629416]: 3693523458 sent size: 4 option: 28 broadcast 192.168.0.255<br />
Feb 16 20:44:54 dsdaqgw dnsmasq-dhcp[3629416]: 3693523458 sent size: 4 option: 3 router 192.168.0.248<br />
Feb 16 20:44:54 dsdaqgw dnsmasq-dhcp[3629416]: 3693523458 sent size: 5 option: 15 domain-name dsdaq<br />
Feb 16 20:44:54 dsdaqgw dnsmasq-dhcp[3629416]: 3693523458 sent size: 27 option: 17 root-path 192.168.0.248:/nfsroot/fe01<br />
Feb 16 20:44:54 dsdaqgw dnsmasq-dhcp[3629416]: 3693523458 sent size: 4 option: 42 ntp-server 192.168.0.248<br />
Feb 16 20:44:54 dsdaqgw dnsmasq-dhcp[3629416]: 3693523458 sent size: 4 option: 6 dns-server 192.168.0.248<br />
Feb 16 20:44:54 dsdaqgw dnsmasq-dhcp[3629416]: 3693523458 available DHCP subnet: 192.168.0.0/255.255.255.0<br />
Feb 16 20:44:54 dsdaqgw dnsmasq-dhcp[3629416]: 3693523458 client provides name: dsdaqgw.triumf.ca<br />
Feb 16 20:44:54 dsdaqgw dnsmasq-dhcp[3629416]: 3693523458 DHCPREQUEST(enp1s0f0) 192.168.0.110 40:a6:b7:c1:d9:c5 <br />
Feb 16 20:44:54 dsdaqgw dnsmasq-dhcp[3629416]: 3693523458 tags: uefipxe, fe01, known, enp1s0f0<br />
Feb 16 20:44:54 dsdaqgw dnsmasq-dhcp[3629416]: 3693523458 DHCPACK(enp1s0f0) 192.168.0.110 40:a6:b7:c1:d9:c5 fe01<br />
Feb 16 20:44:54 dsdaqgw dnsmasq-dhcp[3629416]: 3693523458 requested options: 1:netmask, 28:broadcast, 2:time-offset, 3:router, <br />
Feb 16 20:44:54 dsdaqgw dnsmasq-dhcp[3629416]: 3693523458 requested options: 15:domain-name, 6:dns-server, 119:domain-search, <br />
Feb 16 20:44:54 dsdaqgw dnsmasq-dhcp[3629416]: 3693523458 requested options: 12:hostname, 44:netbios-ns, 47:netbios-scope, <br />
Feb 16 20:44:54 dsdaqgw dnsmasq-dhcp[3629416]: 3693523458 requested options: 26:mtu, 121:classless-static-route, 42:ntp-server<br />
Feb 16 20:44:54 dsdaqgw dnsmasq-dhcp[3629416]: 3693523458 bootfile name: uefi/syslinux.efi<br />
Feb 16 20:44:54 dsdaqgw dnsmasq-dhcp[3629416]: 3693523458 next server: 192.168.0.248<br />
Feb 16 20:44:54 dsdaqgw dnsmasq-dhcp[3629416]: 3693523458 sent size: 1 option: 53 message-type 5<br />
Feb 16 20:44:54 dsdaqgw dnsmasq-dhcp[3629416]: 3693523458 sent size: 4 option: 54 server-identifier 192.168.0.248<br />
Feb 16 20:44:54 dsdaqgw dnsmasq-dhcp[3629416]: 3693523458 sent size: 4 option: 51 lease-time infinite<br />
Feb 16 20:44:54 dsdaqgw dnsmasq-dhcp[3629416]: 3693523458 sent size: 4 option: 1 netmask 255.255.255.0<br />
Feb 16 20:44:54 dsdaqgw dnsmasq-dhcp[3629416]: 3693523458 sent size: 4 option: 28 broadcast 192.168.0.255<br />
Feb 16 20:44:54 dsdaqgw dnsmasq-dhcp[3629416]: 3693523458 sent size: 4 option: 3 router 192.168.0.248<br />
Feb 16 20:44:54 dsdaqgw dnsmasq-dhcp[3629416]: 3693523458 sent size: 5 option: 15 domain-name dsdaq<br />
Feb 16 20:44:54 dsdaqgw dnsmasq-dhcp[3629416]: 3693523458 sent size: 4 option: 12 hostname fe01<br />
Feb 16 20:44:54 dsdaqgw dnsmasq-dhcp[3629416]: 3693523458 sent size: 27 option: 17 root-path 192.168.0.248:/nfsroot/fe01<br />
Feb 16 20:44:54 dsdaqgw dnsmasq-dhcp[3629416]: 3693523458 sent size: 4 option: 42 ntp-server 192.168.0.248<br />
Feb 16 20:44:54 dsdaqgw dnsmasq-dhcp[3629416]: 3693523458 sent size: 4 option: 6 dns-server 192.168.0.248<br />
Feb 16 20:44:54 dsdaqgw rpc.mountd[3350210]: authenticated mount request from 192.168.0.110:981 for /nfsroot/fe01 (/nfsroot/fe01)<br />
Feb 16 20:45:07 dsdaqgw rpc.mountd[3350210]: authenticated unmount request from 192.168.0.110:859 for /nfsroot/fe01/tmp/autoDY4k5u (/nfsroot/fe01)<br />
</pre><br />
* tail /var/log/mini_httpd.log<br />
<pre><br />
192.168.0.110 - - [16/Feb/2024:20:43:15 -0800] "GET /uefi/vmlinuz-6.5.0-17-generic HTTP/1.0" 200 14227944 "" "Syslinux/6.04"<br />
192.168.0.110 - - [16/Feb/2024:20:43:24 -0800] "GET /uefi/initrd.img-6.5.0-17-generic HTTP/1.0" 200 137824833 "" "Syslinux/6.04"<br />
</pre><br />
<br />
=== setup efi http boot ===<br />
<br />
https://documentation.suse.com/sles/15-SP2/html/SLES-all/cha-deployment-prep-uefi-httpboot.html<br />
<br />
=== setup linux kernel ===<br />
<br />
* copy the kernel files<br />
<pre><br />
cd /boot<br />
rsync -av config* initrd* System.map* vmlinuz* /tftpboot/<br />
</pre><br />
* cd /tftpboot<br />
* chmod a+r *<br />
<br />
=== setup nfs ===<br />
<br />
* apt-get install nfs-kernel-server<br />
* enable NFS over UDP, edit /etc/nfs.conf add "udp=y":<br />
<pre><br />
udp=y<br />
</pre><br />
<pre><br />
systemctl restart nfs-server.service<br />
</pre><br />
* emacs -nw /etc/exports<br />
<pre><br />
/nfsroot/dsfe01 dsfe01(rw,no_root_squash,async,no_subtree_check)<br />
</pre><br />
* enable services<br />
<pre><br />
systemctl enable nfs-server<br />
systemctl enable nfs-mountd<br />
systemctl enable nfs-idmapd<br />
systemctl restart nfs-server<br />
systemctl restart nfs-mountd<br />
systemctl restart nfs-idmapd<br />
</pre><br />
* after editing /etc/exports, run<br />
<pre><br />
exportfs -av<br />
</pre><br />
<br />
=== setup userland ===<br />
<br />
!!! ubuntu-18 version !!!<br />
<br />
* zfs create rpool/nfsroot<br />
* zfs set dedup=verify rpool/nfsroot ### enable deduplication to save disk space because most linux images have mostly identical files<br />
* clone ubuntu<br />
<pre><br />
mkdir /nfsroot/dsfe01<br />
cd /<br />
rsync -avx . /nfsroot/dsfe01<br />
</pre><br />
* edit config files:<br />
* cd /nfsroot/dsfe01<br />
* emacs -nw etc/hostname ### change to dsfe01<br />
* emacs -nw etc/mailname ### change to dsfe01<br />
* emacs -nw etc/yp.conf ### change daq00.triumf.ca to musr00.triumf.ca<br />
* emacs -nw etc/defaultdomain ### change to MUSR-NIS<br />
* cp -pvf ../lxcpet-SL610/etc/ssh/*key* etc/ssh/ ### preserve the ssh keys<br />
* emacs -nw opt/gonodeinfo/gonodeinfo.conf ### update information<br />
* emacs -nw root/.ssh/authorized_keys ### update root ssh keys<br />
* emacs -nw etc/fstab ### add this<br />
<pre><br />
192.168.1.1:/nfsroot/dsfe01 / nfs defaults,nolock 0 0<br />
</pre><br />
* emacs -nw etc/chrony/chrony.conf<br />
** comment-out all "pool" and "server" entries<br />
** add entry "server 192.168.1.1 iburst"<br />
<br />
After dsfe01 is booted:<br />
<br />
* disable services:<br />
<pre><br />
systemctl disable apache2<br />
systemctl disable dnsmasq<br />
systemctl disable zfs-import-cache<br />
</pre><br />
<br />
To setup additional machines, clone dsfe01 instead of cloning the gateway machine<br />
<br />
=== Allow manpages to be viewed ===<br />
<br />
If <code>/</code> is mounted over NFS, <code>man</code> will report a permission error. Fix it with:<br />
<br />
<pre><br />
ln -s /etc/apparmor.d/usr.bin.man /etc/apparmor.d/disable/<br />
apparmor_parser -R /etc/apparmor.d/usr.bin.man<br />
</pre><br />
<br />
== setup shared home directory ==<br />
<br />
=== on the gateway machine ===<br />
* define netgroups<br />
* emacs -nw /etc/netgroup<br />
<pre><br />
dsfe (dsfe01,,) (dsfe02,,)<br />
</pre><br />
* emacs -nw /etc/nsswitch.conf ### edit the netgroup line to read:<br />
<pre><br />
netgroup: files<br />
</pre><br />
* export the home directories:<br />
* emacs -nw /etc/exports ### add this:<br />
<pre><br />
/zssd/home1 @dsfe(rw,no_root_squash,async,no_subtree_check)<br />
</pre><br />
* exportfs -rc<br />
<br />
=== on the frontend machine ===<br />
<br />
* mkdir /home<br />
* emacs -nw /etc/fstab ### add this:<br />
<pre><br />
192.168.1.1:/zssd/home1 /home nfs defaults 0 0<br />
</pre><br />
* mount -a<br />
<br />
== setup NAT ==<br />
<br />
NAT allows machines on the private network to connect to the internet: https://en.wikipedia.org/wiki/Network_address_translation<br />
<br />
In these examples:<br />
* replace "eno1" with name of the outgoing interface (the one connected to the TRIUMF network).<br />
* replace "enp11s0" with name of the private network interface (192.168.1.x network)<br />
<br />
* emacs -nw /etc/rc.local ### add this:<br />
<pre><br />
# /etc/rc.local<br />
<br />
# enable NAT<br />
<br />
/sbin/iptables -t nat -A POSTROUTING -o eno1 -j MASQUERADE<br />
iptables -L -v<br />
<br />
# uncomment following lines if machine has prohibitive FORWARD rules:<br />
#/sbin/iptables -I FORWARD -i eno1 -o enp11s0 -m state --state RELATED,ESTABLISHED -j ACCEPT<br />
#/sbin/iptables -I FORWARD -i enp11s0 -o eno1 -j ACCEPT<br />
#iptables -L -v<br />
<br />
iptables -L -v<br />
sysctl -w net.ipv4.ip_forward=1<br />
#sysctl -a | grep forward<br />
<br />
sh /etc/firewall-rfc1918.sh<br />
<br />
# end<br />
</pre><br />
* emacs -nw /etc/firewall-rfc1918.sh<br />
<pre><br />
# firewall-rfc1918.sh<br />
<br />
# prevent RFC1918 private network IP addresses from<br />
# going in and out from our uplink.<br />
<br />
ETH=eno1<br />
<br />
iptables -F in-rfc1918<br />
iptables -N in-rfc1918<br />
iptables -A in-rfc1918 --dst 10.0.0.0/8 -j REJECT<br />
iptables -A in-rfc1918 --dst 172.16.0.0/12 -j REJECT<br />
iptables -A in-rfc1918 --dst 192.168.0.0/16 -j REJECT<br />
<br />
iptables -D INPUT -j in-rfc1918 -i $ETH<br />
iptables -D INPUT -j in-rfc1918 -i $ETH<br />
iptables -I INPUT -j in-rfc1918 -i $ETH<br />
<br />
iptables -F out-rfc1918<br />
iptables -N out-rfc1918<br />
iptables -A out-rfc1918 --dst 10.0.0.0/8 -j REJECT<br />
iptables -A out-rfc1918 --dst 172.16.0.0/12 -j REJECT<br />
iptables -A out-rfc1918 --dst 192.168.0.0/16 -j REJECT<br />
<br />
iptables -D OUTPUT -j out-rfc1918 -o $ETH<br />
iptables -D OUTPUT -j out-rfc1918 -o $ETH<br />
iptables -I OUTPUT -j out-rfc1918 -o $ETH<br />
<br />
iptables -D FORWARD -j out-rfc1918 -o $ETH <br />
iptables -D FORWARD -j out-rfc1918 -o $ETH <br />
iptables -I FORWARD -j out-rfc1918 -o $ETH <br />
<br />
# allow TRIUMF-SECURE network<br />
<br />
iptables -I in-rfc1918 -s 10.90.0.0/255.255.0.0 -j ACCEPT <br />
iptables -I out-rfc1918 -d 10.90.0.0/255.255.0.0 -j ACCEPT <br />
<br />
# show configuration<br />
<br />
iptables -L -v<br />
<br />
#end<br />
</pre><br />
<br />
= KVM =<br />
<br />
<pre><br />
apt install cpu-checker<br />
<br />
root@daq13:~# kvm-ok <br />
INFO: /dev/kvm exists<br />
KVM acceleration can be used<br />
root@daq13:~# <br />
<br />
(if not, shutdown, go into BIOS settings, enable CPU virtualization)<br />
<br />
apt install virtinst ### will install many packages<br />
apt install libvirt-clients libvirt-daemon-system-systemd libvirt-daemon qemu qemu-kvm libvirt-daemon-system virtinst bridge-utils<br />
<br />
root@daq13:/home1/wheel# virsh list --all<br />
Id Name State<br />
------------------------------<br />
1 ubuntu-guest running<br />
<br />
apt install virt-manager<br />
<br />
virt-install --name ubuntu-guest --os-variant ubuntu20.04 --vcpus 2 --ram 2048 --location /daq/daqstore/olchansk/linux/Ubuntu/ubuntu-20.04.3-desktop-amd64.iso --network bridge=virbr0,model=virtio --graphics none --extra-args='console=ttyS0,115200n8 serial'<br />
<br />
virtual machine will start, boot, etc<br />
to get out of it, CTRL + Shift followed by ]<br />
<br />
ssh wheel@daq13<br />
virt-manager<br />
<br />
run virt-install again, omit "--graphics none", open graphics console from virt-manager, it booted into ubuntu installer desktop<br />
<br />
virt-install --name test10 --os-variant centos6.10 --vcpus 2 --ram 2048 --import --filesystem /kvm_ladd00,/ --network bridge=virbr0,model=virtio --boot kernel=/kvm_ladd00/boot/vmlinuz-2.6.32-754.35.1.el6.x86_64,initrd=/kvm_ladd00/boot/initramfs-2.6.32-754.35.1.el6.x86_64.img,kernel_args="root=/dev/sda console=ttyS0,115200n8 serial" --graphics none<br />
<br />
virt-install --name test14 --os-variant centos6.10 --vcpus 2 --ram 2048 --import --disk /tmp/xxx/ladd00.img,bus=sata --network bridge=virbr0,model=virtio --boot kernel=/kvm_ladd00/boot/vmlinuz-2.6.32-754.35.1.el6.x86_64,initrd=/kvm_ladd00/boot/initramfs-2.6.32-754.35.1.el6.x86_64.img,kernel_args="root=/dev/sda console=ttyS0,115200n8 serial rdshell" --graphics none --check path_in_use=off<br />
</pre><br />
<br />
build image<br />
<br />
<pre><br />
dd if=/dev/zero of=/tmp/xxx/ladd00.img bs=1024M count=20<br />
mkfs.ext3 /tmp/xxx/ladd00.img ### ext4 fails to mount by SL6 kernel, "unknown ext4 options"<br />
cd /kvm_ladd00/<br />
mount -o loop /tmp/xxx/ladd00.img /mnt/tmp<br />
rsync -av . /mnt/tmp/ --delete<br />
umount /mnt/tmp<br />
</pre><br />
<br />
on the guest, configure network: /etc/rc.local<br />
<pre><br />
#!/bin/sh<br />
#<br />
# This script will be executed *after* all the other init scripts.<br />
# You can put your own initialization stuff in here if you don't<br />
# want to do the full Sys V style init stuff.<br />
<br />
touch /var/lock/subsys/local<br />
<br />
ifconfig eth2 192.168.122.2<br />
route add -net 0.0.0.0 gw 192.168.122.1<br />
ifconfig -a<br />
netstat -rn<br />
<br />
# end<br />
</pre><br />
<br />
== virtualize SL6 ladd00 ==<br />
<br />
* on ladd00:<br />
<pre><br />
yum install dracut-network<br />
mkinitrd /boot/initramfs-2.6.32-754.35.1.el6.x86_64-netboot.img 2.6.32-754.35.1.el6.x86_64<br />
</pre><br />
* on daq00<br />
<pre><br />
zfs create rpool/kvm-ladd00<br />
cd /kvm-ladd00<br />
rsync -avx ladd00:/ . --exclude nfsroot<br />
brctl addbr virbr0<br />
ifconfig virbr0 192.168.1.1<br />
echo /kvm-ladd00 192.168.1.2(rw,no_root_squash,no_all_squash,async,no_subtree_check) >> /etc/exports<br />
exportfs -rv<br />
</pre><br />
* create virtual machine<br />
<pre><br />
virt-install --name kvm-ladd00 --os-variant centos6.10 --vcpus 2 --ram 2048 --import --network bridge=virbr0,model=virtio --boot kernel=/kvm-ladd00/boot/vmlinuz-2.6.32-754.35.1.el6.x86_64,initrd=/kvm-ladd00/boot/initramfs-2.6.32-754.35.1.el6.x86_64-netboot.img,kernel_args="root=/dev/nfs ip=192.168.1.2:192.168.1.1:192.168.1.1:255.255.255.0:ladd00::off nfsroot=192.168.1.1:/kvm-ladd00 console=ttyS0,115200n8 serial rdshell" --graphics none --nodisks --check path_in_use=off<br />
</pre><br />
* adjust kvm-ladd00 image<br />
<pre><br />
disable network manager<br />
edit fstab<br />
edit yp.conf<br />
edit resolv.conf<br />
edit root/.ssh/authorized_keys<br />
enable rngd or /dev/random does not work, sshd does not work<br />
</pre><br />
* virsh shutdown test24<br />
* virsh --connect qemu:///system start test24<br />
* virsh console test24 ### to exit, ctrl+[ or ctrl+]<br />
* virsh undefine test24<br />
* virsh autostart kvm-ladd00<br />
* virsh dominfo kvm-ladd00<br />
<pre><br />
root@daq00:~# virsh dominfo kvm-ladd00<br />
Id: 1<br />
Name: kvm-ladd00<br />
UUID: 1d1f8fed-8b65-4411-a51b-e0ecf359d2f1<br />
OS Type: hvm<br />
State: running<br />
CPU(s): 2<br />
CPU time: 27.7s<br />
Max memory: 2097152 KiB<br />
Used memory: 2097152 KiB<br />
Persistent: yes<br />
Autostart: enable<br />
Managed save: no<br />
Security model: apparmor<br />
Security DOI: 0<br />
Security label: libvirt-1d1f8fed-8b65-4411-a51b-e0ecf359d2f1 (enforcing)<br />
root@daq00:~# <br />
</pre><br />
* delete unused images in /var/lib/libvirt/images<br />
<br />
= ARM64 cross-compiler =<br />
<br />
* arm64, aarch64 are Xilinx FPGA Cortex-A53, RPi4, RPi5 machines<br />
* install packages:<br />
<pre><br />
apt install g++-12-aarch64-linux-gnu gcc-12-aarch64-linux-gnu-base libstdc++-12-dev-arm64-cross<br />
</pre><br />
* run:<br />
<pre><br />
aarch64-linux-gnu-gcc-12 -o ttcp.aarch64 ttcp.c -static<br />
aarch64-linux-gnu-g++-12 -o fecdm.exe -O2 -g -Wall -Wuninitialized -std=c++20 fecdm.o dsdm.o /home/dsdaqdev/packages_common/midas/linux-aarch64-remoteonly/lib/libmidas.a -pthread -lrt -lutil /nfsroot/gdm00/usr/lib/aarch64-linux-gnu/libi2c.a -static<br />
</pre><br />
<br />
= ARM cross-compiler =<br />
<br />
* armv7 (RPi3, MityARM CAMAC) machines (Debian-12 armhf target, Ubuntu 24.04 host)<br />
* install packages:<br />
<pre><br />
apt install g++-arm-linux-gnueabihf gcc-arm-linux-gnueabihf libstdc++-dev-armhf-cross libc6-dev-armhf-cross<br />
</pre><br />
* build MIDAS frontend (static linking)<br />
<pre><br />
arm-linux-gnueabihf-g++ -std=c++11 -Wall -Wuninitialized -g -O2 -I/home/dldaq/packages/midas/include -I/home/dldaq/packages/midas/mvodb -c koi2c.cxx<br />
arm-linux-gnueabihf-g++ -o fedldb.exe -std=c++11 -Wall -Wuninitialized -g -O2 -I/home/dldaq/packages/midas/include -I/home/dldaq/packages/midas/mvodb fedldb.o koi2c.o /home/dldaq/packages/midas/linux-armv7-remoteonly/lib/libmidas.a -L/usr/arm-linux-gnueabihf/lib -L/nfsroot/dltdc/usr/lib/arm-linux-gnueabihf -static -lm -lz -lutil -lnsl -lpthread -lrt -li2c<br />
/usr/lib/gcc-cross/arm-linux-gnueabihf/13/../../../../arm-linux-gnueabihf/bin/ld: /home/dldaq/packages/midas/linux-armv7-remoteonly/lib/libmidas.a(system.o): in function `ss_socket_connect_tcp(char const*, int, int*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >*)':<br />
/home/dldaq/packages/midas/src/system.cxx:4984:(.text+0x252a): warning: Using 'getaddrinfo' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking<br />
</pre><br />
<br />
= 32-bit intel cross-compiler =<br />
<br />
Ubuntu 22.04:<br />
<br />
<pre><br />
apt install libstdc++-11-dev:i386<br />
apt install zlib1g-dev:i386<br />
</pre><br />
<br />
NOTES:<br />
* "g++ -m32" does not find libstdc++, please use "g++ -m32 -L/usr/lib/gcc/i686-linux-gnu/11/"<br />
* to cross-build 32-bit MIDAS, use "make linux32".<br />
* executables cross-build on Ubuntu-22 do NOT run on 32-bit Debain-11 (GLIBC and GLIBCXX version mismatch)<br />
* executables cross-build on Ubuntu-22 run on 32-bit Debian-12.<br />
<br />
= SSH settings for EPICS =<br />
<br />
* TRIUMF EPICS runs obsolete version of SSH<br />
* add this to the use .ssh/config<br />
<pre><br />
Host sbp1*<br />
HostKeyAlgorithms +ssh-rsa<br />
PubKeyAcceptedAlgorithms +ssh-rsa<br />
KexAlgorithms +diffie-hellman-group1-sha1<br />
ForwardX11 yes<br />
ForwardX11Trusted yes<br />
</pre><br />
<br />
= changes for VME processors =<br />
<br />
<pre><br />
apt -y remove sysstat man-db<br />
apt -y purge dkms<br />
apt -y purge mdadm<br />
apt -y autoremove<br />
</pre><br />
<br />
= remove snap (U-24) =<br />
<br />
Note: snap stores data in $USER/snap/$SNAPNAME, removing a snap on one machine will remove this data from all users even if they want to use snap on some other machine.<br />
<br />
Remove snaps:<br />
<br />
NOTE: first remove chromium and firefox, see below.<br />
<br />
<pre><br />
snap list<br />
echo snap remove chromium ### see below<br />
echo snap remove firefox ### see below<br />
snap remove thunderbird<br />
snap remove cups<br />
snap remove firmware-updater<br />
snap remove gtk-common-themes<br />
snap remove snapd-desktop-integration<br />
snap remove snap-store<br />
snap remove hunspell-dictionaries-1-7-2004<br />
snap remove gnome-system-monitor<br />
snap remove gnome-3-26-1604<br />
snap remove gnome-3-28-1804<br />
snap remove gnome-3-34-1804<br />
snap remove gnome-3-38-2004<br />
snap remove gnome-42-2204<br />
snap remove gnome-46-2404<br />
snap remove mesa-2404<br />
snap remove core<br />
snap remove core18<br />
snap remove core20<br />
snap remove core22<br />
snap remove core24<br />
snap remove bare<br />
snap remove snapd<br />
snap list<br />
</pre><br />
<pre><br />
root@daqubuntu:~# snap list<br />
No snaps are installed yet. Try 'snap install hello-world'.<br />
root@daqubuntu:~# <br />
</pre><br />
<br />
Identify packages that install snaps:<br />
<br />
<pre><br />
apt list | grep snap | grep installed<br />
</pre><br />
<br />
Typical output:<br />
<br />
<pre><br />
firefox/noble,now 1:1snap1-0ubuntu5 amd64 [installed]<br />
gir1.2-snapd-2/noble,now 1.64-0ubuntu5 amd64 [installed,automatic]<br />
libsnapd-glib-2-1/noble,now 1.64-0ubuntu5 amd64 [installed,automatic]<br />
libsnapd-qt-2-1/noble,now 1.64-0ubuntu5 amd64 [installed,automatic]<br />
libsnappy1v5/noble,now 1.1.10-1build1 amd64 [installed,automatic]<br />
plasma-discover-backend-snap/noble,now 5.27.11-0ubuntu2 amd64 [installed]<br />
snapd/noble-updates,now 2.66.1+24.04 amd64 [installed]<br />
</pre><br />
<br />
Remove packages that install snaps:<br />
<br />
<pre><br />
apt remove chromium-browser<br />
apt remove chromium-codecs-ffmpeg-extra<br />
apt remove thunderbird<br />
apt remove firefox<br />
apt remove plasma-discover-backend-snap<br />
apt remove plasma-discover-snap-backend<br />
apt remove snapd<br />
apt purge snapd<br />
# package gir1.2-snapd-2 is required by ubuntu-mate-desktop & co<br />
# libsnapd-glib-2-1 is required by gstreamer, gnome-remote-desktop & co<br />
ls -l /etc/systemd/system/ | grep snap ### remove unwanted stuff<br />
</pre><br />
<br />
Remove Chromium:<br />
<br />
* ls -ld /home/*/snap/chromium/*<br />
* echo /bin/rm -rf `ls -1d /home/*/snap/chromium/*`<br />
* snap remove chromium<br />
<br />
Remove Firefox:<br />
<br />
* ls -ld /home/*/snap/firefox/*<br />
* echo /bin/rm -rf `ls -1d /home/*/snap/firefox/*` ### this will delete "snap firefox" profiles of all users!!!<br />
* snap remove firefox ### this will also delete "snap firefox" profiles of all users!!!<br />
<br />
Remove gir1.2-snapd-2:<br />
* echo rm -vf /usr/lib/x86_64-linux-gnu/girepository-1.0/Snapd-2.typelib<br />
<br />
= boot using syslinux =<br />
<br />
* NOTE: extlinux is not compatible with ext4 "64bit" feature, it should be turned off:<br />
<pre><br />
mkfs.ext4 -O ^64bit /dev/sdX1<br />
resize2fs -s /dev/sdX1<br />
</pre><br />
<br />
* install syslinux and extlinux (THIS DOES NOT WORK!!!)<br />
<br />
<pre><br />
apt -y install syslinux extlinux<br />
dd if=/usr/lib/syslinux/mbr/mbr.bin of=/dev/sdX ### NOT /dev/sdX1 NOT !!!<br />
cd /boot<br />
cp /usr/lib/syslinux/modules/bios/menu.c32 .<br />
extlinux -i .<br />
</pre><br />
<br />
* install syslinux and extlinux<br />
<br />
* copy from old SL6 USB disk (this is extlinux 6.02)<br />
<pre><br />
root@localhost:/boot# ls -l<br />
-rwxr-xr-x 1 root root 218952 Jan 28 17:40 extlinux<br />
-rw-r--r-- 1 root root 402 Jan 29 14:45 extlinux.conf<br />
-rw-r--r-- 1 root root 496 Jan 29 14:39 extlinux.conf~<br />
-r--r--r-- 1 root root 122044 Jan 29 14:39 ldlinux.c32<br />
-r--r--r-- 1 root root 67072 Jan 29 14:39 ldlinux.sys<br />
-rwxr-xr-x 1 root root 24156 Jan 28 17:40 libutil.c32<br />
-rw-r--r-- 1 root root 304 Jan 28 17:40 mbr.bin<br />
-rw-r--r-- 1 root root 26140 Jan 28 17:40 memdisk<br />
-rw-r--r-- 1 root root 69043 Jan 28 17:40 memtest86+-4.20.iso.zip<br />
-rw-r--r-- 1 root root 183012 Jan 28 17:40 memtest86+-5.01<br />
-rw-r--r-- 1 root root 26568 Jan 28 17:40 menu.c32<br />
</pre><br />
<br />
* install<br />
<pre><br />
dd if=mbr.bin of=/dev/sdX ### NOT /dev/sdX1 NOT !!!<br />
extlinux -i .<br />
</pre><br />
* check that partition /dev/sdX1 is marked bootable (fdisk command "a")<br />
<br />
* create /boot/extlinux.conf<br />
<br />
<pre><br />
DEFAULT menu.c32<br />
PROMPT 0<br />
TIMEOUT 50<br />
<br />
MENU TITLE TRIUMF DAQ USB BOOT32 ver K.O. 2025jan28<br />
<br />
LABEL linux<br />
MENU DEFAULT<br />
kernel /vmlinuz<br />
append initrd=/initrd.img panic=60 rootdelay=5 rootwait rw root=/dev/sda1<br />
<br />
LABEL linux-6.1.0-28-686<br />
kernel vmlinuz-6.1.0-28-686<br />
append initrd=initrd.img-6.1.0-28-686 panic=60 rootdelay=5 rootwait rw root=/dev/sda1<br />
<br />
LABEL memtest<br />
kernel memtest86+-1.65<br />
</pre></div>
Lindner
https://daq00.triumf.ca/DaqWiki/index.php?title=DaqVlanConfig&diff=8291
DaqVlanConfig
2025-02-21T19:46:29Z
<p>Lindner: /* GRSI */</p>
<hr />
<div>The following is the list of VLANs associated with the DAQ and DAQ-managed experimental areas.<br />
<br />
The master list of TRIUMF VLANs is available on [https://ccn.triumf.ca/sysadmin/network/vlan-assignments CCN VLAN list].<br />
<br />
Extra Information:<br />
<br />
* VLAN number is how CCN identifies this VLAN<br />
* [https://www.triumf.info/wiki/DAQwiki/images/4/4a/Psd_vlan_proposal.pdf This document] lists the original proposal for moving PSD experimental areas to new VLANs. Some of the implementation details may no longer be correct, but the document explains the motivation for the change.<br />
<br />
== UCN == <br />
* UCN <br />
* VLAN number = 68 <br />
* IP range = 142.90.151.0/24 <br />
* subnet = *.ucn.triumf.ca <br />
* gateway = 142.90.151.254 <br />
* switch ports: VLAN68 is available on ports XX and YY of switch ZZ<br />
* [https://ccn.triumf.ca/sysadmin/network/firewalls/security-policies/internal#from-zone-triumf-lan-to-zone-ucn firewall rules]: Blocking all traffic from off-site other than http, https, ssh<br />
<br />
== CMMS == <br />
* CMMS <br />
* VLAN number = 56 <br />
* IP range = 142.90.154.0/24 <br />
* prefix = 24<br />
* netmask = 255.255.255.0<br />
* subnet = *.triumf.ca <br />
* gateway = 142.90.154.254 <br />
* DAQ DHCP server: midm15, midm9a<br />
* DNS server: 142.90.100.19 (for now)<br />
* switch ports: VLAN56 is available on <br />
** ports 25-44 of switch bay13 <br />
** ports 0-23 of switch JUN63 <br />
** outlet 243-8 in the DAQ lab.<br />
* [https://ccn.triumf.ca/sysadmin/network/firewalls/security-policies/internal#from-zone-triumf-lan-to-zone-cmms firewall rules]: none yet.<br />
* migration of IP addresses: [[MUSR_Cluster#CMMS_VLAN_migration]]<br />
<br />
== GRSI == <br />
* Griffin/Tigress/EMMA<br />
* VLAN number = 72 <br />
* IP range = 142.90.156.0 – 142.90.159.255<br />
* prefix = 22<br />
* netmask = 142.90.252.0<br />
* broadcast = 142.90.159.255<br />
* subnet = *.triumf.ca (I think this should be *.grsi.triumf.ca - TL) <br />
* gateway = 142.90.159.254<br />
* switch ports: ports 1-3 of bay42 in TIGRESS<br />
* firewall rules: none<br />
<br />
== GRIFFIN/TIGRESS (OLD, eventually to be retired)== <br />
* Griffin/Tigress<br />
* VLAN number = 70 <br />
* IP range = 142.90.153.0/24 <br />
* subnet = *.triumf.ca <br />
* gateway = 142.90.153.254 <br />
* switch ports: bay02 switch3 port 35 patch cable LE-lA<br />
* firewall rules: ???</div>
Lindner
https://daq00.triumf.ca/DaqWiki/index.php?title=VMs&diff=8272
VMs
2025-02-14T01:36:19Z
<p>Lindner: </p>
<hr />
<div>The following is a list of virtual machines provided by the Core Computing group which are used by the DAQ group or by related experimental groups. Many of them are for elog instances.<br />
<br />
<br />
{| border="1" <br />
|+<br />
| VM machine name <br />
|Other names<br />
| Group<br />
| VLAN<br />
| Purpose<br />
| Status<br />
|-<br />
| midastestdaq<br />
|<br />
| DAQ<br />
| 1<br />
| Has example MIDAS installation (part of documentation)<br />
| Currently broken<br />
|-<br />
| trdata05<br />
|<br />
| DAQ<br />
| 1<br />
| Provides ~10TB of storage for the DAQ dcache instance.<br />
|<br />
<br />
|-<br />
| ucmsrv0-vm.triumf.ca<br />
| ucnelog<br />
| UCN<br />
| 1<br />
| Providing UCN elog<br />
|<br />
|-<br />
|-<br />
| penelope-daq.ucn.triumf.ca<br />
| <br />
| UCN<br />
| 68 (UCN)<br />
| DAQ for PENELOPE detector<br />
|<br />
|-<br />
| ucnbackup.triumf.ca<br />
|<br />
| UCN<br />
| 68<br />
| Provides 2TB of storage for raw data backup<br />
|<br />
|-<br />
| ktmserver.triumf.ca<br />
|<br />
| UCN<br />
| 1<br />
| Provides readout and online display for the 1VM4 notch monitor (beamline 1V)<br />
|<br />
|-<br />
| exoelog.triumf.ca<br />
|<br />
| EXO<br />
| 1<br />
| Provides elog for EXO tests<br />
| not really used<br />
|-<br />
| scdms-srv0.triumf.ca<br />
|<br />
| SuperCDMS<br />
| 1<br />
| Testbed for CDMS development on Centos-7; also provides elog.<br />
|<br />
|-<br />
| mpmtelog.triumf.ca<br />
|<br />
| T2K<br />
| 1<br />
| Provides elog for mPMT development<br />
|<br />
|-<br />
| m11elog.triumf.ca<br />
|<br />
| M11<br />
| 1<br />
| Provides elog for M11 beamline<br />
|<br />
|-<br />
| nd280elog-vm<br />
|<br />
| T2K<br />
| 1<br />
| Provides elog for ND280<br />
|<br />
|-<br />
| nd280webservice-vm<br />
|<br />
| T2K<br />
| 1<br />
| Provides various elog services<br />
|<br />
|-<br />
| neut00-vm.triumf.ca<br />
|<br />
| T2K<br />
| 1<br />
| Provides T2KGSC mirror, web & db server<br />
|<br />
|-<br />
| trbsddb-vm.triumf.ca<br />
|<br />
| T2K<br />
| 1<br />
| Provides BSD MySQL Database server<br />
|<br />
|-<br />
| t2kcaldb.triumf.ca<br />
|<br />
| T2K<br />
| 1<br />
| Provides MySQL database for ND280 calibration<br />
|<br />
|-<br />
| t2kcaldb-backup.triumf.ca <br />
|<br />
| T2K<br />
| 1<br />
| Provides MySQL endpoint for calibration database<br />
|<br />
|-<br />
| nd280gsc-backup.triumf.ca <br />
|<br />
| T2K<br />
| 1<br />
| Provides MySQL endpoint for GSC database<br />
|<br />
|<br />
|-<br />
| t2k-fdg-hwdb.triumf.ca<br />
|<br />
| T2K<br />
| 1<br />
| Hosts the FGD hardware database and webserver<br />
|<br />
|<br />
|-<br />
|}</div>
Lindner
https://daq00.triumf.ca/DaqWiki/index.php?title=VMs&diff=8271
VMs
2025-02-14T01:36:04Z
<p>Lindner: </p>
<hr />
<div>The following is a list of virtual machines provided by the Core Computing group which are used by the DAQ group or by related experimental groups. Many of them are for elog instances.<br />
<br />
<br />
{| border="1" <br />
|+<br />
| VM machine name <br />
|Other names<br />
| Group<br />
| VLAN<br />
| Purpose<br />
| Status<br />
|-<br />
| midastestdaq<br />
|<br />
| DAQ<br />
| 1<br />
| Has example MIDAS installation (part of documentation)<br />
| Currently broken<br />
|-<br />
| trdata05<br />
|<br />
| DAQ<br />
| 1<br />
| Provides ~10TB of storage for the DAQ dcache instance.<br />
|<br />
<br />
|-<br />
| ucmsrv0-vm.triumf.ca<br />
| ucnelog<br />
| UCN<br />
| 1<br />
| Providing UCN elog<br />
|<br />
|-<br />
|-<br />
| penelope-daq.ucn.triumf.ca<br />
| PENELOPE DAQ<br />
| UCN<br />
| 68 (UCN)<br />
| DAQ for PENELOPE detector<br />
|<br />
|-<br />
| ucnbackup.triumf.ca<br />
|<br />
| UCN<br />
| 68<br />
| Provides 2TB of storage for raw data backup<br />
|<br />
|-<br />
| ktmserver.triumf.ca<br />
|<br />
| UCN<br />
| 1<br />
| Provides readout and online display for the 1VM4 notch monitor (beamline 1V)<br />
|<br />
|-<br />
| exoelog.triumf.ca<br />
|<br />
| EXO<br />
| 1<br />
| Provides elog for EXO tests<br />
| not really used<br />
|-<br />
| scdms-srv0.triumf.ca<br />
|<br />
| SuperCDMS<br />
| 1<br />
| Testbed for CDMS development on Centos-7; also provides elog.<br />
|<br />
|-<br />
| mpmtelog.triumf.ca<br />
|<br />
| T2K<br />
| 1<br />
| Provides elog for mPMT development<br />
|<br />
|-<br />
| m11elog.triumf.ca<br />
|<br />
| M11<br />
| 1<br />
| Provides elog for M11 beamline<br />
|<br />
|-<br />
| nd280elog-vm<br />
|<br />
| T2K<br />
| 1<br />
| Provides elog for ND280<br />
|<br />
|-<br />
| nd280webservice-vm<br />
|<br />
| T2K<br />
| 1<br />
| Provides various elog services<br />
|<br />
|-<br />
| neut00-vm.triumf.ca<br />
|<br />
| T2K<br />
| 1<br />
| Provides T2KGSC mirror, web & db server<br />
|<br />
|-<br />
| trbsddb-vm.triumf.ca<br />
|<br />
| T2K<br />
| 1<br />
| Provides BSD MySQL Database server<br />
|<br />
|-<br />
| t2kcaldb.triumf.ca<br />
|<br />
| T2K<br />
| 1<br />
| Provides MySQL database for ND280 calibration<br />
|<br />
|-<br />
| t2kcaldb-backup.triumf.ca <br />
|<br />
| T2K<br />
| 1<br />
| Provides MySQL endpoint for calibration database<br />
|<br />
|-<br />
| nd280gsc-backup.triumf.ca <br />
|<br />
| T2K<br />
| 1<br />
| Provides MySQL endpoint for GSC database<br />
|<br />
|<br />
|-<br />
| t2k-fdg-hwdb.triumf.ca<br />
|<br />
| T2K<br />
| 1<br />
| Hosts the FGD hardware database and webserver<br />
|<br />
|<br />
|-<br />
|}</div>
Lindner
https://daq00.triumf.ca/DaqWiki/index.php?title=DaqVlanConfig&diff=8235
DaqVlanConfig
2025-02-11T23:58:29Z
<p>Lindner: </p>
<hr />
<div>The following is the list of VLANs associated with the DAQ and DAQ-managed experimental areas.<br />
<br />
The master list of TRIUMF VLANs is available on [https://ccn.triumf.ca/sysadmin/network/vlan-assignments CCN VLAN list].<br />
<br />
Extra Information:<br />
<br />
* VLAN number is how CCN identifies this VLAN<br />
* [https://www.triumf.info/wiki/DAQwiki/images/4/4a/Psd_vlan_proposal.pdf This document] lists the original proposal for moving PSD experimental areas to new VLANs. Some of the implementation details may no longer be correct, but the document explains the motivation for the change.<br />
<br />
== UCN == <br />
* UCN <br />
* VLAN number = 68 <br />
* IP range = 142.90.151.0/24 <br />
* subnet = *.ucn.triumf.ca <br />
* gateway = 142.90.151.254 <br />
* switch ports: VLAN68 is available on ports XX and YY of switch ZZ<br />
* [https://ccn.triumf.ca/sysadmin/network/firewalls/security-policies/internal#from-zone-triumf-lan-to-zone-ucn firewall rules]: Blocking all traffic from off-site other than http, https, ssh<br />
<br />
== CMMS == <br />
* CMMS <br />
* VLAN number = 56 <br />
* IP range = 142.90.154.0/24 <br />
* prefix = 24<br />
* netmask = 255.255.255.0<br />
* subnet = *.triumf.ca <br />
* gateway = 142.90.154.254 <br />
* DAQ DHCP server: midm15, midm9a<br />
* DNS server: 142.90.100.19 (for now)<br />
* switch ports: VLAN56 is available on <br />
** ports 25-44 of switch bay13 <br />
** ports 0-23 of switch JUN63 <br />
** outlet 243-8 in the DAQ lab.<br />
* [https://ccn.triumf.ca/sysadmin/network/firewalls/security-policies/internal#from-zone-triumf-lan-to-zone-cmms firewall rules]: none yet.<br />
* migration of IP addresses: [[MUSR_Cluster#CMMS_VLAN_migration]]<br />
<br />
== GRSI == <br />
* Griffin/Tigress/EMMA<br />
* VLAN number = 72 <br />
* IP range = 142.90.156.0 – 142.90.159.255<br />
* prefix = 22<br />
* netmask = 142.90.252.0<br />
* broadcast = 142.90.159.255<br />
* subnet = *.triumf.ca <br />
* gateway = 142.90.159.254<br />
* switch ports: ports 1-3 of bay42 in TIGRESS<br />
* firewall rules: none<br />
<br />
== GRIFFIN/TIGRESS (OLD, eventually to be retired)== <br />
* Griffin/Tigress<br />
* VLAN number = 70 <br />
* IP range = 142.90.153.0/24 <br />
* subnet = *.triumf.ca <br />
* gateway = 142.90.153.254 <br />
* switch ports: bay02 switch3 port 35 patch cable LE-lA<br />
* firewall rules: ???</div>
Lindner
https://daq00.triumf.ca/DaqWiki/index.php?title=DaqVlanConfig&diff=8234
DaqVlanConfig
2025-02-11T23:13:31Z
<p>Lindner: /* GRSI */</p>
<hr />
<div>The following is the list of VLANs associated with the DAQ and DAQ-managed experimental areas.<br />
<br />
The master list of TRIUMF VLANs is available on [https://ccn.triumf.ca/sysadmin/network/vlan-assignments CCN VLAN list].<br />
<br />
Extra Information:<br />
<br />
* VLAN number is how CCN identifies this VLAN<br />
* [https://www.triumf.info/wiki/DAQwiki/images/4/4a/Psd_vlan_proposal.pdf This document] lists the original proposal for moving PSD experimental areas to new VLANs. Some of the implementation details may no longer be correct, but the document explains the motivation for the change.<br />
<br />
== UCN == <br />
* UCN <br />
* VLAN number = 68 <br />
* IP range = 142.90.151.0/24 <br />
* subnet = *.ucn.triumf.ca <br />
* gateway = 142.90.151.254 <br />
* switch ports: VLAN68 is available on ports XX and YY of switch ZZ<br />
* [https://ccn.triumf.ca/sysadmin/network/firewalls/security-policies/internal#from-zone-triumf-lan-to-zone-ucn firewall rules]: Blocking all traffic from off-site other than http, https, ssh<br />
<br />
== CMMS == <br />
* CMMS <br />
* VLAN number = 56 <br />
* IP range = 142.90.154.0/24 <br />
* prefix = 24<br />
* netmask = 255.255.255.0<br />
* subnet = *.triumf.ca <br />
* gateway = 142.90.154.254 <br />
* DAQ DHCP server: midm15, midm9a<br />
* DNS server: 142.90.100.19 (for now)<br />
* switch ports: VLAN56 is available on <br />
** ports 25-44 of switch bay13 <br />
** ports 0-23 of switch JUN63 <br />
** outlet 243-8 in the DAQ lab.<br />
* [https://ccn.triumf.ca/sysadmin/network/firewalls/security-policies/internal#from-zone-triumf-lan-to-zone-cmms firewall rules]: none yet.<br />
* migration of IP addresses: [[MUSR_Cluster#CMMS_VLAN_migration]]<br />
<br />
== GRSI == <br />
* Griffin/Tigress/EMMA<br />
* VLAN number = 72 <br />
* IP range = 142.90.156.0 – 142.90.159.255<br />
* For cleaniness Steve divides the range as<br />
** ISAC1 Griffin hosts on 142.90.156.0/22<br />
** ISAC2 Tigress hosts on 142.90.158.0/22<br />
** ISAC2 Emma hosts on 142.90./159.0/22<br />
* prefix = 22<br />
* netmask = 142.90.252.0<br />
* broadcast = 142.90.159.255<br />
* subnet = *.triumf.ca <br />
* gateway = 142.90.159.254<br />
* switch ports: ports 1-3 of bay42 in TIGRESS<br />
* firewall rules: none<br />
<br />
== GRIFFIN/TIGRESS (OLD, eventually to be retired)== <br />
* Griffin/Tigress<br />
* VLAN number = 70 <br />
* IP range = 142.90.153.0/24 <br />
* subnet = *.triumf.ca <br />
* gateway = 142.90.153.254 <br />
* switch ports: bay02 switch3 port 35 patch cable LE-lA<br />
* firewall rules: ???</div>
Lindner
https://daq00.triumf.ca/DaqWiki/index.php?title=Ubuntu&diff=8233
Ubuntu
2025-02-11T23:04:35Z
<p>Lindner: /* Install amanda client */</p>
<hr />
<div>= Prerequisites =<br />
<br />
* before setting up new machine run memory test<br />
* prepare flash drive with free version of memtest86: https://www.memtest86.com<br />
* test boot from flash drive, test takes ~ few hours<br />
* test will end with summary page, if passed continue with Ubuntu<br />
* number that might be worth noting is memory latency<br />
<br />
= Ubuntu version =<br />
<br />
<pre><br />
lsb_release -a<br />
uname -a<br />
</pre><br />
<br />
= Ubuntu installer =<br />
<br />
* updated for Ububtu LTS 20.04.01, 22.04.1, 24.04 (only minor differences)<br />
<br />
* download the latest Ubuntu LTS desktop installer iso image<br />
* dd the image to a USB key<br />
* power down, disconnect all disks (all HDDs, all SSDs, all M.2)<br />
* connect the SSD to be used as system disk<br />
* if system will use mirrored SSDs (using ZFS mirror), leave second SSD disconnected, we will activate it later<br />
* power up<br />
* boot from USB key in legacy mode or UEFI mode (select this in the BIOS boot menu - F8 for ASUS, F11 for Supermicro)<br />
* follow the instruction:<br />
* "try ubuntu or install ubuntu" - choose "install"<br />
* select language - accept default<br />
* "updates and other software" - accept default settings ("normal install")<br />
* "installation type" - select "advanced features" and "experimental: use ZFS"<br />
* accept partition choice<br />
* "where are you?" - select "Vancouver" (PST time zone)<br />
* "who are you?" - leave all fields blank, except "username" set to "wheel", "password" set to the root password. hostname will be set later after configuring the network<br />
* don't install third party sw<br />
* installation runs in a few minutes, when finished, reboot<br />
* login as user wheel<br />
* answer annouying questions:<br />
* "livepatch" - say "next"<br />
* "help improve" - select "do not send", say "next"<br />
* "privacy" - leave "location" as "off", say "next"<br />
* "ready to go", say "done"<br />
* right-click on the desktop, say "open in terminal", a shell will open<br />
* say "sudo /bin/bash", enter the root password, you now have the root shell<br />
* run nm-connection-editor to configure the network. use netmask 255.255.224.0, gateway 142.90.100.18, DNS 142.90.100.19, search path "triumf.ca"<br />
* after network is up (can ping ladd00), continue with post-installation steps below<br />
<br />
= Install instructions =<br />
<br />
== prepare ==<br />
<pre><br />
apt update<br />
apt upgrade<br />
</pre><br />
<br />
== install ssh ==<br />
<pre><br />
apt install ssh<br />
</pre><br />
<br />
== install git/scripts ==<br />
<pre><br />
apt -y install git<br />
mkdir ~root/git<br />
cd ~root/git<br />
git clone https://daq00.triumf.ca/~olchansk/git/scripts.git<br />
cd scripts<br />
git pull<br />
</pre><br />
<br />
* if needed, update git/scripts repository from ladd00 to daq00:<br />
* git remote -v ### if it says daq00, we are good<br />
* git remote set-url origin https://daq00.triumf.ca/~olchansk/git/scripts.git<br />
* git pull ### check that it works<br />
<br />
== configure hostname ==<br />
<pre><br />
vi /etc/hostname<br />
</pre><br />
<br />
== disable swap ==<br />
<br />
ubuntu installer creates a 2 GB swap partition, not useful<br />
on 32-64 GB machine, disable it:<br />
<pre><br />
vi /etc/fstab ### comment out the "swap" line<br />
</pre><br />
<br />
* on 64 GB RAM machines swap is not useful<br />
* on machines booted from network (NFS-ROOT), swap does not work<br />
* on machines running from flash (RPi, etc), flash is too slow for useful swap<br />
* swap configured by linux installers invariably has wrong size and is not useful<br />
<br />
<pre><br />
systemctl disable dphys-swapfile<br />
systemctl stop dphys-swapfile<br />
dphys-swapfile uninstall<br />
</pre><br />
<br />
== maybe reboot ==<br />
<br />
this is a good point to reboot the machine to boot<br />
the latest kernel and to set the correct hostname<br />
<br />
== install etckeeper ==<br />
<br />
keep contents of /etc in a git repository:<br />
<br />
<pre><br />
apt -y install etckeeper<br />
</pre><br />
<br />
== set timezone ==<br />
<pre><br />
timedatectl list-timezones | grep -i vancouver<br />
timedatectl set-timezone America/Vancouver<br />
</pre><br />
<br />
== install time synchronization ==<br />
<br />
check if chrony is installed correctly and is synched to TRIUMF time servers:<br />
<br />
<pre><br />
chronyc sources<br />
chronyc tracking<br />
</pre><br />
<br />
if not, remove old chrony and<br />
<br />
<pre><br />
apt -y remove chrony<br />
apt -y purge chrony<br />
</pre><br />
<br />
and install it from scratch:<br />
<br />
<pre><br />
apt -y install chrony<br />
cd ~/git/scripts<br />
git pull<br />
cd ~<br />
cp ~/git/scripts/etc/triumf.sources /etc/chrony/sources.d/<br />
systemctl disable systemd-timesyncd.service<br />
systemctl stop systemd-timesyncd.service<br />
systemctl disable ntp<br />
systemctl stop ntp<br />
systemctl enable chrony<br />
systemctl restart chrony<br />
chronyc sources<br />
chronyc tracking<br />
</pre><br />
<br />
== reenable systemd-timesyncd ==<br />
<br />
ONLY IF CHRONY DOES NOT WORK<br />
<br />
To configure systemd-timesyncd, set "NTP=" in /etc/systemd/timesyncd.conf<br />
<br />
<pre><br />
apt remove chrony<br />
cat /etc/systemd/timesyncd.conf<br />
systemctl enable systemd-timesyncd.service<br />
systemctl restart systemd-timesyncd.service<br />
systemctl status systemd-timesyncd.service<br />
timedatectl status<br />
timedatectl timesync-status<br />
</pre><br />
<br />
== enable outgoing email (debian 11) ==<br />
<br />
this is different from ubuntu 20. it uses /etc/mailname and it hardwires the hostname into main.cf.<br />
<br />
== enable outgoing email ==<br />
<br />
we have an unusual email configuration. outgoing email should work to deliver error messages, notices, etc. incoming email is disabled, we do not receive email for local users.<br />
<br />
this causes problems with TRIUMF smtp server. if our message cannot be delivered (wrong email address or receipient computer is turned off), TRIUMF smtp server will generate a delivery failure notification email and try to send it to the "from" address of the failed message. but the "from" address does not receive any email, so another delivery failure notification email is generated and an attempt to deliver it. which again fails, rinse and repeat.<br />
<br />
as solution, kray created a special rule, email from scrap.triumf.ca does not generate delivery failure notices. failed messages sit in the queue for 5 days, then they are deleted. (K.O. - confirmed with kray 3jan2024).<br />
<br />
to make this work we use the msmtp MTA package.<br />
<br />
<pre><br />
cd ~<br />
apt -y remove postfix<br />
apt -y purge postfix # remove old config files<br />
apt -y install mailutils msmtp msmtp-mta # say "no" to apparmor support<br />
apt -y install bsd-mailx<br />
cd ~/git/scripts/etc<br />
git pull<br />
/bin/cp -fv aliases /etc/aliases<br />
/bin/cp -fv msmtprc /etc/msmtprc<br />
/bin/rm -vf ~root/.forward<br />
/bin/rm -vf /etc/mailname<br />
Mail root<br />
Subject: test<br />
test<br />
^D<br />
CC: <CR><br />
</pre><br />
<br />
== enable outgoing email (postfix) ==<br />
<br />
THIS IS OBSOLETE!!!<br />
<br />
* TRIUMF: use smtp.triumf.ca<br />
* CERN: use cernmx.cern.ch<br />
<br />
<pre><br />
apt install postfix ### select "satellite system", enter full hostname "xxx.triumf.ca", enter "smtp.triumf.ca"<br />
apt install mailutils<br />
dpkg-reconfigure postfix ### (if postfix already installed)<br />
</pre><br />
<pre><br />
echo olchansk@triumf.ca lindner@triumf.ca bsmith@triumf.ca >> ~root/.forward<br />
mailx root<br />
test<br />
^D<br />
</pre><br />
<br />
== enable ping for all users (debian 11) ==<br />
<br />
Without this tweak, Debian will report "operation not permitted" if a user tries to ping somewhere.<br />
<br />
<pre><br />
echo 'net.ipv4.ping_group_range = 0 1000' > /etc/sysctl.d/99-ping.conf<br />
</pre><br />
<br />
== disable apparmor ==<br />
<br />
On NFS-Root network booted machines!<br />
<br />
If "man man" returns "permission denied" and syslog reports apparmor "sendmsg DENIED" errors, disable apparmor. This is supposedly fixed in kernel 6.0 and later (to be confirmed), see https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1784499<br />
<br />
Disable apparmor, see https://ubuntu.com/server/docs/security-apparmor<br />
<br />
This takes effect after a reboot.<br />
<br />
<pre><br />
systemctl stop apparmor.service<br />
systemctl disable apparmor.service<br />
</pre><br />
<br />
== install missing packages ==<br />
<br />
(apt eats terminal input, even the "yes |" trick does not quite work,<br />
repeat the following commands until they report that everything<br />
is installed)<br />
<br />
<pre><br />
yes | apt -y install ssh tcsh ethtool ncat rsync strace net-tools traceroute time minicom screen git lsof debsums tmux iptables telnet pax rpm mtools at gdisk<br />
yes | apt -y install sysstat smartmontools lm-sensors<br />
yes | apt -y install lsb-release<br />
apt -y install vim # in addition to default vim-tiny, requested by IRIS<br />
apt -y install tcl<br />
apt -y install pax rpm alien ### package converter tools<br />
yes | apt -y install flex bison<br />
yes | apt -y install neofetch<br />
yes | apt -y install snmp snmp-mibs-downloader<br />
yes | apt -y install git subversion g++ gfortran cmake doxygen<br />
yes | apt -y install curl libcurl4 libcurl4-openssl-dev<br />
yes | apt -y install mariadb-client ### mysql client<br />
yes | apt -y install libz-dev libzstd-dev sqlite3 libsqlite3-dev unixodbc-dev<br />
yes | apt -y install libssl-dev<br />
yes | apt -y install emacs xemacs21 joe<br />
yes | apt -y install gnuplot dos2unix<br />
yes | apt -y install mutt bsd-mailx # email clients<br />
yes | apt -y install liblz4-tool pbzip2<br />
yes | apt -y install libc6-dev-i386 # otherwise no /usr/include/sys/types.h<br />
yes | apt -y install libreadline-dev<br />
yes | apt -y install ubuntu-mate-themes<br />
yes | apt -y install libmotif-dev libxmu-dev<br />
yes | apt -y install libusb-dev libusb-1.0-0-dev<br />
yes | apt -y install i2c-tools libi2c-dev libi2c0<br />
yes | apt -y install xfig gsfonts-x11 gsfonts-other # install fonts for xfig<br />
yes | apt -y install libjson-perl<br />
yes | apt -y install libgsl-dev # additional GNU Scientific Library<br />
yes | apt -y install qt5-default # Qt development<br />
yes | apt -y install python3-full python3-dev python3-dbg python3-pip ### for pyROOT<br />
yes | apt -y install imagemagick imagemagick-common ckeditor # for elog<br />
yes | apt -y install libjpeg-dev libjpeg-progs libjpeg-tools<br />
yes | apt -y install linux-tools-common linux-tools-generic # cpupower frequency-info<br />
yes | apt -y install rdesktop remmina remmina-plugin"*" # requested by POL<br />
yes | apt -y install nlohmann-json3-dev # required to build MIDAS with ROOT 6.30 on Ubuntu-22<br />
apt -y install dpkg-dev cmake g++ gcc binutils libx11-dev libxpm-dev libxft-dev libxext-dev python3 libssl-dev libafterimage0 # from https://root.cern/install/dependencies/<br />
apt -y install gfortran libpcre3-dev xlibmesa-glu-dev libglew-dev libftgl-dev libmysqlclient-dev libfftw3-dev libcfitsio-dev graphviz-dev libldap2-dev python3-dev python3-numpy libxml2-dev libkrb5-dev libgsl0-dev qtwebengine5-dev nlohmann-json3-dev libtbb-dev libavahi-compat-libdnssd-dev # from https://root.cern/install/dependencies/<br />
apt -y install libvdt-dev # for ROOT 6.32 on Ubuntu-24<br />
apt -y install autoconf automake gperf # gnu package build tools<br />
apt -y install u-boot-tools # for Xilinx petalinux<br />
#apt -y install linux-headers-generic # to build linux kernel drivers<br />
</pre><br />
<br />
Ubuntu LTS 20.04:<br />
<pre><br />
yes | apt -y install linux-image-generic-hwe-20.04 linux-tools-virtual-hwe-20.04 # enable linux 5.11 series kernel<br />
</pre><br />
<br />
Ubuntu LTS 22.04:<br />
<pre><br />
apt -y install linux-generic-hwe-22.04 # enable linux 6.2.0 series kernel<br />
</pre><br />
<br />
Ubuntu LTS 24.04:<br />
<pre><br />
apt -y install linux-generic-hwe-24.04 # enable linux 6.8.0 series kernel<br />
</pre><br />
<br />
== install non-snap firefox ==<br />
<br />
See https://askubuntu.com/questions/1399383/how-to-install-firefox-as-a-traditional-deb-package-without-snap-in-ubuntu-22<br />
<br />
<pre><br />
add-apt-repository ppa:mozillateam/ppa<br />
apt install firefox-esr<br />
echo run firefox-esr<br />
</pre><br />
<br />
== configure DNS ==<br />
<br />
<pre><br />
cd ~/git/scripts<br />
git pull<br />
mkdir /etc/systemd/resolved.conf.d<br />
cp etc/resolved-triumf.conf /etc/systemd/resolved.conf.d/<br />
systemctl restart systemd-resolved<br />
resolvectl<br />
#systemd-analyze cat-config systemd/resolved.conf<br />
</pre><br />
<br />
== install ganglia ==<br />
<br />
<pre><br />
apt -y install ganglia-monitor<br />
cd ~root/git/scripts/ganglia<br />
git pull<br />
make install<br />
./ganglia-all.perl<br />
</pre><br />
<br />
fix gmond start before network is ready:<br />
<br />
<pre><br />
mkdir /etc/systemd/system/ganglia-monitor.service.d<br />
echo -e "[Unit]\nAfter=network-online.target\n" > /etc/systemd/system/ganglia-monitor.service.d/local.conf<br />
systemctl daemon-reload<br />
systemctl cat ganglia-monitor.service<br />
</pre><br />
<br />
== install gonodeinfo ==<br />
<br />
* go to https://bitbucket.org/dd1/gonodeinfo follow instructions:<br />
<pre><br />
yes | apt-get -y install golang<br />
mkdir ~/git<br />
cd ~/git<br />
#git clone https://bitbucket.org/dd1/gonodeinfo.git<br />
git clone https://daq00.triumf.ca/~olchansk/git/gonodeinfo.git<br />
cd gonodeinfo<br />
git remote set-url origin https://daq00.triumf.ca/~olchansk/git/gonodeinfo.git<br />
git pull<br />
make<br />
make install # install gonodeinfo agent<br />
cd ~ # this is important<br />
</pre><br />
* edit /etc/gonodeinfo.conf<br />
* change "Description", "Location", "User" and "Administrator" as appropriate (or delete them)<br />
* change "Servers" to read: Servers: daq00.triumf.ca:8601<br />
* run "gonodeinfo -v"<br />
* if error is "connection refused". go to the nodeinfo server to add this client to the access control list:<br />
* on the gonodeinfo server: run /opt/gonodeinfo/gonodereceive.exe -a daq13<br />
* try gonodeinfo again, there should be no error<br />
* on the gonodeinfo server: run gonodereport, look at the web pages, the new machine should be listed now<br />
<br />
== install emailonreboot ==<br />
<br />
send an email if computer is rebooted<br />
<br />
<pre><br />
ssh root<br />
mkdir -p ~/git<br />
cd ~/git<br />
git clone https://daq00.triumf.ca/~olchansk/git/rpms.git<br />
cd rpms/emailonreboot<br />
git pull<br />
make<br />
make install<br />
</pre><br />
<br />
== install monitor_nfs ==<br />
<br />
monitor NFS mounts and complain about dead, stale and hung mounts<br />
<br />
<pre><br />
ssh root<br />
mkdir -p ~/git<br />
cd ~/git<br />
git clone https://daq00.triumf.ca/~olchansk/git/rpms.git<br />
cd rpms/monitor_nfs<br />
git pull<br />
make<br />
make install<br />
</pre><br />
<br />
== install fonts for EPICS ==<br />
<br />
* apt -y install xfonts-100dpi xfonts-75dpi<br />
* restart Xorg (i.e. "killall Xorg", this will log you out from the console)<br />
* xlsfonts | grep -i helvetica ### should show fonts with different sizes, not just size 0 (scalable)<br />
<br />
== install libz.so.1 for CentOS compatibility ==<br />
<br />
KO - confirm which versions on quartus need this.<br />
<br />
<pre><br />
yes | apt-get -y install zlib1g<br />
yes | apt-get -y install zlib1g:i386 libc6:i386 libgcc1:i386 gcc-6-base:i386<br />
</pre><br />
<br />
== install libpng12.so.0 for Quartus compatibility ==<br />
<br />
(does not work anymore!!!)<br />
<br />
<pre><br />
wget http://ftp.ca.debian.org/debian/pool/main/libp/libpng/libpng12-0_1.2.50-2+deb8u2_amd64.deb<br />
dpkg --install libpng12-0_1.2.50-2+deb8u2_amd64.deb<br />
</pre><br />
<br />
== install libpng12.so.0 for Quartus 13.0sp1 ==<br />
<br />
<pre><br />
wget https://daq00.triumf.ca/~olchansk/linux/libpng12.so.0<br />
wget https://daq00.triumf.ca/~olchansk/linux/libpng12.so.0.50.0<br />
/bin/cp -pv libpng12.so.0 libpng12.so.0.50.0 /lib/x86_64-linux-gnu/<br />
</pre><br />
<br />
== install packages for Xilinx ==<br />
<br />
ubuntu LTS 22.04 vivado 2020.1<br />
<br />
<pre><br />
apt install autoconf libtool<br />
apt install libtinfo5<br />
apt install texinfo<br />
apt install zlib1g:i386<br />
</pre><br />
<br />
== install packages for building ROOT ==<br />
<br />
<pre><br />
apt -y install libx11-dev libxpm-dev libxft-dev libxext-dev libpng-dev libjpeg-dev xlibmesa-glu-dev libxml2-dev libgsl-dev cmake<br />
</pre><br />
<br />
== install 32-bit libraries for PHYSICA ==<br />
<br />
these instructions are for running 32-bit physica executable built for SL6 on ubuntu LTS 20.04<br />
<br />
install physica sources (cannot build, do not have g77)<br />
<br />
<pre><br />
cd ~/packages<br />
git clone https://bitbucket.org/ttriumfdaq/physica.git<br />
</pre><br />
<br />
install 32-bit libraries using ubuntu package manager:<br />
<br />
<pre><br />
apt install lib32z1 # libz.so<br />
</pre><br />
<br />
copy 32-bit SL6 shared libraries to /lib32<br />
<br />
<pre><br />
root@trinatdaq:~# cp /daq/daqstore/olchansk/daq/physica-SL6/libX11.so.6 /lib32/<br />
root@trinatdaq:~# cp /daq/daqstore/olchansk/daq/physica-SL6/libgd.so.2 /lib32/<br />
root@trinatdaq:~# cp /daq/daqstore/olchansk/daq/physica-SL6/libpng12.so.0 /lib32/<br />
root@trinatdaq:~# cp /daq/daqstore/olchansk/daq/physica-SL6/libreadline.so.6 /lib32/<br />
root@trinatdaq:~# cp /daq/daqstore/olchansk/daq/physica-SL6/libncurses.so.5 /lib32/<br />
root@trinatdaq:~# cp /daq/daqstore/olchansk/daq/physica-SL6/libg2c.so.0 /lib32/<br />
root@trinatdaq:~# cp /daq/daqstore/olchansk/daq/physica-SL6/libxcb.so.1 /lib32/<br />
root@trinatdaq:~# cp /daq/daqstore/olchansk/daq/physica-SL6/libXpm.so.4 /lib32/<br />
root@trinatdaq:~# cp /daq/daqstore/olchansk/daq/physica-SL6/libjpeg.so.62 /lib32/<br />
root@trinatdaq:~# cp /daq/daqstore/olchansk/daq/physica-SL6/libfontconfig.so.1 /lib32/<br />
root@trinatdaq:~# cp /daq/daqstore/olchansk/daq/physica-SL6/libfreetype.so.6 /lib32/<br />
root@trinatdaq:~# cp /daq/daqstore/olchansk/daq/physica-SL6/libtinfo.so.5 /lib32/<br />
root@trinatdaq:~# cp /daq/daqstore/olchansk/daq/physica-SL6/libXau.so.6 /lib32/<br />
root@trinatdaq:~# cp /daq/daqstore/olchansk/daq/physica-SL6/libexpat.so.1 /lib32/<br />
</pre><br />
<br />
ldd should report:<br />
<br />
<pre><br />
trinatdaq:trinat> ldd /usr/local/physica/physica.exe<br />
linux-gate.so.1 (0xf7fa2000)<br />
libX11.so.6 => /lib32/libX11.so.6 (0xf7e43000)<br />
libgd.so.2 => /lib32/libgd.so.2 (0xf7dfe000)<br />
libpng12.so.0 => /lib32/libpng12.so.0 (0xf7dd6000)<br />
libz.so.1 => /lib32/libz.so.1 (0xf7db8000)<br />
libreadline.so.6 => /lib32/libreadline.so.6 (0xf7d7e000)<br />
libncurses.so.5 => /lib32/libncurses.so.5 (0xf7d5b000)<br />
libg2c.so.0 => /lib32/libg2c.so.0 (0xf7d3d000)<br />
libm.so.6 => /lib32/libm.so.6 (0xf7c39000)<br />
libgcc_s.so.1 => /lib32/libgcc_s.so.1 (0xf7c1a000)<br />
libc.so.6 => /lib32/libc.so.6 (0xf7a2f000)<br />
libxcb.so.1 => /lib32/libxcb.so.1 (0xf7a05000)<br />
libdl.so.2 => /lib32/libdl.so.2 (0xf79ff000)<br />
libXpm.so.4 => /lib32/libXpm.so.4 (0xf79ee000)<br />
libjpeg.so.62 => /lib32/libjpeg.so.62 (0xf7997000)<br />
libfontconfig.so.1 => /lib32/libfontconfig.so.1 (0xf7962000)<br />
libfreetype.so.6 => /lib32/libfreetype.so.6 (0xf78c9000)<br />
libtinfo.so.5 => /lib32/libtinfo.so.5 (0xf78b0000)<br />
/lib/ld-linux.so.2 (0xf7fa4000)<br />
libXau.so.6 => /lib32/libXau.so.6 (0xf78ad000)<br />
libexpat.so.1 => /lib32/libexpat.so.1 (0xf7885000)<br />
trinatdaq:trinat> <br />
</pre><br />
<br />
set login environment:<br />
<br />
<pre><br />
setenv TRIUMF_FONTS $HOME/packages/physica/fonts<br />
setenv PHYSICA_DIR $HOME/packages/physica<br />
alias physica $PHYSICA_DIR/physica-SL6-32<br />
</pre><br />
<br />
test:<br />
<br />
<pre><br />
cd ~/packages/physica<br />
physica<br />
@rangauss.pcm<br />
</pre><br />
<br />
== install wine ==<br />
<br />
As far as I know, only needed for BNMR/BNQR<br />
<br />
<pre><br />
apt install wine winetricks<br />
</pre><br />
<br />
== install lightdm ==<br />
<br />
unlike the default gdm login manager, lightdm shows the machine hostname and does not require an extra mouse click to swicth from screen saver to login mode.<br />
<br />
<pre><br />
apt -y install lightdm<br />
# select lightdm<br />
</pre><br />
<br />
== install desktop environments ==<br />
<br />
note: default display manager and default desktop are deficient, please do not skip this step.<br />
<br />
note: if apt asks to choose the display manager, select "lightdm"<br />
<br />
note: KO - I recommend the "MATE" desktop.<br />
<br />
note: you will have to cut-and-paste this several times because "apt" eats commands, even with "-y" and even piped from "yes".<br />
<br />
<pre><br />
# install MATE desktop<br />
apt -y install ubuntu-mate-core ubuntu-mate-desktop ubuntu-mate-themes<br />
# install Cinnamon desktop<br />
apt -y install cinnamon<br />
# install KDE desktop<br />
apt -y install kde-standard kubuntu-settings-desktop<br />
# install Lxqt desktop<br />
# apt -y install lxqt # conflict over kubuntu-desktop, kubuntu-settings-desktop and desktop-base<br />
# install Xfce4 desktop<br />
apt -y install xfce4<br />
</pre><br />
<br />
== install ROOT ==<br />
<br />
Please install ROOT per instructions at https://root.cern.ch.<br />
<br />
NOTE1: The ROOT package available from Ubuntu repositories is severely out of date and cannot be used with MIDAS and ROOTANA. ### DO NOT DO THIS! apt-get install root-system<br />
<br />
NOTE2: as of 2017-Jan-09, ROOT binary kits for Ubuntu do not work (use GCC 5 instead of GCC6), build from source instead.<br />
<br />
== Install x2go ==<br />
<br />
<pre><br />
apt-get update<br />
apt-get install x2goserver x2goserver-xsession<br />
</pre><br />
<br />
== enable root login from ladd00/daq00 ==<br />
<pre><br />
ssh localhost<br />
CTRL-C<br />
/bin/cp ~root/git/scripts/etc/authorized_keys ~root/.ssh/<br />
</pre><br />
<br />
== disable ssh access from outside of TRIUMF ==<br />
<br />
to stop ssh login spam, disable ssh access from outside of TRIUMF. this can be done by requesting a firewall block through the helpdesk or by local firewall rule:<br />
<br />
<pre><br />
echo iptables -I INPUT ! -s 142.90.0.0/255.255.0.0 -p tcp --dport 22 -j REJECT >> /etc/rc.local<br />
/etc/rc.local<br />
</pre><br />
<br />
== install smart-status ==<br />
<pre><br />
ln -s ~/git/scripts/smart-status/smart-status.perl ~root/<br />
</pre><br />
<br />
== enable boot menu and boot messages ==<br />
<br />
This will enable the grub menu (with a 10 sec timeout) and<br />
replace black screen with exciting linux boot messages.<br />
<br />
* emacs -nw /etc/default/grub<br />
<pre><br />
GRUB_DEFAULT=0<br />
#GRUB_TIMEOUT_STYLE=hidden<br />
GRUB_TIMEOUT=10<br />
GRUB_DISTRIBUTOR=`lsb_release -i -s 2> /dev/null || echo Debian`<br />
#GRUB_CMDLINE_LINUX_DEFAULT="vga=769 video=640x480"<br />
GRUB_CMDLINE_LINUX_DEFAULT=""<br />
GRUB_CMDLINE_LINUX=""<br />
#GRUB_GFXMODE=640x480<br />
</pre><br />
* update grub config:<br />
<pre><br />
grub-mkconfig -o /boot/grub/grub.cfg<br />
</pre><br />
<br />
= Enable automatic updates =<br />
<br />
<pre><br />
apt install unattended-upgrades<br />
cd ~/git/scripts<br />
git pull<br />
/bin/cp -v etc/99apt-conf-ko /etc/apt/apt.conf.d/<br />
apt-config dump | grep Unattended<br />
</pre><br />
<br />
Following is obsolete:<br />
<br />
* emacs -nw /etc/apt/apt.conf.d/50unattended-upgrades<br />
** uncomment in Allowed-Origins "-security" and "-updates"<br />
** add in Allowed-Origins: "Google LLC:stable";<br />
** uncomment/add: "Unattended-Upgrade::Mail "root";<br />
* emacs -nw /etc/apt/apt.conf.d/10periodic<br />
<pre><br />
APT::Periodic::Update-Package-Lists "1";<br />
APT::Periodic::Download-Upgradeable-Packages "1";<br />
APT::Periodic::AutocleanInterval "7";<br />
APT::Periodic::Unattended-Upgrade "1";<br />
</pre><br />
* test: unattended-upgrade --dry-run -v<br />
<br />
NOTE: update-on-shutdown is disabled.<br />
<br />
NOTE: there is no update-on-boot, but:<br />
<br />
NOTE: if machine was off for a long time, the systemd update timer would have expired and it will fire soon after reboot, causing an automatic update run. this is unwanted, and there is no fix or workaround for it. K.O. June-2023.<br />
<br />
= Fix bpool is full (obsolete) =<br />
<br />
THIS IS CAUSED BY OBSOLETE PACKAGE zsys. PLEASE: apt remove zsys<br />
<br />
= IPMI instructions =<br />
<br />
IPMI is the board management hardware on Supermicro and other server motherboards. This includes hardware sensors - fan rotation speed, temperatures and power supply voltages.<br />
<br />
<pre><br />
apt-get install ipmitool<br />
systemctl enable ipmievd<br />
systemctl restart ipmievd<br />
</pre><br />
<br />
Run:<br />
* ipmitool sel list ### event list<br />
* ipmitool sel elist ### event list<br />
* ipmitool sel clear ### clear event list (if it becomes full)<br />
* ipmitool sensor ### report hardware sensors<br />
<br />
= move /home/wheel (U-24) =<br />
<br />
Ubuntu LTS 24 installed on ZFS has rpool/USERDATA/home_xxx mounted on /home,<br />
has to be moved or autofs /home will not work.<br />
<br />
<pre><br />
zfs list | grep USERDATA | grep home | cut -f1 -d" "<br />
zfs set -u mountpoint=/home1 `zfs list | grep USERDATA | grep home | cut -f1 -d" "`<br />
</pre><br />
<br />
= move /home/wheel =<br />
<br />
note: this MUST be done if ZFS root and NIS/autofs with /home.<br />
<br />
Default location of wheel's home directory will collide with autofs /home, it has to be moved,<br />
for example to /wheel.<br />
<br />
<pre><br />
# logout from the wheel user<br />
# go to another computer<br />
ssh root@daqubuntuxxx<br />
zfs list | grep wheel ### identify zfs name wheel_xxxxxx<br />
#zfs set mountpoint=/wheel rpool/USERDATA/wheel_hm8fzh<br />
zfs set mountpoint=/wheel `zfs list | grep wheel | cut -f1 -d" "`<br />
zfs list | grep wheel<br />
emacs -nw /etc/passwd ### change wheel's home directory from /home/wheel to /wheel<br />
su - wheel ### check that user wheel still works<br />
</pre><br />
<br />
This will break wheel's ability to run snap programs, such as firefox, install chrome as listed below.<br />
<br />
= enable NIS (ubuntu 22.04, 24.04, debian 11, 12) =<br />
<br />
<pre><br />
apt -y install rpcbind nis<br />
echo DAQ-NIS >> /etc/defaultdomain<br />
echo ypserver daq00.triumf.ca >> /etc/yp.conf<br />
systemctl enable ypbind.service<br />
systemctl restart ypbind.service<br />
systemctl status ypbind.service<br />
ypwhich -m<br />
</pre><br />
<br />
enable ypserv:<br />
<br />
<pre><br />
sed -i s/NISSERVER=false/NISSERVER=slave/ /etc/default/nis<br />
/usr/lib/yp/ypinit -s daq00<br />
echo ypserver localhost >> /etc/yp.conf<br />
sed -i "s/ypserver .*/ypserver localhost/" /etc/yp.conf<br />
systemctl enable ypserv<br />
systemctl restart ypserv<br />
systemctl restart ypbind<br />
</pre><br />
<br />
edit /etc/nsswitch.conf to read:<br />
<br />
<pre><br />
# begin get data from nis<br />
passwd: files nis<br />
group: files nis<br />
shadow: files nis<br />
automount: files nis<br />
netgroup: files nis<br />
# end get data from nis<br />
<br />
#passwd: ...<br />
#group: ...<br />
#shadow: ...<br />
<br />
#netgroup: ...<br />
#automount: ...<br />
</pre><br />
<br />
enable hourly update of nis maps:<br />
<br />
<pre><br />
mkdir ~root/git<br />
cd ~root/git<br />
git clone https://daq00.triumf.ca/~olchansk/git/scripts.git<br />
cd ~/git/scripts/etc<br />
git pull<br />
ln -s $PWD/ypxfr-cron-hourly /etc/cron.hourly<br />
</pre><br />
<br />
If this is a new machine, then on the master NIS node (daq00), add this new node to /etc/netgroup, and update NIS maps (cd /var/yp; make)<br />
<br />
= enable NIS (ubuntu 20.04) =<br />
<br />
* apt-get -y install portmap nis ### will ask for NIS domain (DAQ-NIS)<br />
* dpkg-reconfigure nis ### reconfigure if already installed<br />
* ypwhich -m<br />
* edit /etc/default/nis<br />
** set "NISSERVER=slave"<br />
** Ubuntu LTS 20.04, check that "YPBINDARGS=" is blank, remove "-no-dbus" if it is there<br />
* #edit /etc/yp.conf, comment-out everything, add "domain DAQ-NIS server localhost"<br />
* edit /etc/yp.conf, comment-out everything, add "ypserver localhost"<br />
* /usr/lib/yp/ypinit -s daq00<br />
* systemctl enable nis<br />
* systemctl restart nis<br />
* ypwhich<br />
* ypwhich -m<br />
* ypcat -k passwd<br />
* vi /etc/nsswitch.conf ### add the automount line, modify the passwd, group and shadow lines to read this:<br />
<pre><br />
# begin get data from nis<br />
passwd: files nis<br />
group: files nis<br />
shadow: files nis<br />
automount: files nis<br />
netgroup: files nis<br />
# end get data from nis<br />
</pre><br />
* enable hourly update of NIS maps<br />
<pre><br />
mkdir ~root/git<br />
cd ~root/git<br />
git clone https://daq00.triumf.ca/~olchansk/git/scripts.git<br />
cd ~/git/scripts/etc<br />
git pull<br />
ln -s $PWD/ypxfr-cron-hourly /etc/cron.hourly<br />
</pre><br />
* ### NOT NEEDED sudo vi /etc/idmapd.conf ### add line: "Domain = triumf.ca"<br />
<br />
= enable autofs =<br />
<br />
<pre><br />
apt -y install autofs<br />
systemctl enable autofs<br />
systemctl restart autofs<br />
ls -l /home/olchansk ### test autofs, check file owner is correct<br />
</pre><br />
<br />
= enable NFS server =<br />
<br />
<pre><br />
apt install nfs-kernel-server<br />
#edit /etc/exports<br />
systemctl enable nfs-server<br />
systemctl restart nfs-server<br />
</pre><br />
<br />
= NIS master =<br />
<br />
notes for setting up the NIS master<br />
<br />
== wheel user ==<br />
<br />
"wheel" is the default administrative user. We do not want it's password exported to NIS (encrypted password hash is world visible) and we do not want it's home directory exported to NFS (~wheel/.ssh is world visible and potentially writable: anybody can change ~wheel/.ssh/authorized_keys).<br />
<br />
* move wheel's home directory from /home/wheel to /wheel (see special section about this)<br />
* change wheel's UID and GID from 1000 to a value below MINUID in /var/yp/Makefile<br />
<br />
== coherent uids ==<br />
<br />
we do not want system accounts defined in /etc/passwd of the NIS master<br />
to be included in the NIS map "passwd". this causes trouble on NIS clients<br />
where newly installed packages fail to create local system users because same<br />
user already exists in NIS.<br />
<br />
This is controlled by MINUID in /var/yp/Makefile.<br />
<br />
Historical TRIUMF uids start from around 200, but several clusters do not have any historic TRIUMF uids below 500 and MINUID is set to:<br />
* DAQ-NIS: MINUID=200<br />
* ISAC-NIS: MINUID=500<br />
* TITAN-NIS: MINUID=500<br />
* MUSR-NIS: MINUID=500<br />
* TIG-NIS: MINUID=500 (100 on SL6 mother8pi)<br />
<br />
Ubuntu 20 has two programs to create users:<br />
* adduser - creates new users with UID 1000 and up as specified in /etc/adduser.conf. No problems here.<br />
* adduser --system - creates new system users with UID 100 and up as specified in /etc/adduser.conf. No problems here.<br />
* useradd - creates new users with UID 1000 and up as specified in /etc/login.defs. No problems here.<br />
* useradd --system - creates new system users with UID 999 and down (read "man useradd", section at the end about SYS_UID_MAX). This collides with NIS MINUID, these system users will be included in the NIS map and cause trouble.<br />
<br />
This problem cannot be fixed, SYS_UID_MIN, SYS_UID_MAX and UID_MIN in /etc/login.defs do not seem<br />
to have any effect on UIDs chosen by "useradd --system". (tested on Ubuntu LTS 20.04).<br />
<br />
So far only these system accounts seem to be affected by this:<br />
* systemd-coredump<br />
* ganglia<br />
<br />
To fix:<br />
* run "sort -r -n -t: -k3 /etc/passwd" to identify the last unused system user uid (range 100..200)<br />
* run "sort -r -n -t: -k3 /etc/group" to identify the last unused system user gid (range 100.200)<br />
* systemd-coredump: manually change UID and GID (package systemd-coredump is usually not installed)<br />
* ganglia: same thing, then change ownership on all ganglia files.<br />
<br />
Also read systemd author's opinion on system vs user UIDs:<br />
https://github.com/systemd/systemd/issues/4850#issuecomment-265698275<br />
<br />
= Fix systemd-logind NIS breakage =<br />
<br />
!!! THIS IS NOT NEEDED FOR UBUNTU LTS 20.04 !!!<br />
<br />
there is a delay in ssh logins for normal users. "ssh -v" shows the delay is after "pledge...". this<br />
fix removes the delay.<br />
<br />
systemd developers think that we should not use NIS and made sure there are<br />
problems if we do. To give them credit, they do offer a workaround. Read this:<br />
https://github.com/poettering/systemd/commit/695fe4078f0df6564a1be1c4a6a9e8a640d23b67<br />
<br />
<pre><br />
mkdir /etc/systemd/system/systemd-logind.service.d<br />
echo -e "[Service]\nIPAddressDeny=\n" > /etc/systemd/system/systemd-logind.service.d/local.conf<br />
systemctl daemon-reload<br />
systemctl cat systemd-logind.service<br />
</pre><br />
<br />
= Fix systemd-udevd NIS breakage =<br />
<br />
see same problem as above with udev getting stuck. ubuntu lts 20.04.<br />
<br />
<pre><br />
mkdir /etc/systemd/system/systemd-udevd.service.d<br />
echo -e "[Service]\nIPAddressDeny=\n" > /etc/systemd/system/systemd-udevd.service.d/local.conf<br />
systemctl daemon-reload<br />
systemctl cat systemd-udevd.service<br />
</pre><br />
<br />
= Configure USB device permissions =<br />
<br />
Configure USB device permissions for user access to USB-serial devices, Altera USB Blaster, etc.<br />
<br />
* create file /etc/udev/rules.d/99-usb-chmod.rules with this contents:<br />
<br />
<pre><br />
emacs -nw /etc/udev/rules.d/99-usb-chmod.rules<br />
ACTION=="add", SUBSYSTEM=="usbmisc", RUN+="/bin/chmod a+wr $env{DEVNAME}" <br />
ACTION=="add", SUBSYSTEM=="usb_device", RUN+="/bin/chmod a+wr /dev/%c"<br />
ACTION=="add", SUBSYSTEM=="usb_device", RUN+="/bin/chmod a+wr /proc/%c"<br />
ACTION=="add", ENV{DEVTYPE}=="usb_device", RUN+="/bin/chmod a+wr $env{DEVNAME}"<br />
ACTION=="add", ENV{DEVTYPE}=="usb_device", RUN+="/bin/chmod a+wr $env{DEVICE}"<br />
ACTION=="add", ENV{PHYSDEVBUS}=="usb-serial", RUN+="/bin/chmod a+wr $env{DEVNAME}"<br />
ACTION=="add", ENV{DEVPATH}=="/class/tty/ttyS*", RUN+="/bin/chmod a+wr $env{DEVNAME}"<br />
ACTION=="add", SUBSYSTEM=="tty", DEVPATH=="*ttyUSB*", RUN+="/bin/chmod a+rw $env{DEVNAME}"<br />
ACTION=="add", SUBSYSTEM=="tty", DEVPATH=="*ttyACM*", RUN+="/bin/chmod a+rw $env{DEVNAME}"<br />
ACTION=="add", SUBSYSTEM=="tty", DEVPATH=="*ttyS*", RUN+="/bin/chmod a+rw $env{DEVNAME}"<br />
ACTION=="add", DEVPATH=="*video*", RUN+="/bin/chmod a+rw $env{DEVNAME}"<br />
</pre><br />
<br />
* reload udev rules: udevadm control --reload-rules<br />
* apply new permissions: udevadm trigger --action=add<br />
* watch udev activity: udevadm monitor -p<br />
<br />
= Configure lightdm display manager =<br />
<br />
* enable it<br />
<pre><br />
echo lightdm | dpkg-reconfigure -fteletype lightdm<br />
systemctl disable gdm<br />
systemctl disable sddm<br />
systemctl enable lightdm<br />
</pre><br />
<br />
* make the MATE desktop as default<br />
<pre><br />
cd ~root/git/scripts/<br />
git pull<br />
/bin/cp -v etc/lightdm_default_mate.conf /etc/lightdm/lightdm.conf.d/<br />
</pre><br />
<br />
* enable login by NIS users<br />
<pre><br />
/bin/cp -v etc/lightdm_enable_nis_login.conf /etc/lightdm/lightdm.conf.d/<br />
</pre><br />
<br />
* restart lightdm<br />
<pre><br />
systemctl stop gdm<br />
systemctl restart lightdm<br />
</pre><br />
<br />
= Install libpng12.so.0 =<br />
<br />
Quartus 16 needs libpng12:<br />
<br />
<pre><br />
wget http://mirrors.kernel.org/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.54-1ubuntu1_amd64.deb<br />
dpkg --install libpng12-0_1.2.54-1ubuntu1_amd64.deb<br />
</pre><br />
<br />
= Install google-chrome =<br />
<br />
<pre><br />
wget https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb<br />
dpkg -i google-chrome-stable_current_amd64.deb<br />
</pre><br />
<br />
confirm autoupdate is enabled, observe dl.google.com is present in the list of repositories:<br />
<pre><br />
apt update<br />
...<br />
Get:5 https://dl.google.com/linux/chrome/deb stable/main amd64 Packages [1,094 B]<br />
...<br />
</pre><br />
<br />
FOLLOWING IS OBSOLETE:<br />
<br />
Instructions from here:<br />
https://www.ubuntuupdates.org/ppa/google_chrome?dist=stable<br />
<br />
<pre><br />
wget -q -O - https://dl-ssl.google.com/linux/linux_signing_key.pub | apt-key add -<br />
sh -c 'echo "deb [arch=amd64] http://dl.google.com/linux/chrome/deb/ stable main" >> /etc/apt/sources.list.d/google-tmp.list'<br />
apt update<br />
apt install google-chrome-stable<br />
/bin/rm -f /etc/apt/sources.list.d/google-tmp.list<br />
</pre><br />
<br />
= Install amanda client =<br />
<br />
ONLY ON MACHINES THAT HOST HOME DIRECTORIES<br />
<br />
* apt install amanda-client<br />
* edit /etc/amandahosts<br />
<pre><br />
amanda.triumf.ca amanda amdump<br />
</pre><br />
* check permissions on /etc/amandahosts:<br />
<pre><br />
root@daq00:/var/log/amanda# ls -l /etc/amandahosts<br />
-rw------- 1 backup backup 49 Jan 27 10:48 /etc/amandahosts<br />
</pre><br />
* fix if needed: chown backup.backup /etc/amandahosts; chmod a= /etc/amandahosts; chmod u=wr /etc/amandahosts<br />
* edit /etc/amanda-security.conf, add this line:<br />
<pre><br />
runtar:gnutar_path=/usr/bin/tar<br />
</pre><br />
<br />
On the amanda machine:<br />
<br />
* in amanda disklist, use dump type "bsdtcp-comp-user-tar"<br />
* su - amanda and run amcheck -c daily daq00<br />
<pre><br />
-bash-4.1$ amcheck -c daily daq00<br />
<br />
Amanda Backup Client Hosts Check<br />
--------------------------------<br />
Client check: 1 host checked in 0.092 seconds. 0 problems found.<br />
<br />
(brought to you by Amanda 3.3.7p1.git.685ff76d)<br />
</pre><br />
<br />
= Enable rc.local =<br />
<br />
For reasons unknown, Ubuntu LTS 20.04 does not enable /etc/rc.local. Do this:<br />
<br />
<pre><br />
cd ~/git/scripts<br />
git pull<br />
cp -n -v etc/rc.local /etc/<br />
chmod a+rx /etc/rc.local<br />
cp etc/rc-local.service /etc/systemd/system/<br />
systemctl daemon-reload<br />
systemctl enable rc-local<br />
systemctl start rc-local<br />
systemctl status rc-local<br />
</pre><br />
<br />
= Remove unwanted packages =<br />
<br />
<pre><br />
apt purge bash-completion # broken, adds unwanted "\" if "ls -l $ROOTSYS/<tab>"<br />
apt purge zsys # broken, do not use<br />
apt purge sddm # login manager<br />
apt purge avahi-daemon avahi-autoipd # not sure what it does, observed using 100% CPU<br />
apt purge modemmanager # probes all serial ports to see if it's a modem<br />
</pre><br />
<br />
= Disable unwanted services =<br />
<br />
<pre><br />
systemctl disable mpd<br />
systemctl disable snapd<br />
systemctl disable ModemManager<br />
systemctl --global mask tracker-extract-3.service<br />
systemctl --global mask tracker-miner-fs-3.service<br />
systemctl daemon-reload<br />
</pre><br />
<br />
= Disable sleep and suspend =<br />
<br />
note: we see some computers randomly shutdown or go to sleep, log files indicates the "sleep" or "suspend" button was pushed by user, but no such buttons actually exist. this is the fix for this:<br />
<br />
<pre><br />
systemctl mask sleep.target suspend.target hibernate.target hybrid-sleep.target systemd-suspend.service systemd-hybrid-sleep.service<br />
</pre><br />
<br />
= Enable crontab @reboot for MIDAS =<br />
<br />
startup scripts have a bug - cron @reboot entries for normal users can run before autofs is ready, so if the home directory is on autofs/NFS, it cannot be accessed and the cron job fails. If MIDAS is supposed to be started by cron @reboot, it will not start (there *will* be an error message in /var/log/cron).<br />
<br />
<pre><br />
mkdir /etc/systemd/system/cron.service.d<br />
echo -e "[Unit]\nAfter=ypbind.service autofs.service\n" > /etc/systemd/system/cron.service.d/local.conf<br />
systemctl daemon-reload<br />
systemctl cat cron.service<br />
</pre><br />
<br />
Explore the systemd dependency tree using "systemctl list-dependencies" maybe with "--all".<br />
<br />
Visualize the exact boot sequence from previous boot: "systemd-analyze plot > xxx.svg", look at the svg file using a web browser.<br />
<br />
Crontab entry to start midas: (install in the midas user crontab, not root crontab)<br />
<br />
<pre><br />
su - midasuser<br />
crontab -l<br />
#@reboot /bin/bash -l -c "/home/trinat/bin/start-daq-applications"<br />
#@reboot /bin/tcsh -c "/home/trinat/bin/start-daq-applications"<br />
</pre><br />
<br />
= Install apache httpd proxy for midas and elog =<br />
<br />
This will configure the HTTPS/SSL certificate using "certbot" and "letsencrypt" and configure an HTTPS web server using apache2.<br />
<br />
First, configure apache2:<br />
<br />
* execute these commands:<br />
<pre><br />
apt -y install apache2<br />
cd /etc/apache2<br />
</pre><br />
* create new file conf-available/ssl-daq14.conf # use actual hostname instead of daq14<br />
<pre><br />
SSLSessionCache shmcb:/run/httpd/sslcache(512000)<br />
SSLSessionCacheTimeout 300<br />
SSLRandomSeed startup file:/dev/urandom 256<br />
SSLRandomSeed connect builtin<br />
SSLCryptoDevice builtin<br />
</pre><br />
* create new file sites-available/daq14-ssl.conf # use actual hostname instead of daq14<br />
<pre><br />
<IfModule mod_ssl.c><br />
<VirtualHost *:443><br />
ServerName daq14.triumf.ca<br />
DocumentRoot /var/www/html<br />
ErrorLog /var/log/apache2/daq14.log<br />
SSLEngine on<br />
# note SSLProtocol, SSLCipherSuite and some other settings are overwritten by /etc/letsencrypt/options-ssl-apache.conf<br />
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1<br />
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!SEED:!IDEA:!RC4<br />
## use port specified in elogd.cfg<br />
#ProxyPass /elog/ http://localhost:8082/ retry=1 <br />
## use mhttpd port<br />
#ProxyPass / http://localhost:8080/ retry=1 <br />
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"<br />
<Location /><br />
SSLRequireSSL<br />
AuthType Basic<br />
AuthName "DAQ password protected site"<br />
Require valid-user<br />
# create password file: touch /etc/apache2/htpasswd<br />
# to add new user or change password: htpasswd /etc/apache2/htpasswd username<br />
AuthUserFile /etc/apache2/htpasswd<br />
</Location><br />
</VirtualHost><br />
</IfModule><br />
</pre><br />
* stop apache2 from listening on port 80: edit /etc/apache2/ports.conf, comment-out the line "Listen 80"<br />
* stop apache2 from listening on port 80: edit /etc/apache2/ports.conf, comment-out the line "Listen 80"<br />
* enable ssl module<br />
* enable new configurations<br />
<pre><br />
a2enmod ssl<br />
a2enmod headers<br />
a2enmod proxy<br />
a2enmod proxy_http<br />
a2enconf ssl-daq14<br />
a2ensite daq14-ssl<br />
</pre><br />
* disable default ssl sites<br />
<pre><br />
a2dissite 000-default-le-ssl<br />
a2dissite 000-default<br />
ls -l /etc/apache2/sites-enabled/ ### should show only daq14-ssl.conf<br />
</pre><br />
* check that there are no syntax problems<br />
<pre><br />
apache2ctl configtest<br />
</pre><br />
* enable and start apache2:<br />
<pre><br />
systemctl enable apache2<br />
systemctl restart apache2<br />
systemctl status apache2<br />
</pre><br />
* apache2 may fail to start, look in /var/log/apache2/error.log and /var/log/apache2/daq14.log<br />
* if it says "Failed to configure ... certificate", proceed to the step for setting certbot.<br />
* try to access https://daq14.triumf.ca<br />
** you should see a complaint about self-signed certificate<br />
** you should see a request for password (do not login yet)<br />
** if you get "connection refused", HTTPS port 443 may need to be enabled in the local firewall, look at documentation for ufw.<br />
Second, configure certbot:<br />
<br />
(Note: as of 2018-01-18 certbot requires use of http port 80 to get the initial https certificate,<br />
renewal can continue to use the https port 443)<br />
<br />
(Note: as of 2019-01-?? certbot requires use of port 80 for renewals)<br />
<br />
(Note: unsurprisingly, this requires outside access to connect with letsencrypt, so won't work if PC is only accessible from on-site network)<br />
<br />
* check that port 80 is not used by anything:<br />
* netstat -an | grep LISTEN | grep ^tcp | grep 80<br />
* lsof -P | grep -i tcp | grep LISTEN | grep 80<br />
* if lsof reports that apache2 is listening on port 80, follow the apache2 instructions above (remove "listen 80" from apache2.conf<br />
<br />
* install certbot (if necessary open tcp port 80 in the firewall, see documentation for ufw):<br />
<pre><br />
apt install certbot python3-certbot-apache<br />
certbot certonly --standalone --installer apache<br />
</pre><br />
* then answer questions:<br />
* "activate HTTPS for daq14.triumf.ca" - say ok<br />
* "enter email address" - enter your own email address<br />
* "please read terms..." - read the terms and say "agree"<br />
* it will take a few moments...<br />
* "congratulations..." - say ok.<br />
<pre><br />
certbot install --apache --cert-name daq14.triumf.ca<br />
</pre><br />
* then answer questions:<br />
* "choose redirect..." - say "1" (no redirect)<br />
* look inside /etc/apache2/sites-enabled/daq14-ssl.conf to see that SSLCertificateFile & co point to certbot certificates in<br />
/etc/letsencrypt/live/daq14.triumf.ca/<br />
* to check current renewal and to update the certbot config file in /etc/letsencrypt/renewal, run this:<br />
<pre><br />
certbot renew --standalone --installer apache --force-renewal<br />
</pre><br />
<br />
NOTE: this certificate will expire in 3 months, automatic renewal should work with current version of certbot<br />
<br />
Third, activate password protection:<br />
<br />
* as shown in the config file above, create password file and initial user: (replace "midas" with specific username)<br />
<pre><br />
touch /etc/apache2/htpasswd<br />
htpasswd /etc/apache2/htpasswd midas<br />
</pre><br />
<br />
* restart apache2<br />
<pre><br />
systemctl restart apache2<br />
systemctl status apache2<br />
</pre><br />
<br />
From here:<br />
* enable proxy for MIDAS mhttpd - uncomment redirect in the config file above<br />
* enable proxy for ELOG - ditto<br />
<pre><br />
a2enmod proxy<br />
a2enmod proxy_http<br />
apache2ctl configtest<br />
systemctl restart apache2<br />
</pre><br />
<br />
* try accessing MIDAS https://daq14.triumf.ca/ (make sure mhttpd is running)<br />
* if it's not working, check odb setting FIXME!<br />
* try accessing ELog https://daq14.triumf.ca/elog/ (make sure elogd is running)<br />
* if it's not working, check elogd.cfg file and make sure<br />
<pre><br />
SSL = 0<br />
</pre><br />
<br />
NOTE: if certbot fails with errors about 'module' object has no attribute 'pyopenssl',<br />
try this: pip install requests==2.6.0<br />
<br />
== generate self-signed certificate ==<br />
<br />
<pre><br />
root@alphacpc05:~# openssl req -nodes -new -x509 -keyout server.key -out server.cert -days 1001<br />
...+....+..+..........+.....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*....+..+...+.........+......+.+...+...+.....+...............+.........+...+.+......+...+...........+....+...+..+......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*....+......+.+...+..+.......+..+...+.......+......+...+..+...+......+....+...............+..+...+....+...........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++<br />
......+......+.+..+......+.+......+.....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+.....+......+.+.........+......+.....+.+..+...+.......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.......+....+......+.....+...+...+.......+..+.+........+.+...+......+..+..........+..+.+...........+...+.......+......+.....+.......+...+.........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++<br />
-----<br />
You are about to be asked to enter information that will be incorporated<br />
into your certificate request.<br />
What you are about to enter is what is called a Distinguished Name or a DN.<br />
There are quite a few fields but you can leave some blank<br />
For some fields there will be a default value,<br />
If you enter '.', the field will be left blank.<br />
-----<br />
Country Name (2 letter code) [AU]:CH<br />
State or Province Name (full name) [Some-State]:Geneve<br />
Locality Name (eg, city) []:CERN<br />
Organization Name (eg, company) [Internet Widgits Pty Ltd]:CERN<br />
Organizational Unit Name (eg, section) []:ALPHA experiment <br />
Common Name (e.g. server FQDN or YOUR name) []:alphacpc05.cern.ch<br />
Email Address []:<br />
root@alphacpc05:~# <br />
root@alphacpc05:~# <br />
root@alphacpc05:~# ls -l<br />
-rw-r--r-- 1 root root 1375 juil. 10 21:43 server.cert<br />
-rw------- 1 root root 1708 juil. 10 21:42 server.key<br />
root@alphacpc05:~# systemctl restart apache2<br />
</pre><br />
<br />
= Enable elog PDF preview =<br />
<br />
NOTE: looks like U-24 already has this correctly.<br />
<br />
see https://stackoverflow.com/questions/52998331/imagemagick-security-policy-pdf-blocking-conversion<br />
<br />
* xemacs -nw /etc/ImageMagick-6/policy.xml<br />
* remove this section at the end:<br />
<pre><br />
<!-- disable ghostscript format types --><br />
<policy domain="coder" rights="none" pattern="PS" /><br />
<policy domain="coder" rights="none" pattern="PS2" /><br />
<policy domain="coder" rights="none" pattern="PS3" /><br />
<policy domain="coder" rights="none" pattern="EPS" /><br />
<policy domain="coder" rights="none" pattern="PDF" /><br />
<policy domain="coder" rights="none" pattern="XPS" /><br />
</pre><br />
<br />
= Install Jupyter notebook =<br />
<br />
<pre><br />
From https://jupyter.org/install<br />
apt install python3-pip<br />
pip install jupyterlab<br />
pip install notebook<br />
~/.local/bin/jupyter notebook<br />
watch the http://localhost:8888 URL that it printed<br />
say "no" to offer to start firefox (it will not work!)<br />
URL is: http://localhost:8888/tree?token=xxx<br />
from the machine where you are running the web browser (i.e. google-chrome), run (replace trinat@trinatdaq with the username and machine name where you started jupyter)<br />
open a new shell and run: ssh -v trinat@trinatdaq -L 8888:localhost:8888<br />
in the web browser, open http://localhost:8888<br />
this gives us the login page<br />
in the password or token entry field, put the token from the "tree?token=xxx" above (printed by jupyter on startup)<br />
push button "login"<br />
jupyter page should open with the list of files in the trinat home directory<br />
congratulate Brian with full success<br />
</pre><br />
<br />
= Install ZFS quota report =<br />
<br />
If there are any ZFS volumes, install script to report disk and quota usage<br />
<br />
<pre><br />
cd ~/git/scripts/quotareport<br />
git pull<br />
mkdir /var/www/html/zfsquotareport<br />
cp -pv ~/git/scripts/quotareport/sorttable.js /var/www/html/zfsquotareport/<br />
ln -s $PWD/zfsquotareport.perl /etc/cron.daily/<br />
touch /etc/crontab<br />
</pre><br />
<br />
If httpd is configured to redirect "/" to MIDAS mhttpd:<br />
* add following to /etc/apache2/sites-enabled/xxx-ssl.conf in front of "ProxyPass / ..."<br />
* run "systemctl reload apache2"<br />
<pre><br />
## do not proxy zfs quota report directory <br />
ProxyPass /zfsquotareport/ ! <br />
</pre><br />
<br />
= Install PHP =<br />
<br />
* apt install php libapache2-mod-php<br />
* systemctl restart apache2<br />
* create /var/www/html/info.php<br />
<pre><br />
<?php <br />
<br />
phpinfo(); <br />
</pre><br />
* open https://daq00.triumf.ca/info.php<br />
<br />
= Configure TRIUMF printers =<br />
<br />
<pre><br />
systemctl stop cups<br />
systemctl stop cups-browsed.service<br />
systemctl disable cups<br />
systemctl disable cups-browsed.service<br />
systemctl stop snap.cups.cupsd.service<br />
systemctl stop snap.cups.cups-browsed.service<br />
systemctl disable snap.cups.cupsd.service<br />
systemctl disable snap.cups.cups-browsed.service<br />
echo "ServerName printers.triumf.ca" > /etc/cups/client.conf<br />
lpstat -a<br />
</pre><br />
<br />
= Enable core dumps =<br />
<br />
By default, Ubuntu LTS 20.04 installs the apport package<br />
which disabled core dumps from user applications. (google it up!).<br />
It is not meant to do this and documentation claims that<br />
it is not installed and not enabled by default. Oh, well...<br />
<br />
<pre><br />
apt remove apport<br />
apt autoremove ### will remove apport-symptoms and a few other packages<br />
</pre><br />
<br />
After this, core dumps are written to file "core" in the current directory.<br />
See /proc/sys/kernel/core_pattern and /proc/sys/kernel/core_uses_pid.<br />
<br />
Enable core dump file names to include process id, add following to /etc/rc.local<br />
<br />
<pre><br />
echo "echo 1 > /proc/sys/kernel/core_uses_pid" >> /etc/rc.local<br />
</pre><br />
<br />
= Enable debugger =<br />
<br />
By default, Ubuntu LTS 20.04 does not permit debugger to attach and debug<br />
already running programs. To enable it, add following to /etc/rc.local<br />
<br />
<pre><br />
echo "echo 0 > /proc/sys/kernel/yama/ptrace_scope" >> /etc/rc.local<br />
</pre><br />
<br />
= Disable Ubuntu Pro nag =<br />
<br />
best I can tell, impossible at this time.<br />
<br />
== do not do this ==<br />
<br />
!!! does nothing !!!<br />
<br />
<pre><br />
pro config set apt_news=false<br />
</pre><br />
<br />
== do not do this ==<br />
<br />
!!! breaks automatic updates because 20apt-esm-hook.conf is missing !!!<br />
<br />
If "apt upgrade" requests Ubuntu Pro or esm-apps, disable the nag:<br />
<pre><br />
/bin/rm /etc/apt/apt.conf.d/20apt-esm-hook.conf<br />
</pre><br />
<br />
== do not do this ==<br />
<br />
!!! likely same as above, breaks automatic updates !!!<br />
<br />
* comment out /etc/apt/apt.conf.d/20apt-esm-hook.conf<br />
<br />
== do not do this ==<br />
<br />
!!! removes too many packages !!!<br />
<br />
<pre><br />
apt remove ubuntu-pro-client<br />
</pre><br />
<br />
= Update packages =<br />
<br />
* apt update # update package list<br />
* apt upgrade # install updated packages and update "kept back" packages<br />
* apt autoremove # remove packages that apt thinks should be removed<br />
<br />
= Finish installation =<br />
<br />
Congratulations. There is nothing more to do!<br />
<br />
* reboot<br />
<pre><br />
shutdown -r now<br />
</pre><br />
<br />
= Update to new version of Ubuntu =<br />
<br />
* run "do-release-upgrade -c"<br />
* if it does not report new release Ubuntu 24, check /etc/update-manager/release-upgrades has "Prompt=lts"<br />
<br />
== Update Ubuntu LTS 20.04 to LTS 22.04 ==<br />
<br />
<pre><br />
apt remove zsys<br />
</pre><br />
<br />
=== daqubuntu ===<br />
<br />
<pre><br />
# reboot to clear out all updates<br />
# vi /etc/update-manager/release-upgrades # set "Prompt=normal"<br />
# do-release-upgrade -c<br />
Checking for a new Ubuntu release<br />
New release '22.04 LTS' available.<br />
Run 'do-release-upgrade' to upgrade to it.<br />
# do-release-upgrade<br />
...<br />
say yes...<br />
...<br />
login.defs, say "Y" (erase local changes, use packaged version)<br />
/etc/systemd/resolved.conf, say "Y" (same as above)<br />
firefox snap, say yes<br />
unable to reach snap store, say "skip"<br />
/etc/gmond.conf, say "Y"<br />
/var/yp/Makefile, say "install the package maintainer's version"<br />
/etc/ypserv.conf, same thing<br />
/etc/ypserv.securenets, same thing<br />
/etc/default/nis, same thing<br />
/etc/speech-dispatcher/modules/mary-generic.conf, same thing<br />
/etc/apt/apt.conf.d/50unattended-upgrades, same thing<br />
...<br />
278 packages are going to be removed, say yes<br />
...<br />
restart required, say yes<br />
...<br />
no ping... yes ping...<br />
...<br />
ssh daqubuntu, ok<br />
apt update, fail, DNS does not work, "host security.ubuntu.com" does not resolve.<br />
fix resolver per https://daq00.triumf.ca/DaqWiki/index.php/Ubuntu#Disable_NetworkManager<br />
apt update, apt upgrade now works, 0 packages to update<br />
NIS does not work.<br />
</pre><br />
<br />
=== midm9a ===<br />
<br />
<pre><br />
login.defs<br />
firefox snap<br />
gmond.conf<br />
ypserv<br />
/etc/default/nis<br />
unattended-upgrades<br />
amanda-security.conf<br />
remove obsolete (no)<br />
reboot<br />
configure dns<br />
reenable nis<br />
</pre><br />
<br />
=== daq17 ===<br />
<br />
<pre><br />
firefox snap<br />
imagemagick policy.xml<br />
gmond.conf<br />
chrony.conf<br />
/var/yp/Makefile<br />
ypserv.conf<br />
ypserv.securenets<br />
/etc/default/nis<br />
50unattended-upgrades<br />
</pre><br />
<br />
=== daq00 ===<br />
<br />
per https://serverpilot.io/docs/how-to-upgrade-ubuntu-20.04-to-22.04/<br />
<br />
<pre><br />
do-release-upgrade -f DistUpgradeViewNonInteractive<br />
</pre><br />
<br />
if it exists "too soon" without doing anything, run it without "-f xxx", most likely it does not like something about this machine. in case of daq00 it did not like how the EFI partitions were mounted. after fixing it, non-interactive upgrade was successful.<br />
<br />
=== isdaq08 ===<br />
<br />
* prepare<br />
<pre><br />
cd ~/git/scripts<br />
git pull<br />
cd ~<br />
apt -y install debsums<br />
</pre><br />
* check for modified config files that make upgrade unhappy, deal with all files reported by debsums.<br />
<pre><br />
root@isdaq08:~# debsums -ce<br />
/etc/ganglia/gmond.conf<br />
/etc/yp.conf<br />
/etc/apt/apt.conf.d/10periodic<br />
root@isdaq08:~# <br />
</pre><br />
* restore original /etc/apt/apt.conf.d/10periodic<br />
<pre><br />
APT::Periodic::Update-Package-Lists "1"; <br />
APT::Periodic::Download-Upgradeable-Packages "0"; <br />
APT::Periodic::AutocleanInterval "0"; <br />
</pre><br />
* apt remove ganglia-monitor<br />
* apt remove nis<br />
* "debsums -ce" is now empty<br />
<br />
Run the upgrade:<br />
<br />
* do-release-upgrade -f DistUpgradeViewNonInteractive<br />
<br />
Post upgrade:<br />
<br />
* configure DNS<br />
* apt -y install linux-generic-hwe-22.04<br />
* /bin/cp -v ~/git/scripts/etc/99apt-conf-ko /etc/apt/apt.conf.d/ # restore nightly updates<br />
* /bin/rm /etc/apt/apt.conf.d/20apt-esm-hook.conf # remove the ubuntu-pro nag<br />
* install missing packages<br />
* restore ganglia<br />
* restore nis<br />
* check zpool status, may need zpool upgrade<br />
* reboot<br />
<br />
== upgrade U-22 to U-24 ==<br />
<br />
generic instructions. below are notes from upgrades of specific machines.<br />
<br />
<pre><br />
apt -y remove desktop-base # causes installer crash<br />
apt -y remove thunderbird # avoid forced conversion to snap<br />
apt update<br />
apt -y upgrade<br />
apt -y autoremove<br />
do-release-upgrade -c # confirm upgrade will be to U-24<br />
do-release-upgrade<br />
# say "y" to all questions<br />
# after installation starts, accept default answers to all questions<br />
# should run for about 1 hour or so<br />
# after upgrade finishes<br />
apt update<br />
apt -y upgrade<br />
apt -y autoremove<br />
shutdown -r now<br />
</pre><br />
<br />
if installation bombs:<br />
<br />
<pre><br />
apt update<br />
apt upgrade # will tell us to run "apt --fix-broken install", do it<br />
apt --fix-broken install<br />
apt update<br />
apt upgrade # should resume the upgrade, will run for a long time<br />
apt update<br />
apt upgrade # should do nothing<br />
apt autoremove<br />
shutdown -r now<br />
</pre><br />
<br />
=== daqubuntu, U-24 ===<br />
<br />
* prepare<br />
<pre><br />
cd ~/git/scripts<br />
git pull<br />
cd ~<br />
apt -y install debsums<br />
</pre><br />
* check for modified config files that make upgrade unhappy, deal with all files reported by debsums.<br />
<pre><br />
root@daqubuntu:~# debsums -ce<br />
/etc/ganglia/gmond.conf<br />
debsums: missing file /etc/init.d/nis (from nis package)<br />
/etc/default/nis<br />
/etc/ypserv.conf<br />
/etc/ypserv.securenets<br />
/var/yp/Makefile<br />
/etc/update-manager/release-upgrades<br />
/etc/apt/apt.conf.d/10periodic<br />
/etc/yp.conf<br />
root@daqubuntu:~# <br />
* restore original /etc/apt/apt.conf.d/10periodic<br />
<pre><br />
APT::Periodic::Update-Package-Lists "1"; <br />
APT::Periodic::Download-Upgradeable-Packages "0"; <br />
APT::Periodic::AutocleanInterval "0"; <br />
</pre><br />
* apt remove ganglia-monitor<br />
* apt remove nis<br />
* apt autoremove<br />
* restore original release-upgrades: "Prompt: lts"<br />
* "debsums -ce" is now empty<br />
<br />
Check for upgrade:<br />
<br />
<pre><br />
root@daqubuntu:~# do-release-upgrade -c<br />
Checking for a new Ubuntu release<br />
There is no development version of an LTS available.<br />
To upgrade to the latest non-LTS development release <br />
set Prompt=normal in /etc/update-manager/release-upgrades.<br />
root@daqubuntu:~# <br />
</pre><br />
<br />
Run the upgrade:<br />
<br />
* do-release-upgrade -f DistUpgradeViewNonInteractive<br />
<br />
Post upgrade:<br />
<br />
* configure DNS<br />
* apt -y install linux-generic-hwe-22.04<br />
* /bin/cp -v ~/git/scripts/etc/99apt-conf-ko /etc/apt/apt.conf.d/ # restore nightly updates<br />
* /bin/rm /etc/apt/apt.conf.d/20apt-esm-hook.conf # remove the ubuntu-pro nag<br />
* install missing packages<br />
* restore ganglia<br />
* restore nis<br />
* check zpool status, may need zpool upgrade<br />
* reboot<br />
<br />
=== daq14, U-20-22-24 ===<br />
<br />
* apt update, apt upgrade<br />
* apt -y install linux-image-generic-hwe-20.04 linux-tools-virtual-hwe-20.04 ### install kernel 5.15<br />
* shutdown -r now<br />
* stuck waiting for daq14 to shutdown...<br />
* reboot into kernel 5.15<br />
* ???<br />
<pre><br />
cd ~/git/scripts<br />
git pull<br />
cd ~<br />
apt -y install debsums<br />
</pre><br />
* debsums -ce<br />
<pre><br />
/etc/apache2/ports.conf<br />
/etc/dnsmasq.conf<br />
/etc/ganglia/gmond.conf<br />
/etc/yp.conf<br />
/etc/sudoers<br />
</pre><br />
* apache2 restore original ports.conf, uncomment "Listen 80"<br />
* cp -pv /etc/dnsmasq.conf.dpkg-dist /etc/dnsmasq.conf<br />
* apt remove ganglia-monitor<br />
* edit /etc/yp.conf, remove everything after "# ypserver ypserver.network.com"<br />
* "debsums -ce" is now empty<br />
* do-release-upgrade -f DistUpgradeViewNonInteractive<br />
* runs for a long time<br />
* stuck on "/etc/default/nis", type "Y", press enter, nothing for a bit, then resumes running<br />
* finished<br />
* configure DNS<br />
* reboot<br />
* have kernel 6.8<br />
* apt update; apt upgrade<br />
* apt upgrade guile-2.2-libs ### would not auto-update, "kept back", has to be done by hand<br />
* apt autoremove<br />
* debsums -ce<br />
<pre><br />
debsums: missing file /etc/init.d/nis (from nis package)<br />
/etc/default/nis<br />
</pre><br />
* diff /etc/default/nis.dpkg-dist /etc/default/nis<br />
* cp -pv /etc/default/nis.dpkg-dist /etc/default/nis<br />
* debsums -ce<br />
<pre><br />
debsums: missing file /etc/init.d/nis (from nis package)<br />
</pre><br />
* we ignore this and run the update<br />
* do-release-upgrade -c<br />
<pre><br />
Checking for a new Ubuntu release<br />
New release '24.04.1 LTS' available.<br />
Run 'do-release-upgrade' to upgrade to it.<br />
</pre><br />
* do-release-upgrade -f DistUpgradeViewNonInteractive<br />
* bombs out without any error messages<br />
* in /var/log/dist-upgrade/main.log reports "Failed to find a replacement for xapp" and other packages<br />
* apt remove xapp usrmerge ureadahead thunderbird-gnome-support<br />
* no go, complains about even more packages.<br />
* apt list | grep installed | grep -v jammy ### show packages installed from non-ubuntu sources<br />
* remove all packages marked "install,local" ### ubuntu updater does not know where they came from and so cannot update them.<br />
* apt remove desktop-base ### not happy about this package in /var/log/dist-upgrade/apt.log<br />
* apt autoremove<br />
* do-release-upgrade -f DistUpgradeViewNonInteractive<br />
* running for a long time...<br />
<br />
=== alpha04 U-20-24 ===<br />
<br />
* apt update, apt upgrade, apt autoremove<br />
* reboot into latest kernel (already done)<br />
* debsums -ce<br />
<pre><br />
root@alpha04:~# debsums -ce<br />
/etc/dnsmasq.conf<br />
/etc/ganglia/gmond.conf<br />
/etc/default/nis<br />
/etc/yp.conf<br />
root@alpha04:~# <br />
</pre><br />
* move /etc/dnsmasq.conf to /etc/dnsmasq.d/alpha04.conf<br />
* apt remove dnsmasq<br />
* apt remove ganglia-monitor<br />
* apt remove nis<br />
* apt autoremove<br />
* debsums -ce ### is now empty<br />
* do-release-upgrade -f DistUpgradeViewNonInteractive<br />
* it runs for a long time...<br />
* complained about /etc/fwupd config files, not sure why...<br />
* finished<br />
* apt update, apt upgrade, apt autoremove<br />
* restore dnsmasq: apt install dnsmasq, systemctl status dnsmasq<br />
* restore ganglia, per instructions<br />
* restore NIS: apt -y install rpcbind nis, ypwhich, ypwhich -m<br />
* zpool upgrade rpool ### also upgrade any other zfs pools, see zpool status<br />
* remove unwanted packages, per instructions<br />
* run gonodeinfo<br />
* reboot<br />
* done<br />
<br />
== vera00 U20-22-24 ==<br />
<br />
* everything same as daq14 for U20-22<br />
* kernel is still 5.15<br />
* U22-24 is going...<br />
* stuck for a few minutes on /etc/fwupd config files<br />
* have kernel 6.8.0-49<br />
* same steps as daq14<br />
* reboot<br />
* same steps as daq14<br />
* done<br />
<br />
== phaarmonster U22-24 ==<br />
<br />
* debsums -ce<br />
<pre><br />
/etc/amandahosts<br />
/etc/apache2/ports.conf<br />
/etc/ganglia/gmond.conf<br />
</pre><br />
* do-release-upgrade -c ### reports U24.04.1<br />
* do-release-upgrade -f DistUpgradeViewNonInteractive ### bombs<br />
* apt remove desktop-base; apt autoremove<br />
* do-release-upgrade ### (interactive) runs ok<br />
* bombed !!!<br />
* apt upgrade spews errors and tells us to run "apt --fix-broken install"<br />
* apt --fix-broken install ### runs<br />
* bombs with thunderbird snap errors<br />
* again... no go<br />
* thunderbird snap complains about mounting /home, but /home is a symlink<br />
* rm /home, mkdir /home<br />
* again, runs ok<br />
* asks about /etc/fwupd/fwupd.conf - say "Y" to install updated package version<br />
* apt install completes<br />
* apt update; apt upgrade ### running for a long time...<br />
* finished<br />
* install missing packages, etc<br />
* reboot<br />
* long wait... came back<br />
* DNS does now work, systemd-resolved missing, apt install systemd-resolved, "configure DNS"<br />
* done.<br />
<br />
== isdaq10 U22-24 ==<br />
<br />
* do-release-upgrade -f DistUpgradeViewNonInteractive<br />
* bombed on desktop-base, "apt remove desktop-base; apt autoremove"<br />
* bombed with errors<br />
* running "apt --fix-broken install"<br />
* complained about thunderbird snap<br />
* complained about /etc/fwupd/fwupd.conf (say Y)<br />
* finished ok<br />
* apt update<br />
* apt upgrade ### reports "1382 upgraded, 140 newly installed, 0 to remove and 29 not upgraded"<br />
<br />
== iris01 ==<br />
<br />
* debsums -ce<br />
<pre><br />
/etc/ganglia/gmond.conf<br />
/etc/default/nis<br />
/etc/yp.conf<br />
</pre><br />
* apt remove desktop-base<br />
* apt remove thunderbird<br />
* apt autoremove<br />
* do-release-upgrade -f DistUpgradeViewNonInteractive<br />
* bombed with dpkg errors:<br />
<pre><br />
hplip wants wrong python<br />
ganglia-monitor wants wrong libapr1<br />
sssd-ad wants bunch of wrong libraries<br />
xemacs21-mule<br />
libnfsidmap1 wants libldap2<br />
adn so forth...<br />
</pre><br />
* apt --fix-broken install -y<br />
* bombs on ganglia - ganglia group absent from /etc/groups<br />
* fix group ganglia by hand, remove ganglia group from NIS on isdaq00<br />
* apt --fix-broken install<br />
* apt upgrade<br />
<br />
== iris00 ==<br />
<br />
* stuck on "autofs: restarting", login as root, kill iris midas, kill automount, systemctl restart autofs, noble got unstuck, ctrl-c systemctl restart autofs<br />
* noble running...<br />
* bombed with dpkg errors<br />
* check ganglia user, group - both ok<br />
* apt --fix-broken install<br />
* apt upgrade<br />
<br />
== tigstore01 ==<br />
<br />
* no bomb-out<br />
<br />
== midm9b ==<br />
<br />
* apt remove desktop-base thunderbird<br />
* bombed<br />
* apt --fix-broken-install<br />
* apt upgrade<br />
<br />
= Upgrade to new version of Debian =<br />
<br />
https://www.debian.org/releases/bookworm/amd64/release-notes/ch-upgrading.en.html<br />
<br />
== 32-bit VME processor Debian 11 to 12 ==<br />
<br />
* cd git/scripts; git pull; cd ~<br />
* apt update<br />
* apt upgrade<br />
* edit /etc/apt/sources.list<br />
<pre><br />
deb http://deb.debian.org/debian/ bookworm main<br />
#deb http://deb.debian.org/debian/ bullseye main<br />
#deb-src http://deb.debian.org/debian/ bullseye main<br />
</pre><br />
* apt update<br />
* apt upgrade --without-new-pkgs<br />
* apt full-upgrade<br />
* apt list '~c'; apt purge '~c' # purge left-over config files [residual-config]<br />
* reboot<br />
<br />
= Ubuntu package manager =<br />
<br />
* apt-get install xxx # install package xxx<br />
* apt-get update<br />
* apt-get upgrade<br />
* apt-get dist-upgrade<br />
* apt-get autoremove # remove automatically installed packages required by a removed package<br />
* apt-get remove xxx # remove package xxx<br />
* apt-cache search . # list all available packages<br />
* apt-cache show "." | grep ^Package # list al available packages<br />
* apt-cache madison root-system # show all available versions of package root-system<br />
* apt list # list all installed packages<br />
* dpkg --listfiles libpng16-16 # list all files from this package<br />
* apt list --installed # list all installed packages<br />
* dpkg -S /bin/bash # what package provides this file?<br />
* dpkg -L bash # what files provided by this package?<br />
* debsums -ce # show modified config files<br />
* apt-config dump # show apt configuration<br />
* apt purge '~c' # purge all [residual-config] packages<br />
<br />
= Ubuntu zsys =<br />
<br />
NOTE: DO NOT USE ZSYS, see https://github.com/ubuntu/zsys/issues/218 and https://github.com/ubuntu/zsys/issues/230<br />
<br />
* scripted removal of old snapshots (replace "echo zfs destroy" with "zfs destroy")<br />
<pre><br />
zfs list -t all | cut -f1 -d " " | grep autozsys | xargs -n1 echo zfs destroy<br />
</pre><br />
<br />
* manual removal of old snapshots<br />
<pre><br />
zsysctl show<br />
zsysctl state remove xy69ye -s<br />
zsysctl state remove xy69ye<br />
zsysctl state remove xy69ye -u wheel<br />
</pre><br />
* apt remove zsys<br />
<br />
NOTE: old zsys snapshots must be cleaned manually, "zsysctl state remove xxx --system" is broken and does not remove user data snapshots<br />
<br />
* manages system snapshots<br />
* documentation: https://github.com/ubuntu/zsys<br />
* documentation: (go to next article via link "newer" at the bottom) https://didrocks.fr/2020/05/21/zfs-focus-on-ubuntu-20.04-lts-whats-new/<br />
* ubuntu 20.04 bug, too many snapshots cause /boot to become full and updates fail. https://github.com/ubuntu/zsys/issues/155<br />
* solution: use custom /etc/zsys.conf, limit number of snapshots to 10, see trinatdaq:/etc/zsys.conf<br />
* zsys commands:<br />
<pre><br />
update-grub # list of all snapshots, errors if some snapshots are broken<br />
zsysctl state remove lnc0k7 --system # remove snapshot<br />
xemacs -nw /etc/zsys.conf; zsysctl service reload; zsysctl service gc # cause gc to run with new settings in zsys.conf<br />
zfs list -r -t snapshot -o name,used,referenced,creation bpool/BOOT # list snapshots<br />
zsysctl show # show snapshots<br />
</pre><br />
<br />
= Ubuntu cloning =<br />
<br />
to clone a ubuntu image:<br />
<br />
<pre><br />
cd /nfsroot/lxcpet<br />
emacs -nw etc/hostname ### change hostname<br />
emacs -nw etc/mailname ### change hostname (debian 11)<br />
emacs -nw etc/defaultdomain ### change the NIS domainname<br />
emacs -nw etc/yp.conf ### change the NIS server<br />
cp -pvf ../lxcpet-SL610/etc/ssh/*key* etc/ssh/ ### preserve the ssh keys<br />
emacs -nw opt/gonodeinfo/gonodeinfo.conf ### update information<br />
emacs -nw root/.ssh/authorized_keys ### update root ssh keys<br />
</pre><br />
<br />
= Ubuntu boot loader =<br />
<br />
== maintenance commands ==<br />
<br />
* update-initramfs -v -u<br />
* grub-install /dev/sda<br />
<br />
= Convert from single to dual mirrored ZFS SSD =<br />
<br />
Assuming Ubuntu LTS 22.04 with "instal on ZFS" option, we will<br />
add a second SSD, configure ZFS to use both SSDs in mirrored<br />
configuration and setup grub to boot from either SSD. This<br />
is intended to create a full redundant system where failure<br />
of either SSD does not break the system.<br />
<br />
* identify first SSD<br />
<pre><br />
root@midm9b:~# ./smart-status.perl <br />
Disk model serial temperature realloc pending uncorr CRC err RRER Errors Link<br />
/dev/sda WD Blue SA510 2.5 250GB 22243Z803769 24 . ? ? . ? . 6.0<br />
root@midm9b:~# <br />
</pre><br />
* connect second SSD of identical size<br />
<pre><br />
root@midm9b:~# ./smart-status.perl <br />
Disk model serial temperature realloc pending uncorr CRC err RRER Errors Link<br />
/dev/sda WD Blue SA510 2.5 250GB 22243Z803769 24 . ? ? . ? . 6.0<br />
/dev/sdb WD Blue SA510 2.5 250GB 22243Z803852 25 . ? ? . ? . 6.0<br />
root@midm9b:~# <br />
</pre><br />
* if second SSD is not autodetected, reboot<br />
* Clone partition table automatically<br />
If both SSDs are identical size, use this simpler method of duplicating the partition table:<br />
<pre><br />
root@midm9b:~# sfdisk -d /dev/sda > part_table<br />
root@midm9b:~# grep -v ^label-id part_table | sed -e 's/, *uuid=[0-9A-F-]*//' | sfdisk /dev/sdb<br />
</pre><br />
The grep and sed in the second command are there to prevent disk ID and partition IDs from being cloned. Alternatively the part_table file can be edited manually to remove the label-id line and the uuid entries from the individual partitions.<br />
<br />
* Clone partition table manually (e.g. for different size disks)<br />
* list partition table of first SSD:<br />
<pre><br />
root@midm9b:~# fdisk -l /dev/sda<br />
Disk /dev/sda: 232.89 GiB, 250059350016 bytes, 488397168 sectors<br />
Disk model: WD Blue SA510 2.<br />
Units: sectors of 1 * 512 = 512 bytes<br />
Sector size (logical/physical): 512 bytes / 512 bytes<br />
I/O size (minimum/optimal): 512 bytes / 512 bytes<br />
Disklabel type: gpt<br />
Disk identifier: 951A4174-B4C6-400D-99F5-BE9B5627FA8E<br />
<br />
Device Start End Sectors Size Type<br />
/dev/sda1 2048 1050623 1048576 512M EFI System<br />
/dev/sda2 1050624 5244927 4194304 2G Linux swap<br />
/dev/sda3 5244928 9439231 4194304 2G Solaris boot<br />
/dev/sda4 9439232 488397134 478957903 228.4G Solaris root<br />
root@midm9b:~# <br />
</pre><br />
* create identical partitions on second SSD, use sector numbers from above.<br />
<pre><br />
root@midm9b:~# gdisk /dev/sdb<br />
GPT fdisk (gdisk) version 1.0.8<br />
<br />
Partition table scan:<br />
MBR: not present<br />
BSD: not present<br />
APM: not present<br />
GPT: not present<br />
<br />
Creating new GPT entries in memory.<br />
<br />
Command (? for help): n<br />
Partition number (1-128, default 1): <br />
First sector (34-488397134, default = 2048) or {+-}size{KMGTP}: <br />
Last sector (2048-488397134, default = 488397134) or {+-}size{KMGTP}: 1050623<br />
Current type is 8300 (Linux filesystem)<br />
Hex code or GUID (L to show codes, Enter = 8300): ef00<br />
Changed type of partition to 'EFI system partition'<br />
<br />
Command (? for help): n<br />
Partition number (2-128, default 2): <br />
First sector (34-488397134, default = 1050624) or {+-}size{KMGTP}: <br />
Last sector (1050624-488397134, default = 488397134) or {+-}size{KMGTP}: 5244927<br />
Current type is 8300 (Linux filesystem)<br />
Hex code or GUID (L to show codes, Enter = 8300): 8200<br />
Changed type of partition to 'Linux swap'<br />
<br />
Command (? for help): n<br />
Partition number (3-128, default 3): <br />
First sector (34-488397134, default = 5244928) or {+-}size{KMGTP}: <br />
Last sector (5244928-488397134, default = 488397134) or {+-}size{KMGTP}: 9439231<br />
Current type is 8300 (Linux filesystem)<br />
Hex code or GUID (L to show codes, Enter = 8300): be00<br />
Changed type of partition to 'Solaris boot'<br />
<br />
Command (? for help): n<br />
Partition number (4-128, default 4): <br />
First sector (34-488397134, default = 9439232) or {+-}size{KMGTP}: <br />
Last sector (9439232-488397134, default = 488397134) or {+-}size{KMGTP}: <br />
Current type is 8300 (Linux filesystem)<br />
Hex code or GUID (L to show codes, Enter = 8300): bf00<br />
Changed type of partition to 'Solaris root'<br />
<br />
Command (? for help): w<br />
<br />
Final checks complete. About to write GPT data. THIS WILL OVERWRITE EXISTING<br />
PARTITIONS!!<br />
<br />
Do you want to proceed? (Y/N): y<br />
OK; writing new GUID partition table (GPT) to /dev/sdb.<br />
The operation has completed successfully.<br />
root@midm9b:~# fdisk -l /dev/sda /dev/sdb<br />
Disk /dev/sda: 232.89 GiB, 250059350016 bytes, 488397168 sectors<br />
Disk model: WD Blue SA510 2.<br />
Units: sectors of 1 * 512 = 512 bytes<br />
Sector size (logical/physical): 512 bytes / 512 bytes<br />
I/O size (minimum/optimal): 512 bytes / 512 bytes<br />
Disklabel type: gpt<br />
Disk identifier: 951A4174-B4C6-400D-99F5-BE9B5627FA8E<br />
<br />
Device Start End Sectors Size Type<br />
/dev/sda1 2048 1050623 1048576 512M EFI System<br />
/dev/sda2 1050624 5244927 4194304 2G Linux swap<br />
/dev/sda3 5244928 9439231 4194304 2G Solaris boot<br />
/dev/sda4 9439232 488397134 478957903 228.4G Solaris root<br />
<br />
<br />
Disk /dev/sdb: 232.89 GiB, 250059350016 bytes, 488397168 sectors<br />
Disk model: WD Blue SA510 2.<br />
Units: sectors of 1 * 512 = 512 bytes<br />
Sector size (logical/physical): 512 bytes / 512 bytes<br />
I/O size (minimum/optimal): 512 bytes / 512 bytes<br />
Disklabel type: gpt<br />
Disk identifier: EB251739-30C6-422F-A505-5887B5A0B603<br />
<br />
Device Start End Sectors Size Type<br />
/dev/sdb1 2048 1050623 1048576 512M EFI System<br />
/dev/sdb2 1050624 5244927 4194304 2G Linux swap<br />
/dev/sdb3 5244928 9439231 4194304 2G Solaris boot<br />
/dev/sdb4 9439232 488397134 478957903 228.4G Solaris root<br />
root@midm9b:~# <br />
</pre><br />
* identify second SSD partitions<br />
<pre><br />
root@midm9b:~# ls -l /dev/disk/by-id/ata*part3<br />
lrwxrwxrwx 1 root root 10 Jan 20 18:37 /dev/disk/by-id/ata-WD_Blue_SA510_2.5_250GB_22243Z803769-part3 -> ../../sda3<br />
lrwxrwxrwx 1 root root 10 Jan 20 19:34 /dev/disk/by-id/ata-WD_Blue_SA510_2.5_250GB_22243Z803852-part3 -> ../../sdb3<br />
root@midm9b:~# ls -l /dev/disk/by-id/ata*part4<br />
lrwxrwxrwx 1 root root 10 Jan 20 18:37 /dev/disk/by-id/ata-WD_Blue_SA510_2.5_250GB_22243Z803769-part4 -> ../../sda4<br />
lrwxrwxrwx 1 root root 10 Jan 20 19:34 /dev/disk/by-id/ata-WD_Blue_SA510_2.5_250GB_22243Z803852-part4 -> ../../sdb4<br />
</pre><br />
* convert bpool from single disk to mirrored disk:<br />
<pre><br />
root@midm9b:~# zpool status<br />
pool: bpool<br />
state: ONLINE<br />
config:<br />
<br />
NAME STATE READ WRITE CKSUM<br />
bpool ONLINE 0 0 0<br />
99e03dc0-7d4d-f24b-8fa1-f042b9f135db ONLINE 0 0 0<br />
<br />
errors: No known data errors<br />
<br />
pool: rpool<br />
state: ONLINE<br />
config:<br />
<br />
NAME STATE READ WRITE CKSUM<br />
rpool ONLINE 0 0 0<br />
f6fd54f8-3af7-b943-ae3d-a4e480537fb9 ONLINE 0 0 0<br />
<br />
errors: No known data errors<br />
root@midm9b:~# zpool attach bpool 99e03dc0-7d4d-f24b-8fa1-f042b9f135db /dev/disk/by-id/ata-WD_Blue_SA510_2.5_250GB_22243Z803852-part3<br />
root@midm9b:~# zpool status bpool<br />
pool: bpool<br />
state: ONLINE<br />
scan: resilvered 247M in 00:00:00 with 0 errors on Fri Jan 20 19:39:40 2023<br />
config:<br />
<br />
NAME STATE READ WRITE CKSUM<br />
bpool ONLINE 0 0 0<br />
mirror-0 ONLINE 0 0 0<br />
99e03dc0-7d4d-f24b-8fa1-f042b9f135db ONLINE 0 0 0<br />
ata-WD_Blue_SA510_2.5_250GB_22243Z803852-part3 ONLINE 0 0 0<br />
<br />
errors: No known data errors<br />
</pre><br />
* convert rpool<br />
<pre><br />
root@midm9b:~# ls -l /dev/disk/by-id/ata*part4<br />
lrwxrwxrwx 1 root root 10 Jan 20 18:37 /dev/disk/by-id/ata-WD_Blue_SA510_2.5_250GB_22243Z803769-part4 -> ../../sda4<br />
lrwxrwxrwx 1 root root 10 Jan 20 19:34 /dev/disk/by-id/ata-WD_Blue_SA510_2.5_250GB_22243Z803852-part4 -> ../../sdb4<br />
root@midm9b:~# zpool attach rpool f6fd54f8-3af7-b943-ae3d-a4e480537fb9 /dev/disk/by-id/ata-WD_Blue_SA510_2.5_250GB_22243Z803852-part4<br />
root@midm9b:~# zpool status rpool<br />
pool: rpool<br />
state: ONLINE<br />
status: One or more devices is currently being resilvered. The pool will<br />
continue to function, possibly in a degraded state.<br />
action: Wait for the resilver to complete.<br />
scan: resilver in progress since Fri Jan 20 19:40:45 2023<br />
5.83G scanned at 664M/s, 2.92M issued at 332K/s, 9.11G total<br />
0B resilvered, 0.03% done, no estimated completion time<br />
config:<br />
<br />
NAME STATE READ WRITE CKSUM<br />
rpool ONLINE 0 0 0<br />
mirror-0 ONLINE 0 0 0<br />
f6fd54f8-3af7-b943-ae3d-a4e480537fb9 ONLINE 0 0 0<br />
ata-WD_Blue_SA510_2.5_250GB_22243Z803852-part4 ONLINE 0 0 0<br />
<br />
errors: No known data errors<br />
root@midm9b:~# <br />
</pre><br />
* wait for resilver to complete<br />
<pre><br />
root@midm9b:~# zpool status<br />
pool: bpool<br />
state: ONLINE<br />
scan: resilvered 247M in 00:00:00 with 0 errors on Fri Jan 20 19:39:40 2023<br />
config:<br />
<br />
NAME STATE READ WRITE CKSUM<br />
bpool ONLINE 0 0 0<br />
mirror-0 ONLINE 0 0 0<br />
99e03dc0-7d4d-f24b-8fa1-f042b9f135db ONLINE 0 0 0<br />
ata-WD_Blue_SA510_2.5_250GB_22243Z803852-part3 ONLINE 0 0 0<br />
<br />
errors: No known data errors<br />
<br />
pool: rpool<br />
state: ONLINE<br />
scan: resilvered 9.65G in 00:00:36 with 0 errors on Fri Jan 20 19:41:21 2023<br />
config:<br />
<br />
NAME STATE READ WRITE CKSUM<br />
rpool ONLINE 0 0 0<br />
mirror-0 ONLINE 0 0 0<br />
f6fd54f8-3af7-b943-ae3d-a4e480537fb9 ONLINE 0 0 0<br />
ata-WD_Blue_SA510_2.5_250GB_22243Z803852-part4 ONLINE 0 0 0<br />
<br />
errors: No known data errors<br />
</pre><br />
* enable booting from second SSD: (instead of /dev/sda1, /dev/sdb1, use UUID=xxx)<br />
<pre><br />
root@midm9b:~# mkfs.msdos /dev/sdb1<br />
root@midm9b:~# mkdir /boot/efi-sda<br />
root@midm9b:~# mkdir /boot/efi-sdb<br />
root@midm20c:~# blkid | grep vfat ### identify UUID<br />
/dev/sdb1: UUID="DD89-5081" BLOCK_SIZE="512" TYPE="vfat" PARTLABEL="EFI System Partition" PARTUUID="d0cb6be4-2f67-5b42-9b26-9e6905e9f774"<br />
/dev/sdc1: UUID="D970-86BA" BLOCK_SIZE="512" TYPE="vfat" PARTLABEL="EFI System Partition" PARTUUID="e6d3b5b9-a512-44a2-9205-1a4db06ed2a2"<br />
/dev/sda1: UUID="DDA1-044C" BLOCK_SIZE="512" TYPE="vfat" PARTLABEL="EFI System Partition" PARTUUID="6dc9dff0-1c13-8045-a906-7803d3074c70"<br />
root@midm20c:~# cat /etc/fstab | grep vfat ### add mount points with correct UUID<br />
#UUID=D970-86BA /boot/efi vfat umask=0022,fmask=0022,dmask=0022 0 1<br />
UUID=DDA1-044C /boot/efi-sda vfat umask=0022,fmask=0022,dmask=0022 0 1<br />
UUID=DD89-5081 /boot/efi-sdb vfat umask=0022,fmask=0022,dmask=0022 0 1<br />
root@midm9b:~# mount -a<br />
root@midm9b:~# df -kl<br />
Filesystem 1K-blocks Used Available Use% Mounted on<br />
...<br />
/dev/sda1 523244 13720 509524 3% /boot/efi<br />
/dev/sdb1 523244 4 523240 1% /boot/efi-sdb<br />
...<br />
root@midm9b:~# rsync -av /boot/efi/ /boot/efi-sdb/<br />
sending incremental file list<br />
EFI/<br />
...<br />
root@midm9b:~# ls -l /boot/efi-sda<br />
total 8<br />
drwxr-xr-x 4 root root 4096 Jan 19 23:26 EFI<br />
drwxr-xr-x 5 root root 4096 Jan 19 23:26 grub<br />
root@midm9b:~# ls -l /boot/efi-sdb<br />
total 8<br />
drwxr-xr-x 4 root root 4096 Jan 19 23:26 EFI<br />
drwxr-xr-x 5 root root 4096 Jan 19 23:26 grub<br />
root@midm9b:~# <br />
</pre><br />
* setup script to update grub on second SSD, it must be run manually after every kernel update<br />
<pre><br />
root@midm9b:~# ln -s ~/git/scripts/etc/update_efi_grub.perl ~/<br />
root@midm9b:~# ~/update_efi_grub.perl -u<br />
EFI dir: /boot/efi-sda<br />
/boot/efi-sda: update grub: rsync -av --delete-after --modify-window=2 /boot/efi/grub/ /boot/efi-sda/grub<br />
building file list ... done<br />
<br />
sent 5,313 bytes received 11 bytes 10,648.00 bytes/sec<br />
total size is 7,944,644 speedup is 1,492.23<br />
/boot/efi-sda: update efi: rsync -av --delete-after --modify-window=2 /boot/efi/EFI/ /boot/efi-sda/EFI<br />
building file list ... done<br />
<br />
sent 216 bytes received 11 bytes 454.00 bytes/sec<br />
total size is 5,452,378 speedup is 24,019.29<br />
EFI dir: /boot/efi-sdb<br />
/boot/efi-sdb: update grub: rsync -av --delete-after --modify-window=2 /boot/efi/grub/ /boot/efi-sdb/grub<br />
building file list ... done<br />
<br />
sent 5,313 bytes received 11 bytes 10,648.00 bytes/sec<br />
total size is 7,944,644 speedup is 1,492.23<br />
/boot/efi-sdb: update efi: rsync -av --delete-after --modify-window=2 /boot/efi/EFI/ /boot/efi-sdb/EFI<br />
building file list ... done<br />
<br />
sent 216 bytes received 11 bytes 454.00 bytes/sec<br />
total size is 5,452,378 speedup is 24,019.29<br />
root@midm9b:~# <br />
</pre><br />
<br />
= Disable NetworkManager =<br />
<br />
== Debian-12 ==<br />
<br />
* use netplan, https://www.debian.org/doc/manuals/debian-reference/ch05.en.html#_the_modern_network_configuration_for_cloud<br />
* apt install netplan.io<br />
* systemctl enable systemd-networkd<br />
* systemctl restart systemd-networkd<br />
* create /etc/netplan/50-dhcp.yaml<br />
<pre><br />
network:<br />
version: 2<br />
ethernets:<br />
all-en:<br />
match:<br />
name: "en*"<br />
dhcp4: true<br />
dhcp6: true<br />
ignore-carrier: true ### do not drop IP address if network link drops<br />
</pre><br />
* netplan apply<br />
* netplan try<br />
* ifconfig -a ### to check IP address settings<br />
* netstat -rn ### to check default route<br />
* cat /etc/resolv.conf ### to check DNS<br />
* ls -l /run/systemd/netif/leases ### systemd-networkd dhcp leases<br />
* NOTE: without "ignore-carrier" it will drop the IP address if network link drops, re-do dhcp when links comes back<br />
* NOTE: wait-network-online will wait for all interfaces to get an IP address<br />
<br />
== Ubuntu-20 ==<br />
<br />
NOTE: THIS IS BROKEN IN UBUNTU LTS 22.04<br />
<br />
NetworkManager is useful for configuring dynamic<br />
network interfaces, i.e. laptops that often move<br />
between networks, or connect to multiple choice<br />
of wifi networks, etc.<br />
<br />
For machines with statically configured network interfaces,<br />
NetworkManager is not necessary.<br />
<br />
As it has been observed to become confused and observed<br />
to malfunction when network links go up and down (it keeps<br />
unnecessarily reconfiguring the ip address, etc), it can<br />
be usefuil to disable it.<br />
<br />
* list all network interfaces<br />
<pre><br />
# /bin/ls -1 /sys/class/net/<br />
enp0s31f6<br />
lo<br />
</pre><br />
* edit /etc/network/interfaces:<br />
<pre><br />
rename enp0s31f6=eth0<br />
auto eth0<br />
iface eth0 inet static<br />
address 142.90.120.94/19<br />
gateway 142.90.100.18<br />
</pre><br />
* statically configure systemd-resolved<br />
** create /etc/systemd/resolved.conf.d/resolved.conf with this contents:<br />
<pre><br />
[Resolve]<br />
DNS=142.90.100.19<br />
Domains=triumf.ca<br />
</pre><br />
** systemctl restart systemd-resolved<br />
** resolvectl<br />
** systemd-analyze cat-config systemd/resolved.conf<br />
* disable NetworkManager<br />
<pre><br />
systemctl disable NetworkManager<br />
</pre><br />
* reboot<br />
<br />
== U-22, U-24 ifup-ko ==<br />
<br />
Network configuration of modern linux is confused. There are at least 3 configuration methods, each with different shortcomings:<br />
* the old ifup method is barely documented<br />
* NetworkManager is well documented and tooled, but sometimes does strange things<br />
* systemd-networkd is mysterious, and likely to do strange stuff, like all systemd stuff<br />
* netplan is the latest method, configuration is simple but uses NetworkManager or systemd-networkd as backend.<br />
<br />
This is a solution for a specific situation of fixed computer with one fixed wired interface and maybe one or more additional interfaces for fixed wired private networks.<br />
<br />
Install /etc/ifup-ko, edit it with IP addresses of main and additional interfaces, let systemd run it in the right place in the boot sequence replacing NetworkManager and NetworkManager-wait-online .<br />
<br />
As bonus, /etc/ifup-ko waits up to 10 seconds for the main interface link to come up. If this is not needed, comment it out from the script.<br />
<br />
* prepare<br />
<pre><br />
cd ~/git/scripts<br />
git pull<br />
cd ifup-ko<br />
make install<br />
</pre><br />
* confirm interface names<br />
<pre><br />
systemctl start ifup-ko ### should finish immediately or after 10 seconds<br />
systemctl status ifup-ko -n 1000 ### observe list of interfaces is correct, name of main interface is correct<br />
</pre><br />
* edit /etc/ifup-ko<br />
** add host IP address to the "ifconfig" line<br />
** add gateway IP address to the "ip route add" line<br />
* test<br />
<pre><br />
systemctl start ifup-ko ### should finish immediately<br />
systemctl status ifup-ko -n 1000 ### observe everything is configured as expected<br />
</pre><br />
* cut-over<br />
<pre><br />
systemctl disable networkd-dispatcher<br />
systemctl disable NetworkManager<br />
systemctl disable wpa_supplicant # if no Wifi or Wifi not in use<br />
</pre><br />
* reboot<br />
<br />
= Configure ECC memory =<br />
<br />
== Configure EDAC ==<br />
<br />
* apt install edac-utils rasdaemon<br />
<br />
=== Intel i3-2120 ===<br />
<pre><br />
root@musr00:~# edac-ctl --mainboard<br />
edac-ctl: mainboard: Supermicro X9SCL/X9SCM<br />
root@musr00:~# edac-ctl --status<br />
edac-ctl: drivers not loaded.<br />
</pre><br />
<br />
=== Intel E-2236 ===<br />
<pre><br />
root@daq00:~# edac-ctl --mainboard<br />
edac-ctl: mainboard: Supermicro X11SCM-F<br />
root@daq00:~# edac-ctl --status<br />
edac-ctl: drivers are loaded.<br />
root@daq00:~# edac-util <br />
edac-util: No errors to report.<br />
root@daq00:~# edac-util -s<br />
edac-util: EDAC drivers are loaded. 1 MC detected<br />
</pre><br />
* check edac sysfs files (Intel)<br />
<pre><br />
root@daq00:~# ls -l /sys/devices/system/edac/mc/mc0<br />
total 0<br />
-r--r--r-- 1 root root 4096 Jan 25 15:10 ce_count<br />
-r--r--r-- 1 root root 4096 Jan 25 15:10 ce_noinfo_count<br />
-r--r--r-- 1 root root 4096 Jan 25 15:10 max_location<br />
-r--r--r-- 1 root root 4096 Jan 25 15:10 mc_name<br />
drwxr-xr-x 2 root root 0 Jan 25 15:10 power<br />
drwxr-xr-x 3 root root 0 Jan 25 15:10 rank0<br />
drwxr-xr-x 3 root root 0 Jan 25 15:10 rank1<br />
drwxr-xr-x 3 root root 0 Jan 25 15:10 rank2<br />
drwxr-xr-x 3 root root 0 Jan 25 15:10 rank3<br />
drwxr-xr-x 3 root root 0 Jan 25 15:10 rank4<br />
drwxr-xr-x 3 root root 0 Jan 25 15:10 rank5<br />
drwxr-xr-x 3 root root 0 Jan 25 15:10 rank6<br />
drwxr-xr-x 3 root root 0 Jan 25 15:10 rank7<br />
--w------- 1 root root 4096 Jan 25 15:10 reset_counters<br />
-r--r--r-- 1 root root 4096 Jan 25 15:10 seconds_since_reset<br />
-r--r--r-- 1 root root 4096 Jan 25 15:10 size_mb<br />
-r--r--r-- 1 root root 4096 Jan 25 15:10 ue_count<br />
-r--r--r-- 1 root root 4096 Jan 25 15:10 ue_noinfo_count<br />
-rw-r--r-- 1 root root 4096 Jan 25 15:10 uevent<br />
root@daq00:~# <br />
</pre><br />
<br />
=== Intel E3-1270 v6 ===<br />
<pre><br />
root@wheel-SYS-5019S-M:~/git/scripts# edac-ctl --mainboard<br />
edac-ctl: mainboard: Supermicro X11SSH-F<br />
root@wheel-SYS-5019S-M:~/git/scripts# edac-ctl --status<br />
edac-ctl: drivers are loaded.<br />
root@grsnis01:~# edac-util<br />
edac-util: No errors to report.<br />
root@grsnis01:~# edac-util -s<br />
edac-util: EDAC drivers are loaded. 1 MC detected<br />
root@grsnis01:~# ls -l /sys/devices/system/edac/mc/mc0<br />
total 0<br />
-r--r--r-- 1 root root 4096 Feb 19 12:35 ce_count<br />
-r--r--r-- 1 root root 4096 Feb 19 12:35 ce_noinfo_count<br />
-r--r--r-- 1 root root 4096 Feb 19 12:35 max_location<br />
-r--r--r-- 1 root root 4096 Feb 19 12:35 mc_name<br />
drwxr-xr-x 2 root root 0 Feb 19 12:35 power<br />
drwxr-xr-x 3 root root 0 Feb 19 12:35 rank0<br />
drwxr-xr-x 3 root root 0 Feb 19 12:35 rank1<br />
drwxr-xr-x 3 root root 0 Feb 19 12:35 rank2<br />
drwxr-xr-x 3 root root 0 Feb 19 12:35 rank3<br />
drwxr-xr-x 3 root root 0 Feb 19 12:35 rank4<br />
drwxr-xr-x 3 root root 0 Feb 19 12:35 rank5<br />
drwxr-xr-x 3 root root 0 Feb 19 12:35 rank6<br />
drwxr-xr-x 3 root root 0 Feb 19 12:35 rank7<br />
--w------- 1 root root 4096 Feb 19 12:35 reset_counters<br />
-r--r--r-- 1 root root 4096 Feb 19 12:35 seconds_since_reset<br />
-r--r--r-- 1 root root 4096 Feb 19 12:35 size_mb<br />
-r--r--r-- 1 root root 4096 Feb 19 12:35 ue_count<br />
-r--r--r-- 1 root root 4096 Feb 19 12:35 ue_noinfo_count<br />
-rw-r--r-- 1 root root 4096 Feb 19 12:35 uevent<br />
root@grsnis01:~# <br />
</pre><br />
<br />
=== Intel E3-1245 v6 ===<br />
<br />
<pre><br />
[root@alphagdaq ~]# edac-ctl --mainboard<br />
edac-ctl: mainboard: Supermicro X11SSH-F<br />
[root@alphagdaq ~]# edac-ctl --mainboard<br />
edac-ctl: mainboard: Supermicro X11SSH-F<br />
[root@alphagdaq ~]# edac-ctl --status<br />
edac-ctl: drivers are loaded.<br />
[root@alphagdaq ~]# edac-util<br />
edac-util: No errors to report.<br />
[root@alphagdaq ~]# edac-util -s<br />
edac-util: EDAC drivers are loaded. 1 MC detected<br />
[root@alphagdaq ~]# ras-mc-ctl --layout<br />
+-----------------------------------------------+<br />
| mc0 |<br />
| csrow0 | csrow1 | csrow2 | csrow3 |<br />
----------+-----------------------------------------------+<br />
channel1: | 8192 MB | 8192 MB | 8192 MB | 8192 MB |<br />
channel0: | 8192 MB | 8192 MB | 8192 MB | 8192 MB |<br />
----------+-----------------------------------------------+<br />
[root@alphagdaq ~]# ras-mc-ctl --error-count<br />
Label CE UE<br />
mc#0csrow#3channel#0 0 0<br />
mc#0csrow#2channel#1 0 0<br />
mc#0csrow#3channel#1 0 0<br />
mc#0csrow#0channel#0 0 0<br />
mc#0csrow#1channel#1 0 0<br />
mc#0csrow#0channel#1 0 0<br />
mc#0csrow#1channel#0 0 0<br />
mc#0csrow#2channel#0 0 0<br />
[root@alphagdaq ~]# ras-mc-ctl --mainboard<br />
ras-mc-ctl: mainboard: Supermicro model X11SSH-F<br />
[root@alphagdaq ~]# ras-mc-ctl --summary<br />
DBD::SQLite::db prepare failed: no such table: mc_event at /usr/sbin/ras-mc-ctl line 1129.<br />
Can't call method "execute" on an undefined value at /usr/sbin/ras-mc-ctl line 1130.<br />
[root@alphagdaq ~]# <br />
</pre><br />
<br />
=== AMD 3700X ===<br />
<br />
(memory is non-ECC)<br />
<br />
<pre><br />
root@daq13:~# edac-ctl --mainboard<br />
edac-ctl: mainboard: ASUSTeK COMPUTER INC. ROG STRIX B550-E GAMING<br />
root@daq13:~# <br />
root@daq13:~# <br />
root@daq13:~# edac-ctl --status<br />
edac-ctl: drivers not loaded.<br />
root@daq13:~# edac-util <br />
edac-util: Error: No memory controller data found.<br />
root@daq13:~# edac-util -s<br />
edac-util: EDAC drivers loaded. No memory controllers found<br />
root@daq13:~# ls -l /sys/devices/system/edac/mc<br />
total 0<br />
drwxr-xr-x 2 root root 0 Jan 25 15:26 power<br />
lrwxrwxrwx 1 root root 0 Jan 21 16:16 subsystem -> ../../../../bus/edac<br />
-rw-r--r-- 1 root root 4096 Jan 21 16:16 uevent<br />
</pre><br />
<br />
(memory is ECC)<br />
<br />
<pre><br />
root@trinatdaq:~# edac-ctl --mainboard<br />
edac-ctl: mainboard: ASUSTeK COMPUTER INC. ROG STRIX B550-E GAMING<br />
root@trinatdaq:~# edac-ctl --status<br />
edac-ctl: drivers are loaded.<br />
root@trinatdaq:~# edac-util <br />
edac-util: No errors to report.<br />
root@trinatdaq:~# edac-util -s<br />
edac-util: EDAC drivers are loaded. 1 MC detected<br />
root@trinatdaq:~# ls -l /sys/devices/system/edac/mc<br />
total 0<br />
drwxr-xr-x 7 root root 0 Dec 15 13:04 mc0<br />
drwxr-xr-x 2 root root 0 Dec 15 13:04 power<br />
lrwxrwxrwx 1 root root 0 Dec 13 18:31 subsystem -> ../../../../bus/edac<br />
-rw-r--r-- 1 root root 4096 Dec 13 18:31 uevent<br />
root@trinatdaq:~# ls -l /sys/devices/system/edac/mc/mc0<br />
total 0<br />
-r--r--r-- 1 root root 4096 Dec 15 13:04 ce_count<br />
-r--r--r-- 1 root root 4096 Dec 15 13:04 ce_noinfo_count<br />
-r--r--r-- 1 root root 4096 Dec 15 13:04 max_location<br />
-r--r--r-- 1 root root 4096 Dec 15 13:04 mc_name<br />
drwxr-xr-x 2 root root 0 Dec 15 13:04 power<br />
drwxr-xr-x 3 root root 0 Dec 15 13:04 rank4<br />
drwxr-xr-x 3 root root 0 Dec 15 13:04 rank5<br />
drwxr-xr-x 3 root root 0 Dec 15 13:04 rank6<br />
drwxr-xr-x 3 root root 0 Dec 15 13:04 rank7<br />
--w------- 1 root root 4096 Dec 15 13:04 reset_counters<br />
-rw-r--r-- 1 root root 4096 Dec 15 13:04 sdram_scrub_rate<br />
-r--r--r-- 1 root root 4096 Dec 15 13:04 seconds_since_reset<br />
-r--r--r-- 1 root root 4096 Dec 15 13:04 size_mb<br />
-r--r--r-- 1 root root 4096 Dec 15 13:04 ue_count<br />
-r--r--r-- 1 root root 4096 Dec 15 13:04 ue_noinfo_count<br />
-rw-r--r-- 1 root root 4096 Dec 15 13:04 uevent<br />
root@trinatdaq:~# <br />
</pre><br />
<br />
=== AMD 5000G ===<br />
<br />
* no linux driver for AMD 5000-series "G" CPU<br />
* no mention of ECC in the BIOS settings<br />
* unclear status of ECC support in AMD documentation (sais only "pro" "G" CPUs have ECC)<br />
* unclear status of ECC support in ASUS documentation (web page out of date)<br />
<br />
=== AMD 5600X ===<br />
<br />
<pre><br />
root@daq17:~# edac-ctl --mainboard<br />
edac-ctl: mainboard: ASUSTeK COMPUTER INC. ROG STRIX B550-XE GAMING WIFI<br />
root@daq17:~# edac-ctl --status<br />
edac-ctl: drivers are loaded.<br />
root@daq17:~# edac-util<br />
edac-util: No errors to report.<br />
root@daq17:~# edac-util -s<br />
edac-util: EDAC drivers are loaded. 1 MC detected<br />
root@daq17:~# ls -l /sys/devices/system/edac/mc<br />
total 0<br />
drwxr-xr-x 7 root root 0 Aug 19 19:27 mc0<br />
drwxr-xr-x 2 root root 0 Aug 19 19:27 power<br />
lrwxrwxrwx 1 root root 0 May 10 10:11 subsystem -> ../../../../bus/edac<br />
-rw-r--r-- 1 root root 4096 May 10 10:11 uevent<br />
root@daq17:~# ls -l /sys/devices/system/edac/mc/mc0<br />
total 0<br />
-r--r--r-- 1 root root 4096 Aug 19 19:27 ce_count<br />
-r--r--r-- 1 root root 4096 Aug 19 19:27 ce_noinfo_count<br />
-r--r--r-- 1 root root 4096 Aug 19 19:27 max_location<br />
-r--r--r-- 1 root root 4096 Aug 19 19:27 mc_name<br />
drwxr-xr-x 2 root root 0 Aug 19 19:27 power<br />
drwxr-xr-x 3 root root 0 Aug 19 19:27 rank4<br />
drwxr-xr-x 3 root root 0 Aug 19 19:27 rank5<br />
drwxr-xr-x 3 root root 0 Aug 19 19:27 rank6<br />
drwxr-xr-x 3 root root 0 Aug 19 19:27 rank7<br />
--w------- 1 root root 4096 Aug 19 19:27 reset_counters<br />
-rw-r--r-- 1 root root 4096 Aug 19 19:27 sdram_scrub_rate<br />
-r--r--r-- 1 root root 4096 Aug 19 19:27 seconds_since_reset<br />
-r--r--r-- 1 root root 4096 Aug 19 19:27 size_mb<br />
-r--r--r-- 1 root root 4096 Aug 19 19:27 ue_count<br />
-r--r--r-- 1 root root 4096 Aug 19 19:27 ue_noinfo_count<br />
-rw-r--r-- 1 root root 4096 Aug 19 19:27 uevent<br />
root@daq17:~# <br />
</pre><br />
<br />
=== AMD 3955WX ===<br />
<br />
<pre><br />
root@alphasuperdaq:~/git/scripts/quotareport# edac-ctl --mainboard<br />
edac-ctl: mainboard: ASUSTeK COMPUTER INC. Pro WS WRX80E-SAGE SE WIFI<br />
root@alphasuperdaq:~/git/scripts/quotareport# edac-ctl --status<br />
edac-ctl: drivers are loaded.<br />
root@alphasuperdaq:~/git/scripts/quotareport# edac-util <br />
edac-util: No errors to report.<br />
root@alphasuperdaq:~/git/scripts/quotareport# edac-util -s<br />
edac-util: EDAC drivers are loaded. 1 MC detected<br />
root@alphasuperdaq:~/git/scripts/quotareport# ls -l /sys/devices/system/edac/mc<br />
total 0<br />
drwxr-xr-x 19 root root 0 Dez 12 04:48 mc0<br />
drwxr-xr-x 2 root root 0 Dez 12 04:48 power<br />
lrwxrwxrwx 1 root root 0 Dez 9 05:31 subsystem -> ../../../../bus/edac<br />
-rw-r--r-- 1 root root 4096 Dez 9 05:31 uevent<br />
root@alphasuperdaq:~/git/scripts/quotareport# <br />
root@alphasuperdaq:~# ls -l /sys/devices/system/edac/mc/mc0<br />
total 0<br />
-r--r--r-- 1 root root 4096 Feb 28 22:19 ce_count<br />
-r--r--r-- 1 root root 4096 Feb 28 22:19 ce_noinfo_count<br />
-r--r--r-- 1 root root 4096 Feb 28 22:19 max_location<br />
-r--r--r-- 1 root root 4096 Feb 28 22:19 mc_name<br />
drwxr-xr-x 2 root root 0 Dez 12 04:48 power<br />
drwxr-xr-x 3 root root 0 Dez 12 04:48 rank0<br />
drwxr-xr-x 3 root root 0 Dez 12 04:48 rank1<br />
drwxr-xr-x 3 root root 0 Dez 12 04:48 rank10<br />
drwxr-xr-x 3 root root 0 Dez 12 04:48 rank11<br />
drwxr-xr-x 3 root root 0 Dez 12 04:48 rank12<br />
drwxr-xr-x 3 root root 0 Dez 12 04:48 rank13<br />
drwxr-xr-x 3 root root 0 Dez 12 04:48 rank14<br />
drwxr-xr-x 3 root root 0 Dez 12 04:48 rank15<br />
drwxr-xr-x 3 root root 0 Dez 12 04:48 rank2<br />
drwxr-xr-x 3 root root 0 Dez 12 04:48 rank3<br />
drwxr-xr-x 3 root root 0 Dez 12 04:48 rank4<br />
drwxr-xr-x 3 root root 0 Dez 12 04:48 rank5<br />
drwxr-xr-x 3 root root 0 Dez 12 04:48 rank6<br />
drwxr-xr-x 3 root root 0 Dez 12 04:48 rank7<br />
drwxr-xr-x 3 root root 0 Dez 12 04:48 rank8<br />
drwxr-xr-x 3 root root 0 Dez 12 04:48 rank9<br />
--w------- 1 root root 4096 Feb 28 22:19 reset_counters<br />
-rw-r--r-- 1 root root 4096 Feb 28 22:19 sdram_scrub_rate<br />
-r--r--r-- 1 root root 4096 Feb 28 22:19 seconds_since_reset<br />
-r--r--r-- 1 root root 4096 Feb 28 22:19 size_mb<br />
-r--r--r-- 1 root root 4096 Feb 28 22:19 ue_count<br />
-r--r--r-- 1 root root 4096 Feb 28 22:19 ue_noinfo_count<br />
-rw-r--r-- 1 root root 4096 Feb 28 22:19 uevent<br />
root@alphasuperdaq:~# <br />
root@alphasuperdaq:~# ras-mc-ctl --layout<br />
Use of uninitialized value $max_pos[3] in modulus (%) at /usr/sbin/ras-mc-ctl line 868.<br />
Use of uninitialized value $d in numeric ge (>=) at /usr/sbin/ras-mc-ctl line 869.<br />
Use of uninitialized value $d in sprintf at /usr/sbin/ras-mc-ctl line 872.<br />
Use of uninitialized value $pos[3] in join or string at /usr/sbin/ras-mc-ctl line 791.<br />
Use of uninitialized value $pos[3] in join or string at /usr/sbin/ras-mc-ctl line 791.<br />
Use of uninitialized value $pos[3] in join or string at /usr/sbin/ras-mc-ctl line 791.<br />
Use of uninitialized value $pos[3] in join or string at /usr/sbin/ras-mc-ctl line 791.<br />
Use of uninitialized value $pos[3] in join or string at /usr/sbin/ras-mc-ctl line 791.<br />
Use of uninitialized value $pos[3] in join or string at /usr/sbin/ras-mc-ctl line 791.<br />
Use of uninitialized value $pos[3] in join or string at /usr/sbin/ras-mc-ctl line 791.<br />
Use of uninitialized value $pos[3] in join or string at /usr/sbin/ras-mc-ctl line 791.<br />
Use of uninitialized value $pos[3] in join or string at /usr/sbin/ras-mc-ctl line 791.<br />
Use of uninitialized value $pos[3] in join or string at /usr/sbin/ras-mc-ctl line 791.<br />
Use of uninitialized value $pos[3] in join or string at /usr/sbin/ras-mc-ctl line 791.<br />
Use of uninitialized value $pos[3] in join or string at /usr/sbin/ras-mc-ctl line 791.<br />
Use of uninitialized value $pos[3] in join or string at /usr/sbin/ras-mc-ctl line 791.<br />
Use of uninitialized value $pos[3] in join or string at /usr/sbin/ras-mc-ctl line 791.<br />
Use of uninitialized value $pos[3] in join or string at /usr/sbin/ras-mc-ctl line 791.<br />
Use of uninitialized value $pos[3] in join or string at /usr/sbin/ras-mc-ctl line 791.<br />
+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+<br />
| mc0 |<br />
| csrow0 | csrow1 |<br />
| channel0 | channel1 | channel2 | channel3 | channel4 | channel5 | channel6 | channel7 | channel0 | channel1 | channel2 | channel3 | channel4 | channel5 | channel6 | channel7 |<br />
----+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+<br />
<br />
0: | 0 MB | 0 MB | 0 MB | 0 MB | 0 MB | 0 MB | 0 MB | 0 MB | 0 MB | 0 MB | 0 MB | 0 MB | 0 MB | 0 MB | 0 MB | 0 MB |<br />
----+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+<br />
root@alphasuperdaq:~# ras-mc-ctl --error-count<br />
Label CE UE<br />
mc#0csrow#0channel#2 0 0<br />
mc#0csrow#1channel#7 0 0<br />
mc#0csrow#0channel#3 0 0<br />
mc#0csrow#1channel#4 0 0<br />
mc#0csrow#1channel#2 0 0<br />
mc#0csrow#0channel#7 0 0<br />
mc#0csrow#1channel#3 0 0<br />
mc#0csrow#0channel#4 0 0<br />
mc#0csrow#1channel#1 0 0<br />
mc#0csrow#1channel#0 0 0<br />
mc#0csrow#1channel#5 0 0<br />
mc#0csrow#0channel#6 0 0<br />
mc#0csrow#0channel#1 0 0<br />
mc#0csrow#0channel#5 0 0<br />
mc#0csrow#0channel#0 0 0<br />
mc#0csrow#1channel#6 0 0<br />
root@alphasuperdaq:~# ras-mc-ctl --mainboard<br />
ras-mc-ctl: mainboard: ASUSTeK COMPUTER INC. model Pro WS WRX80E-SAGE SE WIFI<br />
root@alphasuperdaq:~# ras-mc-ctl --summary<br />
No Memory errors.<br />
<br />
No PCIe AER errors.<br />
<br />
No Extlog errors.<br />
<br />
DBD::SQLite::db prepare failed: no such table: devlink_event at /usr/sbin/ras-mc-ctl line 1181.<br />
Can't call method "execute" on an undefined value at /usr/sbin/ras-mc-ctl line 1182.<br />
root@alphasuperdaq:~#<br />
</pre><br />
<br />
=== AMD 7700X ===<br />
<br />
<pre><br />
root@dsfe05:~# apt install edac-utils<br />
root@dsfe05:~# edac-ctl --mainboard<br />
edac-ctl: mainboard: Supermicro H13SAE-MF<br />
root@dsfe05:~# edac-ctl --status<br />
edac-ctl: drivers are loaded.<br />
root@dsfe05:~# edac-util<br />
edac-util: No errors to report.<br />
root@dsfe05:~# edac-util -s<br />
edac-util: EDAC drivers are loaded. 1 MC detected<br />
root@dsfe05:~# ls -l /sys/devices/system/edac/mc/mc0<br />
total 0<br />
-r--r--r-- 1 root root 4096 May 14 09:33 ce_count<br />
-r--r--r-- 1 root root 4096 May 14 09:33 ce_noinfo_count<br />
-r--r--r-- 1 root root 4096 May 14 09:33 max_location<br />
-r--r--r-- 1 root root 4096 May 14 09:33 mc_name<br />
drwxr-xr-x 2 root root 0 May 14 09:33 power<br />
drwxr-xr-x 3 root root 0 May 14 09:33 rank4<br />
drwxr-xr-x 3 root root 0 May 14 09:33 rank5<br />
--w------- 1 root root 4096 May 14 09:33 reset_counters<br />
-r--r--r-- 1 root root 4096 May 14 09:33 seconds_since_reset<br />
-r--r--r-- 1 root root 4096 May 14 09:33 size_mb<br />
-r--r--r-- 1 root root 4096 May 14 09:33 ue_count<br />
-r--r--r-- 1 root root 4096 May 14 09:33 ue_noinfo_count<br />
-rw-r--r-- 1 root root 4096 May 14 09:33 uevent<br />
root@dsfe05:~# <br />
</pre><br />
<br />
== Configure rasdaemon ==<br />
<br />
<pre><br />
apt install rasdaemon<br />
</pre><br />
<pre><br />
systemctl enable rasdaemon<br />
systemctl restart rasdaemon<br />
systemctl status rasdaemon<br />
</pre><br />
<br />
<pre><br />
● rasdaemon.service - RAS daemon to log the RAS events<br />
Loaded: loaded (/lib/systemd/system/rasdaemon.service; enabled; vendor preset: enabled)<br />
Active: active (running) since Mon 2021-01-25 15:16:37 PST; 3min 5s ago<br />
Main PID: 2477175 (rasdaemon)<br />
Tasks: 1 (limit: 76958)<br />
Memory: 17.1M<br />
CGroup: /system.slice/rasdaemon.service<br />
└─2477175 /usr/sbin/rasdaemon -f -r<br />
<br />
Jan 25 15:16:37 daq00.triumf.ca rasdaemon[2477175]: rasdaemon: ras:extlog_mem_event event enabled<br />
Jan 25 15:16:37 daq00.triumf.ca rasdaemon[2477175]: rasdaemon: Enabled event ras:extlog_mem_event<br />
Jan 25 15:16:37 daq00.triumf.ca rasdaemon[2477175]: ras:extlog_mem_event event enabled<br />
Jan 25 15:16:37 daq00.triumf.ca rasdaemon[2477175]: rasdaemon: Listening to events for cpus 0 to 11<br />
Jan 25 15:16:37 daq00.triumf.ca rasdaemon[2477175]: Enabled event ras:extlog_mem_event<br />
Jan 25 15:16:37 daq00.triumf.ca rasdaemon[2477175]: rasdaemon: Recording mc_event events<br />
Jan 25 15:16:37 daq00.triumf.ca rasdaemon[2477175]: rasdaemon: Recording aer_event events<br />
Jan 25 15:16:37 daq00.triumf.ca rasdaemon[2477175]: rasdaemon: Recording extlog_event events<br />
Jan 25 15:16:37 daq00.triumf.ca rasdaemon[2477175]: rasdaemon: Recording mce_record events<br />
Jan 25 15:16:37 daq00.triumf.ca rasdaemon[2477175]: rasdaemon: Recording arm_event events<br />
</pre><br />
<br />
== Get reports ==<br />
<br />
* Intel 2x32GB ECC DIMMs<br />
<pre><br />
root@daq00:~# ras-mc-ctl --layout<br />
+-------------------------+<br />
| mc0 |<br />
| csrow0 | csrow1 |<br />
----------+-------------------------+<br />
channel1: | 16384 MB | 16384 MB |<br />
channel0: | 16384 MB | 16384 MB |<br />
----------+-------------------------+<br />
root@daq00:~# ras-mc-ctl --error-count<br />
Label CE UE<br />
mc#0csrow#1channel#1 0 0<br />
mc#0csrow#1channel#0 0 0<br />
mc#0csrow#0channel#0 0 0<br />
mc#0csrow#0channel#1 0 0<br />
root@daq00:~# <br />
</pre><br />
<br />
* Intel 4x16GB ECC DIMMs<br />
<pre><br />
root@daq00:~# ras-mc-ctl --error-count<br />
Label CE UE<br />
mc#0csrow#0channel#1 0 0<br />
mc#0csrow#2channel#0 0 0<br />
mc#0csrow#0channel#0 0 0<br />
mc#0csrow#2channel#1 0 0<br />
mc#0csrow#1channel#0 0 0<br />
mc#0csrow#1channel#1 0 0<br />
mc#0csrow#3channel#0 0 0<br />
mc#0csrow#3channel#1 0 0<br />
root@daq00:~# <br />
root@daq00:~# ras-mc-ctl --layout<br />
+-----------------------+<br />
| mc0 |<br />
| csrow0 | csrow1 |<br />
----------+-----------------------+<br />
channel1: | 8192 MB | 8192 MB |<br />
channel0: | 8192 MB | 8192 MB |<br />
----------+-----------------------+<br />
root@daq00:~# <br />
root@daq00:~# <br />
root@daq00:~# <br />
root@daq00:~# ras-mc-ctl --print-labels<br />
ras-mc-ctl: Error: No dimm labels for Supermicro model X11SCM-F<br />
root@daq00:~# ras-mc-ctl --mainboard<br />
ras-mc-ctl: mainboard: Supermicro model X11SCM-F<br />
root@daq00:~# ras-mc-ctl --summary<br />
No Memory errors.<br />
<br />
No PCIe AER errors.<br />
<br />
No Extlog errors.<br />
<br />
DBD::SQLite::db prepare failed: no such table: devlink_event at /usr/sbin/ras-mc-ctl line 1181.<br />
Can't call method "execute" on an undefined value at /usr/sbin/ras-mc-ctl line 1182.<br />
root@daq00:~# <br />
</pre><br />
<br />
note: ubuntu LTS 22.04 DBD::SQLite::db error is not there.<br />
<br />
* AMD 7700 2x32GB DDR5 ECC DIMMs<br />
<br />
<pre><br />
root@dsfe05:~# systemctl status rasdaemon<br />
● rasdaemon.service - RAS daemon to log the RAS events<br />
Loaded: loaded (/lib/systemd/system/rasdaemon.service; enabled; vendor preset: enabled)<br />
Active: active (running) since Tue 2024-05-14 09:36:43 PDT; 33ms ago<br />
Process: 4088418 ExecStartPost=/usr/sbin/rasdaemon --enable (code=exited, status=0/SUCCESS)<br />
Main PID: 4088417 (rasdaemon)<br />
Tasks: 1 (limit: 37300)<br />
Memory: 788.0K<br />
CPU: 5ms<br />
CGroup: /system.slice/rasdaemon.service<br />
└─4088417 /usr/sbin/rasdaemon -f -r<br />
<br />
May 14 09:36:43 dsfe05 rasdaemon[4088417]: ras:aer_event event enabled<br />
May 14 09:36:43 dsfe05 rasdaemon[4088417]: Enabled event ras:aer_event<br />
May 14 09:36:43 dsfe05 rasdaemon[4088417]: mce:mce_record event enabled<br />
May 14 09:36:43 dsfe05 rasdaemon[4088417]: Enabled event mce:mce_record<br />
May 14 09:36:43 dsfe05 rasdaemon[4088417]: ras:extlog_mem_event event enabled<br />
May 14 09:36:43 dsfe05 rasdaemon[4088417]: Enabled event ras:extlog_mem_event<br />
May 14 09:36:43 dsfe05 rasdaemon[4088417]: rasdaemon: Recording mc_event events<br />
May 14 09:36:43 dsfe05 rasdaemon[4088417]: rasdaemon: Recording aer_event events<br />
May 14 09:36:43 dsfe05 rasdaemon[4088417]: rasdaemon: Recording extlog_event events<br />
May 14 09:36:43 dsfe05 rasdaemon[4088417]: rasdaemon: Recording mce_record events<br />
root@dsfe05:~# ras-mc-ctl --layout<br />
Use of uninitialized value $max_pos[3] in modulus (%) at /usr/sbin/ras-mc-ctl line 907.<br />
Use of uninitialized value $d in numeric ge (>=) at /usr/sbin/ras-mc-ctl line 908.<br />
Use of uninitialized value $d in sprintf at /usr/sbin/ras-mc-ctl line 911.<br />
Use of uninitialized value $pos[3] in join or string at /usr/sbin/ras-mc-ctl line 830.<br />
Use of uninitialized value $pos[3] in join or string at /usr/sbin/ras-mc-ctl line 830.<br />
Use of uninitialized value $pos[3] in join or string at /usr/sbin/ras-mc-ctl line 830.<br />
Use of uninitialized value $pos[3] in join or string at /usr/sbin/ras-mc-ctl line 830.<br />
Use of uninitialized value $pos[3] in join or string at /usr/sbin/ras-mc-ctl line 830.<br />
Use of uninitialized value $pos[3] in join or string at /usr/sbin/ras-mc-ctl line 830.<br />
Use of uninitialized value $pos[3] in join or string at /usr/sbin/ras-mc-ctl line 830.<br />
Use of uninitialized value $pos[3] in join or string at /usr/sbin/ras-mc-ctl line 830.<br />
+-----------------------------------------------------------------------------------------------+<br />
| mc0 |<br />
| csrow0 | csrow1 | csrow2 | csrow3 |<br />
| channel0 | channel1 | channel0 | channel1 | channel0 | channel1 | channel0 | channel1 |<br />
----+-----------------------------------------------------------------------------------------------+<br />
<br />
0: | 0 MB | 0 MB | 0 MB | 0 MB | 0 MB | 0 MB | 0 MB | 0 MB |<br />
----+-----------------------------------------------------------------------------------------------+<br />
root@dsfe05:~# ras-mc-ctl --error-count<br />
Label CE UE<br />
mc#0csrow#2channel#1 0 0<br />
mc#0csrow#2channel#0 0 0<br />
root@dsfe05:~# ras-mc-ctl --print-labels<br />
ras-mc-ctl: Error: No dimm labels for Supermicro model H13SAE-MF<br />
root@dsfe05:~# ras-mc-ctl --mainboard<br />
ras-mc-ctl: mainboard: Supermicro model H13SAE-MF<br />
root@dsfe05:~# ras-mc-ctl --summary<br />
No Memory errors.<br />
<br />
No PCIe AER errors.<br />
<br />
No Extlog errors.<br />
<br />
No MCE errors.<br />
root@dsfe05:~# <br />
</pre><br />
<br />
= sensors =<br />
<br />
== VME CPU V7865 ==<br />
<br />
add to /etc/rc.local<br />
<br />
<pre><br />
modprobe coretemp<br />
modprobe lm75<br />
modprobe lm90<br />
modprobe max1668<br />
</pre><br />
<br />
available sensors:<br />
<br />
<pre><br />
root@lxdaq23:~# sensors<br />
max6657-i2c-0-4c<br />
Adapter: SMBus I801 adapter at 0400<br />
temp1: +29.1°C (low = -55.0°C, high = +105.0°C)<br />
(crit = +105.0°C, hyst = +95.0°C)<br />
temp2: +31.5°C (low = -55.0°C, high = +105.0°C)<br />
(crit = +105.0°C, hyst = +95.0°C)<br />
<br />
coretemp-isa-0000<br />
Adapter: ISA adapter<br />
Core 0: +25.0°C (crit = +100.0°C)<br />
Core 1: +25.0°C (crit = +100.0°C)<br />
<br />
max1805-i2c-0-18<br />
Adapter: SMBus I801 adapter at 0400<br />
temp1: +35.0°C (low = -55.0°C, high = +127.0°C)<br />
temp2: +63.0°C (low = -55.0°C, high = +127.0°C)<br />
temp3: FAULT (low = -55.0°C, high = +127.0°C) ALARM (HIGH)<br />
<br />
lm75-i2c-0-48<br />
Adapter: SMBus I801 adapter at 0400<br />
temp1: +34.5°C (high = +80.0°C, hyst = +75.0°C)<br />
<br />
root@lxdaq23:~# <br />
</pre><br />
<br />
== ASUS P7P55D EVO ==<br />
<br />
* BIOS version 2101<br />
<br />
<pre><br />
root@iris01:~# sensors<br />
coretemp-isa-0000<br />
Adapter: ISA adapter<br />
Core 0: +34.0°C (high = +83.0°C, crit = +99.0°C)<br />
Core 1: +37.0°C (high = +83.0°C, crit = +99.0°C)<br />
Core 2: +38.0°C (high = +83.0°C, crit = +99.0°C)<br />
Core 3: +35.0°C (high = +83.0°C, crit = +99.0°C)<br />
<br />
nouveau-pci-0100<br />
Adapter: PCI adapter<br />
GPU core: 900.00 mV (min = +0.85 V, max = +1.05 V)<br />
temp1: +46.0°C (high = +95.0°C, hyst = +3.0°C)<br />
(crit = +105.0°C, hyst = +5.0°C)<br />
(emerg = +135.0°C, hyst = +5.0°C)<br />
<br />
atk0110-acpi-0<br />
Adapter: ACPI interface<br />
Vcore Voltage: 864.00 mV (min = +0.80 V, max = +1.60 V)<br />
+3.3V Voltage: 3.38 V (min = +2.97 V, max = +3.63 V)<br />
+5V Voltage: 5.04 V (min = +4.50 V, max = +5.50 V)<br />
+12V Voltage: 12.15 V (min = +10.20 V, max = +13.80 V)<br />
CPU Fan Speed: 968 RPM (min = 600 RPM, max = 7200 RPM)<br />
Chassis1 Fan Speed: 1288 RPM (min = 600 RPM, max = 7200 RPM)<br />
Chassis2 Fan Speed: 1316 RPM (min = 600 RPM, max = 7200 RPM)<br />
Power Fan Speed: 0 RPM (min = 0 RPM, max = 7200 RPM)<br />
CPU Temperature: +34.0°C (high = +45.0°C, crit = +45.5°C)<br />
MB Temperature: +30.0°C (high = +45.0°C, crit = +46.0°C)<br />
<br />
root@iris01:~# <br />
</pre><br />
<br />
== ASUS Z97-WS ==<br />
<br />
* BIOS version 2704<br />
* load sensors drivers<br />
<pre><br />
echo modprobe coretemp >> /etc/rc.local<br />
echo modprobe nct6775 >> /etc/rc.local<br />
</pre><br />
* in /boot/grub/grub.cfg, add: GRUB_CMDLINE_LINUX_DEFAULT="acpi_enforce_resources=no"<br />
* update grub and reboot: grub-mkconfig -o /boot/grub/grub.cfg<br />
<br />
<pre><br />
root@isdaq08:~# sensors<br />
acpitz-acpi-0<br />
Adapter: ACPI interface<br />
temp1: +27.8°C <br />
temp2: +29.8°C <br />
<br />
nct6791-isa-0290<br />
Adapter: ISA adapter<br />
Vcore: 888.00 mV (min = +0.00 V, max = +1.74 V)<br />
in1: 1.01 V (min = +0.00 V, max = +0.00 V) ALARM<br />
AVCC: 3.36 V (min = +0.00 V, max = +0.00 V) ALARM<br />
+3.3V: 3.36 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in4: 1.02 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in5: 1.99 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in6: 0.00 V (min = +0.00 V, max = +0.00 V)<br />
3VSB: 3.44 V (min = +0.00 V, max = +0.00 V) ALARM<br />
Vbat: 3.33 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in9: 1.01 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in10: 0.00 V (min = +0.00 V, max = +0.00 V)<br />
in11: 840.00 mV (min = +0.00 V, max = +0.00 V) ALARM<br />
in12: 0.00 V (min = +0.00 V, max = +0.00 V)<br />
in13: 0.00 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in14: 0.00 V (min = +0.00 V, max = +0.00 V) ALARM<br />
fan1: 1041 RPM (min = 0 RPM)<br />
fan2: 1040 RPM (min = 0 RPM)<br />
fan3: 0 RPM (min = 0 RPM)<br />
fan4: 0 RPM (min = 0 RPM)<br />
fan5: 0 RPM (min = 0 RPM)<br />
fan6: 0 RPM (min = 0 RPM)<br />
SYSTIN: +34.0°C (high = +0.0°C, hyst = +0.0°C) ALARM sensor = thermistor<br />
CPUTIN: +41.0°C (high = +80.0°C, hyst = +75.0°C) sensor = thermistor<br />
AUXTIN0: -128.0°C sensor = thermistor<br />
AUXTIN1: -128.0°C sensor = thermistor<br />
AUXTIN2: +35.0°C sensor = thermistor<br />
AUXTIN3: +127.0°C sensor = thermistor<br />
PECI Agent 0: +41.0°C <br />
PCH_CHIP_CPU_MAX_TEMP: +0.0°C <br />
PCH_CHIP_TEMP: +0.0°C <br />
PCH_CPU_TEMP: +0.0°C <br />
PCH_MCH_TEMP: +0.0°C <br />
PCH_DIM0_TEMP: +0.0°C <br />
intrusion0: ALARM<br />
intrusion1: ALARM<br />
beep_enable: disabled<br />
<br />
coretemp-isa-0000<br />
Adapter: ISA adapter<br />
Package id 0: +42.0°C (high = +80.0°C, crit = +100.0°C)<br />
Core 0: +42.0°C (high = +80.0°C, crit = +100.0°C)<br />
Core 1: +40.0°C (high = +80.0°C, crit = +100.0°C)<br />
Core 2: +39.0°C (high = +80.0°C, crit = +100.0°C)<br />
Core 3: +39.0°C (high = +80.0°C, crit = +100.0°C)<br />
<br />
root@isdaq08:~# <br />
</pre><br />
<br />
== ASUS Z170-DELUXE ==<br />
<br />
* BIOS version 3801<br />
* load sensors drivers<br />
<pre><br />
echo modprobe coretemp >> /etc/rc.local<br />
echo modprobe jc42 >> /etc/rc.local<br />
echo modprobe lm92 >> /etc/rc.local<br />
echo modprobe nct6775 >> /etc/rc.local<br />
</pre><br />
* in /boot/grub/grub.cfg, add: GRUB_CMDLINE_LINUX_DEFAULT="acpi_enforce_resources=no"<br />
* update grub and reboot: grub-mkconfig -o /boot/grub/grub.cfg<br />
<br />
<pre><br />
root@iris00:~# sensors<br />
nct6793-isa-0290<br />
Adapter: ISA adapter<br />
in0: 600.00 mV (min = +0.00 V, max = +1.74 V)<br />
in1: 1.02 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in2: 3.39 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in3: 3.38 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in4: 1.03 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in5: 144.00 mV (min = +0.00 V, max = +0.00 V) ALARM<br />
in6: 0.00 V (min = +0.00 V, max = +0.00 V)<br />
in7: 3.38 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in8: 3.14 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in9: 1000.00 mV (min = +0.00 V, max = +0.00 V) ALARM<br />
in10: 600.00 mV (min = +0.00 V, max = +0.00 V) ALARM<br />
in11: 1.06 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in12: 1.02 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in13: 592.00 mV (min = +0.00 V, max = +0.00 V) ALARM<br />
in14: 968.00 mV (min = +0.00 V, max = +0.00 V) ALARM<br />
fan1: 1370 RPM (min = 0 RPM)<br />
fan2: 1437 RPM (min = 0 RPM)<br />
fan3: 0 RPM (min = 0 RPM)<br />
fan4: 0 RPM (min = 0 RPM)<br />
fan5: 0 RPM (min = 0 RPM)<br />
fan6: 0 RPM (min = 0 RPM)<br />
SYSTIN: +32.0°C (high = +98.0°C, hyst = +95.0°C) sensor = thermistor<br />
CPUTIN: +42.0°C (high = +80.0°C, hyst = +75.0°C) sensor = thermistor<br />
AUXTIN0: -128.0°C sensor = thermistor<br />
AUXTIN1: +50.0°C sensor = thermistor<br />
AUXTIN2: +22.0°C sensor = thermistor<br />
AUXTIN3: +28.0°C sensor = thermistor<br />
PECI Agent 0: +50.0°C (high = +98.0°C, hyst = +95.0°C)<br />
(crit = +100.0°C)<br />
PECI Agent 0 Calibration: +42.5°C <br />
PCH_CHIP_CPU_MAX_TEMP: +0.0°C <br />
PCH_CHIP_TEMP: +0.0°C <br />
PCH_CPU_TEMP: +0.0°C <br />
PCH_MCH_TEMP: +0.0°C <br />
TSI2_TEMP: +3892314.0°C <br />
TSI3_TEMP: +3892314.0°C <br />
TSI4_TEMP: +3892314.0°C <br />
TSI5_TEMP: +3892314.0°C <br />
TSI6_TEMP: +3892314.0°C <br />
TSI7_TEMP: +3892314.0°C <br />
intrusion0: ALARM<br />
intrusion1: ALARM<br />
beep_enable: disabled<br />
<br />
jc42-i2c-0-1a<br />
Adapter: SMBus I801 adapter at f040<br />
temp1: +36.0°C (low = +0.0°C) ALARM (HIGH, CRIT)<br />
(high = +0.0°C, hyst = +0.0°C)<br />
(crit = +0.0°C, hyst = +0.0°C)<br />
<br />
jc42-i2c-0-18<br />
Adapter: SMBus I801 adapter at f040<br />
temp1: +34.8°C (low = +0.0°C) ALARM (HIGH, CRIT)<br />
(high = +0.0°C, hyst = +0.0°C)<br />
(crit = +0.0°C, hyst = +0.0°C)<br />
<br />
jc42-i2c-0-1b<br />
Adapter: SMBus I801 adapter at f040<br />
temp1: +35.0°C (low = +0.0°C) ALARM (HIGH, CRIT)<br />
(high = +0.0°C, hyst = +0.0°C)<br />
(crit = +0.0°C, hyst = +0.0°C)<br />
<br />
jc42-i2c-0-19<br />
Adapter: SMBus I801 adapter at f040<br />
temp1: +36.0°C (low = +0.0°C) ALARM (HIGH, CRIT)<br />
(high = +0.0°C, hyst = +0.0°C)<br />
(crit = +0.0°C, hyst = +0.0°C)<br />
<br />
coretemp-isa-0000<br />
Adapter: ISA adapter<br />
Package id 0: +52.0°C (high = +84.0°C, crit = +100.0°C)<br />
Core 0: +52.0°C (high = +84.0°C, crit = +100.0°C)<br />
Core 1: +51.0°C (high = +84.0°C, crit = +100.0°C)<br />
Core 2: +48.0°C (high = +84.0°C, crit = +100.0°C)<br />
Core 3: +47.0°C (high = +84.0°C, crit = +100.0°C)<br />
<br />
root@iris00:~# <br />
</pre><br />
<br />
== ASUS Z390M-PRO GAMING (WI-FI) ==<br />
<br />
* BIOS 3006<br />
* load sensors drivers<br />
<pre><br />
echo modprobe coretemp >> /etc/rc.local<br />
echo modprobe nct6775 >> /etc/rc.local<br />
</pre><br />
<br />
<pre><br />
root@daq18:~# sensors<br />
nct6798-isa-0290<br />
Adapter: ISA adapter<br />
in0: 696.00 mV (min = +0.00 V, max = +1.74 V)<br />
in1: 1.02 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in2: 3.42 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in3: 3.41 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in4: 1.03 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in5: 208.00 mV (min = +0.00 V, max = +0.00 V)<br />
in6: 1.02 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in7: 3.42 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in8: 3.17 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in9: 1.07 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in10: 1.36 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in11: 1.33 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in12: 1.06 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in13: 1.02 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in14: 1.03 V (min = +0.00 V, max = +0.00 V) ALARM<br />
fan1: 0 RPM (min = 0 RPM)<br />
fan2: 1131 RPM (min = 0 RPM)<br />
fan3: 0 RPM (min = 0 RPM)<br />
fan4: 0 RPM (min = 0 RPM)<br />
fan5: 1006 RPM (min = 0 RPM)<br />
fan6: 0 RPM (min = 0 RPM)<br />
fan7: 0 RPM (min = 0 RPM)<br />
SYSTIN: +32.0°C (high = +80.0°C, hyst = +75.0°C)<br />
(crit = +100.0°C) sensor = thermistor<br />
CPUTIN: +29.0°C (high = +80.0°C, hyst = +75.0°C)<br />
(crit = +100.0°C) sensor = thermistor<br />
AUXTIN0: +25.0°C (high = +80.0°C, hyst = +75.0°C)<br />
(crit = +100.0°C) sensor = thermistor<br />
AUXTIN1: +7.0°C (high = +80.0°C, hyst = +75.0°C)<br />
(crit = +100.0°C) sensor = thermistor<br />
AUXTIN2: +8.0°C (high = +80.0°C, hyst = +75.0°C)<br />
(crit = +100.0°C) sensor = thermistor<br />
AUXTIN3: +24.0°C (high = +80.0°C, hyst = +75.0°C)<br />
(crit = +100.0°C) sensor = thermistor<br />
AUXTIN4: +83.0°C (high = +80.0°C, hyst = +75.0°C) ALARM<br />
(crit = +100.0°C)<br />
PECI Agent 0 Calibration: +29.0°C (high = +80.0°C, hyst = +75.0°C)<br />
PCH_CHIP_CPU_MAX_TEMP: +0.0°C <br />
PCH_CHIP_TEMP: +0.0°C <br />
PCH_CPU_TEMP: +0.0°C <br />
PCH_MCH_TEMP: +0.0°C <br />
intrusion0: ALARM<br />
intrusion1: ALARM<br />
beep_enable: disabled<br />
<br />
coretemp-isa-0000<br />
Adapter: ISA adapter<br />
Package id 0: +39.0°C (high = +82.0°C, crit = +100.0°C)<br />
Core 0: +39.0°C (high = +82.0°C, crit = +100.0°C)<br />
Core 1: +33.0°C (high = +82.0°C, crit = +100.0°C)<br />
Core 2: +32.0°C (high = +82.0°C, crit = +100.0°C)<br />
Core 3: +31.0°C (high = +82.0°C, crit = +100.0°C)<br />
Core 4: +31.0°C (high = +82.0°C, crit = +100.0°C)<br />
Core 5: +30.0°C (high = +82.0°C, crit = +100.0°C)<br />
<br />
acpitz-acpi-0<br />
Adapter: ACPI interface<br />
temp1: +27.8°C <br />
<br />
iwlwifi_1-virtual-0<br />
Adapter: Virtual device<br />
temp1: +28.0°C <br />
<br />
root@daq18:~# <br />
</pre><br />
<br />
== ASUS H110M-A/M.2 ==<br />
<br />
* BIOS version 4202<br />
* echo modprobe coretemp >> /etc/rc.local<br />
* echo modprobe nct6775 >> /etc/rc.local<br />
<br />
<pre><br />
root@midpol:~# sensors<br />
coretemp-isa-0000<br />
Adapter: ISA adapter<br />
Package id 0: +33.0°C (high = +80.0°C, crit = +100.0°C)<br />
Core 0: +33.0°C (high = +80.0°C, crit = +100.0°C)<br />
Core 1: +30.0°C (high = +80.0°C, crit = +100.0°C)<br />
<br />
acpitz-acpi-0<br />
Adapter: ACPI interface<br />
temp1: +27.8°C (crit = +119.0°C)<br />
temp2: +29.8°C (crit = +119.0°C)<br />
<br />
nct6793-isa-0290<br />
Adapter: ISA adapter<br />
in0: 368.00 mV (min = +0.00 V, max = +1.74 V)<br />
in1: 1.02 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in2: 3.39 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in3: 3.36 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in4: 1.02 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in5: 152.00 mV (min = +0.00 V, max = +0.00 V) ALARM<br />
in6: 928.00 mV (min = +0.00 V, max = +0.00 V) ALARM<br />
in7: 3.39 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in8: 3.14 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in9: 1000.00 mV (min = +0.00 V, max = +0.00 V) ALARM<br />
in10: 152.00 mV (min = +0.00 V, max = +0.00 V) ALARM<br />
in11: 128.00 mV (min = +0.00 V, max = +0.00 V) ALARM<br />
in12: 136.00 mV (min = +0.00 V, max = +0.00 V) ALARM<br />
in13: 120.00 mV (min = +0.00 V, max = +0.00 V) ALARM<br />
in14: 136.00 mV (min = +0.00 V, max = +0.00 V) ALARM<br />
fan1: 1004 RPM (min = 0 RPM)<br />
fan2: 1143 RPM (min = 0 RPM)<br />
fan5: 0 RPM (min = 0 RPM)<br />
fan6: 0 RPM (min = 0 RPM)<br />
SYSTIN: +118.0°C (high = +98.0°C, hyst = +95.0°C) sensor = thermistor<br />
CPUTIN: +29.0°C (high = +80.0°C, hyst = +75.0°C) sensor = thermistor<br />
AUXTIN0: +30.0°C sensor = thermistor<br />
AUXTIN1: +112.0°C sensor = thermistor<br />
AUXTIN2: +111.0°C sensor = thermistor<br />
AUXTIN3: +110.0°C sensor = thermistor<br />
PECI Agent 0: +31.0°C (high = +98.0°C, hyst = +95.0°C)<br />
(crit = +100.0°C)<br />
PECI Agent 0 Calibration: +36.5°C <br />
PCH_CHIP_CPU_MAX_TEMP: +0.0°C <br />
PCH_CHIP_TEMP: +0.0°C <br />
TSI2_TEMP: +3892314.0°C <br />
TSI3_TEMP: +3892314.0°C <br />
TSI4_TEMP: +3892314.0°C <br />
TSI5_TEMP: +3892314.0°C <br />
TSI6_TEMP: +3892314.0°C <br />
TSI7_TEMP: +3892314.0°C <br />
intrusion0: ALARM<br />
intrusion1: ALARM<br />
beep_enable: disabled<br />
<br />
root@midpol:~# <br />
</pre><br />
<br />
== ASUS P9X79 WS ==<br />
<br />
* https://www.asus.com/supportonly/P9X79%20WS/HelpDesk_Manual/<br />
* BIOS version 4802<br />
* modprobe nct6775<br />
* modprobe coretemp<br />
<br />
<pre><br />
root@daq14:~# sensors<br />
coretemp-isa-0000<br />
Adapter: ISA adapter<br />
Package id 0: +35.0°C (high = +82.0°C, crit = +100.0°C)<br />
Core 0: +29.0°C (high = +82.0°C, crit = +100.0°C)<br />
Core 1: +24.0°C (high = +82.0°C, crit = +100.0°C)<br />
Core 2: +35.0°C (high = +82.0°C, crit = +100.0°C)<br />
Core 3: +32.0°C (high = +82.0°C, crit = +100.0°C)<br />
<br />
nouveau-pci-0200<br />
Adapter: PCI adapter<br />
GPU core: 900.00 mV (min = +0.85 V, max = +1.00 V)<br />
temp1: +39.0°C (high = +95.0°C, hyst = +3.0°C)<br />
(crit = +105.0°C, hyst = +5.0°C)<br />
(emerg = +135.0°C, hyst = +5.0°C)<br />
<br />
nct6776-isa-0290<br />
Adapter: ISA adapter<br />
Vcore: 1.04 V (min = +0.00 V, max = +1.74 V)<br />
in1: 1.01 V (min = +0.00 V, max = +0.00 V) ALARM<br />
AVCC: 3.33 V (min = +0.00 V, max = +0.00 V) ALARM<br />
+3.3V: 3.33 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in4: 1.01 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in5: 2.04 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in6: 904.00 mV (min = +0.00 V, max = +0.00 V) ALARM<br />
3VSB: 3.41 V (min = +0.00 V, max = +0.00 V) ALARM<br />
Vbat: 3.30 V (min = +0.00 V, max = +0.00 V) ALARM<br />
fan1: 1265 RPM (min = 0 RPM)<br />
fan2: 1909 RPM (min = 0 RPM)<br />
fan3: 0 RPM (min = 0 RPM)<br />
fan4: 0 RPM (min = 0 RPM)<br />
fan5: 0 RPM (min = 0 RPM)<br />
SYSTIN: +34.0°C (high = +0.0°C, hyst = +0.0°C) ALARM sensor = thermistor<br />
CPUTIN: +58.0°C (high = +80.0°C, hyst = +75.0°C) sensor = thermal diode<br />
AUXTIN: +31.5°C (high = +80.0°C, hyst = +75.0°C) sensor = thermistor<br />
PECI Agent 0: +31.0°C (high = +80.0°C, hyst = +75.0°C)<br />
(crit = +96.0°C)<br />
PCH_CHIP_TEMP: +0.0°C <br />
PCH_CPU_TEMP: +0.0°C <br />
PCH_MCH_TEMP: +0.0°C <br />
intrusion0: ALARM<br />
intrusion1: ALARM<br />
beep_enable: disabled<br />
<br />
root@daq14:~# <br />
</pre><br />
<br />
== ASUS TUF GAMING B550M-PLUS WIFI II ==<br />
<br />
* BIOS 2803, 2806<br />
* echo modprobe nct6775 >> /etc/rc.local<br />
<br />
<pre><br />
root@midm9a:~# sensors<br />
nct6798-isa-0290<br />
Adapter: ISA adapter<br />
in0: 488.00 mV (min = +0.00 V, max = +1.74 V)<br />
in1: 1.02 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in2: 3.41 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in3: 3.38 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in4: 1.01 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in5: 1.01 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in6: 208.00 mV (min = +0.00 V, max = +0.00 V) ALARM<br />
in7: 3.41 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in8: 3.33 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in9: 1.82 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in10: 1.01 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in11: 1.01 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in12: 1.03 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in13: 1.01 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in14: 1.02 V (min = +0.00 V, max = +0.00 V) ALARM<br />
fan1: 0 RPM (min = 0 RPM)<br />
fan2: 760 RPM (min = 0 RPM)<br />
fan3: 0 RPM (min = 0 RPM)<br />
fan7: 1264 RPM (min = 0 RPM)<br />
SYSTIN: +25.0°C (high = +80.0°C, hyst = +75.0°C) sensor = thermistor<br />
CPUTIN: +22.5°C (high = +80.0°C, hyst = +75.0°C) sensor = thermistor<br />
AUXTIN0: +95.0°C sensor = thermistor<br />
AUXTIN1: +25.0°C sensor = thermistor<br />
AUXTIN2: +25.0°C sensor = thermistor<br />
AUXTIN3: +25.0°C sensor = thermistor<br />
PECI Agent 0 Calibration: +23.5°C <br />
PCH_CHIP_CPU_MAX_TEMP: +0.0°C <br />
PCH_CHIP_TEMP: +0.0°C <br />
PCH_CPU_TEMP: +0.0°C <br />
TSI0_TEMP: +32.4°C <br />
intrusion0: ALARM<br />
intrusion1: ALARM<br />
beep_enable: disabled<br />
<br />
amdgpu-pci-0800<br />
Adapter: PCI adapter<br />
vddgfx: 1.45 V <br />
vddnb: 993.00 mV <br />
edge: +28.0°C <br />
PPT: 20.00 W <br />
<br />
k10temp-pci-00c3<br />
Adapter: PCI adapter<br />
Tctl: +33.4°C <br />
<br />
root@midm9a:~# <br />
</pre><br />
<br />
== ASUS ASUS ROG STRIX B550-XE GAMING WIFI ==<br />
<br />
* BIOS 2423, 2604<br />
* echo modprobe nct6775 >> /etc/rc.local<br />
<br />
<pre><br />
root@daq13:~# sensors<br />
nct6798-isa-0290<br />
Adapter: ISA adapter<br />
in0: 344.00 mV (min = +0.00 V, max = +1.74 V)<br />
in1: 992.00 mV (min = +0.00 V, max = +0.00 V) ALARM<br />
in2: 3.41 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in3: 3.39 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in4: 1.02 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in5: 960.00 mV (min = +0.00 V, max = +0.00 V) ALARM<br />
in6: 216.00 mV (min = +0.00 V, max = +0.00 V) ALARM<br />
in7: 3.41 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in8: 3.30 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in9: 1.81 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in10: 960.00 mV (min = +0.00 V, max = +0.00 V) ALARM<br />
in11: 960.00 mV (min = +0.00 V, max = +0.00 V) ALARM<br />
in12: 1.03 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in13: 280.00 mV (min = +0.00 V, max = +0.00 V) ALARM<br />
in14: 208.00 mV (min = +0.00 V, max = +0.00 V) ALARM<br />
fan1: 845 RPM (min = 0 RPM)<br />
fan2: 998 RPM (min = 0 RPM)<br />
fan3: 0 RPM (min = 0 RPM)<br />
fan4: 0 RPM (min = 0 RPM)<br />
fan5: 0 RPM (min = 0 RPM)<br />
SYSTIN: +28.0°C (high = +80.0°C, hyst = +75.0°C) sensor = thermistor<br />
CPUTIN: +27.5°C (high = +80.0°C, hyst = +75.0°C) sensor = thermistor<br />
AUXTIN0: +94.0°C sensor = thermistor<br />
AUXTIN1: +28.0°C sensor = thermistor<br />
AUXTIN2: +28.0°C sensor = thermistor<br />
AUXTIN3: +97.0°C sensor = thermistor<br />
PECI Agent 0 Calibration: +27.5°C <br />
PCH_CHIP_CPU_MAX_TEMP: +0.0°C <br />
PCH_CHIP_TEMP: +0.0°C <br />
PCH_CPU_TEMP: +0.0°C <br />
TSI0_TEMP: +33.6°C <br />
intrusion0: ALARM<br />
intrusion1: ALARM<br />
beep_enable: disabled<br />
<br />
amdgpu-pci-0600<br />
Adapter: PCI adapter<br />
vddgfx: 1.45 V <br />
vddnb: 999.00 mV <br />
edge: +29.0°C <br />
PPT: 14.00 W <br />
<br />
iwlwifi_1-virtual-0<br />
Adapter: Virtual device<br />
temp1: +30.0°C <br />
<br />
k10temp-pci-00c3<br />
Adapter: PCI adapter<br />
Tctl: +33.9°C <br />
<br />
root@daq13:~# <br />
</pre><br />
<br />
== ASUS ASUS ROG STRIX B550-E GAMING ==<br />
<br />
* bios 2803<br />
* echo modprobe jc42 >> /etc/rc.local<br />
* echo modprobe nct6775 >> /etc/rc.local<br />
<br />
<pre><br />
root@daq17:~# sensors<br />
jc42-i2c-1-1b<br />
Adapter: SMBus PIIX4 adapter port 0 at 0b00<br />
temp1: +25.0°C (low = +0.0°C) ALARM (HIGH, CRIT)<br />
(high = +0.0°C, hyst = +0.0°C)<br />
(crit = +0.0°C, hyst = +0.0°C)<br />
<br />
iwlwifi_1-virtual-0<br />
Adapter: Virtual device<br />
temp1: +28.0°C <br />
<br />
nouveau-pci-0800<br />
Adapter: PCI adapter<br />
GPU core: 900.00 mV (min = +0.85 V, max = +1.00 V)<br />
temp1: +34.0°C (high = +95.0°C, hyst = +3.0°C)<br />
(crit = +105.0°C, hyst = +5.0°C)<br />
(emerg = +135.0°C, hyst = +5.0°C)<br />
<br />
nct6798-isa-0290<br />
Adapter: ISA adapter<br />
in0: 288.00 mV (min = +0.00 V, max = +1.74 V)<br />
in1: 1.02 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in2: 3.36 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in3: 3.38 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in4: 1.02 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in5: 1.06 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in6: 224.00 mV (min = +0.00 V, max = +0.00 V) ALARM<br />
in7: 3.36 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in8: 3.31 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in9: 1.79 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in10: 1.06 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in11: 1.06 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in12: 1.02 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in13: 280.00 mV (min = +0.00 V, max = +0.00 V) ALARM<br />
in14: 208.00 mV (min = +0.00 V, max = +0.00 V) ALARM<br />
fan1: 843 RPM (min = 0 RPM)<br />
fan2: 629 RPM (min = 0 RPM)<br />
fan3: 746 RPM (min = 0 RPM)<br />
fan4: 0 RPM (min = 0 RPM)<br />
fan5: 0 RPM (min = 0 RPM)<br />
SYSTIN: +22.0°C (high = +80.0°C, hyst = +75.0°C) sensor = thermistor<br />
CPUTIN: +25.0°C (high = +80.0°C, hyst = +75.0°C) sensor = thermistor<br />
AUXTIN0: +93.0°C sensor = thermistor<br />
AUXTIN1: +22.0°C sensor = thermistor<br />
AUXTIN2: +22.0°C sensor = thermistor<br />
AUXTIN3: +96.0°C sensor = thermistor<br />
PECI Agent 0 Calibration: +25.5°C <br />
PCH_CHIP_CPU_MAX_TEMP: +0.0°C <br />
PCH_CHIP_TEMP: +0.0°C <br />
PCH_CPU_TEMP: +0.0°C <br />
TSI0_TEMP: +27.6°C <br />
intrusion0: ALARM<br />
intrusion1: ALARM<br />
beep_enable: disabled<br />
<br />
jc42-i2c-1-1a<br />
Adapter: SMBus PIIX4 adapter port 0 at 0b00<br />
temp1: +23.2°C (low = +0.0°C) ALARM (HIGH, CRIT)<br />
(high = +0.0°C, hyst = +0.0°C)<br />
(crit = +0.0°C, hyst = +0.0°C)<br />
<br />
asusec-isa-0000<br />
Adapter: ISA adapter<br />
CPU_Opt: 0 RPM<br />
Chipset: +34.0°C <br />
CPU: +25.0°C <br />
Motherboard: +22.0°C <br />
T_Sensor: -40.0°C <br />
VRM: +31.0°C <br />
<br />
k10temp-pci-00c3<br />
Adapter: PCI adapter<br />
Tctl: +28.0°C <br />
Tccd1: +27.5°C <br />
<br />
root@daq17:~# <br />
</pre><br />
<br />
== ASUS PRIME B650-PLUS ==<br />
<br />
* BIOS 1811<br />
* echo modprobe nct6775 >> /etc/rc.local<br />
<br />
<pre><br />
root@dsdaqgw:~# sensors<br />
amdgpu-pci-0b00<br />
Adapter: PCI adapter<br />
vddgfx: 930.00 mV <br />
vddnb: 1.19 V <br />
edge: +38.0°C <br />
PPT: 25.10 W <br />
<br />
nct6799-isa-0290<br />
Adapter: ISA adapter<br />
in0: 920.00 mV (min = +0.00 V, max = +1.74 V)<br />
in1: 1.02 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in2: 3.39 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in3: 3.38 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in4: 1.02 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in5: 1.04 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in6: 320.00 mV (min = +0.00 V, max = +0.00 V) ALARM<br />
in7: 3.39 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in8: 3.28 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in9: 3.38 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in10: 1.28 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in11: 1.10 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in12: 1.04 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in13: 416.00 mV (min = +0.00 V, max = +0.00 V) ALARM<br />
in14: 328.00 mV (min = +0.00 V, max = +0.00 V) ALARM<br />
fan1: 0 RPM (min = 0 RPM)<br />
fan2: 1253 RPM (min = 0 RPM)<br />
fan3: 0 RPM (min = 0 RPM)<br />
fan4: 0 RPM (min = 0 RPM)<br />
fan5: 0 RPM (min = 0 RPM)<br />
fan7: 0 RPM (min = 0 RPM)<br />
SYSTIN: +33.0°C (high = +80.0°C, hyst = +75.0°C) sensor = thermistor<br />
CPUTIN: +35.5°C (high = +80.0°C, hyst = +75.0°C) sensor = thermistor<br />
AUXTIN0: +78.0°C sensor = thermistor<br />
AUXTIN1: +11.0°C sensor = thermistor<br />
AUXTIN2: +20.0°C sensor = thermistor<br />
AUXTIN3: +82.0°C sensor = thermistor<br />
PECI Agent 0 Calibration: +35.5°C <br />
PCH_CHIP_CPU_MAX_TEMP: +0.0°C <br />
PCH_CHIP_TEMP: +0.0°C <br />
PCH_CPU_TEMP: +0.0°C <br />
TSI0_TEMP: +42.6°C <br />
intrusion0: ALARM<br />
intrusion1: OK<br />
beep_enable: disabled<br />
<br />
k10temp-pci-00c3<br />
Adapter: PCI adapter<br />
Tctl: +42.6°C <br />
Tccd1: +36.4°C <br />
<br />
root@dsdaqgw:~# <br />
</pre><br />
<br />
= Enable CPU turbo mode =<br />
<br />
* Intel CPU has a nominal CPU frequency (i.e. 3.4GHz) and a turbo-boost CPU frequency (i.e. 4.0GHz). Here we will enable this turbo-boost mode.<br />
* Find out CPU capability<br />
<pre><br />
root@daq01:~# lscpu | grep Hz<br />
Model name: Intel(R) Core(TM) i7-6700 CPU @ 3.40GHz<br />
CPU MHz: 3965.803<br />
CPU max MHz: 4000.0000<br />
CPU min MHz: 800.0000<br />
root@daq01:~# <br />
</pre><br />
* Look up this CPU in the Intel ARK database - google for the CPU model name, i.e.<br />
https://ark.intel.com/content/www/us/en/ark/products/88196/intel-core-i7-6700-processor-8m-cache-up-to-4-00-ghz.html<br />
* Find current frequency settings:<br />
<pre><br />
root@daq01:~# cpupower frequency-info<br />
analyzing CPU 0:<br />
driver: intel_pstate<br />
CPUs which run at the same hardware frequency: 0<br />
CPUs which need to have their frequency coordinated by software: 0<br />
maximum transition latency: Cannot determine or is not supported.<br />
hardware limits: 800 MHz - 4.00 GHz<br />
available cpufreq governors: performance powersave<br />
current policy: frequency should be within 800 MHz and 4.00 GHz.<br />
The governor "powersave" may decide which speed to use<br />
within this range.<br />
current CPU frequency: Unable to call hardware<br />
current CPU frequency: 2.72 GHz (asserted by call to kernel)<br />
boost state support:<br />
Supported: yes<br />
Active: yes<br />
root@daq01:~# <br />
</pre><br />
* Note the following:<br />
** current governor is "powersave"<br />
** "performance" governor is available<br />
** "boost state support" is supported and active.<br />
* Confirm CPU frequency governor:<br />
<pre><br />
root@daq01:~# cat /sys/devices/system/cpu/cpu*/cpufreq/scaling_governor<br />
powersave<br />
powersave<br />
powersave<br />
powersave<br />
powersave<br />
powersave<br />
powersave<br />
powersave<br />
root@daq01:~# <br />
</pre> <br />
* Change governor to "performance":<br />
<pre><br />
root@daq01:~# cpupower frequency-set --governor performance<br />
Setting cpu: 0<br />
Setting cpu: 1<br />
Setting cpu: 2<br />
Setting cpu: 3<br />
Setting cpu: 4<br />
Setting cpu: 5<br />
Setting cpu: 6<br />
Setting cpu: 7<br />
root@daq01:~# cat /sys/devices/system/cpu/cpu*/cpufreq/scaling_governor<br />
performance<br />
performance<br />
performance<br />
performance<br />
performance<br />
performance<br />
performance<br />
performance<br />
root@daq01:~# cpupower frequency-info<br />
analyzing CPU 0:<br />
driver: intel_pstate<br />
CPUs which run at the same hardware frequency: 0<br />
CPUs which need to have their frequency coordinated by software: 0<br />
maximum transition latency: Cannot determine or is not supported.<br />
hardware limits: 800 MHz - 4.00 GHz<br />
available cpufreq governors: performance powersave<br />
current policy: frequency should be within 800 MHz and 4.00 GHz.<br />
The governor "performance" may decide which speed to use<br />
within this range.<br />
current CPU frequency: Unable to call hardware<br />
current CPU frequency: 3.93 GHz (asserted by call to kernel)<br />
boost state support:<br />
Supported: yes<br />
Active: yes<br />
</pre><br />
* monitor CPU frequency:<br />
<pre><br />
root@daq01:~# cpupower monitor<br />
| Nehalem || Mperf || Idle_Stats <br />
CPU| C3 | C6 | PC3 | PC6 || C0 | Cx | Freq || POLL | C1 | C1E | C3 | C6 | C7s | C8 <br />
0| 0.00| 0.00| 0.00| 0.00|| 88.80| 11.20| 3973|| 0.00| 0.00| 0.01| 0.02| 0.31| 0.00| 4.25<br />
4| 0.00| 0.00| 0.00| 0.00|| 4.70| 95.30| 3945|| 0.00| 0.00| 0.00| 0.00| 0.00| 0.00| 95.03<br />
1| 0.73| 3.70| 0.00| 0.00|| 4.52| 95.48| 3864|| 0.00| 0.01| 1.19| 0.44| 2.82| 0.00| 90.23<br />
5| 0.73| 3.70| 0.00| 0.00|| 0.37| 99.63| 3807|| 0.00| 0.00| 0.03| 0.09| 1.70| 0.00| 97.64<br />
2| 2.28| 12.86| 0.00| 0.00|| 1.41| 98.59| 3829|| 0.00| 0.86| 3.17| 0.46| 7.70| 0.00| 85.87<br />
6| 2.28| 12.86| 0.00| 0.00|| 2.88| 97.12| 3856|| 0.00| 0.11| 4.56| 2.15| 10.31| 0.00| 78.99<br />
3| 1.33| 4.81| 0.00| 0.00|| 0.99| 99.01| 3804|| 0.00| 0.49| 0.79| 0.01| 1.03| 0.00| 96.12<br />
7| 1.34| 4.81| 0.00| 0.00|| 1.26| 98.74| 3818|| 0.00| 0.01| 2.32| 0.47| 5.02| 0.00| 90.06<br />
root@daq01:~# <br />
</pre><br />
* check that the CPU is not overheating:<br />
<pre><br />
root@daq01:~# sensors<br />
coretemp-isa-0000<br />
Adapter: ISA adapter<br />
Package id 0: +51.0°C (high = +84.0°C, crit = +100.0°C)<br />
Core 0: +51.0°C (high = +84.0°C, crit = +100.0°C)<br />
Core 1: +38.0°C (high = +84.0°C, crit = +100.0°C)<br />
Core 2: +34.0°C (high = +84.0°C, crit = +100.0°C)<br />
Core 3: +32.0°C (high = +84.0°C, crit = +100.0°C)<br />
</pre><br />
* congratulations, we are running at 4 GHz now!<br />
<br />
= Setup ubuntu as gateway to private network =<br />
<br />
See also:<br />
* https://daq.triumf.ca/DaqWiki/index.php/VME-CPU#Setup_the_boot_host_computer_.28el7.29<br />
* http://www.triumf.info/wiki/DAQwiki/index.php/Dhcpd_on_eth1<br />
<br />
== Steps to do ==<br />
<br />
!!! UPDATED 16feb2024 Ubuntu-22.04.03 !!!<br />
<br />
* assign network numbers to the private network, i.e. 192.168.1.x, 192.168.2.x, etc<br />
* (on the gateway machine, each private network interface has to have a different network number)<br />
* (each network interface can have multiple networks attached, via VLANs or via eth0:0, eth0:1 constructs)<br />
* assign IP addresses on the private network, save them in /etc/hosts i.e. "hvps 192.168.1.10"<br />
* (for simplicity, assign 192.168.1.1 to the gateway machine itself)<br />
* (IP addresses 192.168.1.0 and 192.168.1.255 are "special", do not use them)<br />
* setup DNS server (dnsmasq) to serve contents of /etc/hosts via DNS (otherwise, many programs will see inconsistent name to IP address mapping)<br />
* setup DHCP server (dnsmasq) to give out the IP addresses<br />
* setup TFTP server (dnsmasq), pxelinux and NFS for diskless booting<br />
* setup time server (chronyd) to provide common time to all devices<br />
* setup NAT so machines on private network can access the internet (to get OS updates, etc)<br />
* setup NIS and NFS so machines on the private network can use common home directories<br />
* setup rsync backup of machines on the private network<br />
<br />
== setup hosts ==<br />
<br />
* edit /etc/hosts<br />
<pre><br />
192.168.1.101 dsfe01<br />
... and so forth<br />
</pre><br />
<br />
== setup dns and dhcp ==<br />
<br />
!!! updated 16feb2024 for Ubuntu 22.04.3 !!!<br />
<br />
!!! note: stock systemd-resolved remains, is configured to forward queries to dnsmasq, configured to forward queries to TRIUMF DNS !!!<br />
<br />
!!! note: per authors of systemd, bare hostnames are not permitted, a DNS domain name must always be used. DNS domain name "dsdaq" is used in this example !!!<br />
<br />
* apt install dnsmasq<br />
* ensure dnsmasq starts after all interfaces are up (Ubuntu-22)<br />
<pre><br />
mkdir /etc/systemd/system/dnsmasq.service.d<br />
echo -e "[Unit]\nAfter=network-online.target\n" > /etc/systemd/system/dnsmasq.service.d/local.conf<br />
</pre><br />
* edit /etc/dnsmasq.conf<br />
<pre><br />
# /etc/dnsmasq.conf<br />
# DNS settings <br />
#port=0 # disable DNS function <br />
port=53 # enable DNS function <br />
bind-interfaces # do not collide with systemd-resolved, we use 127.0.0.1:53, they use 127.0.0.53:53 <br />
domain-needed <br />
bogus-priv <br />
no-resolv <br />
#log-queries # log DNS quesries <br />
<br />
# TRIUMF DNS settings <br />
<br />
server=142.90.100.19 <br />
expand-hosts <br />
domain=dsdaq <br />
local=/dsdaq/ <br />
localmx # do not forward MX queries to TRIUMF <br />
<br />
# DHCP settings <br />
interface=enp1s0f0 # VX network 192.168.0.x <br />
#interface=missing # FEP and TSP network 192.168.1.x <br />
interface=enp1s0f1 # controls network 192.168.2.x <br />
#dhcp-range=192.168.1.50,192.168.1.150,infinite <br />
dhcp-range=192.168.0.0,static <br />
dhcp-range=192.168.2.0,static <br />
log-dhcp # log DHCP queries <br />
#quiet-dhcp <br />
dhcp-ignore=tag:!known <br />
#dhcp-boot=pxelinux.0 <br />
<br />
dhcp-option=option:dns-server,192.168.0.248 <br />
dhcp-option=option:ntp-server,192.168.0.248 <br />
<br />
# TFTP settings <br />
<br />
enable-tftp <br />
tftp-root=/tftpboot <br />
</pre><br />
* #mkdir /tftpboot ### per tftp-root (if no ZFS)<br />
* zfs create -o mountpoint=/tftpboot rpool/tftpboot ### (if root is ZFS)<br />
* create resolved-dsdaq.conf with main IP address of dnsmasq<br />
<pre><br />
[Resolve]<br />
DNS=192.168.0.248<br />
Domains=dsdaq triumf.ca<br />
</pre><br />
* mkdir -p /etc/systemd/resolved.conf.d/<br />
* /bin/rm -f /etc/systemd/resolved.conf.d/*.conf<br />
* cp resolved-dsdaq.conf /etc/systemd/resolved.conf.d/<br />
* systemctl stop systemd-resolved.service<br />
* systemctl disable systemd-resolved.service<br />
* systemctl enable dnsmasq<br />
* systemctl restart dnsmasq<br />
* try to "ping" or "host" some names from /etc/hosts, it should work<br />
* try to ping daq00, daq00.triumf.ca, all should work<br />
* resolved-dsdaq.conf goes into /etc/systemd/resolved.conf.d/ of all machines on the private network<br />
* if not using systemd-resolved, edit /etc/resolv.conf<br />
<br />
== setup chronyd ==<br />
<br />
* enable ntp server:<br />
* disable systemd-timesyncd, configure and enable chronyd per instructions above<br />
* create dsdaq.conf<br />
<pre><br />
# chrony config for dsdaq server<br />
<br />
#allow 192.168.0.0<br />
#allow 192.168.1.0<br />
#allow 192.168.2.0<br />
allow all<br />
<br />
# end<br />
</pre><br />
* cp dsdaq.conf /etc/chrony/conf.d/<br />
* systemctl restart chronyd<br />
* chronyc tracking ### wait until time is synchronized (a few seconds)<br />
* create dsdaq.sources # use hostname or IP address of chronyd server<br />
<pre><br />
# Put this file in /etc/chrony/sources.d<br />
# systemctl restart chrony<br />
# chronyc sources<br />
# chronyc tracking<br />
server dsdaqgw iburst prefer<br />
# end<br />
</pre><br />
* dsdaq.sources goes to /etc/chrony/sources.d of all machines on the private network<br />
<br />
== setup diskless network booting ==<br />
<br />
=== setup pxelinux for legacy pxe boot ===<br />
<br />
* add bits in dnsmasq.conf<br />
<pre><br />
dhcp-host=ac:1f:6b:9e:7f:4a,dsfe01,infinite<br />
dhcp-boot=pxelinux.0<br />
dhcp-option=17,"192.168.0.251:/nfsroot/%s,vers=3"<br />
</pre><br />
* setup pxelinux for Ubuntu-18<br />
<pre><br />
cd ~<br />
wget https://www.kernel.org/pub/linux/utils/boot/syslinux/4.xx/syslinux-4.03.tar.bz2<br />
tar xjvf syslinux-4.03.tar.bz2<br />
cd syslinux-4.03<br />
cp -pv ./core/pxelinux.0 ./com32/hdt/hdt.c32 ./memdisk/memdisk ./com32/menu/menu.c32 /zssd/tftpboot/<br />
</pre><br />
* cd /zssd/tftpboot<br />
<pre><br />
wget http://ladd00.triumf.ca/tftpboot/memtest86+-4.20.iso.zip<br />
wget http://ladd00.triumf.ca/tftpboot/memtest86+-5.01.iso.gz<br />
wget http://ladd00.triumf.ca/tftpboot/modules.alias<br />
wget http://ladd00.triumf.ca/tftpboot/modules.pcimap<br />
wget http://ladd00.triumf.ca/tftpboot/pci.ids<br />
</pre><br />
* mkdir pxelinux.cfg<br />
* emacs -nw pxelinux.cfg/default<br />
<pre><br />
default menu.c32<br />
prompt 0<br />
<br />
menu title Welcome to the DSVSLICE PXE boot menu<br />
<br />
timeout 50<br />
<br />
label hdt<br />
kernel hdt.c32<br />
<br />
label memtest86+-5.01 <br />
kernel memdisk iso initrd=memtest86+-5.01.iso.gz <br />
<br />
label memtest86+-4.20<br />
kernel memdisk iso initrd=memtest86+-4.20.iso.zip<br />
<br />
label vmlinuz-5.3.0-26-generic<br />
menu default<br />
kernel vmlinuz-5.3.0-26-generic<br />
append initrd=initrd.img-5.3.0-26-generic boot=nfs root=/dev/nfs netboot=nfs nfsroot=192.168.1.1:/zssd/nfsroot/dsfe01 toram ip=dhcp panic=60 BOOTIF=enp1s0f0<br />
<br />
#end<br />
</pre><br />
<br />
=== setup pxelinux for efi pxe boot ===<br />
<br />
* https://c-nergy.be/blog/?p=13808<br />
* add dnsmasq.conf bits. note: to use dhcp root-path, see the "nfsroot=auto" patch below and make sure to use the "dhcp-option-force" command (mkinitramfs dhcp client does not ask for root-path, we have to force-feed it).<br />
<pre><br />
# uefi pxe<br />
<br />
dhcp-boot=tag:uefipxe,uefi/syslinux.efi<br />
dhcp-option-force=tag:fe01,option:root-path,192.168.0.248:/nfsroot/fe01<br />
<br />
# VX network 192.168.0.x<br />
<br />
dhcp-host=40:a6:b7:c1:d9:c5,fe01,infinite,set:uefipxe,set:fe01<br />
</pre><br />
* apt install syslinux pxelinux syslinux-common syslinux-efi syslinux-utils<br />
<pre><br />
mkdir /tftpboot/uefi<br />
cp /usr/lib/SYSLINUX.EFI/efi64/syslinux.efi /tftpboot/uefi/<br />
cp /usr/lib/syslinux/modules/efi64/ldlinux.e64 /tftpboot/uefi/<br />
cp /usr/lib/syslinux/modules/efi64/menu.c32 /tftpboot/uefi/<br />
cp /usr/lib/syslinux/modules/efi64/hdt.c32 /tftpboot/uefi/<br />
cp /usr/lib/syslinux/modules/efi64/libutil.c32 /tftpboot/uefi/<br />
cp /usr/lib/syslinux/modules/efi64/libmenu.c32 /tftpboot/uefi/<br />
cp /usr/lib/syslinux/modules/efi64/libcom32.c32 /tftpboot/uefi/<br />
cp /usr/lib/syslinux/modules/efi64/libgpl.c32 /tftpboot/uefi/<br />
</pre><br />
* try to boot, it should bomb with "cannot load pxelinux.cfg/default"<br />
* mkdir /tftpboot/uefi/pxelinux.cfg<br />
* create /tftpboot/uefi/pxelinux.cfg/default, note nfsroot path is hardwired, note "http:" is used to load vmlinuz and initrd files (because tftp is super slow)<br />
<pre><br />
default menu.c32<br />
prompt 0<br />
<br />
menu title Welcome to the DSDAQGW UEFI PXE boot menu<br />
<br />
timeout 50<br />
<br />
label vmlinuz-6.5.0-17-generic<br />
kernel http://192.168.0.248:8088/uefi/vmlinuz-6.5.0-17-generic<br />
append initrd=http://192.168.0.248:8088/uefi/initrd.img-6.5.0-17-generic boot=nfs root=/dev/nfs netboot=nfs nfsroot=auto rw ip=dhcp panic=60<br />
<br />
# append initrd=http://192.168.0.248:8088/uefi/initrd.img-6.5.0-17-generic boot=nfs root=/dev/nfs netboot=nfs nfsroot=192.168.0.248:/nfsroot/fe01 rw ip=dhcp panic=60<br />
<br />
# append initrd=initrd.img-6.5.0-17-generic boot=nfs root=/dev/nfs netboot=nfs nfsroot=192.168.0.248:/nfsroot/fe01 rw ip=dhcp panic=60<br />
# append initrd=initrd.img-6.5.0-17-generic boot=nfs root=/dev/nfs netboot=nfs nfsroot=auto ip=dhcp rw panic=60<br />
<br />
#end<br />
</pre><br />
* try to boot, it will bomb with "cannot load http://...."<br />
* install mini_httpd on port 8088, see https://acme.com/software/mini_httpd/<br />
<pre><br />
apt install mini-httpd<br />
emacs -nw /etc/default/mini-httpd # set "START=1"<br />
emacs -nw /etc/mini-httpd.conf # set "host=192.168.0.248", "port=8088", "data_dir=/tftpboot"<br />
mkdir /etc/systemd/system/mini-httpd.service.d<br />
echo -e "[Unit]\nAfter=network-online.target\n" > /etc/systemd/system/mini-httpd.service.d/local.conf<br />
systemctl enable mini-httpd<br />
systemctl restart mini-httpd<br />
systemctl status mini-httpd<br />
wget http://192.168.0.248:8088/uefi/syslinux.efi<br />
tail -100 /var/log/mini_httpd.log<br />
</pre><br />
* fix U-22 initramfs bug for "nfsroot=auto", otherwise, "nfsroot=" has to be different for each machine and you have to have separate pxelinux config files for each machine<br />
** emacs -nw /usr/lib/initramfs-tools/etc/dhcp/dhclient-enter-hooks.d/config<br />
** add "echo ROOTPATH=..." if it is missing<br />
<pre><br />
echo "ROOTSERVER='${new_routers%% *}'" <br />
echo "ROOTPATH='$new_root_path'" <br />
echo "HOSTNAME='$new_host_name'" <br />
</pre><br />
* fix U-24 initramfs bug for "nfsroot=auto", otherwise, "nfsroot=" has to be different for each machine and you have to have separate pxelinux config files for each machine<br />
** emacs -nw /usr/share/initramfs-tools/dhcpcd-hooks/70-net-conf<br />
** add "ROOTPATH=..." if it is missing<br />
<pre><br />
DNSDOMAIN='${new_domain_name-}' <br />
ROOTSERVER='${new_routers-}' <br />
ROOTPATH='${new_root_path-}' <br />
filename='${new_filename-}' <br />
DHCPLEASETIME='${new_dhcp_lease_time-}' <br />
</pre><br />
** regenerate initramfs (be careful you generate it for the right kernel!)<br />
** see https://bugs.launchpad.net/ubuntu/+source/initramfs-tools/+bug/2054482<br />
<pre><br />
mkinitramfs 6.5.0-18-generic<br />
mkinitramfs 6.8.0-51-generic -o /boot/initrd.img-6.8.0-51-generic<br />
</pre><br />
* copy linux kernel and initrd<br />
<pre><br />
cp /boot/vmlinuz-6.5.0-18-generic /tftpboot/uefi/<br />
cp /boot/initrd.img-6.5.0-18-generic /tftpboot/uefi/<br />
chmod a+r /tftpboot/uefi/*<br />
</pre><br />
* try to boot, should bomb with messages about "trying to mount root filesystem"<br />
* tail /var/log/syslog<br />
<pre><br />
Feb 16 20:43:02 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 available DHCP subnet: 192.168.0.0/255.255.255.0<br />
Feb 16 20:43:02 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 vendor class: PXEClient:Arch:00007:UNDI:003016<br />
Feb 16 20:43:02 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 DHCPDISCOVER(enp1s0f0) 40:a6:b7:c1:d9:c5 <br />
Feb 16 20:43:02 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 tags: uefipxe, fe01, known, enp1s0f0<br />
Feb 16 20:43:02 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 DHCPOFFER(enp1s0f0) 192.168.0.110 40:a6:b7:c1:d9:c5 <br />
Feb 16 20:43:02 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 requested options: 1:netmask, 2:time-offset, 3:router, 4, 5, <br />
Feb 16 20:43:02 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 requested options: 6:dns-server, 12:hostname, 13:boot-file-size, <br />
Feb 16 20:43:02 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 requested options: 15:domain-name, 17:root-path, 18:extension-path, <br />
Feb 16 20:43:02 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 requested options: 22:max-datagram-reassembly, 23:default-ttl, <br />
Feb 16 20:43:02 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 requested options: 28:broadcast, 40:nis-domain, 41:nis-server, <br />
Feb 16 20:43:02 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 requested options: 42:ntp-server, 43:vendor-encap, 50:requested-address, <br />
Feb 16 20:43:02 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 requested options: 51:lease-time, 54:server-identifier, 58:T1, <br />
Feb 16 20:43:02 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 requested options: 59:T2, 60:vendor-class, 66:tftp-server, 67:bootfile-name, <br />
Feb 16 20:43:02 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 requested options: 97:client-machine-id, 128, 129, 130, 131, <br />
Feb 16 20:43:02 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 requested options: 132, 133, 134, 135<br />
Feb 16 20:43:02 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 next server: 192.168.0.248<br />
Feb 16 20:43:02 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 broadcast response<br />
Feb 16 20:43:02 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 sent size: 1 option: 53 message-type 2<br />
Feb 16 20:43:02 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 sent size: 4 option: 54 server-identifier 192.168.0.248<br />
Feb 16 20:43:02 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 sent size: 4 option: 51 lease-time infinite<br />
Feb 16 20:43:02 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 sent size: 18 option: 67 bootfile-name uefi/syslinux.efi<br />
Feb 16 20:43:02 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 sent size: 4 option: 1 netmask 255.255.255.0<br />
Feb 16 20:43:02 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 sent size: 4 option: 28 broadcast 192.168.0.255<br />
Feb 16 20:43:02 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 sent size: 4 option: 3 router 192.168.0.248<br />
Feb 16 20:43:02 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 sent size: 5 option: 15 domain-name dsdaq<br />
Feb 16 20:43:02 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 sent size: 4 option: 12 hostname fe01<br />
Feb 16 20:43:02 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 sent size: 27 option: 17 root-path 192.168.0.248:/nfsroot/fe01<br />
Feb 16 20:43:02 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 sent size: 4 option: 42 ntp-server 192.168.0.248<br />
Feb 16 20:43:02 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 sent size: 4 option: 6 dns-server 192.168.0.248<br />
Feb 16 20:43:05 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 available DHCP subnet: 192.168.0.0/255.255.255.0<br />
Feb 16 20:43:05 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 vendor class: PXEClient:Arch:00007:UNDI:003016<br />
Feb 16 20:43:05 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 DHCPREQUEST(enp1s0f0) 192.168.0.110 40:a6:b7:c1:d9:c5 <br />
Feb 16 20:43:05 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 tags: uefipxe, fe01, known, enp1s0f0<br />
Feb 16 20:43:05 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 DHCPACK(enp1s0f0) 192.168.0.110 40:a6:b7:c1:d9:c5 fe01<br />
Feb 16 20:43:05 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 requested options: 1:netmask, 2:time-offset, 3:router, 4, 5, <br />
Feb 16 20:43:05 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 requested options: 6:dns-server, 12:hostname, 13:boot-file-size, <br />
Feb 16 20:43:05 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 requested options: 15:domain-name, 17:root-path, 18:extension-path, <br />
Feb 16 20:43:05 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 requested options: 22:max-datagram-reassembly, 23:default-ttl, <br />
Feb 16 20:43:05 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 requested options: 28:broadcast, 40:nis-domain, 41:nis-server, <br />
Feb 16 20:43:05 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 requested options: 42:ntp-server, 43:vendor-encap, 50:requested-address, <br />
Feb 16 20:43:05 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 requested options: 51:lease-time, 54:server-identifier, 58:T1, <br />
Feb 16 20:43:05 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 requested options: 59:T2, 60:vendor-class, 66:tftp-server, 67:bootfile-name, <br />
Feb 16 20:43:05 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 requested options: 97:client-machine-id, 128, 129, 130, 131, <br />
Feb 16 20:43:05 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 requested options: 132, 133, 134, 135<br />
Feb 16 20:43:05 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 next server: 192.168.0.248<br />
Feb 16 20:43:05 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 broadcast response<br />
Feb 16 20:43:05 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 sent size: 1 option: 53 message-type 5<br />
Feb 16 20:43:05 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 sent size: 4 option: 54 server-identifier 192.168.0.248<br />
Feb 16 20:43:05 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 sent size: 4 option: 51 lease-time infinite<br />
Feb 16 20:43:05 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 sent size: 18 option: 67 bootfile-name uefi/syslinux.efi<br />
Feb 16 20:43:05 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 sent size: 4 option: 1 netmask 255.255.255.0<br />
Feb 16 20:43:05 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 sent size: 4 option: 28 broadcast 192.168.0.255<br />
Feb 16 20:43:05 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 sent size: 4 option: 3 router 192.168.0.248<br />
Feb 16 20:43:05 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 sent size: 5 option: 15 domain-name dsdaq<br />
Feb 16 20:43:05 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 sent size: 4 option: 12 hostname fe01<br />
Feb 16 20:43:05 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 sent size: 27 option: 17 root-path 192.168.0.248:/nfsroot/fe01<br />
Feb 16 20:43:05 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 sent size: 4 option: 42 ntp-server 192.168.0.248<br />
Feb 16 20:43:05 dsdaqgw dnsmasq-dhcp[3629416]: 2348065885 sent size: 4 option: 6 dns-server 192.168.0.248<br />
Feb 16 20:43:05 dsdaqgw dnsmasq-tftp[3629416]: error 8 User aborted the transfer received from 192.168.0.110<br />
Feb 16 20:43:05 dsdaqgw dnsmasq-tftp[3629416]: sent /tftpboot/uefi/syslinux.efi to 192.168.0.110<br />
Feb 16 20:43:05 dsdaqgw dnsmasq-tftp[3629416]: sent /tftpboot/uefi/syslinux.efi to 192.168.0.110<br />
Feb 16 20:43:05 dsdaqgw dnsmasq-dhcp[3629416]: 2348065887 available DHCP subnet: 192.168.0.0/255.255.255.0<br />
Feb 16 20:43:05 dsdaqgw dnsmasq-dhcp[3629416]: 2348065887 DHCPDISCOVER(enp1s0f0) 40:a6:b7:c1:d9:c5 <br />
Feb 16 20:43:05 dsdaqgw dnsmasq-dhcp[3629416]: 2348065887 tags: uefipxe, fe01, known, enp1s0f0<br />
Feb 16 20:43:05 dsdaqgw dnsmasq-dhcp[3629416]: 2348065887 DHCPOFFER(enp1s0f0) 192.168.0.110 40:a6:b7:c1:d9:c5 <br />
Feb 16 20:43:05 dsdaqgw dnsmasq-dhcp[3629416]: 2348065887 requested options: 1:netmask, 3:router, 6:dns-server<br />
Feb 16 20:43:05 dsdaqgw dnsmasq-dhcp[3629416]: 2348065887 bootfile name: uefi/syslinux.efi<br />
Feb 16 20:43:05 dsdaqgw dnsmasq-dhcp[3629416]: 2348065887 next server: 192.168.0.248<br />
Feb 16 20:43:05 dsdaqgw dnsmasq-dhcp[3629416]: 2348065887 broadcast response<br />
Feb 16 20:43:05 dsdaqgw dnsmasq-dhcp[3629416]: 2348065887 sent size: 1 option: 53 message-type 2<br />
Feb 16 20:43:05 dsdaqgw dnsmasq-dhcp[3629416]: 2348065887 sent size: 4 option: 54 server-identifier 192.168.0.248<br />
Feb 16 20:43:05 dsdaqgw dnsmasq-dhcp[3629416]: 2348065887 sent size: 4 option: 51 lease-time infinite<br />
Feb 16 20:43:05 dsdaqgw dnsmasq-dhcp[3629416]: 2348065887 sent size: 4 option: 1 netmask 255.255.255.0<br />
Feb 16 20:43:05 dsdaqgw dnsmasq-dhcp[3629416]: 2348065887 sent size: 4 option: 28 broadcast 192.168.0.255<br />
Feb 16 20:43:05 dsdaqgw dnsmasq-dhcp[3629416]: 2348065887 sent size: 4 option: 3 router 192.168.0.248<br />
Feb 16 20:43:05 dsdaqgw dnsmasq-dhcp[3629416]: 2348065887 sent size: 27 option: 17 root-path 192.168.0.248:/nfsroot/fe01<br />
Feb 16 20:43:05 dsdaqgw dnsmasq-dhcp[3629416]: 2348065887 sent size: 4 option: 6 dns-server 192.168.0.248<br />
Feb 16 20:43:09 dsdaqgw dnsmasq-dhcp[3629416]: 2348065887 available DHCP subnet: 192.168.0.0/255.255.255.0<br />
Feb 16 20:43:09 dsdaqgw dnsmasq-dhcp[3629416]: 2348065887 DHCPREQUEST(enp1s0f0) 192.168.0.110 40:a6:b7:c1:d9:c5 <br />
Feb 16 20:43:09 dsdaqgw dnsmasq-dhcp[3629416]: 2348065887 tags: uefipxe, fe01, known, enp1s0f0<br />
Feb 16 20:43:09 dsdaqgw dnsmasq-dhcp[3629416]: 2348065887 DHCPACK(enp1s0f0) 192.168.0.110 40:a6:b7:c1:d9:c5 fe01<br />
Feb 16 20:43:09 dsdaqgw dnsmasq-dhcp[3629416]: 2348065887 requested options: 1:netmask, 3:router, 6:dns-server<br />
Feb 16 20:43:09 dsdaqgw dnsmasq-dhcp[3629416]: 2348065887 bootfile name: uefi/syslinux.efi<br />
Feb 16 20:43:09 dsdaqgw dnsmasq-dhcp[3629416]: 2348065887 next server: 192.168.0.248<br />
Feb 16 20:43:09 dsdaqgw dnsmasq-dhcp[3629416]: 2348065887 broadcast response<br />
Feb 16 20:43:09 dsdaqgw dnsmasq-dhcp[3629416]: 2348065887 sent size: 1 option: 53 message-type 5<br />
Feb 16 20:43:09 dsdaqgw dnsmasq-dhcp[3629416]: 2348065887 sent size: 4 option: 54 server-identifier 192.168.0.248<br />
Feb 16 20:43:09 dsdaqgw dnsmasq-dhcp[3629416]: 2348065887 sent size: 4 option: 51 lease-time infinite<br />
Feb 16 20:43:09 dsdaqgw dnsmasq-dhcp[3629416]: 2348065887 sent size: 4 option: 1 netmask 255.255.255.0<br />
Feb 16 20:43:09 dsdaqgw dnsmasq-dhcp[3629416]: 2348065887 sent size: 4 option: 28 broadcast 192.168.0.255<br />
Feb 16 20:43:09 dsdaqgw dnsmasq-dhcp[3629416]: 2348065887 sent size: 4 option: 3 router 192.168.0.248<br />
Feb 16 20:43:09 dsdaqgw dnsmasq-dhcp[3629416]: 2348065887 sent size: 27 option: 17 root-path 192.168.0.248:/nfsroot/fe01<br />
Feb 16 20:43:09 dsdaqgw dnsmasq-dhcp[3629416]: 2348065887 sent size: 4 option: 6 dns-server 192.168.0.248<br />
Feb 16 20:43:09 dsdaqgw dnsmasq-tftp[3629416]: sent /tftpboot/uefi/ldlinux.e64 to 192.168.0.110<br />
Feb 16 20:43:09 dsdaqgw dnsmasq-tftp[3629416]: file /tftpboot/uefi/pxelinux.cfg/01-40-a6-b7-c1-d9-c5 not found<br />
Feb 16 20:43:09 dsdaqgw dnsmasq-tftp[3629416]: file /tftpboot/uefi/pxelinux.cfg/C0A8006E not found<br />
Feb 16 20:43:09 dsdaqgw dnsmasq-tftp[3629416]: file /tftpboot/uefi/pxelinux.cfg/C0A8006 not found<br />
Feb 16 20:43:09 dsdaqgw dnsmasq-tftp[3629416]: file /tftpboot/uefi/pxelinux.cfg/C0A800 not found<br />
Feb 16 20:43:09 dsdaqgw dnsmasq-tftp[3629416]: file /tftpboot/uefi/pxelinux.cfg/C0A80 not found<br />
Feb 16 20:43:09 dsdaqgw dnsmasq-tftp[3629416]: file /tftpboot/uefi/pxelinux.cfg/C0A8 not found<br />
Feb 16 20:43:09 dsdaqgw dnsmasq-tftp[3629416]: file /tftpboot/uefi/pxelinux.cfg/C0A not found<br />
Feb 16 20:43:09 dsdaqgw dnsmasq-tftp[3629416]: file /tftpboot/uefi/pxelinux.cfg/C0 not found<br />
Feb 16 20:43:09 dsdaqgw dnsmasq-tftp[3629416]: file /tftpboot/uefi/pxelinux.cfg/C not found<br />
Feb 16 20:43:09 dsdaqgw dnsmasq-tftp[3629416]: sent /tftpboot/uefi/pxelinux.cfg/default to 192.168.0.110<br />
Feb 16 20:43:09 dsdaqgw dnsmasq-tftp[3629416]: sent /tftpboot/uefi/menu.c32 to 192.168.0.110<br />
Feb 16 20:43:10 dsdaqgw dnsmasq-tftp[3629416]: sent /tftpboot/uefi/libutil.c32 to 192.168.0.110<br />
Feb 16 20:43:10 dsdaqgw dnsmasq-tftp[3629416]: sent /tftpboot/uefi/pxelinux.cfg/default to 192.168.0.110<br />
Feb 16 20:44:54 dsdaqgw dnsmasq-dhcp[3629416]: 3693523458 available DHCP subnet: 192.168.0.0/255.255.255.0<br />
Feb 16 20:44:54 dsdaqgw dnsmasq-dhcp[3629416]: 3693523458 client provides name: dsdaqgw.triumf.ca<br />
Feb 16 20:44:54 dsdaqgw dnsmasq-dhcp[3629416]: 3693523458 DHCPDISCOVER(enp1s0f0) 40:a6:b7:c1:d9:c5 <br />
Feb 16 20:44:54 dsdaqgw dnsmasq-dhcp[3629416]: 3693523458 tags: uefipxe, fe01, known, enp1s0f0<br />
Feb 16 20:44:54 dsdaqgw dnsmasq-dhcp[3629416]: 3693523458 DHCPOFFER(enp1s0f0) 192.168.0.110 40:a6:b7:c1:d9:c5 <br />
Feb 16 20:44:54 dsdaqgw dnsmasq-dhcp[3629416]: 3693523458 requested options: 1:netmask, 28:broadcast, 2:time-offset, 3:router, <br />
Feb 16 20:44:54 dsdaqgw dnsmasq-dhcp[3629416]: 3693523458 requested options: 15:domain-name, 6:dns-server, 119:domain-search, <br />
Feb 16 20:44:54 dsdaqgw dnsmasq-dhcp[3629416]: 3693523458 requested options: 12:hostname, 44:netbios-ns, 47:netbios-scope, <br />
Feb 16 20:44:54 dsdaqgw dnsmasq-dhcp[3629416]: 3693523458 requested options: 26:mtu, 121:classless-static-route, 42:ntp-server<br />
Feb 16 20:44:54 dsdaqgw dnsmasq-dhcp[3629416]: 3693523458 bootfile name: uefi/syslinux.efi<br />
Feb 16 20:44:54 dsdaqgw dnsmasq-dhcp[3629416]: 3693523458 next server: 192.168.0.248<br />
Feb 16 20:44:54 dsdaqgw dnsmasq-dhcp[3629416]: 3693523458 sent size: 1 option: 53 message-type 2<br />
Feb 16 20:44:54 dsdaqgw dnsmasq-dhcp[3629416]: 3693523458 sent size: 4 option: 54 server-identifier 192.168.0.248<br />
Feb 16 20:44:54 dsdaqgw dnsmasq-dhcp[3629416]: 3693523458 sent size: 4 option: 51 lease-time infinite<br />
Feb 16 20:44:54 dsdaqgw dnsmasq-dhcp[3629416]: 3693523458 sent size: 4 option: 1 netmask 255.255.255.0<br />
Feb 16 20:44:54 dsdaqgw dnsmasq-dhcp[3629416]: 3693523458 sent size: 4 option: 28 broadcast 192.168.0.255<br />
Feb 16 20:44:54 dsdaqgw dnsmasq-dhcp[3629416]: 3693523458 sent size: 4 option: 3 router 192.168.0.248<br />
Feb 16 20:44:54 dsdaqgw dnsmasq-dhcp[3629416]: 3693523458 sent size: 5 option: 15 domain-name dsdaq<br />
Feb 16 20:44:54 dsdaqgw dnsmasq-dhcp[3629416]: 3693523458 sent size: 27 option: 17 root-path 192.168.0.248:/nfsroot/fe01<br />
Feb 16 20:44:54 dsdaqgw dnsmasq-dhcp[3629416]: 3693523458 sent size: 4 option: 42 ntp-server 192.168.0.248<br />
Feb 16 20:44:54 dsdaqgw dnsmasq-dhcp[3629416]: 3693523458 sent size: 4 option: 6 dns-server 192.168.0.248<br />
Feb 16 20:44:54 dsdaqgw dnsmasq-dhcp[3629416]: 3693523458 available DHCP subnet: 192.168.0.0/255.255.255.0<br />
Feb 16 20:44:54 dsdaqgw dnsmasq-dhcp[3629416]: 3693523458 client provides name: dsdaqgw.triumf.ca<br />
Feb 16 20:44:54 dsdaqgw dnsmasq-dhcp[3629416]: 3693523458 DHCPREQUEST(enp1s0f0) 192.168.0.110 40:a6:b7:c1:d9:c5 <br />
Feb 16 20:44:54 dsdaqgw dnsmasq-dhcp[3629416]: 3693523458 tags: uefipxe, fe01, known, enp1s0f0<br />
Feb 16 20:44:54 dsdaqgw dnsmasq-dhcp[3629416]: 3693523458 DHCPACK(enp1s0f0) 192.168.0.110 40:a6:b7:c1:d9:c5 fe01<br />
Feb 16 20:44:54 dsdaqgw dnsmasq-dhcp[3629416]: 3693523458 requested options: 1:netmask, 28:broadcast, 2:time-offset, 3:router, <br />
Feb 16 20:44:54 dsdaqgw dnsmasq-dhcp[3629416]: 3693523458 requested options: 15:domain-name, 6:dns-server, 119:domain-search, <br />
Feb 16 20:44:54 dsdaqgw dnsmasq-dhcp[3629416]: 3693523458 requested options: 12:hostname, 44:netbios-ns, 47:netbios-scope, <br />
Feb 16 20:44:54 dsdaqgw dnsmasq-dhcp[3629416]: 3693523458 requested options: 26:mtu, 121:classless-static-route, 42:ntp-server<br />
Feb 16 20:44:54 dsdaqgw dnsmasq-dhcp[3629416]: 3693523458 bootfile name: uefi/syslinux.efi<br />
Feb 16 20:44:54 dsdaqgw dnsmasq-dhcp[3629416]: 3693523458 next server: 192.168.0.248<br />
Feb 16 20:44:54 dsdaqgw dnsmasq-dhcp[3629416]: 3693523458 sent size: 1 option: 53 message-type 5<br />
Feb 16 20:44:54 dsdaqgw dnsmasq-dhcp[3629416]: 3693523458 sent size: 4 option: 54 server-identifier 192.168.0.248<br />
Feb 16 20:44:54 dsdaqgw dnsmasq-dhcp[3629416]: 3693523458 sent size: 4 option: 51 lease-time infinite<br />
Feb 16 20:44:54 dsdaqgw dnsmasq-dhcp[3629416]: 3693523458 sent size: 4 option: 1 netmask 255.255.255.0<br />
Feb 16 20:44:54 dsdaqgw dnsmasq-dhcp[3629416]: 3693523458 sent size: 4 option: 28 broadcast 192.168.0.255<br />
Feb 16 20:44:54 dsdaqgw dnsmasq-dhcp[3629416]: 3693523458 sent size: 4 option: 3 router 192.168.0.248<br />
Feb 16 20:44:54 dsdaqgw dnsmasq-dhcp[3629416]: 3693523458 sent size: 5 option: 15 domain-name dsdaq<br />
Feb 16 20:44:54 dsdaqgw dnsmasq-dhcp[3629416]: 3693523458 sent size: 4 option: 12 hostname fe01<br />
Feb 16 20:44:54 dsdaqgw dnsmasq-dhcp[3629416]: 3693523458 sent size: 27 option: 17 root-path 192.168.0.248:/nfsroot/fe01<br />
Feb 16 20:44:54 dsdaqgw dnsmasq-dhcp[3629416]: 3693523458 sent size: 4 option: 42 ntp-server 192.168.0.248<br />
Feb 16 20:44:54 dsdaqgw dnsmasq-dhcp[3629416]: 3693523458 sent size: 4 option: 6 dns-server 192.168.0.248<br />
Feb 16 20:44:54 dsdaqgw rpc.mountd[3350210]: authenticated mount request from 192.168.0.110:981 for /nfsroot/fe01 (/nfsroot/fe01)<br />
Feb 16 20:45:07 dsdaqgw rpc.mountd[3350210]: authenticated unmount request from 192.168.0.110:859 for /nfsroot/fe01/tmp/autoDY4k5u (/nfsroot/fe01)<br />
</pre><br />
* tail /var/log/mini_httpd.log<br />
<pre><br />
192.168.0.110 - - [16/Feb/2024:20:43:15 -0800] "GET /uefi/vmlinuz-6.5.0-17-generic HTTP/1.0" 200 14227944 "" "Syslinux/6.04"<br />
192.168.0.110 - - [16/Feb/2024:20:43:24 -0800] "GET /uefi/initrd.img-6.5.0-17-generic HTTP/1.0" 200 137824833 "" "Syslinux/6.04"<br />
</pre><br />
<br />
=== setup efi http boot ===<br />
<br />
https://documentation.suse.com/sles/15-SP2/html/SLES-all/cha-deployment-prep-uefi-httpboot.html<br />
<br />
=== setup linux kernel ===<br />
<br />
* copy the kernel files<br />
<pre><br />
cd /boot<br />
rsync -av config* initrd* System.map* vmlinuz* /tftpboot/<br />
</pre><br />
* cd /tftpboot<br />
* chmod a+r *<br />
<br />
=== setup nfs ===<br />
<br />
* apt-get install nfs-kernel-server<br />
* enable NFS over UDP, edit /etc/nfs.conf add "udp=y":<br />
<pre><br />
udp=y<br />
</pre><br />
<pre><br />
systemctl restart nfs-server.service<br />
</pre><br />
* emacs -nw /etc/exports<br />
<pre><br />
/nfsroot/dsfe01 dsfe01(rw,no_root_squash,async,no_subtree_check)<br />
</pre><br />
* enable services<br />
<pre><br />
systemctl enable nfs-server<br />
systemctl enable nfs-mountd<br />
systemctl enable nfs-idmapd<br />
systemctl restart nfs-server<br />
systemctl restart nfs-mountd<br />
systemctl restart nfs-idmapd<br />
</pre><br />
* after editing /etc/exports, run<br />
<pre><br />
exportfs -av<br />
</pre><br />
<br />
=== setup userland ===<br />
<br />
!!! ubuntu-18 version !!!<br />
<br />
* zfs create rpool/nfsroot<br />
* zfs set dedup=verify rpool/nfsroot ### enable deduplication to save disk space because most linux images have mostly identical files<br />
* clone ubuntu<br />
<pre><br />
mkdir /nfsroot/dsfe01<br />
cd /<br />
rsync -avx . /nfsroot/dsfe01<br />
</pre><br />
* edit config files:<br />
* cd /nfsroot/dsfe01<br />
* emacs -nw etc/hostname ### change to dsfe01<br />
* emacs -nw etc/mailname ### change to dsfe01<br />
* emacs -nw etc/yp.conf ### change daq00.triumf.ca to musr00.triumf.ca<br />
* emacs -nw etc/defaultdomain ### change to MUSR-NIS<br />
* cp -pvf ../lxcpet-SL610/etc/ssh/*key* etc/ssh/ ### preserve the ssh keys<br />
* emacs -nw opt/gonodeinfo/gonodeinfo.conf ### update information<br />
* emacs -nw root/.ssh/authorized_keys ### update root ssh keys<br />
* emacs -nw etc/fstab ### add this<br />
<pre><br />
192.168.1.1:/nfsroot/dsfe01 / nfs defaults,nolock 0 0<br />
</pre><br />
* emacs -nw etc/chrony/chrony.conf<br />
** comment-out all "pool" and "server" entries<br />
** add entry "server 192.168.1.1 iburst"<br />
<br />
After dsfe01 is booted:<br />
<br />
* disable services:<br />
<pre><br />
systemctl disable apache2<br />
systemctl disable dnsmasq<br />
systemctl disable zfs-import-cache<br />
</pre><br />
<br />
To setup additional machines, clone dsfe01 instead of cloning the gateway machine<br />
<br />
=== Allow manpages to be viewed ===<br />
<br />
If <code>/</code> is mounted over NFS, <code>man</code> will report a permission error. Fix it with:<br />
<br />
<pre><br />
ln -s /etc/apparmor.d/usr.bin.man /etc/apparmor.d/disable/<br />
apparmor_parser -R /etc/apparmor.d/usr.bin.man<br />
</pre><br />
<br />
== setup shared home directory ==<br />
<br />
=== on the gateway machine ===<br />
* define netgroups<br />
* emacs -nw /etc/netgroup<br />
<pre><br />
dsfe (dsfe01,,) (dsfe02,,)<br />
</pre><br />
* emacs -nw /etc/nsswitch.conf ### edit the netgroup line to read:<br />
<pre><br />
netgroup: files<br />
</pre><br />
* export the home directories:<br />
* emacs -nw /etc/exports ### add this:<br />
<pre><br />
/zssd/home1 @dsfe(rw,no_root_squash,async,no_subtree_check)<br />
</pre><br />
* exportfs -rc<br />
<br />
=== on the frontend machine ===<br />
<br />
* mkdir /home<br />
* emacs -nw /etc/fstab ### add this:<br />
<pre><br />
192.168.1.1:/zssd/home1 /home nfs defaults 0 0<br />
</pre><br />
* mount -a<br />
<br />
== setup NAT ==<br />
<br />
NAT allows machines on the private network to connect to the internet: https://en.wikipedia.org/wiki/Network_address_translation<br />
<br />
In these examples:<br />
* replace "eno1" with name of the outgoing interface (the one connected to the TRIUMF network).<br />
* replace "enp11s0" with name of the private network interface (192.168.1.x network)<br />
<br />
* emacs -nw /etc/rc.local ### add this:<br />
<pre><br />
# /etc/rc.local<br />
<br />
# enable NAT<br />
<br />
/sbin/iptables -t nat -A POSTROUTING -o eno1 -j MASQUERADE<br />
iptables -L -v<br />
<br />
# uncomment following lines if machine has prohibitive FORWARD rules:<br />
#/sbin/iptables -I FORWARD -i eno1 -o enp11s0 -m state --state RELATED,ESTABLISHED -j ACCEPT<br />
#/sbin/iptables -I FORWARD -i enp11s0 -o eno1 -j ACCEPT<br />
#iptables -L -v<br />
<br />
iptables -L -v<br />
sysctl -w net.ipv4.ip_forward=1<br />
#sysctl -a | grep forward<br />
<br />
sh /etc/firewall-rfc1918.sh<br />
<br />
# end<br />
</pre><br />
* emacs -nw /etc/firewall-rfc1918.sh<br />
<pre><br />
# firewall-rfc1918.sh<br />
<br />
# prevent RFC1918 private network IP addresses from<br />
# going in and out from our uplink.<br />
<br />
ETH=eno1<br />
<br />
iptables -F in-rfc1918<br />
iptables -N in-rfc1918<br />
iptables -A in-rfc1918 --dst 10.0.0.0/8 -j REJECT<br />
iptables -A in-rfc1918 --dst 172.16.0.0/12 -j REJECT<br />
iptables -A in-rfc1918 --dst 192.168.0.0/16 -j REJECT<br />
<br />
iptables -D INPUT -j in-rfc1918 -i $ETH<br />
iptables -D INPUT -j in-rfc1918 -i $ETH<br />
iptables -I INPUT -j in-rfc1918 -i $ETH<br />
<br />
iptables -F out-rfc1918<br />
iptables -N out-rfc1918<br />
iptables -A out-rfc1918 --dst 10.0.0.0/8 -j REJECT<br />
iptables -A out-rfc1918 --dst 172.16.0.0/12 -j REJECT<br />
iptables -A out-rfc1918 --dst 192.168.0.0/16 -j REJECT<br />
<br />
iptables -D OUTPUT -j out-rfc1918 -o $ETH<br />
iptables -D OUTPUT -j out-rfc1918 -o $ETH<br />
iptables -I OUTPUT -j out-rfc1918 -o $ETH<br />
<br />
iptables -D FORWARD -j out-rfc1918 -o $ETH <br />
iptables -D FORWARD -j out-rfc1918 -o $ETH <br />
iptables -I FORWARD -j out-rfc1918 -o $ETH <br />
<br />
# allow TRIUMF-SECURE network<br />
<br />
iptables -I in-rfc1918 -s 10.90.0.0/255.255.0.0 -j ACCEPT <br />
iptables -I out-rfc1918 -d 10.90.0.0/255.255.0.0 -j ACCEPT <br />
<br />
# show configuration<br />
<br />
iptables -L -v<br />
<br />
#end<br />
</pre><br />
<br />
= KVM =<br />
<br />
<pre><br />
apt install cpu-checker<br />
<br />
root@daq13:~# kvm-ok <br />
INFO: /dev/kvm exists<br />
KVM acceleration can be used<br />
root@daq13:~# <br />
<br />
(if not, shutdown, go into BIOS settings, enable CPU virtualization)<br />
<br />
apt install virtinst ### will install many packages<br />
apt install libvirt-clients libvirt-daemon-system-systemd libvirt-daemon qemu qemu-kvm libvirt-daemon-system virtinst bridge-utils<br />
<br />
root@daq13:/home1/wheel# virsh list --all<br />
Id Name State<br />
------------------------------<br />
1 ubuntu-guest running<br />
<br />
apt install virt-manager<br />
<br />
virt-install --name ubuntu-guest --os-variant ubuntu20.04 --vcpus 2 --ram 2048 --location /daq/daqstore/olchansk/linux/Ubuntu/ubuntu-20.04.3-desktop-amd64.iso --network bridge=virbr0,model=virtio --graphics none --extra-args='console=ttyS0,115200n8 serial'<br />
<br />
virtual machine will start, boot, etc<br />
to get out of it, CTRL + Shift followed by ]<br />
<br />
ssh wheel@daq13<br />
virt-manager<br />
<br />
run virt-install again, omit "--graphics none", open graphics console from virt-manager, it booted into ubuntu installer desktop<br />
<br />
virt-install --name test10 --os-variant centos6.10 --vcpus 2 --ram 2048 --import --filesystem /kvm_ladd00,/ --network bridge=virbr0,model=virtio --boot kernel=/kvm_ladd00/boot/vmlinuz-2.6.32-754.35.1.el6.x86_64,initrd=/kvm_ladd00/boot/initramfs-2.6.32-754.35.1.el6.x86_64.img,kernel_args="root=/dev/sda console=ttyS0,115200n8 serial" --graphics none<br />
<br />
virt-install --name test14 --os-variant centos6.10 --vcpus 2 --ram 2048 --import --disk /tmp/xxx/ladd00.img,bus=sata --network bridge=virbr0,model=virtio --boot kernel=/kvm_ladd00/boot/vmlinuz-2.6.32-754.35.1.el6.x86_64,initrd=/kvm_ladd00/boot/initramfs-2.6.32-754.35.1.el6.x86_64.img,kernel_args="root=/dev/sda console=ttyS0,115200n8 serial rdshell" --graphics none --check path_in_use=off<br />
</pre><br />
<br />
build image<br />
<br />
<pre><br />
dd if=/dev/zero of=/tmp/xxx/ladd00.img bs=1024M count=20<br />
mkfs.ext3 /tmp/xxx/ladd00.img ### ext4 fails to mount by SL6 kernel, "unknown ext4 options"<br />
cd /kvm_ladd00/<br />
mount -o loop /tmp/xxx/ladd00.img /mnt/tmp<br />
rsync -av . /mnt/tmp/ --delete<br />
umount /mnt/tmp<br />
</pre><br />
<br />
on the guest, configure network: /etc/rc.local<br />
<pre><br />
#!/bin/sh<br />
#<br />
# This script will be executed *after* all the other init scripts.<br />
# You can put your own initialization stuff in here if you don't<br />
# want to do the full Sys V style init stuff.<br />
<br />
touch /var/lock/subsys/local<br />
<br />
ifconfig eth2 192.168.122.2<br />
route add -net 0.0.0.0 gw 192.168.122.1<br />
ifconfig -a<br />
netstat -rn<br />
<br />
# end<br />
</pre><br />
<br />
== virtualize SL6 ladd00 ==<br />
<br />
* on ladd00:<br />
<pre><br />
yum install dracut-network<br />
mkinitrd /boot/initramfs-2.6.32-754.35.1.el6.x86_64-netboot.img 2.6.32-754.35.1.el6.x86_64<br />
</pre><br />
* on daq00<br />
<pre><br />
zfs create rpool/kvm-ladd00<br />
cd /kvm-ladd00<br />
rsync -avx ladd00:/ . --exclude nfsroot<br />
brctl addbr virbr0<br />
ifconfig virbr0 192.168.1.1<br />
echo /kvm-ladd00 192.168.1.2(rw,no_root_squash,no_all_squash,async,no_subtree_check) >> /etc/exports<br />
exportfs -rv<br />
</pre><br />
* create virtual machine<br />
<pre><br />
virt-install --name kvm-ladd00 --os-variant centos6.10 --vcpus 2 --ram 2048 --import --network bridge=virbr0,model=virtio --boot kernel=/kvm-ladd00/boot/vmlinuz-2.6.32-754.35.1.el6.x86_64,initrd=/kvm-ladd00/boot/initramfs-2.6.32-754.35.1.el6.x86_64-netboot.img,kernel_args="root=/dev/nfs ip=192.168.1.2:192.168.1.1:192.168.1.1:255.255.255.0:ladd00::off nfsroot=192.168.1.1:/kvm-ladd00 console=ttyS0,115200n8 serial rdshell" --graphics none --nodisks --check path_in_use=off<br />
</pre><br />
* adjust kvm-ladd00 image<br />
<pre><br />
disable network manager<br />
edit fstab<br />
edit yp.conf<br />
edit resolv.conf<br />
edit root/.ssh/authorized_keys<br />
enable rngd or /dev/random does not work, sshd does not work<br />
</pre><br />
* virsh shutdown test24<br />
* virsh --connect qemu:///system start test24<br />
* virsh console test24 ### to exit, ctrl+[ or ctrl+]<br />
* virsh undefine test24<br />
* virsh autostart kvm-ladd00<br />
* virsh dominfo kvm-ladd00<br />
<pre><br />
root@daq00:~# virsh dominfo kvm-ladd00<br />
Id: 1<br />
Name: kvm-ladd00<br />
UUID: 1d1f8fed-8b65-4411-a51b-e0ecf359d2f1<br />
OS Type: hvm<br />
State: running<br />
CPU(s): 2<br />
CPU time: 27.7s<br />
Max memory: 2097152 KiB<br />
Used memory: 2097152 KiB<br />
Persistent: yes<br />
Autostart: enable<br />
Managed save: no<br />
Security model: apparmor<br />
Security DOI: 0<br />
Security label: libvirt-1d1f8fed-8b65-4411-a51b-e0ecf359d2f1 (enforcing)<br />
root@daq00:~# <br />
</pre><br />
* delete unused images in /var/lib/libvirt/images<br />
<br />
= ARM64 cross-compiler =<br />
<br />
* arm64, aarch64 are Xilinx FPGA Cortex-A53, RPi4, RPi5 machines<br />
* install packages:<br />
<pre><br />
apt install g++-12-aarch64-linux-gnu gcc-12-aarch64-linux-gnu-base libstdc++-12-dev-arm64-cross<br />
</pre><br />
* run:<br />
<pre><br />
aarch64-linux-gnu-gcc-12 -o ttcp.aarch64 ttcp.c -static<br />
aarch64-linux-gnu-g++-12 -o fecdm.exe -O2 -g -Wall -Wuninitialized -std=c++20 fecdm.o dsdm.o /home/dsdaqdev/packages_common/midas/linux-aarch64-remoteonly/lib/libmidas.a -pthread -lrt -lutil /nfsroot/gdm00/usr/lib/aarch64-linux-gnu/libi2c.a -static<br />
</pre><br />
<br />
= ARM cross-compiler =<br />
<br />
* armv7 (RPi3, MityARM CAMAC) machines<br />
* install packages:<br />
<pre><br />
apt install g++-12-arm-linux-gnueabihf gcc-12-arm-linux-gnueabihf libstdc++-12-dev-armhf-cross<br />
</pre><br />
* find out the correct -march setting, on the target machine, run:<br />
<pre><br />
root@gdm00:~# g++ -Q --help=target | grep march<br />
-march= armv8-a<br />
</pre><br />
* build something:<br />
<pre><br />
arm-linux-gnueabihf-gcc -o ttcp1 ttcp.c -march=armv7 -static<br />
arm-linux-gnueabihf-gcc -o memcpy.armv7 memcpy.cc -march=armv7 -static -O2<br />
</pre><br />
<br />
= 32-bit intel cross-compiler =<br />
<br />
Ubuntu 22.04:<br />
<br />
<pre><br />
apt install libstdc++-11-dev:i386<br />
apt install zlib1g-dev:i386<br />
</pre><br />
<br />
NOTES:<br />
* "g++ -m32" does not find libstdc++, please use "g++ -m32 -L/usr/lib/gcc/i686-linux-gnu/11/"<br />
* to cross-build 32-bit MIDAS, use "make linux32".<br />
* executables cross-build on Ubuntu-22 do NOT run on 32-bit Debain-11 (GLIBC and GLIBCXX version mismatch)<br />
* executables cross-build on Ubuntu-22 run on 32-bit Debian-12.<br />
<br />
= SSH settings for EPICS =<br />
<br />
* TRIUMF EPICS runs obsolete version of SSH<br />
* add this to the use .ssh/config<br />
<pre><br />
Host sbp1*<br />
HostKeyAlgorithms +ssh-rsa<br />
PubKeyAcceptedAlgorithms +ssh-rsa<br />
KexAlgorithms +diffie-hellman-group1-sha1<br />
ForwardX11 yes<br />
ForwardX11Trusted yes<br />
</pre><br />
<br />
= changes for VME processors =<br />
<br />
<pre><br />
apt -y remove sysstat man-db<br />
apt -y purge dkms<br />
apt -y purge mdadm<br />
apt -y autoremove<br />
</pre><br />
<br />
= remove snap (U-24) =<br />
<br />
Note: snap stores data in $USER/snap/$SNAPNAME, removing a snap on one machine will remove this data from all users even if they want to use snap on some other machine.<br />
<br />
Remove snaps:<br />
<br />
NOTE: first remove chromium and firefox, see below.<br />
<br />
<pre><br />
snap list<br />
echo snap remove chromium ### see below<br />
echo snap remove firefox ### see below<br />
snap remove thunderbird<br />
snap remove cups<br />
snap remove firmware-updater<br />
snap remove gtk-common-themes<br />
snap remove snapd-desktop-integration<br />
snap remove snap-store<br />
snap remove hunspell-dictionaries-1-7-2004<br />
snap remove gnome-system-monitor<br />
snap remove gnome-3-26-1604<br />
snap remove gnome-3-28-1804<br />
snap remove gnome-3-34-1804<br />
snap remove gnome-3-38-2004<br />
snap remove gnome-42-2204<br />
snap remove gnome-46-2404<br />
snap remove mesa-2404<br />
snap remove core<br />
snap remove core18<br />
snap remove core20<br />
snap remove core22<br />
snap remove core24<br />
snap remove bare<br />
snap remove snapd<br />
snap list<br />
</pre><br />
<pre><br />
root@daqubuntu:~# snap list<br />
No snaps are installed yet. Try 'snap install hello-world'.<br />
root@daqubuntu:~# <br />
</pre><br />
<br />
Identify packages that install snaps:<br />
<br />
<pre><br />
apt list | grep snap | grep installed<br />
</pre><br />
<br />
Typical output:<br />
<br />
<pre><br />
firefox/noble,now 1:1snap1-0ubuntu5 amd64 [installed]<br />
gir1.2-snapd-2/noble,now 1.64-0ubuntu5 amd64 [installed,automatic]<br />
libsnapd-glib-2-1/noble,now 1.64-0ubuntu5 amd64 [installed,automatic]<br />
libsnapd-qt-2-1/noble,now 1.64-0ubuntu5 amd64 [installed,automatic]<br />
libsnappy1v5/noble,now 1.1.10-1build1 amd64 [installed,automatic]<br />
plasma-discover-backend-snap/noble,now 5.27.11-0ubuntu2 amd64 [installed]<br />
snapd/noble-updates,now 2.66.1+24.04 amd64 [installed]<br />
</pre><br />
<br />
Remove packages that install snaps:<br />
<br />
<pre><br />
apt remove chromium-browser<br />
apt remove chromium-codecs-ffmpeg-extra<br />
apt remove thunderbird<br />
apt remove firefox<br />
apt remove plasma-discover-backend-snap<br />
apt remove plasma-discover-snap-backend<br />
apt remove snapd<br />
apt purge snapd<br />
# package gir1.2-snapd-2 is required by ubuntu-mate-desktop & co<br />
# libsnapd-glib-2-1 is required by gstreamer, gnome-remote-desktop & co<br />
ls -l /etc/systemd/system/ | grep snap ### remove unwanted stuff<br />
</pre><br />
<br />
Remove Chromium:<br />
<br />
* ls -ld /home/*/snap/chromium/*<br />
* echo /bin/rm -rf `ls -1d /home/*/snap/chromium/*`<br />
* snap remove chromium<br />
<br />
Remove Firefox:<br />
<br />
* ls -ld /home/*/snap/firefox/*<br />
* echo /bin/rm -rf `ls -1d /home/*/snap/firefox/*` ### this will delete "snap firefox" profiles of all users!!!<br />
* snap remove firefox ### this will also delete "snap firefox" profiles of all users!!!<br />
<br />
Remove gir1.2-snapd-2:<br />
* echo rm -vf /usr/lib/x86_64-linux-gnu/girepository-1.0/Snapd-2.typelib<br />
<br />
= boot using syslinux =<br />
<br />
* NOTE: extlinux is not compatible with ext4 "64bit" feature, it should be turned off:<br />
<pre><br />
mkfs.ext4 -O ^64bit /dev/sdX1<br />
resize2fs -s /dev/sdX1<br />
</pre><br />
<br />
* install syslinux and extlinux (THIS DOES NOT WORK!!!)<br />
<br />
<pre><br />
apt -y install syslinux extlinux<br />
dd if=/usr/lib/syslinux/mbr/mbr.bin of=/dev/sdX ### NOT /dev/sdX1 NOT !!!<br />
cd /boot<br />
cp /usr/lib/syslinux/modules/bios/menu.c32 .<br />
extlinux -i .<br />
</pre><br />
<br />
* install syslinux and extlinux<br />
<br />
* copy from old SL6 USB disk (this is extlinux 6.02)<br />
<pre><br />
root@localhost:/boot# ls -l<br />
-rwxr-xr-x 1 root root 218952 Jan 28 17:40 extlinux<br />
-rw-r--r-- 1 root root 402 Jan 29 14:45 extlinux.conf<br />
-rw-r--r-- 1 root root 496 Jan 29 14:39 extlinux.conf~<br />
-r--r--r-- 1 root root 122044 Jan 29 14:39 ldlinux.c32<br />
-r--r--r-- 1 root root 67072 Jan 29 14:39 ldlinux.sys<br />
-rwxr-xr-x 1 root root 24156 Jan 28 17:40 libutil.c32<br />
-rw-r--r-- 1 root root 304 Jan 28 17:40 mbr.bin<br />
-rw-r--r-- 1 root root 26140 Jan 28 17:40 memdisk<br />
-rw-r--r-- 1 root root 69043 Jan 28 17:40 memtest86+-4.20.iso.zip<br />
-rw-r--r-- 1 root root 183012 Jan 28 17:40 memtest86+-5.01<br />
-rw-r--r-- 1 root root 26568 Jan 28 17:40 menu.c32<br />
</pre><br />
<br />
* install<br />
<pre><br />
dd if=mbr.bin of=/dev/sdX ### NOT /dev/sdX1 NOT !!!<br />
extlinux -i .<br />
</pre><br />
* check that partition /dev/sdX1 is marked bootable (fdisk command "a")<br />
<br />
* create /boot/extlinux.conf<br />
<br />
<pre><br />
DEFAULT menu.c32<br />
PROMPT 0<br />
TIMEOUT 50<br />
<br />
MENU TITLE TRIUMF DAQ USB BOOT32 ver K.O. 2025jan28<br />
<br />
LABEL linux<br />
MENU DEFAULT<br />
kernel /vmlinuz<br />
append initrd=/initrd.img panic=60 rootdelay=5 rootwait rw root=/dev/sda1<br />
<br />
LABEL linux-6.1.0-28-686<br />
kernel vmlinuz-6.1.0-28-686<br />
append initrd=initrd.img-6.1.0-28-686 panic=60 rootdelay=5 rootwait rw root=/dev/sda1<br />
<br />
LABEL memtest<br />
kernel memtest86+-1.65<br />
</pre></div>
Lindner
https://daq00.triumf.ca/DaqWiki/index.php?title=TrdataDcache&diff=8145
TrdataDcache
2025-01-10T00:28:26Z
<p>Lindner: </p>
<hr />
<div><br />
The TRIUMF dcache trdata system has been decommissioned as of Jan 2025; old data has been backed up to disks. please contact Thomas L. for details.<br />
<br />
<br />
Below is a set of historical information about the trdata system; the information is no longer relevant.<br />
<br />
_____________________________________________________________________<br />
<br />
<br />
The Experimental Data Storage is a facility dedicated to store large amount of data produced by TRIUMF experimental groups. This system is based on the DCache software (Desy and FermiLab) and consists uniquely of storage. No CPU power is available. To the users, only the main server machine TRDATA00 is visible. The files are stored on one or several disk server machines. The system is easily expendable. To obtain disk space on this system, please contact Pierre Amaudruz or Thomas Lindner (lindner@triumf.ca). The disk servers are running RAID 6 software but the files are not backed up to another system. The users should not count on this facility as a permanent archive at this point. Currently the system has ~125 TB available.<br />
<br />
We are currently migrating the dcache system from an older version to a new version on a new computer. The following is useful information for the transition period:<br />
<br />
* the new system is already up and running. You can see the new dcache interface here:<br />
<br />
http://trdata00.triumf.ca:2288<br />
<br />
* Files from the old dcache system have been all copied to the new system (except for pienu files, for which special arrangements are being made).<br />
<br />
* You can copy file from the new system with either the dccp command:<br />
<br />
'''dccp dcap://trdata00.triumf.ca/pnfs/triumf.ca/data/iris/2015/iris_000029060000.mid.gz .'''<br />
<br />
or the globus-url-copy grid command (assuming you have grid tools installed and a valid, registered grid certificate):<br />
<br />
'''globus-url-copy -p 5 -vb gsiftp://trdata00.triumf.ca/pnfs/triumf.ca/data/iris/2012/run00750.mid.gz file:///home/lindner/run00750.mid.gz'''<br />
<br />
* Installing dccp itself is pretty easy. To install from a standard SL5/6 desktop you can just use the version of dccp that you get from EPEL; ie, just do <br />
<br />
yum install dcap<br />
<br />
Installing globus-url-copy is more complicated and involved. Contact Thomas Lindner for more information.<br />
<br />
* (For sys-admins only): from TRIUMF computers you can also mount the dcache system by doing following:<br />
<br />
mkdir -p /pnfs<br />
edit /etc/rc.local, add to the end of file: "mount -o intr,rw,noac,hard,nfsvers=3 trdata00:/pnfs /pnfs"<br />
. /etc/rc.local <br />
<br />
* After March 4th, the new system was eenamed as trdata00 and the old system became unavailable.<br />
<br />
There is administrative details [[trdata_admin|TRDATA admin]]<br />
<br />
You can also access the [http://ccn.triumf.ca/file-storage/experimental-data-storage original documentation] for the old trdata setup.</div>
Lindner
https://daq00.triumf.ca/DaqWiki/index.php?title=Sysman&diff=8144
Sysman
2025-01-10T00:27:58Z
<p>Lindner: </p>
<hr />
<div>== System management ==<br />
<br />
* [http://daq-plone.triumf.ca/SM/docs/local Misc documentation on the daq-plone site]<br />
* [[Daqinv]] DAQ inventory database<br />
* [[Amanda]] AMANDA backups<br />
<br />
== Computer clusters ==<br />
<br />
* [[DAQ_Cluster]] [[ISAC_Cluster]] [[MUSR_Cluster]] [http://www.triumf.info/wiki/DAQwiki/index.php/TITAN TITAN]<br />
* gonodeinfo: [https://daq00.triumf.ca/gonodeinfo/gonodereport.html all] [https://daq00.triumf.ca/gonodeinfo/group-titan.html titan] [https://daq00.triumf.ca/gonodeinfo/group-isac.html isac] [https://daq00.triumf.ca/gonodeinfo/group-cmms.html cmms] (username/password: midas/midas)<br />
* gonodeinfo: [https://dsvslice.triumf.ca/gonodeinfo/gonodereport.html dsvslice] (username/password: midas/midas)<br />
* [https://daqstore.triumf.ca/ganglia ganglia] (username/password: midas/midas) (runs on daqstore, see daqstore:/etc/rc.local)<br />
* [https://daq00.triumf.ca/ganglia new ganglia] (username/password: midas/midas) (runs on daq00)<br />
* zfsquotareport: [https://daq00.triumf.ca/zfsquotareport/zfsquota.html daq00] [https://isdaq00.triumf.ca/zfsquotareport/zfsquota.html isdaq00] [https://alpha00.triumf.ca/zfsquotareport/zfsquota.html alpha00] [musr00] [midm9a] [https://iris00.triumf.ca/zfsquotareport/zfsquota.html iris00] [https://midemma01.triumf.ca/zfsquotareport/zfsquota.html midemma01] [https://trinatdaq.triumf.ca/zfsquotareport/zfsquota.html trinatdaq] [titan00] [https://daqstore.triumf.ca/zfsquotareport/zfsquota.html daqstore]<br />
* [https://ladd00.triumf.ca/diskusers/disks.html Diskusers] <br />
* [https://daq00.triumf.ca/~olchansk/pingmon/triumf.html network ping monitor]<br />
* [https://daq00.triumf.ca/~daqweb/daqbackup/ daqbackup]<br />
<br />
* TRDATA dcache status [[TrdataDcache]]<br />
* [[DiskScrub]] Documentation for diskscrub<br />
* [[disk_benchmarks]]<br />
* [[graphics_benchmarks]]<br />
* [[VMs]] DAQ VMs<br />
<br />
== Linux documentation ==<br />
<br />
* [[SLinstall]] SL5/SL6/CentOS7/CentOS8 install instructions<br />
* [[Ubuntu]] Ubuntu install instructions<br />
* [[Raspbian]] Raspbian OS for ARM processors (Raspberry Pi, Cyclone5 SoC, etc)<br />
* [[ZFS]] ZFS instructions<br />
* [[rPi-RT]] Real-Time kernel for Raspberry Pi<br />
<br />
== Misc documentation ==<br />
<br />
* [[DaqVlanConfig]] VLANs for DAQ and experiments<br />
* [[PcHardware]] DAQ PC Configurations<br />
* [[PcRackmount]] DAQ Rackmounted Configurations<br />
* [[DaqSvn]] DAQ SVN repositories and instructions (obsolete)<br />
* [[Quartus]] Altera Quartus<br />
* [[HADOOP]] (obsolete)<br />
* [[EPICS]]<br />
* [[VNC]]<br />
* [[Cloning_raid1_boot_disks]]<br />
* [[Setup_MIDAS_experiment]] (moved to MidasWiki)<br />
* [[IEEE_MAC_TRIUMF]] IEEE MAC addresses assigned to TRIUMF<br />
* [[DaqWikiManagement]] DAQWiki management<br />
* [[PHYSICA]]<br />
* [[ROOT]]<br />
* [[MIDAS]]<br />
* [[ROOTANA]] : ROOT Analyzer for MIDAS (moved to MidasWiki)<br />
* [[ROODY]]<br />
* [[ser2net]] USB-Serial-RS232 interface<br />
* [[GIT]]<br />
* [[TrdataDcache]] tradata dcache system for experimental data storage<br />
* [[dhcpd_on_eth1]] Enabling dhcpd on secondary ethernet port<br />
* [[nextcloud]]<br />
* [[DAQ_VMs]] DAQ and experimental group VMs<br />
* [[MegaRAID]] instructions for dealing with MegaRAID hardware raid adapters<br />
* obsolete data acquisition software: [https://daq.triumf.ca/~daqweb/doc/susiq/ SUSIQ] [https://daq.triumf.ca/~daqweb/doc/nova/ NOVA]</div>
Lindner
https://daq00.triumf.ca/DaqWiki/index.php?title=Sysman&diff=8143
Sysman
2025-01-10T00:27:22Z
<p>Lindner: </p>
<hr />
<div>== System management ==<br />
<br />
* [http://daq-plone.triumf.ca/SM/docs/local Misc documentation on the daq-plone site]<br />
* [[Daqinv]] DAQ inventory database<br />
* [[Amanda]] AMANDA backups<br />
<br />
== Computer clusters ==<br />
<br />
* [[DAQ_Cluster]] [[ISAC_Cluster]] [[MUSR_Cluster]] [http://www.triumf.info/wiki/DAQwiki/index.php/TITAN TITAN]<br />
* gonodeinfo: [https://daq00.triumf.ca/gonodeinfo/gonodereport.html all] [https://daq00.triumf.ca/gonodeinfo/group-titan.html titan] [https://daq00.triumf.ca/gonodeinfo/group-isac.html isac] [https://daq00.triumf.ca/gonodeinfo/group-cmms.html cmms] (username/password: midas/midas)<br />
* gonodeinfo: [https://dsvslice.triumf.ca/gonodeinfo/gonodereport.html dsvslice] (username/password: midas/midas)<br />
* [https://daqstore.triumf.ca/ganglia ganglia] (username/password: midas/midas) (runs on daqstore, see daqstore:/etc/rc.local)<br />
* [https://daq00.triumf.ca/ganglia new ganglia] (username/password: midas/midas) (runs on daq00)<br />
* zfsquotareport: [https://daq00.triumf.ca/zfsquotareport/zfsquota.html daq00] [https://isdaq00.triumf.ca/zfsquotareport/zfsquota.html isdaq00] [https://alpha00.triumf.ca/zfsquotareport/zfsquota.html alpha00] [musr00] [midm9a] [https://iris00.triumf.ca/zfsquotareport/zfsquota.html iris00] [https://midemma01.triumf.ca/zfsquotareport/zfsquota.html midemma01] [https://trinatdaq.triumf.ca/zfsquotareport/zfsquota.html trinatdaq] [titan00] [https://daqstore.triumf.ca/zfsquotareport/zfsquota.html daqstore]<br />
* [https://ladd00.triumf.ca/diskusers/disks.html Diskusers] <br />
* [https://daq00.triumf.ca/~olchansk/pingmon/triumf.html network ping monitor]<br />
* [https://daq00.triumf.ca/~daqweb/daqbackup/ daqbackup]<br />
<br />
* [[TrdataDcache] TRDATA dcache status]<br />
* [[DiskScrub]] Documentation for diskscrub<br />
* [[disk_benchmarks]]<br />
* [[graphics_benchmarks]]<br />
* [[VMs]] DAQ VMs<br />
<br />
== Linux documentation ==<br />
<br />
* [[SLinstall]] SL5/SL6/CentOS7/CentOS8 install instructions<br />
* [[Ubuntu]] Ubuntu install instructions<br />
* [[Raspbian]] Raspbian OS for ARM processors (Raspberry Pi, Cyclone5 SoC, etc)<br />
* [[ZFS]] ZFS instructions<br />
* [[rPi-RT]] Real-Time kernel for Raspberry Pi<br />
<br />
== Misc documentation ==<br />
<br />
* [[DaqVlanConfig]] VLANs for DAQ and experiments<br />
* [[PcHardware]] DAQ PC Configurations<br />
* [[PcRackmount]] DAQ Rackmounted Configurations<br />
* [[DaqSvn]] DAQ SVN repositories and instructions (obsolete)<br />
* [[Quartus]] Altera Quartus<br />
* [[HADOOP]] (obsolete)<br />
* [[EPICS]]<br />
* [[VNC]]<br />
* [[Cloning_raid1_boot_disks]]<br />
* [[Setup_MIDAS_experiment]] (moved to MidasWiki)<br />
* [[IEEE_MAC_TRIUMF]] IEEE MAC addresses assigned to TRIUMF<br />
* [[DaqWikiManagement]] DAQWiki management<br />
* [[PHYSICA]]<br />
* [[ROOT]]<br />
* [[MIDAS]]<br />
* [[ROOTANA]] : ROOT Analyzer for MIDAS (moved to MidasWiki)<br />
* [[ROODY]]<br />
* [[ser2net]] USB-Serial-RS232 interface<br />
* [[GIT]]<br />
* [[TrdataDcache]] tradata dcache system for experimental data storage<br />
* [[dhcpd_on_eth1]] Enabling dhcpd on secondary ethernet port<br />
* [[nextcloud]]<br />
* [[DAQ_VMs]] DAQ and experimental group VMs<br />
* [[MegaRAID]] instructions for dealing with MegaRAID hardware raid adapters<br />
* obsolete data acquisition software: [https://daq.triumf.ca/~daqweb/doc/susiq/ SUSIQ] [https://daq.triumf.ca/~daqweb/doc/nova/ NOVA]</div>
Lindner
https://daq00.triumf.ca/DaqWiki/index.php?title=TrdataDcache&diff=8142
TrdataDcache
2025-01-10T00:26:29Z
<p>Lindner: </p>
<hr />
<div><br />
The TRIUMF dcache trdata system has been decommissioned as of Jan 2025; please contact Thomas L. for details.<br />
<br />
<br />
Below is a set of historical information about the trdata system; the information is no longer relevant.<br />
<br />
_____________________________________________________________________<br />
<br />
<br />
The Experimental Data Storage is a facility dedicated to store large amount of data produced by TRIUMF experimental groups. This system is based on the DCache software (Desy and FermiLab) and consists uniquely of storage. No CPU power is available. To the users, only the main server machine TRDATA00 is visible. The files are stored on one or several disk server machines. The system is easily expendable. To obtain disk space on this system, please contact Pierre Amaudruz or Thomas Lindner (lindner@triumf.ca). The disk servers are running RAID 6 software but the files are not backed up to another system. The users should not count on this facility as a permanent archive at this point. Currently the system has ~125 TB available.<br />
<br />
We are currently migrating the dcache system from an older version to a new version on a new computer. The following is useful information for the transition period:<br />
<br />
* the new system is already up and running. You can see the new dcache interface here:<br />
<br />
http://trdata00.triumf.ca:2288<br />
<br />
* Files from the old dcache system have been all copied to the new system (except for pienu files, for which special arrangements are being made).<br />
<br />
* You can copy file from the new system with either the dccp command:<br />
<br />
'''dccp dcap://trdata00.triumf.ca/pnfs/triumf.ca/data/iris/2015/iris_000029060000.mid.gz .'''<br />
<br />
or the globus-url-copy grid command (assuming you have grid tools installed and a valid, registered grid certificate):<br />
<br />
'''globus-url-copy -p 5 -vb gsiftp://trdata00.triumf.ca/pnfs/triumf.ca/data/iris/2012/run00750.mid.gz file:///home/lindner/run00750.mid.gz'''<br />
<br />
* Installing dccp itself is pretty easy. To install from a standard SL5/6 desktop you can just use the version of dccp that you get from EPEL; ie, just do <br />
<br />
yum install dcap<br />
<br />
Installing globus-url-copy is more complicated and involved. Contact Thomas Lindner for more information.<br />
<br />
* (For sys-admins only): from TRIUMF computers you can also mount the dcache system by doing following:<br />
<br />
mkdir -p /pnfs<br />
edit /etc/rc.local, add to the end of file: "mount -o intr,rw,noac,hard,nfsvers=3 trdata00:/pnfs /pnfs"<br />
. /etc/rc.local <br />
<br />
* After March 4th, the new system was eenamed as trdata00 and the old system became unavailable.<br />
<br />
There is administrative details [[trdata_admin|TRDATA admin]]<br />
<br />
You can also access the [http://ccn.triumf.ca/file-storage/experimental-data-storage original documentation] for the old trdata setup.</div>
Lindner
https://daq00.triumf.ca/DaqWiki/index.php?title=TrdataDcache&diff=8141
TrdataDcache
2025-01-10T00:26:18Z
<p>Lindner: </p>
<hr />
<div><br />
The TRIUMF dcache trdata system has been decommissioned as of Jan 2025; please contact Thomas L. for details.<br />
<br />
<br />
Below is a set of historical information about the trdata system; the information is no longer relevant.<br />
_____________________________________________________________________<br />
<br />
<br />
The Experimental Data Storage is a facility dedicated to store large amount of data produced by TRIUMF experimental groups. This system is based on the DCache software (Desy and FermiLab) and consists uniquely of storage. No CPU power is available. To the users, only the main server machine TRDATA00 is visible. The files are stored on one or several disk server machines. The system is easily expendable. To obtain disk space on this system, please contact Pierre Amaudruz or Thomas Lindner (lindner@triumf.ca). The disk servers are running RAID 6 software but the files are not backed up to another system. The users should not count on this facility as a permanent archive at this point. Currently the system has ~125 TB available.<br />
<br />
We are currently migrating the dcache system from an older version to a new version on a new computer. The following is useful information for the transition period:<br />
<br />
* the new system is already up and running. You can see the new dcache interface here:<br />
<br />
http://trdata00.triumf.ca:2288<br />
<br />
* Files from the old dcache system have been all copied to the new system (except for pienu files, for which special arrangements are being made).<br />
<br />
* You can copy file from the new system with either the dccp command:<br />
<br />
'''dccp dcap://trdata00.triumf.ca/pnfs/triumf.ca/data/iris/2015/iris_000029060000.mid.gz .'''<br />
<br />
or the globus-url-copy grid command (assuming you have grid tools installed and a valid, registered grid certificate):<br />
<br />
'''globus-url-copy -p 5 -vb gsiftp://trdata00.triumf.ca/pnfs/triumf.ca/data/iris/2012/run00750.mid.gz file:///home/lindner/run00750.mid.gz'''<br />
<br />
* Installing dccp itself is pretty easy. To install from a standard SL5/6 desktop you can just use the version of dccp that you get from EPEL; ie, just do <br />
<br />
yum install dcap<br />
<br />
Installing globus-url-copy is more complicated and involved. Contact Thomas Lindner for more information.<br />
<br />
* (For sys-admins only): from TRIUMF computers you can also mount the dcache system by doing following:<br />
<br />
mkdir -p /pnfs<br />
edit /etc/rc.local, add to the end of file: "mount -o intr,rw,noac,hard,nfsvers=3 trdata00:/pnfs /pnfs"<br />
. /etc/rc.local <br />
<br />
* After March 4th, the new system was eenamed as trdata00 and the old system became unavailable.<br />
<br />
There is administrative details [[trdata_admin|TRDATA admin]]<br />
<br />
You can also access the [http://ccn.triumf.ca/file-storage/experimental-data-storage original documentation] for the old trdata setup.</div>
Lindner
https://daq00.triumf.ca/DaqWiki/index.php?title=Ubuntu&diff=7108
Ubuntu
2023-04-05T20:58:36Z
<p>Lindner: /* move /home/wheel */</p>
<hr />
<div>= About Ubuntu =<br />
<br />
AAA<br />
<br />
<br />
<br />
= Ubuntu version =<br />
<br />
<pre><br />
lsb_release -a<br />
uname -a<br />
</pre><br />
<br />
= Ubuntu installer =<br />
<br />
* updated for Ububtu LTS 20.04.01, 22.04.1<br />
<br />
* download the latest Ubuntu LTS desktop installer iso image<br />
* dd the image to a USB key<br />
* power down, disconnect all disks (all HDDs, all SSDs, all M.2)<br />
* connect the SSD to be used as system disk<br />
* if system will use mirrored SSDs (using ZFS mirror), leave second SSD disconnected, we will activate it later<br />
* power up<br />
* boot from USB key in legacy mode or UEFI mode (select this in the BIOS boot menu - F8 for ASUS, F11 for Supermicro)<br />
* follow the instruction:<br />
* "try ubuntu or install ubuntu" - choose "install"<br />
* select language - accept default<br />
* "updates and other software" - accept default settings ("normal install")<br />
* "installation type" - select "advanced features" and "experimental: use ZFS"<br />
* accept partition choice<br />
* "where are you?" - select "Vancouver" (PST time zone)<br />
* "who are you?" - leave all fields blank, except "username" set to "wheel", "password" set to the root password. hostname will be set later after configuring the network<br />
* installation runs in a few minutes, when finished, reboot<br />
* login as user wheel<br />
* answer annouying questions:<br />
* "livepatch" - say "next"<br />
* "help improve" - select "do not send", say "next"<br />
* "privacy" - leave "location" as "off", say "next"<br />
* "ready to go", say "done"<br />
* right-click on the desktop, say "open in terminal", a shell will open<br />
* say "sudo /bin/bash", enter the root password, you now have the root shell<br />
* run nm-connection-editor to configure the network. use netmask 255.255.224.0, gateway 142.90.100.18, DNS 142.90.100.19, search path "triumf.ca"<br />
* after network is up (can ping ladd00), continue with post-installation steps below<br />
<br />
= Install instructions =<br />
<br />
== prepare ==<br />
<pre><br />
apt update<br />
apt upgrade<br />
</pre><br />
<br />
== install ssh ==<br />
<pre><br />
apt install ssh<br />
</pre><br />
<br />
== configure hostname ==<br />
<pre><br />
vi /etc/hostname<br />
</pre><br />
<br />
== disable swap ==<br />
<br />
ubuntu installer creates a 2 GB swap partition, not useful<br />
on 32-64 GB machine, disable it:<br />
<pre><br />
vi /etc/fstab ### comment out the "swap" line<br />
</pre><br />
<br />
== maybe reboot ==<br />
<br />
this is a good point to reboot the machine to boot<br />
the latest kernel and to set the correct hostname<br />
<br />
== install etckeeper ==<br />
<br />
keep contents of /etc in a git repository:<br />
<br />
<pre><br />
apt -y install etckeeper<br />
</pre><br />
<br />
== set timezone ==<br />
<pre><br />
timedatectl list-timezones | grep -i vancouver<br />
timedatectl set-timezone America/Vancouver<br />
</pre><br />
<br />
== install time synchronization ==<br />
<pre><br />
apt -y install chrony<br />
echo server time1.triumf.ca iburst >> /etc/chrony/chrony.conf<br />
echo server time2.triumf.ca iburst >> /etc/chrony/chrony.conf<br />
echo server time3.triumf.ca iburst >> /etc/chrony/chrony.conf<br />
systemctl disable systemd-timesyncd.service<br />
systemctl stop systemd-timesyncd.service<br />
systemctl disable ntp<br />
systemctl stop ntp<br />
systemctl enable chrony<br />
systemctl restart chrony<br />
chronyc sources<br />
chronyc tracking<br />
</pre><br />
<br />
== reenable systemd-timesyncd ==<br />
<br />
ONLY IF CHRONY DOES NOT WORK<br />
<br />
<pre><br />
apt remove chrony<br />
systemctl enable systemd-timesyncd.service<br />
systemctl restart systemd-timesyncd.service<br />
systemctl status systemd-timesyncd.service<br />
timedatectl status<br />
timedatectl timesync-status<br />
</pre><br />
<br />
== enable outgoing email (debian 11) ==<br />
<br />
this is different from ubuntu 20. it uses /etc/mailname and it hardwires the hostname into main.cf.<br />
<br />
== enable outgoing email ==<br />
<br />
* TRIUMF: use smtp.triumf.ca<br />
* CERN: use cernmx.cern.ch<br />
<br />
<pre><br />
apt install postfix ### select "satellite system", enter full hostname "xxx.triumf.ca", enter "smtp.triumf.ca"<br />
apt install mailutils<br />
dpkg-reconfigure postfix ### (if postfix already installed)<br />
</pre><br />
<pre><br />
echo olchansk@triumf.ca lindner@triumf.ca bsmith@triumf.ca >> ~root/.forward<br />
mailx root<br />
test<br />
^D<br />
</pre><br />
<br />
== enable ping for all users (debian 11) ==<br />
<br />
Without this tweak, Debian will report "operation not permitted" if a user tries to ping somewhere.<br />
<br />
<pre><br />
echo 'net.ipv4.ping_group_range = 0 1000' > /etc/sysctl.d/99-ping.conf<br />
</pre><br />
<br />
== install missing packages ==<br />
<br />
(apt eats terminal input, even the "yes |" trick does not quite work,<br />
repeat the following commands until they report that everything<br />
is installed)<br />
<br />
<pre><br />
yes | apt -y install ssh tcsh ethtool ncat rsync strace net-tools sysstat smartmontools lm-sensors traceroute time minicom screen git lsof debsums tmux<br />
yes | apt -y install lsb-release<br />
yes | apt -y install flex bison<br />
yes | apt -y install neofetch<br />
yes | apt -y install snmp snmp-mibs-downloader<br />
yes | apt -y install git subversion g++ gfortran cmake doxygen<br />
yes | apt -y install python<br />
yes | apt -y install curl libcurl4 libcurl4-openssl-dev<br />
yes | apt -y install mariadb-client ### mysql client<br />
yes | apt -y install libz-dev sqlite3 libsqlite3-dev unixodbc-dev<br />
yes | apt -y install libssl-dev<br />
yes | apt -y install emacs xemacs21 joe<br />
yes | apt -y install gnuplot dos2unix<br />
yes | apt -y install mutt bsd-mailx # email clients<br />
yes | apt -y install liblz4-tool pbzip2<br />
yes | apt -y install libc6-dev-i386 # otherwise no /usr/include/sys/types.h<br />
yes | apt -y install libreadline-dev<br />
yes | apt -y install chromium-browser chromium-codecs-ffmpeg-extra<br />
yes | apt -y install ubuntu-mate-themes<br />
yes | apt -y install libmotif-dev libxmu-dev<br />
yes | apt -y install libusb-dev libusb-1.0-0-dev<br />
yes | apt -y install xfig gsfonts-x11 gsfonts-other # install fonts for xfig<br />
yes | apt -y install libjson-perl<br />
yes | apt -y install libgsl-dev # additional GNU Scientific Library<br />
yes | apt -y install qt5-default # Qt development<br />
yes | apt -y install python3.8-full python3.8-dev python3.8-dbg python3-pip ### for pyROOT<br />
yes | apt -y install imagemagick imagemagick-common ckeditor # for elog<br />
yes | apt -y install libjpeg-dev libjpeg-progs libjpeg-tools<br />
yes | apt -y install linux-tools-common linux-tools-generic # cpupower frequency-info<br />
</pre><br />
<br />
Ubuntu LTS 20.04:<br />
<pre><br />
yes | apt -y install linux-image-generic-hwe-20.04 linux-tools-virtual-hwe-20.04 # enable linux 5.11 series kernel<br />
</pre><br />
<br />
== install git/scripts ==<br />
<pre><br />
mkdir ~root/git<br />
cd ~root/git<br />
git clone https://daq00.triumf.ca/~olchansk/git/scripts.git<br />
cd scripts<br />
git pull<br />
</pre><br />
<br />
== disable swap (debian 11) ==<br />
<br />
* on 64 GB RAM machines swap is not useful<br />
* on machines booted from network (NFS-ROOT), swap does not work<br />
* on machines running from flash (RPi, etc), flash is too slow for useful swap<br />
* swap configured by linux installers invariably has wrong size and is not useful<br />
<br />
<pre><br />
systemctl disable dphys-swapfile<br />
systemctl stop dphys-swapfile<br />
dphys-swapfile uninstall<br />
</pre><br />
<br />
== configure DNS ==<br />
<br />
<pre><br />
cd ~/git/scripts<br />
git pull<br />
mkdir /etc/systemd/resolved.conf.d<br />
cp etc/resolved-triumf.conf /etc/systemd/resolved.conf.d/<br />
systemctl restart systemd-resolved<br />
resolvectl<br />
#systemd-analyze cat-config systemd/resolved.conf<br />
</pre><br />
<br />
== install ganglia ==<br />
<br />
<pre><br />
yes | apt-get -y install ganglia-monitor<br />
systemctl enable ganglia-monitor<br />
</pre><br />
<pre><br />
cd ~root/git/scripts<br />
git pull<br />
cp etc/gmond-ubuntu.conf /etc/ganglia/gmond.conf<br />
ln -s ganglia/gmond.conf /etc<br />
# ln -s arm-linux-gnueabihf/ganglia /usr/lib/ganglia ### fix path for ARM CPU<br />
# ln -s i386-linux-gnu/ganglia /usr/lib/ganglia ### fix path for 32-bit Intel CPU<br />
systemctl restart ganglia-monitor<br />
systemctl status ganglia-monitor<br />
ps -efw | grep gmond<br />
</pre><br />
<pre><br />
cd ~root/git/scripts/ganglia<br />
make install<br />
./ganglia-all.perl<br />
</pre><br />
<br />
== install gonodeinfo ==<br />
<br />
* go to https://bitbucket.org/dd1/gonodeinfo follow instructions:<br />
<pre><br />
yes | apt-get -y install golang<br />
mkdir ~/git<br />
cd ~/git<br />
git clone https://bitbucket.org/dd1/gonodeinfo.git<br />
cd gonodeinfo<br />
git pull<br />
make<br />
make install # install gonodeinfo agent<br />
cd ~ # this is important<br />
</pre><br />
* edit /etc/gonodeinfo.conf<br />
* change "Description", "Location", "User" and "Administrator" as appropriate (or delete them)<br />
* change "Servers" to read: Servers: daq00.triumf.ca:8601<br />
* run "gonodeinfo -v"<br />
* if error is "connection refused". go to the nodeinfo server to add this client to the access control list:<br />
* on the gonodeinfo server: run /opt/gonodeinfo/gonodereceive.exe -a daq13<br />
* try gonodeinfo again, there should be no error<br />
* on the gonodeinfo server: run gonodereport, look at the web pages, the new machine should be listed now<br />
<br />
== install libz.so.1 for CentOS compatibility ==<br />
<br />
KO - confirm which versions on quartus need this.<br />
<br />
<pre><br />
yes | apt-get -y install zlib1g<br />
yes | apt-get -y install zlib1g:i386 libc6:i386 libgcc1:i386 gcc-6-base:i386<br />
</pre><br />
<br />
== install libpng12.so.0 for Quartus compatibility ==<br />
<br />
(does not work anymore!!!)<br />
<br />
<pre><br />
wget http://ftp.ca.debian.org/debian/pool/main/libp/libpng/libpng12-0_1.2.50-2+deb8u2_amd64.deb<br />
dpkg --install libpng12-0_1.2.50-2+deb8u2_amd64.deb<br />
</pre><br />
<br />
== install libpng12.so.0 for Quartus 13.0sp1 ==<br />
<br />
<pre><br />
wget https://daq00.triumf.ca/~olchansk/linux/libpng12.so.0<br />
wget https://daq00.triumf.ca/~olchansk/linux/libpng12.so.0.50.0<br />
/bin/cp -pv libpng12.so.0 libpng12.so.0.50.0 /lib/x86_64-linux-gnu/<br />
</pre><br />
<br />
== install packages for Xilinx ==<br />
<br />
<pre><br />
apt install texinfo<br />
apt install zlib1g:i386<br />
</pre><br />
<br />
== install packages for building ROOT ==<br />
<br />
<pre><br />
apt -y install libx11-dev libxpm-dev libxft-dev libxext-dev libpng-dev libjpeg-dev xlibmesa-glu-dev libxml2-dev libgsl-dev cmake<br />
</pre><br />
<br />
== install 32-bit libraries for PHYSICA ==<br />
<br />
these instructions are for running 32-bit physica executable built for SL6 on ubuntu LTS 20.04<br />
<br />
install physica sources (cannot build, do not have g77)<br />
<br />
<pre><br />
cd ~/packages<br />
git clone https://bitbucket.org/ttriumfdaq/physica.git<br />
</pre><br />
<br />
install 32-bit libraries using ubuntu package manager:<br />
<br />
<pre><br />
apt install lib32z1 # libz.so<br />
</pre><br />
<br />
copy 32-bit SL6 shared libraries to /lib32<br />
<br />
<pre><br />
root@trinatdaq:~# cp /daq/daqstore/olchansk/daq/physica-SL6/libX11.so.6 /lib32/<br />
root@trinatdaq:~# cp /daq/daqstore/olchansk/daq/physica-SL6/libgd.so.2 /lib32/<br />
root@trinatdaq:~# cp /daq/daqstore/olchansk/daq/physica-SL6/libpng12.so.0 /lib32/<br />
root@trinatdaq:~# cp /daq/daqstore/olchansk/daq/physica-SL6/libreadline.so.6 /lib32/<br />
root@trinatdaq:~# cp /daq/daqstore/olchansk/daq/physica-SL6/libncurses.so.5 /lib32/<br />
root@trinatdaq:~# cp /daq/daqstore/olchansk/daq/physica-SL6/libg2c.so.0 /lib32/<br />
root@trinatdaq:~# cp /daq/daqstore/olchansk/daq/physica-SL6/libxcb.so.1 /lib32/<br />
root@trinatdaq:~# cp /daq/daqstore/olchansk/daq/physica-SL6/libXpm.so.4 /lib32/<br />
root@trinatdaq:~# cp /daq/daqstore/olchansk/daq/physica-SL6/libjpeg.so.62 /lib32/<br />
root@trinatdaq:~# cp /daq/daqstore/olchansk/daq/physica-SL6/libfontconfig.so.1 /lib32/<br />
root@trinatdaq:~# cp /daq/daqstore/olchansk/daq/physica-SL6/libfreetype.so.6 /lib32/<br />
root@trinatdaq:~# cp /daq/daqstore/olchansk/daq/physica-SL6/libtinfo.so.5 /lib32/<br />
root@trinatdaq:~# cp /daq/daqstore/olchansk/daq/physica-SL6/libXau.so.6 /lib32/<br />
root@trinatdaq:~# cp /daq/daqstore/olchansk/daq/physica-SL6/libexpat.so.1 /lib32/<br />
</pre><br />
<br />
ldd should report:<br />
<br />
<pre><br />
trinatdaq:trinat> ldd /usr/local/physica/physica.exe<br />
linux-gate.so.1 (0xf7fa2000)<br />
libX11.so.6 => /lib32/libX11.so.6 (0xf7e43000)<br />
libgd.so.2 => /lib32/libgd.so.2 (0xf7dfe000)<br />
libpng12.so.0 => /lib32/libpng12.so.0 (0xf7dd6000)<br />
libz.so.1 => /lib32/libz.so.1 (0xf7db8000)<br />
libreadline.so.6 => /lib32/libreadline.so.6 (0xf7d7e000)<br />
libncurses.so.5 => /lib32/libncurses.so.5 (0xf7d5b000)<br />
libg2c.so.0 => /lib32/libg2c.so.0 (0xf7d3d000)<br />
libm.so.6 => /lib32/libm.so.6 (0xf7c39000)<br />
libgcc_s.so.1 => /lib32/libgcc_s.so.1 (0xf7c1a000)<br />
libc.so.6 => /lib32/libc.so.6 (0xf7a2f000)<br />
libxcb.so.1 => /lib32/libxcb.so.1 (0xf7a05000)<br />
libdl.so.2 => /lib32/libdl.so.2 (0xf79ff000)<br />
libXpm.so.4 => /lib32/libXpm.so.4 (0xf79ee000)<br />
libjpeg.so.62 => /lib32/libjpeg.so.62 (0xf7997000)<br />
libfontconfig.so.1 => /lib32/libfontconfig.so.1 (0xf7962000)<br />
libfreetype.so.6 => /lib32/libfreetype.so.6 (0xf78c9000)<br />
libtinfo.so.5 => /lib32/libtinfo.so.5 (0xf78b0000)<br />
/lib/ld-linux.so.2 (0xf7fa4000)<br />
libXau.so.6 => /lib32/libXau.so.6 (0xf78ad000)<br />
libexpat.so.1 => /lib32/libexpat.so.1 (0xf7885000)<br />
trinatdaq:trinat> <br />
</pre><br />
<br />
set login environment:<br />
<br />
<pre><br />
setenv TRIUMF_FONTS $HOME/packages/physica/fonts<br />
setenv PHYSICA_DIR $HOME/packages/physica<br />
alias physica $PHYSICA_DIR/physica-SL6-32<br />
</pre><br />
<br />
test:<br />
<br />
<pre><br />
cd ~/packages/physica<br />
physica<br />
@rangauss.pcm<br />
</pre><br />
<br />
== install lightdm ==<br />
<br />
unlike the default gdm login manager, lightdm shows the machine hostname and does not require an extra mouse click to swicth from screen saver to login mode.<br />
<br />
<pre><br />
apt -y install lightdm<br />
# select lightdm<br />
</pre><br />
<br />
== install desktop environments ==<br />
<br />
note: default display manager and default desktop are deficient, please do not skip this step.<br />
<br />
note: if apt asks to choose the display manager, select "lightdm"<br />
<br />
note: KO - I recommend the "MATE" desktop.<br />
<br />
note: you will have to cut-and-paste this several times because "apt" eats commands, even with "-y" and even piped from "yes".<br />
<br />
<pre><br />
# install MATE desktop<br />
DEBIAN_FRONTEND=noninteractive apt -y install ubuntu-mate-core ubuntu-mate-desktop ubuntu-mate-themes<br />
# install Cinnamon desktop<br />
DEBIAN_FRONTEND=noninteractive apt -y install cinnamon<br />
# install KDE desktop<br />
DEBIAN_FRONTEND=noninteractive apt -y install kubuntu-desktop<br />
# install Lxqt desktop<br />
DEBIAN_FRONTEND=noninteractive apt -y install lxqt<br />
# install Xfce4 desktop<br />
DEBIAN_FRONTEND=noninteractive apt -y install xfce4<br />
</pre><br />
<br />
== install ROOT ==<br />
<br />
Please install ROOT per instructions at http://root.cern.ch.<br />
<br />
NOTE1: The ROOT package available from Ubuntu repositories is severely out of date and cannot be used with MIDAS and ROOTANA. ### DO NOT DO THIS! apt-get install root-system<br />
<br />
NOTE2: as of 2017-Jan-09, ROOT binary kits for Ubuntu do not work (use GCC 5 instead of GCC6), build from source instead.<br />
<br />
== Install x2go ==<br />
<br />
KO - is this still needed? does it cause any security problems?<br />
<br />
x2go instructions, thanks to Art O.<br />
<br />
<pre><br />
add-apt-repository ppa:x2go/stable<br />
apt-get update<br />
apt-get install x2goserver x2goserver-xsession<br />
</pre><br />
<br />
== enable root login from ladd00/daq00 ==<br />
<pre><br />
ssh localhost<br />
CTRL-C<br />
/bin/cp ~root/git/scripts/etc/authorized_keys ~root/.ssh/<br />
</pre><br />
<br />
== install smart-status ==<br />
<pre><br />
ln -s ~/git/scripts/smart-status/smart-status.perl ~root/<br />
</pre><br />
<br />
== enable boot menu and boot messages ==<br />
<br />
This will enable the grub menu (with a 10 sec timeout) and<br />
replace black screen with exciting linux boot messages.<br />
<br />
* emacs -nw /etc/default/grub<br />
<pre><br />
GRUB_DEFAULT=0<br />
#GRUB_TIMEOUT_STYLE=hidden<br />
GRUB_TIMEOUT=10<br />
GRUB_DISTRIBUTOR=`lsb_release -i -s 2> /dev/null || echo Debian`<br />
#GRUB_CMDLINE_LINUX_DEFAULT="vga=769 video=640x480"<br />
GRUB_CMDLINE_LINUX_DEFAULT=""<br />
GRUB_CMDLINE_LINUX=""<br />
#GRUB_GFXMODE=640x480<br />
</pre><br />
* update grub config:<br />
<pre><br />
grub-mkconfig -o /boot/grub/grub.cfg<br />
</pre><br />
<br />
== reboot ==<br />
<br />
this completes installation of the base system.<br />
<br />
following sections modify basic ubuntu to fix known problems and to enable special stuff.<br />
<br />
= Enable automatic updates =<br />
<br />
<pre><br />
apt install unattended-upgrades<br />
cd ~/git/scripts<br />
git pull<br />
/bin/cp -v etc/99apt-conf-ko /etc/apt/apt.conf.d/<br />
apt-config dump | grep Unattended<br />
</pre><br />
<br />
Following is obsolete:<br />
<br />
* emacs -nw /etc/apt/apt.conf.d/50unattended-upgrades<br />
** uncomment in Allowed-Origins "-security" and "-updates"<br />
** add in Allowed-Origins: "Google LLC:stable";<br />
** uncomment/add: "Unattended-Upgrade::Mail "root";<br />
* emacs -nw /etc/apt/apt.conf.d/10periodic<br />
<pre><br />
APT::Periodic::Update-Package-Lists "1";<br />
APT::Periodic::Download-Upgradeable-Packages "1";<br />
APT::Periodic::AutocleanInterval "7";<br />
APT::Periodic::Unattended-Upgrade "1";<br />
</pre><br />
* test: unattended-upgrade --dry-run -v<br />
<br />
= Fix bpool is full =<br />
<br />
!!! only if ROOT on ZFS !!!<br />
<br />
There is an error in the zsys package that causes bpool to run out of space,<br />
see [[#Ubuntu zsys]] for more details.<br />
<br />
To fix:<br />
<pre><br />
cd ~/git/scripts<br />
git pull<br />
cp etc/zsys.conf /etc/<br />
zsysctl service reload<br />
zsysctl service gc<br />
zpool list bpool<br />
zfs list bpool<br />
df /boot<br />
</pre><br />
<br />
= IPMI instructions =<br />
<br />
IPMI is the board management hardware on Supermicro and other server motherboards. This includes hardware sensors - fan rotation speed, temperatures and power supply voltages.<br />
<br />
<pre><br />
apt-get install ipmitool<br />
systemctl enable ipmievd<br />
systemctl restart ipmievd<br />
</pre><br />
<br />
Run:<br />
* ipmitool sel list ### event list<br />
* ipmitool sel elist ### event list<br />
* ipmitool sel clear ### clear event list (if it becomes full)<br />
* ipmitool sensor ### report hardware sensors<br />
<br />
= move /home/wheel =<br />
<br />
note: this MUST be done if ZFS root and NIS/autofs with /home.<br />
<br />
Default location of wheel's home directory will collide with autofs /home, it has to be moved,<br />
for example to /wheel.<br />
<br />
<pre><br />
# logout from the wheel user<br />
# go to another computer<br />
ssh root@daqubuntuxxx<br />
zfs list | grep wheel ### identify zfs name wheel_xxxxxx<br />
zfs set mountpoint=/wheel rpool/USERDATA/wheel_hm8fzh<br />
emacs -nw /etc/passwd ### change wheel's home directory from /home/wheel to /wheel<br />
su - wheel ### check that user wheel still works<br />
</pre><br />
<br />
<br />
TL edit (April 2023): I think also need to do chown wheel.wheel /wheel<br />
<br />
= enable NIS (ubuntu 22.04, debian 11) =<br />
<br />
<pre><br />
apt -y install rpcbind nis<br />
echo DAQ-NIS >> /etc/defaultdomain<br />
echo ypserver daq00.triumf.ca >> /etc/yp.conf<br />
systemctl enable ypbind.service<br />
systemctl restart ypbind.service<br />
systemctl status ypbind.service<br />
ypwhich -m<br />
</pre><br />
<br />
enable ypserv:<br />
<br />
<pre><br />
sed -i s/NISSERVER=false/NISSERVER=slave/ /etc/default/nis<br />
/usr/lib/yp/ypinit -s daq00<br />
echo ypserver localhost >> /etc/yp.conf<br />
sed -i "s/ypserver .*/ypserver localhost/" /etc/yp.conf<br />
systemctl enable ypserv<br />
systemctl restart ypserv<br />
systemctl restart ypbind<br />
</pre><br />
<br />
edit /etc/nsswitch.conf to read:<br />
<br />
<pre><br />
# begin get data from nis<br />
passwd: files nis<br />
group: files nis<br />
shadow: files nis<br />
automount: files nis<br />
netgroup: files nis<br />
# end get data from nis<br />
</pre><br />
<br />
enable hourly update of nis maps:<br />
<br />
<pre><br />
mkdir ~root/git<br />
cd ~root/git<br />
git clone http://daq00.triumf.ca/~olchansk/git/scripts.git<br />
cd ~/git/scripts/etc<br />
git pull<br />
ln -s $PWD/ypxfr-cron-hourly /etc/cron.hourly<br />
</pre><br />
<br />
If this is a new machine, then on the master NIS node (daq00), add this new node to /etc/netgroup, and update NIS maps (cd /var/yp; make)<br />
<br />
= enable NIS (ubuntu 20.04) =<br />
<br />
* apt-get -y install portmap nis ### will ask for NIS domain (DAQ-NIS)<br />
* dpkg-reconfigure nis ### reconfigure if already installed<br />
* ypwhich -m<br />
* edit /etc/default/nis<br />
** set "NISSERVER=slave"<br />
** Ubuntu LTS 20.04, check that "YPBINDARGS=" is blank, remove "-no-dbus" if it is there<br />
* #edit /etc/yp.conf, comment-out everything, add "domain DAQ-NIS server localhost"<br />
* edit /etc/yp.conf, comment-out everything, add "ypserver localhost"<br />
* /usr/lib/yp/ypinit -s daq00<br />
* systemctl enable nis<br />
* systemctl restart nis<br />
* ypwhich<br />
* ypwhich -m<br />
* ypcat -k passwd<br />
* vi /etc/nsswitch.conf ### add the automount line, modify the passwd, group and shadow lines to read this:<br />
<pre><br />
# begin get data from nis<br />
passwd: files nis<br />
group: files nis<br />
shadow: files nis<br />
automount: files nis<br />
netgroup: files nis<br />
# end get data from nis<br />
</pre><br />
* enable hourly update of NIS maps<br />
<pre><br />
mkdir ~root/git<br />
cd ~root/git<br />
git clone http://ladd00.triumf.ca/~olchansk/git/scripts.git<br />
cd ~/git/scripts/etc<br />
git pull<br />
ln -s $PWD/ypxfr-cron-hourly /etc/cron.hourly<br />
</pre><br />
* ### NOT NEEDED sudo vi /etc/idmapd.conf ### add line: "Domain = triumf.ca"<br />
<br />
= enable autofs =<br />
<br />
<pre><br />
apt -y install autofs<br />
systemctl enable autofs<br />
systemctl restart autofs<br />
ls -l /home/olchansk ### test autofs, check file owner is correct<br />
</pre><br />
<br />
= enable NFS server =<br />
<br />
<pre><br />
apt install nfs-kernel-server<br />
#edit /etc/exports<br />
systemctl enable nfs-server<br />
systemctl restart nfs-server<br />
</pre><br />
<br />
= NIS master =<br />
<br />
notes for setting up the NIS master<br />
<br />
== wheel user ==<br />
<br />
"wheel" is the default administrative user. We do not want it's password exported to NIS (encrypted password hash is world visible) and we do not want it's home directory exported to NFS (~wheel/.ssh is world visible and potentially writable: anybody can change ~wheel/.ssh/authorized_keys).<br />
<br />
* move wheel's home directory from /home/wheel to /wheel (see special section about this)<br />
* change wheel's UID and GID from 1000 to a value below MINUID in /var/yp/Makefile<br />
<br />
== coherent uids ==<br />
<br />
we do not want system accounts defined in /etc/passwd of the NIS master<br />
to be included in the NIS map "passwd". this causes trouble on NIS clients<br />
where newly installed packages fail to create local system users because same<br />
user already exists in NIS.<br />
<br />
This is controlled by MINUID in /var/yp/Makefile.<br />
<br />
Historical TRIUMF uids start from around 200, but several clusters do not have any historic TRIUMF uids below 500 and MINUID is set to:<br />
* DAQ-NIS: MINUID=200<br />
* ISAC-NIS: MINUID=500<br />
* TITAN-NIS: MINUID=500<br />
* MUSR-NIS: MINUID=500<br />
* TIG-NIS: MINUID=500 (100 on SL6 mother8pi)<br />
<br />
Ubuntu 20 has two programs to create users:<br />
* adduser - creates new users with UID 1000 and up as specified in /etc/adduser.conf. No problems here.<br />
* adduser --system - creates new system users with UID 100 and up as specified in /etc/adduser.conf. No problems here.<br />
* useradd - creates new users with UID 1000 and up as specified in /etc/login.defs. No problems here.<br />
* useradd --system - creates new system users with UID 999 and down (read "man useradd", section at the end about SYS_UID_MAX). This collides with NIS MINUID, these system users will be included in the NIS map and cause trouble.<br />
<br />
This problem cannot be fixed, SYS_UID_MIN, SYS_UID_MAX and UID_MIN in /etc/login.defs do not seem<br />
to have any effect on UIDs chosen by "useradd --system". (tested on Ubuntu LTS 20.04).<br />
<br />
So far only these system accounts seem to be affected by this:<br />
* systemd-coredump<br />
* ganglia<br />
<br />
To fix:<br />
* run "sort -r -n -t: -k3 /etc/passwd" to identify the last unused system user uid (range 100..200)<br />
* run "sort -r -n -t: -k3 /etc/group" to identify the last unused system user gid (range 100.200)<br />
* systemd-coredump: manually change UID and GID (package systemd-coredump is usually not installed)<br />
* ganglia: same thing, then change ownership on all ganglia files.<br />
<br />
Also read systemd author's opinion on system vs user UIDs:<br />
https://github.com/systemd/systemd/issues/4850#issuecomment-265698275<br />
<br />
= Fix systemd-logind NIS breakage =<br />
<br />
!!! THIS IS NOT NEEDED FOR UBUNTU LTS 20.04 !!!<br />
<br />
there is a delay in ssh logins for normal users. "ssh -v" shows the delay is after "pledge...". this<br />
fix removes the delay.<br />
<br />
systemd developers think that we should not use NIS and made sure there are<br />
problems if we do. To give them credit, they do offer a workaround. Read this:<br />
https://github.com/poettering/systemd/commit/695fe4078f0df6564a1be1c4a6a9e8a640d23b67<br />
<br />
<pre><br />
mkdir /etc/systemd/system/systemd-logind.service.d<br />
echo -e "[Service]\nIPAddressDeny=\n" > /etc/systemd/system/systemd-logind.service.d/local.conf<br />
systemctl daemon-reload<br />
systemctl cat systemd-logind.service<br />
</pre><br />
<br />
= Fix systemd-udevd NIS breakage =<br />
<br />
see same problem as above with udev getting stuck. ubuntu lts 20.04.<br />
<br />
<pre><br />
mkdir /etc/systemd/system/systemd-udevd.service.d<br />
echo -e "[Service]\nIPAddressDeny=\n" > /etc/systemd/system/systemd-udevd.service.d/local.conf<br />
systemctl daemon-reload<br />
systemctl cat systemd-udevd.service<br />
</pre><br />
<br />
= Configure USB device permissions =<br />
<br />
Configure USB device permissions for user access to USB-serial devices, Altera USB Blaster, etc.<br />
<br />
* create file /etc/udev/rules.d/99-usb-chmod.rules with this contents:<br />
<br />
<pre><br />
emacs -nw /etc/udev/rules.d/99-usb-chmod.rules<br />
ACTION=="add", SUBSYSTEM=="usbmisc", RUN+="/bin/chmod a+wr $env{DEVNAME}" <br />
ACTION=="add", SUBSYSTEM=="usb_device", RUN+="/bin/chmod a+wr /dev/%c"<br />
ACTION=="add", SUBSYSTEM=="usb_device", RUN+="/bin/chmod a+wr /proc/%c"<br />
ACTION=="add", ENV{DEVTYPE}=="usb_device", RUN+="/bin/chmod a+wr $env{DEVNAME}"<br />
ACTION=="add", ENV{DEVTYPE}=="usb_device", RUN+="/bin/chmod a+wr $env{DEVICE}"<br />
ACTION=="add", ENV{PHYSDEVBUS}=="usb-serial", RUN+="/bin/chmod a+wr $env{DEVNAME}"<br />
ACTION=="add", ENV{DEVPATH}=="/class/tty/ttyS*", RUN+="/bin/chmod a+wr $env{DEVNAME}"<br />
ACTION=="add", SUBSYSTEM=="tty", DEVPATH=="*ttyUSB*", RUN+="/bin/chmod a+rw $env{DEVNAME}"<br />
ACTION=="add", SUBSYSTEM=="tty", DEVPATH=="*ttyACM*", RUN+="/bin/chmod a+rw $env{DEVNAME}"<br />
ACTION=="add", SUBSYSTEM=="tty", DEVPATH=="*ttyS*", RUN+="/bin/chmod a+rw $env{DEVNAME}"<br />
ACTION=="add", DEVPATH=="*video*", RUN+="/bin/chmod a+rw $env{DEVNAME}"<br />
</pre><br />
<br />
* reload udev rules: udevadm control --reload-rules<br />
* apply new permissions: udevadm trigger --action=add<br />
* watch udev activity: udevadm monitor -p<br />
<br />
= Configure lightdm display manager =<br />
<br />
* enable it<br />
<pre><br />
echo lightdm | dpkg-reconfigure -fteletype lightdm<br />
systemctl disable gdm<br />
systemctl disable sddm<br />
systemctl enable lightdm<br />
</pre><br />
<br />
* make the MATE desktop as default<br />
<pre><br />
cd ~root/git/scripts/<br />
git pull<br />
/bin/cp -v etc/lightdm_default_mate.conf /etc/lightdm/lightdm.conf.d/<br />
</pre><br />
<br />
* enable login by NIS users<br />
<pre><br />
/bin/cp -v etc/lightdm_enable_nis_login.conf /etc/lightdm/lightdm.conf.d/<br />
</pre><br />
<br />
* restart lightdm<br />
<pre><br />
systemctl stop gdm<br />
systemctl restart lightdm<br />
</pre><br />
<br />
= Install libpng12.so.0 =<br />
<br />
Quartus 16 needs libpng12:<br />
<br />
<pre><br />
wget http://mirrors.kernel.org/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.54-1ubuntu1_amd64.deb<br />
dpkg --install libpng12-0_1.2.54-1ubuntu1_amd64.deb<br />
</pre><br />
<br />
= Install google-chrome =<br />
<br />
<pre><br />
wget https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb<br />
dpkg -i google-chrome-stable_current_amd64.deb<br />
</pre><br />
<br />
confirm autoupdate is enabled, observe dl.google.com is present in the list of repositories:<br />
<pre><br />
apt update<br />
...<br />
Get:5 https://dl.google.com/linux/chrome/deb stable/main amd64 Packages [1,094 B]<br />
...<br />
</pre><br />
<br />
FOLLOWING IS OBSOLETE:<br />
<br />
Instructions from here:<br />
https://www.ubuntuupdates.org/ppa/google_chrome?dist=stable<br />
<br />
<pre><br />
wget -q -O - https://dl-ssl.google.com/linux/linux_signing_key.pub | apt-key add -<br />
sh -c 'echo "deb [arch=amd64] http://dl.google.com/linux/chrome/deb/ stable main" >> /etc/apt/sources.list.d/google-tmp.list'<br />
apt update<br />
apt install google-chrome-stable<br />
/bin/rm -f /etc/apt/sources.list.d/google-tmp.list<br />
</pre><br />
<br />
= Install amanda client =<br />
<br />
ONLY ONE MACHINES THAT HOST HOME DIRECTORIES<br />
<br />
* apt install amanda-client<br />
* edit /etc/amandahosts<br />
<pre><br />
amanda.triumf.ca amanda amdump<br />
</pre><br />
* check permissions on /etc/amandahosts:<br />
<pre><br />
root@daq00:/var/log/amanda# ls -l /etc/amandahosts<br />
-rw------- 1 backup backup 49 Jan 27 10:48 /etc/amandahosts<br />
</pre><br />
* fix if needed: chown backup.backup /etc/amandahosts; chmod a= /etc/amandahosts; chmod u=wr /etc/amandahosts<br />
* edit /etc/amanda-security.conf, add this line:<br />
<pre><br />
runtar:gnutar_path=/usr/bin/tar<br />
</pre><br />
<br />
On the amanda machine:<br />
<br />
* in amanda disklist, use dump type "bsdtcp-comp-user-tar"<br />
* su - amanda and run amcheck -c daily daq00<br />
<pre><br />
-bash-4.1$ amcheck -c daily daq00<br />
<br />
Amanda Backup Client Hosts Check<br />
--------------------------------<br />
Client check: 1 host checked in 0.092 seconds. 0 problems found.<br />
<br />
(brought to you by Amanda 3.3.7p1.git.685ff76d)<br />
</pre><br />
<br />
= Enable rc.local =<br />
<br />
For reasons unknown, Ubuntu LTS 20.04 does not enable /etc/rc.local. Do this:<br />
<br />
<pre><br />
cd ~/git/scripts<br />
git pull<br />
cp -n -v etc/rc.local /etc/<br />
chmod a+rx /etc/rc.local<br />
cp etc/rc-local.service /etc/systemd/system/<br />
systemctl daemon-reload<br />
systemctl enable rc-local<br />
systemctl start rc-local<br />
systemctl status rc-local<br />
</pre><br />
<br />
= Disable unwanted services =<br />
<br />
<pre><br />
systemctl disable mpd<br />
systemctl disable snapd<br />
systemctl disable ModemManager<br />
systemctl --global mask tracker-extract-3.service<br />
systemctl --global mask tracker-miner-fs-3.service<br />
systemctl daemon-reload<br />
</pre><br />
<br />
= Disable sleep and suspend =<br />
<br />
note: we see some computers randomly shutdown or go to sleep, log files indicates the "sleep" or "suspend" button was pushed by user, but no such buttons actually exist. this is the fix for this:<br />
<br />
<pre><br />
systemctl mask sleep.target suspend.target hibernate.target hybrid-sleep.target systemd-suspend.service systemd-hybrid-sleep.service<br />
</pre><br />
<br />
= Enable crontab @reboot for MIDAS =<br />
<br />
startup scripts have a bug - cron @reboot entries for normal users can run before autofs is ready, so if the home directory is on autofs/NFS, it cannot be accessed and the cron job fails. If MIDAS is supposed to be started by cron @reboot, it will not start (there *will* be an error message in /var/log/cron).<br />
<br />
<pre><br />
mkdir /etc/systemd/system/cron.service.d<br />
echo -e "[Unit]\nAfter=ypbind.service autofs.service\n" > /etc/systemd/system/cron.service.d/local.conf<br />
systemctl daemon-reload<br />
systemctl cat cron.service<br />
</pre><br />
<br />
Explore the systemd dependency tree using "systemctl list-dependencies" maybe with "--all".<br />
<br />
Visualize the exact boot sequence from previous boot: "systemd-analyze plot > xxx.svg", look at the svg file using a web browser.<br />
<br />
Crontab entry to start midas: (install in the midas user crontab, not root crontab)<br />
<br />
<pre><br />
su - midasuser<br />
crontab -l<br />
#@reboot /bin/bash -l -c "/home/trinat/bin/start-daq-applications"<br />
#@reboot /bin/tcsh -c "/home/trinat/bin/start-daq-applications"<br />
</pre><br />
<br />
= Install apache httpd proxy for midas and elog =<br />
<br />
This will configure the HTTPS/SSL certificate using "certbot" and "letsencrypt" and configure an HTTPS web server using apache2.<br />
<br />
First, configure apache2:<br />
<br />
* execute these commands:<br />
<pre><br />
apt -y install apache2<br />
cd /etc/apache2<br />
</pre><br />
* create new file conf-available/ssl-daq14.conf # use actual hostname instead of daq14<br />
<pre><br />
SSLSessionCache shmcb:/run/httpd/sslcache(512000)<br />
SSLSessionCacheTimeout 300<br />
SSLRandomSeed startup file:/dev/urandom 256<br />
SSLRandomSeed connect builtin<br />
SSLCryptoDevice builtin<br />
</pre><br />
* create new file sites-available/daq14-ssl.conf # use actual hostname instead of daq14<br />
<pre><br />
<IfModule mod_ssl.c><br />
<VirtualHost *:443><br />
ServerName daq14.triumf.ca<br />
DocumentRoot /var/www/html<br />
ErrorLog /var/log/apache2/daq14.log<br />
SSLEngine on<br />
# note SSLProtocol, SSLCipherSuite and some other settings are overwritten by /etc/letsencrypt/options-ssl-apache.conf<br />
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1<br />
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!SEED:!IDEA:!RC4<br />
## use port specified in elogd.cfg<br />
#ProxyPass /elog/ http://localhost:8082/ retry=1 <br />
## use mhttpd port<br />
#ProxyPass / http://localhost:8080/ retry=1 <br />
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"<br />
<Location /><br />
SSLRequireSSL<br />
AuthType Basic<br />
AuthName "DAQ password protected site"<br />
Require valid-user<br />
# create password file: touch /etc/apache2/htpasswd<br />
# to add new user or change password: htpasswd /etc/apache2/htpasswd username<br />
AuthUserFile /etc/apache2/htpasswd<br />
</Location><br />
</VirtualHost><br />
</IfModule><br />
</pre><br />
* stop apache2 from listening on port 80: edit /etc/apache2/ports.conf, comment-out the line "Listen 80"<br />
* stop apache2 from listening on port 80: edit /etc/apache2/ports.conf, comment-out the line "Listen 80"<br />
* enable ssl module<br />
* enable new configurations<br />
<pre><br />
a2enmod ssl<br />
a2enmod headers<br />
a2enmod proxy<br />
a2enmod proxy_http<br />
a2enconf ssl-daq14<br />
a2ensite daq14-ssl<br />
</pre><br />
* disable default ssl sites<br />
<pre><br />
a2dissite 000-default-le-ssl<br />
a2dissite 000-default<br />
ls -l /etc/apache2/sites-enabled/ ### should show only daq14-ssl.conf<br />
</pre><br />
* check that there are no syntax problems<br />
<pre><br />
apache2ctl configtest<br />
</pre><br />
* enable and start apache2:<br />
<pre><br />
systemctl enable apache2<br />
systemctl restart apache2<br />
systemctl status apache2<br />
</pre><br />
* apache2 may fail to start, look in /var/log/apache2/error.log and /var/log/apache2/daq14.log<br />
* if it says "Failed to configure ... certificate", proceed to the step for setting certbot.<br />
* try to access https://daq14.triumf.ca<br />
** you should see a complaint about self-signed certificate<br />
** you should see a request for password (do not login yet)<br />
** if you get "connection refused", HTTPS port 443 may need to be enabled in the local firewall, look at documentation for ufw.<br />
Second, configure certbot:<br />
<br />
(Note: as of 2018-01-18 certbot requires use of http port 80 to get the initial https certificate,<br />
renewal can continue to use the https port 443)<br />
<br />
(Note: as of 2019-01-?? certbot requires use of port 80 for renewals)<br />
<br />
* check that port 80 is not used by anything:<br />
* netstat -an | grep LISTEN | grep ^tcp | grep 80<br />
* lsof -P | grep -i tcp | grep LISTEN | grep 80<br />
* if lsof reports that apache2 is listening on port 80, follow the apache2 instructions above (remove "listen 80" from apache2.conf<br />
<br />
* install certbot (if necessary open tcp port 80 in the firewall, see documentation for ufw):<br />
<pre><br />
apt install certbot python3-certbot-apache<br />
certbot certonly --standalone --installer apache<br />
</pre><br />
* then answer questions:<br />
* "activate HTTPS for daq14.triumf.ca" - say ok<br />
* "enter email address" - enter your own email address<br />
* "please read terms..." - read the terms and say "agree"<br />
* it will take a few moments...<br />
* "congratulations..." - say ok.<br />
<pre><br />
certbot install --apache --cert-name daq14.triumf.ca<br />
</pre><br />
* then answer questions:<br />
* "choose redirect..." - say "1" (no redirect)<br />
* look inside /etc/apache2/sites-enabled/daq14-ssl.conf to see that SSLCertificateFile & co point to certbot certificates in<br />
/etc/letsencrypt/live/daq14.triumf.ca/<br />
* to check current renewal and to update the certbot config file in /etc/letsencrypt/renewal, run this:<br />
<pre><br />
certbot renew --standalone --installer apache --force-renewal<br />
</pre><br />
<br />
NOTE: this certificate will expire in 3 months, automatic renewal should work with current version of certbot<br />
<br />
Third, activate password protection:<br />
<br />
* as shown in the config file above, create password file and initial user: (replace "midas" with specific username)<br />
<pre><br />
touch /etc/apache2/htpasswd<br />
htpasswd /etc/apache2/htpasswd midas<br />
</pre><br />
<br />
* restart apache2<br />
<pre><br />
systemctl restart apache2<br />
systemctl status apache2<br />
</pre><br />
<br />
From here:<br />
* enable proxy for MIDAS mhttpd - uncomment redirect in the config file above<br />
* enable proxy for ELOG - ditto<br />
<pre><br />
a2enmod proxy<br />
a2enmod proxy_http<br />
apache2ctl configtest<br />
systemctl restart apache2<br />
</pre><br />
<br />
From here:<br />
* enable proxy for MIDAS mhttpd - uncomment redirect in the config file above<br />
* enable proxy for ELOG - ditto<br />
<pre><br />
a2enmod proxy<br />
a2enmod proxy_http<br />
apache2ctl configtest<br />
systemctl restart apache2<br />
</pre><br />
* try accessing MIDAS https://daq14.triumf.ca/ (make sure mhttpd is running)<br />
* if it's not working, check odb setting FIXME!<br />
* try accessing ELog https://daq14.triumf.ca/elog/ (make sure elogd is running)<br />
* if it's not working, check elogd.cfg file and make sure<br />
<pre><br />
SSL = 0<br />
</pre><br />
<br />
NOTE: if certbot fails with errors about 'module' object has no attribute 'pyopenssl',<br />
try this: pip install requests==2.6.0<br />
<br />
= Enable elog PDF preview =<br />
<br />
see https://stackoverflow.com/questions/52998331/imagemagick-security-policy-pdf-blocking-conversion<br />
<br />
* xemacs -nw /etc/ImageMagick-6/policy.xml<br />
* remove this section at the end:<br />
<pre><br />
<!-- disable ghostscript format types --><br />
<policy domain="coder" rights="none" pattern="PS" /><br />
<policy domain="coder" rights="none" pattern="PS2" /><br />
<policy domain="coder" rights="none" pattern="PS3" /><br />
<policy domain="coder" rights="none" pattern="EPS" /><br />
<policy domain="coder" rights="none" pattern="PDF" /><br />
<policy domain="coder" rights="none" pattern="XPS" /><br />
</pre><br />
<br />
= Install ZFS quota report =<br />
<br />
If there are any ZFS volumes, install script to report disk and quota usage<br />
<br />
<pre><br />
cd ~/git/scripts/quotareport<br />
git pull<br />
mkdir /var/www/html/zfsquotareport<br />
cp -pv ~/git/scripts/quotareport/sorttable.js /var/www/html/zfsquotareport/<br />
ln -s $PWD/zfsquotareport.perl /etc/cron.daily/<br />
touch /etc/crontab<br />
</pre><br />
<br />
If httpd is configured to redirect "/" to MIDAS mhttpd:<br />
* add following to /etc/apache2/sites-enabled/xxx-ssl.conf in front of "ProxyPass / ..."<br />
* run "systemctl reload apache2"<br />
<pre><br />
## do not proxy zfs quota report directory <br />
ProxyPass /zfsquotareport/ ! <br />
</pre><br />
<br />
= Install PHP =<br />
<br />
* apt install php libapache2-mod-php<br />
* systemctl restart apache2<br />
* create /var/www/html/info.php<br />
<pre><br />
<?php <br />
<br />
phpinfo(); <br />
</pre><br />
* open https://daq00.triumf.ca/info.php<br />
<br />
= Configure TRIUMF printers =<br />
<br />
<pre><br />
systemctl stop cups<br />
systemctl disable cups<br />
echo "ServerName printers.triumf.ca" > /etc/cups/client.conf<br />
lpstat -a<br />
</pre><br />
<br />
= Enable core dumps =<br />
<br />
By default, Ubuntu LTS 20.04 installs the apport package<br />
which disabled core dumps from user applications. (google it up!).<br />
It is not meant to do this and documentation claims that<br />
it is not installed and not enabled by default. Oh, well...<br />
<br />
<pre><br />
apt remove apport<br />
apt autoremove ### will remove apport-symptoms and a few other packages<br />
</pre><br />
<br />
After this, core dumps are written to file "core" in the current directory.<br />
See /proc/sys/kernel/core_pattern and /proc/sys/kernel/core_uses_pid.<br />
<br />
= Enable debugger =<br />
<br />
By default, Ubuntu LTS 20.04 does not permit debugger to attach and debug<br />
already running programs. To enable it, add following to /etc/rc.local<br />
<br />
<pre><br />
echo 0 > /proc/sys/kernel/yama/ptrace_scope<br />
</pre><br />
<br />
= Disable Ubuntu Pro nag =<br />
<br />
If "apt upgrade" requests Ubuntu Pro or esm-apps, disable the nag:<br />
<pre><br />
/bin/mv /etc/apt/apt.conf.d/20apt-esm-hook.conf /etc/apt/apt.conf.d/20apt-esm-hook.conf-disable<br />
</pre><br />
<br />
= Update packages =<br />
<br />
* apt-get update # update package list<br />
* apt-get dist-upgrade # install updated packages and update "kept back" packages<br />
* apt-get autoremove # remove packages that apt thinks should be removed<br />
<br />
= Finish installation =<br />
<br />
Congratulations. There is nothing more to do!<br />
<br />
* reboot<br />
<pre><br />
shutdown -r now<br />
</pre><br />
<br />
= Install ZFS =<br />
<br />
!!! after installing all the packages, after updating the system, after updating the linux kernel, after rebooting into latest kernel !!!<br />
<br />
<pre><br />
apt-get install zfsutils-linux<br />
</pre><br />
<br />
Follow generic ZFS instructions: [[ZFS]]<br />
<br />
= Update to new version of Ubuntu =<br />
<br />
<pre><br />
vi /etc/update-manager/release-upgrades # set "Prompt=normal"<br />
do-release-upgrade<br />
</pre><br />
<br />
Update Ubuntu LTS 20.04 to LTS 22.04:<br />
<br />
== daqubuntu ==<br />
<br />
<pre><br />
# reboot to clear out all updates<br />
# vi /etc/update-manager/release-upgrades # set "Prompt=normal"<br />
# do-release-upgrade -c<br />
Checking for a new Ubuntu release<br />
New release '22.04 LTS' available.<br />
Run 'do-release-upgrade' to upgrade to it.<br />
# do-release-upgrade<br />
...<br />
say yes...<br />
...<br />
login.defs, say "Y" (erase local changes, use packaged version)<br />
/etc/systemd/resolved.conf, say "Y" (same as above)<br />
firefox snap, say yes<br />
unable to reach snap store, say "skip"<br />
/etc/gmond.conf, say "Y"<br />
/var/yp/Makefile, say "install the package maintainer's version"<br />
/etc/ypserv.conf, same thing<br />
/etc/ypserv.securenets, same thing<br />
/etc/default/nis, same thing<br />
/etc/speech-dispatcher/modules/mary-generic.conf, same thing<br />
/etc/apt/apt.conf.d/50unattended-upgrades, same thing<br />
...<br />
278 packages are going to be removed, say yes<br />
...<br />
restart required, say yes<br />
...<br />
no ping... yes ping...<br />
...<br />
ssh daqubuntu, ok<br />
apt update, fail, DNS does not work, "host security.ubuntu.com" does not resolve.<br />
fix resolver per https://daq00.triumf.ca/DaqWiki/index.php/Ubuntu#Disable_NetworkManager<br />
apt update, apt upgrade now works, 0 packages to update<br />
NIS does not work.<br />
</pre><br />
<br />
== midm9a ==<br />
<br />
<pre><br />
login.defs<br />
firefox snap<br />
gmond.conf<br />
ypserv<br />
/etc/default/nis<br />
unattended-upgrades<br />
amanda-security.conf<br />
remove obsolete (no)<br />
reboot<br />
configure dns<br />
reenable nis<br />
</pre><br />
<br />
== daq17 ==<br />
<br />
<pre><br />
firefox snap<br />
imagemagick policy.xml<br />
gmond.conf<br />
chrony.conf<br />
/var/yp/Makefile<br />
ypserv.conf<br />
ypserv.securenets<br />
/etc/default/nis<br />
50unattended-upgrades<br />
</pre><br />
<br />
== daq00 ==<br />
<br />
per https://serverpilot.io/docs/how-to-upgrade-ubuntu-20.04-to-22.04/<br />
<br />
<pre><br />
do-release-upgrade -f DistUpgradeViewNonInteractive<br />
</pre><br />
<br />
if it exists "too soon" without doing anything, run it without "-f xxx", most likely it does not like something about this machine. in case of daq00 it did not like how the EFI partitions were mounted. after fixing it, non-interactive upgrade was successful.<br />
<br />
= Ubuntu package manager =<br />
<br />
* apt-get install xxx # install package xxx<br />
* apt-get update<br />
* apt-get upgrade<br />
* apt-get dist-upgrade<br />
* apt-get autoremove # remove automatically installed packages required by a removed package<br />
* apt-get remove xxx # remove package xxx<br />
* apt-cache search . # list all available packages<br />
* apt-cache show "." | grep ^Package # list al available packages<br />
* apt-cache madison root-system # show all available versions of package root-system<br />
* apt list # list all installed packages<br />
* dpkg --listfiles libpng16-16 # list all files from this package<br />
* apt list --installed # list all installed packages<br />
* dpkg -S /bin/bash # what package provides this file?<br />
* dpkg -L bash # what files provided by this package?<br />
* debsums -ce # show modified config files<br />
* apt-config dump # show apt configuration<br />
<br />
= Ubuntu zsys =<br />
<br />
* manages system snapshots<br />
* documentation: https://github.com/ubuntu/zsys<br />
* documentation: (go to next article via link "newer" at the bottom) https://didrocks.fr/2020/05/21/zfs-focus-on-ubuntu-20.04-lts-whats-new/<br />
* ubuntu 20.04 bug, too many snapshots cause /boot to become full and updates fail. https://github.com/ubuntu/zsys/issues/155<br />
* solution: use custom /etc/zsys.conf, limit number of snapshots to 10, see trinatdaq:/etc/zsys.conf<br />
* zsys commands:<br />
<pre><br />
update-grub # list of all snapshots, errors if some snapshots are broken<br />
zsysctl state remove lnc0k7 --system # remove snapshot<br />
xemacs -nw /etc/zsys.conf; zsysctl service reload; zsysctl service gc # cause gc to run with new settings in zsys.conf<br />
zfs list -r -t snapshot -o name,used,referenced,creation bpool/BOOT # list snapshots<br />
zsysctl show # show snapshots<br />
</pre><br />
<br />
= Ubuntu cloning =<br />
<br />
to clone a ubuntu image:<br />
<br />
<pre><br />
cd /nfsroot/lxcpet<br />
emacs -nw etc/hostname ### change hostname<br />
emacs -nw etc/mailname ### change hostname (debian 11)<br />
emacs -nw etc/defaultdomain ### change the NIS domainname<br />
emacs -nw etc/yp.conf ### change the NIS server<br />
cp -pvf ../lxcpet-SL610/etc/ssh/*key* etc/ssh/ ### preserve the ssh keys<br />
emacs -nw opt/gonodeinfo/gonodeinfo.conf ### update information<br />
emacs -nw root/.ssh/authorized_keys ### update root ssh keys<br />
</pre><br />
<br />
= Ubuntu boot loader =<br />
<br />
== boot from ZFS ==<br />
<br />
* use UEFI boot with syslinux, see here: https://daq.triumf.ca/DaqWiki/index.php/SLinstall#Configure_UEFI_boot<br />
* apt install zfs-initramfs<br />
* update-initramfs -v -u<br />
* ZFS structure:<br />
<pre><br />
root@daq00:~# zfs list<br />
NAME USED AVAIL REFER MOUNTPOINT<br />
rpool 147G 1.62T 96K /<br />
rpool/ROOT 17.8G 1.62T 96K none<br />
rpool/ROOT/ubuntu_00aaaa 17.8G 1.62T 6.22G /<br />
</pre><br />
* copy OS image to rpool/ROOT/ubuntu_00aaaa<br />
* zfs set mountpoint=/ rpool<br />
* zfs set mountpoint=none rpool/ROOT<br />
* zfs set mountpoint=/ rpool/ROOT/ubuntu_00aaaa<br />
* zfs get all | grep mountpoint<br />
<pre><br />
rpool mountpoint / local<br />
rpool/ROOT mountpoint none local<br />
rpool/ROOT/ubuntu_00aaaa mountpoint / local<br />
</pre><br />
* in linux kernel command line (syslinux.cfg), set "root=" to "root=ZFS=rpool/ROOT/ubuntu_00aaaa"<br />
<br />
== boot from ZFS mirror ==<br />
<br />
=== setup the EFI partitions ===<br />
<br />
* assuming /dev/sdb is already setup for EFI boot, setup /dev/sda the same way:<br />
* partition the second boot disk same as first boot disk:<br />
<pre><br />
root@grsnis01:~# gdisk -l /dev/sdb<br />
Found valid GPT with protective MBR; using GPT.<br />
Number Start (sector) End (sector) Size Code Name<br />
1 2048 1050623 512.0 MiB EF00 EFI system partition<br />
2 1050624 3907029134 1.8 TiB 8300 Linux filesystem<br />
root@grsnis01:~# <br />
</pre><br />
* mkfs.msdos /dev/sdX1<br />
* create mount points<br />
<pre><br />
mkdir /boot/efi-sda<br />
mkdir /boot/efi-sdb<br />
</pre><br />
* add to /etc/fstab<br />
<pre><br />
/dev/sda1 /boot/efi-sda vfat umask=0022,fmask=0022,dmask=0022,nofail 0 1 <br />
/dev/sdb1 /boot/efi-sdb vfat umask=0022,fmask=0022,dmask=0022,nofail 0 1 <br />
</pre><br />
* mount -a<br />
* df | grep boot<br />
<pre><br />
root@grsnis01:~# df | grep boot<br />
/dev/sdb1 523248 98100 425148 19% /boot/efi-sdb<br />
/dev/sda1 523248 4 523244 1% /boot/efi-sda<br />
</pre><br />
* copy boot files to new boot disk<br />
* cd /boot/efi-sdX; rsync -av . /boot/efi-sdY<br />
* set BIOS to boot from "UEFI Hard drive", disable legacy boot (except for booting from USB key in legacy mode)<br />
* if using UEFI boot syslinux per these instructions, linux kernel update has to be done manually:<br />
* run ~/git/scripts/etc/update_efi_mirror.perl, follow instructions that it prints.<br />
<br />
=== setup zfs partitions ===<br />
<br />
use partitions compatible with Ubuntu "install on ZFS"<br />
<br />
* gdisk "o" to create new GPT partition table<br />
* gdisk "n" +512M ef00 to create EFI partition<br />
* gdisk "n" +2G 8200 to create linux swap partition (not used)<br />
* gdisk "n" +2G BE00 to create ZFS bpool partition<br />
* gdisk "n" xxx BF00 create ZFS rpool partition<br />
<br />
<pre><br />
# gdisk -l /dev/sda<br />
Number Start (sector) End (sector) Size Code Name<br />
1 2048 1050623 512.0 MiB EF00 EFI System Partition<br />
2 1050624 5244927 2.0 GiB 8200 <br />
3 5244928 9439231 2.0 GiB BE00 <br />
4 9439232 234441614 107.3 GiB BF00 <br />
root@midm9a:~# <br />
</pre><br />
<br />
=== setup zfs mirror ===<br />
<br />
* see here: https://daq.triumf.ca/DaqWiki/index.php/ZFS#Convert_pool_from_single_to_mirror<br />
<pre><br />
root@grsnis01:~# ls -l /dev/disk/by-id/ata*part2<br />
lrwxrwxrwx 1 root root 10 Feb 19 16:47 /dev/disk/by-id/ata-WDC_WDS200T2B0A-00SM50_205007801081-part2 -> ../../sda2<br />
lrwxrwxrwx 1 root root 10 Feb 19 16:47 /dev/disk/by-id/ata-WDC_WDS200T2B0A-00SM50_205007801101-part2 -> ../../sdb2<br />
<br />
root@grsnis01:~# zpool status<br />
pool: rpool<br />
state: ONLINE<br />
scan: none requested<br />
config:<br />
<br />
NAME STATE READ WRITE CKSUM<br />
rpool ONLINE 0 0 0<br />
ata-WDC_WDS200T2B0A-00SM50_205007801101-part2 ONLINE 0 0 0<br />
<br />
errors: No known data errors<br />
<br />
root@grsnis01:~# zpool attach rpool ata-WDC_WDS200T2B0A-00SM50_205007801101-part2 /dev/disk/by-id/ata-WDC_WDS200T2B0A-00SM50_205007801081-part2<br />
<br />
root@grsnis01:~# zpool status<br />
pool: rpool<br />
state: ONLINE<br />
status: One or more devices is currently being resilvered. The pool will<br />
continue to function, possibly in a degraded state.<br />
action: Wait for the resilver to complete.<br />
scan: resilver in progress since Fri Feb 19 16:54:39 2021<br />
12.6G scanned at 3.16G/s, 1.02G issued at 262M/s, 12.6G total<br />
1.02G resilvered, 8.09% done, 0 days 00:00:45 to go<br />
config:<br />
<br />
NAME STATE READ WRITE CKSUM<br />
rpool ONLINE 0 0 0<br />
mirror-0 ONLINE 0 0 0<br />
ata-WDC_WDS200T2B0A-00SM50_205007801101-part2 ONLINE 0 0 0<br />
ata-WDC_WDS200T2B0A-00SM50_205007801081-part2 ONLINE 0 0 0 (resilvering)<br />
<br />
errors: No known data errors<br />
</pre><br />
* wait<br />
<pre><br />
root@grsnis01:~# zpool status<br />
pool: rpool<br />
state: ONLINE<br />
scan: resilvered 12.7G in 0 days 00:00:40 with 0 errors on Fri Feb 19 16:55:19 2021<br />
config:<br />
<br />
NAME STATE READ WRITE CKSUM<br />
rpool ONLINE 0 0 0<br />
mirror-0 ONLINE 0 0 0<br />
ata-WDC_WDS200T2B0A-00SM50_205007801101-part2 ONLINE 0 0 0<br />
ata-WDC_WDS200T2B0A-00SM50_205007801081-part2 ONLINE 0 0 0<br />
<br />
errors: No known data errors<br />
</pre><br />
<br />
== maintenance commands ==<br />
<br />
* update-initramfs -v -u<br />
* grub-install /dev/sda<br />
<br />
= Convert from single to dual mirrored ZFS SSD =<br />
<br />
Assuming Ubuntu LTS 22.04 with "instal on ZFS" option, we will<br />
add a second SSD, configure ZFS to use both SSDs in mirrored<br />
configuration and setup grub to boot from either SSD. This<br />
is intended to create a full redundant system where failure<br />
of either SSD does not break the system.<br />
<br />
* identify first SSD<br />
<pre><br />
root@midm9b:~# ./smart-status.perl <br />
Disk model serial temperature realloc pending uncorr CRC err RRER Errors Link<br />
/dev/sda WD Blue SA510 2.5 250GB 22243Z803769 24 . ? ? . ? . 6.0<br />
root@midm9b:~# <br />
</pre><br />
* connect second SSD of identical size<br />
<pre><br />
root@midm9b:~# ./smart-status.perl <br />
Disk model serial temperature realloc pending uncorr CRC err RRER Errors Link<br />
/dev/sda WD Blue SA510 2.5 250GB 22243Z803769 24 . ? ? . ? . 6.0<br />
/dev/sdb WD Blue SA510 2.5 250GB 22243Z803852 25 . ? ? . ? . 6.0<br />
root@midm9b:~# <br />
</pre><br />
* if second SSD is not autodetected, reboot<br />
* list partition table of first SSD:<br />
<pre><br />
root@midm9b:~# fdisk -l /dev/sda<br />
Disk /dev/sda: 232.89 GiB, 250059350016 bytes, 488397168 sectors<br />
Disk model: WD Blue SA510 2.<br />
Units: sectors of 1 * 512 = 512 bytes<br />
Sector size (logical/physical): 512 bytes / 512 bytes<br />
I/O size (minimum/optimal): 512 bytes / 512 bytes<br />
Disklabel type: gpt<br />
Disk identifier: 951A4174-B4C6-400D-99F5-BE9B5627FA8E<br />
<br />
Device Start End Sectors Size Type<br />
/dev/sda1 2048 1050623 1048576 512M EFI System<br />
/dev/sda2 1050624 5244927 4194304 2G Linux swap<br />
/dev/sda3 5244928 9439231 4194304 2G Solaris boot<br />
/dev/sda4 9439232 488397134 478957903 228.4G Solaris root<br />
root@midm9b:~# <br />
</pre><br />
* create identical partitions on second SSD, use sector numbers from above.<br />
<pre><br />
root@midm9b:~# gdisk /dev/sdb<br />
GPT fdisk (gdisk) version 1.0.8<br />
<br />
Partition table scan:<br />
MBR: not present<br />
BSD: not present<br />
APM: not present<br />
GPT: not present<br />
<br />
Creating new GPT entries in memory.<br />
<br />
Command (? for help): n<br />
Partition number (1-128, default 1): <br />
First sector (34-488397134, default = 2048) or {+-}size{KMGTP}: <br />
Last sector (2048-488397134, default = 488397134) or {+-}size{KMGTP}: 1050623<br />
Current type is 8300 (Linux filesystem)<br />
Hex code or GUID (L to show codes, Enter = 8300): ef00<br />
Changed type of partition to 'EFI system partition'<br />
<br />
Command (? for help): n<br />
Partition number (2-128, default 2): <br />
First sector (34-488397134, default = 1050624) or {+-}size{KMGTP}: <br />
Last sector (1050624-488397134, default = 488397134) or {+-}size{KMGTP}: 5244927<br />
Current type is 8300 (Linux filesystem)<br />
Hex code or GUID (L to show codes, Enter = 8300): 8200<br />
Changed type of partition to 'Linux swap'<br />
<br />
Command (? for help): n<br />
Partition number (3-128, default 3): <br />
First sector (34-488397134, default = 5244928) or {+-}size{KMGTP}: <br />
Last sector (5244928-488397134, default = 488397134) or {+-}size{KMGTP}: 9439231<br />
Current type is 8300 (Linux filesystem)<br />
Hex code or GUID (L to show codes, Enter = 8300): be00<br />
Changed type of partition to 'Solaris boot'<br />
<br />
Command (? for help): n<br />
Partition number (4-128, default 4): <br />
First sector (34-488397134, default = 9439232) or {+-}size{KMGTP}: <br />
Last sector (9439232-488397134, default = 488397134) or {+-}size{KMGTP}: <br />
Current type is 8300 (Linux filesystem)<br />
Hex code or GUID (L to show codes, Enter = 8300): bf00<br />
Changed type of partition to 'Solaris root'<br />
<br />
Command (? for help): w<br />
<br />
Final checks complete. About to write GPT data. THIS WILL OVERWRITE EXISTING<br />
PARTITIONS!!<br />
<br />
Do you want to proceed? (Y/N): y<br />
OK; writing new GUID partition table (GPT) to /dev/sdb.<br />
The operation has completed successfully.<br />
root@midm9b:~# fdisk -l /dev/sda /dev/sdb<br />
Disk /dev/sda: 232.89 GiB, 250059350016 bytes, 488397168 sectors<br />
Disk model: WD Blue SA510 2.<br />
Units: sectors of 1 * 512 = 512 bytes<br />
Sector size (logical/physical): 512 bytes / 512 bytes<br />
I/O size (minimum/optimal): 512 bytes / 512 bytes<br />
Disklabel type: gpt<br />
Disk identifier: 951A4174-B4C6-400D-99F5-BE9B5627FA8E<br />
<br />
Device Start End Sectors Size Type<br />
/dev/sda1 2048 1050623 1048576 512M EFI System<br />
/dev/sda2 1050624 5244927 4194304 2G Linux swap<br />
/dev/sda3 5244928 9439231 4194304 2G Solaris boot<br />
/dev/sda4 9439232 488397134 478957903 228.4G Solaris root<br />
<br />
<br />
Disk /dev/sdb: 232.89 GiB, 250059350016 bytes, 488397168 sectors<br />
Disk model: WD Blue SA510 2.<br />
Units: sectors of 1 * 512 = 512 bytes<br />
Sector size (logical/physical): 512 bytes / 512 bytes<br />
I/O size (minimum/optimal): 512 bytes / 512 bytes<br />
Disklabel type: gpt<br />
Disk identifier: EB251739-30C6-422F-A505-5887B5A0B603<br />
<br />
Device Start End Sectors Size Type<br />
/dev/sdb1 2048 1050623 1048576 512M EFI System<br />
/dev/sdb2 1050624 5244927 4194304 2G Linux swap<br />
/dev/sdb3 5244928 9439231 4194304 2G Solaris boot<br />
/dev/sdb4 9439232 488397134 478957903 228.4G Solaris root<br />
root@midm9b:~# <br />
</pre><br />
* identify second SSD partitions<br />
<pre><br />
root@midm9b:~# ls -l /dev/disk/by-id/ata*part3<br />
lrwxrwxrwx 1 root root 10 Jan 20 18:37 /dev/disk/by-id/ata-WD_Blue_SA510_2.5_250GB_22243Z803769-part3 -> ../../sda3<br />
lrwxrwxrwx 1 root root 10 Jan 20 19:34 /dev/disk/by-id/ata-WD_Blue_SA510_2.5_250GB_22243Z803852-part3 -> ../../sdb3<br />
root@midm9b:~# ls -l /dev/disk/by-id/ata*part4<br />
lrwxrwxrwx 1 root root 10 Jan 20 18:37 /dev/disk/by-id/ata-WD_Blue_SA510_2.5_250GB_22243Z803769-part4 -> ../../sda4<br />
lrwxrwxrwx 1 root root 10 Jan 20 19:34 /dev/disk/by-id/ata-WD_Blue_SA510_2.5_250GB_22243Z803852-part4 -> ../../sdb4<br />
</pre><br />
* convert bpool from single disk to mirrored disk:<br />
<pre><br />
root@midm9b:~# zpool status<br />
pool: bpool<br />
state: ONLINE<br />
config:<br />
<br />
NAME STATE READ WRITE CKSUM<br />
bpool ONLINE 0 0 0<br />
99e03dc0-7d4d-f24b-8fa1-f042b9f135db ONLINE 0 0 0<br />
<br />
errors: No known data errors<br />
<br />
pool: rpool<br />
state: ONLINE<br />
config:<br />
<br />
NAME STATE READ WRITE CKSUM<br />
rpool ONLINE 0 0 0<br />
f6fd54f8-3af7-b943-ae3d-a4e480537fb9 ONLINE 0 0 0<br />
<br />
errors: No known data errors<br />
root@midm9b:~# zpool attach bpool 99e03dc0-7d4d-f24b-8fa1-f042b9f135db /dev/disk/by-id/ata-WD_Blue_SA510_2.5_250GB_22243Z803852-part3<br />
root@midm9b:~# zpool status bpool<br />
pool: bpool<br />
state: ONLINE<br />
scan: resilvered 247M in 00:00:00 with 0 errors on Fri Jan 20 19:39:40 2023<br />
config:<br />
<br />
NAME STATE READ WRITE CKSUM<br />
bpool ONLINE 0 0 0<br />
mirror-0 ONLINE 0 0 0<br />
99e03dc0-7d4d-f24b-8fa1-f042b9f135db ONLINE 0 0 0<br />
ata-WD_Blue_SA510_2.5_250GB_22243Z803852-part3 ONLINE 0 0 0<br />
<br />
errors: No known data errors<br />
</pre><br />
* convert rpool<br />
<pre><br />
root@midm9b:~# ls -l /dev/disk/by-id/ata*part4<br />
lrwxrwxrwx 1 root root 10 Jan 20 18:37 /dev/disk/by-id/ata-WD_Blue_SA510_2.5_250GB_22243Z803769-part4 -> ../../sda4<br />
lrwxrwxrwx 1 root root 10 Jan 20 19:34 /dev/disk/by-id/ata-WD_Blue_SA510_2.5_250GB_22243Z803852-part4 -> ../../sdb4<br />
root@midm9b:~# zpool attach rpool f6fd54f8-3af7-b943-ae3d-a4e480537fb9 /dev/disk/by-id/ata-WD_Blue_SA510_2.5_250GB_22243Z803852-part4<br />
root@midm9b:~# zpool status rpool<br />
pool: rpool<br />
state: ONLINE<br />
status: One or more devices is currently being resilvered. The pool will<br />
continue to function, possibly in a degraded state.<br />
action: Wait for the resilver to complete.<br />
scan: resilver in progress since Fri Jan 20 19:40:45 2023<br />
5.83G scanned at 664M/s, 2.92M issued at 332K/s, 9.11G total<br />
0B resilvered, 0.03% done, no estimated completion time<br />
config:<br />
<br />
NAME STATE READ WRITE CKSUM<br />
rpool ONLINE 0 0 0<br />
mirror-0 ONLINE 0 0 0<br />
f6fd54f8-3af7-b943-ae3d-a4e480537fb9 ONLINE 0 0 0<br />
ata-WD_Blue_SA510_2.5_250GB_22243Z803852-part4 ONLINE 0 0 0<br />
<br />
errors: No known data errors<br />
root@midm9b:~# <br />
</pre><br />
* wait for resilver to complete<br />
<pre><br />
root@midm9b:~# zpool status<br />
pool: bpool<br />
state: ONLINE<br />
scan: resilvered 247M in 00:00:00 with 0 errors on Fri Jan 20 19:39:40 2023<br />
config:<br />
<br />
NAME STATE READ WRITE CKSUM<br />
bpool ONLINE 0 0 0<br />
mirror-0 ONLINE 0 0 0<br />
99e03dc0-7d4d-f24b-8fa1-f042b9f135db ONLINE 0 0 0<br />
ata-WD_Blue_SA510_2.5_250GB_22243Z803852-part3 ONLINE 0 0 0<br />
<br />
errors: No known data errors<br />
<br />
pool: rpool<br />
state: ONLINE<br />
scan: resilvered 9.65G in 00:00:36 with 0 errors on Fri Jan 20 19:41:21 2023<br />
config:<br />
<br />
NAME STATE READ WRITE CKSUM<br />
rpool ONLINE 0 0 0<br />
mirror-0 ONLINE 0 0 0<br />
f6fd54f8-3af7-b943-ae3d-a4e480537fb9 ONLINE 0 0 0<br />
ata-WD_Blue_SA510_2.5_250GB_22243Z803852-part4 ONLINE 0 0 0<br />
<br />
errors: No known data errors<br />
</pre><br />
* enable booting from second SSD: (instead of /dev/sda1, /dev/sdb1, use UUID=xxx)<br />
<pre><br />
root@midm9b:~# mkfs.msdos /dev/sdb1<br />
root@midm9b:~# mkdir /boot/efi-sda<br />
root@midm9b:~# mkdir /boot/efi-sdb<br />
root@midm9b:~# echo "/dev/sda1 /boot/efi-sda vfat umask=0022,fmask=0022,dmask=0022,nofail 0 1" >> /etc/fstab<br />
root@midm9b:~# echo "/dev/sdb1 /boot/efi-sdb vfat umask=0022,fmask=0022,dmask=0022,nofail 0 1" >> /etc/fstab<br />
root@midm9b:~# mount -a<br />
root@midm9b:~# df -kl<br />
Filesystem 1K-blocks Used Available Use% Mounted on<br />
...<br />
/dev/sda1 523244 13720 509524 3% /boot/efi<br />
/dev/sdb1 523244 4 523240 1% /boot/efi-sdb<br />
...<br />
root@midm9b:~# rsync -av /boot/efi/ /boot/efi-sdb/<br />
sending incremental file list<br />
EFI/<br />
...<br />
root@midm9b:~# ls -l /boot/efi-sda<br />
total 8<br />
drwxr-xr-x 4 root root 4096 Jan 19 23:26 EFI<br />
drwxr-xr-x 5 root root 4096 Jan 19 23:26 grub<br />
root@midm9b:~# ls -l /boot/efi-sdb<br />
total 8<br />
drwxr-xr-x 4 root root 4096 Jan 19 23:26 EFI<br />
drwxr-xr-x 5 root root 4096 Jan 19 23:26 grub<br />
root@midm9b:~# <br />
</pre><br />
* setup script to update grub on second SSD, it must be run manually after every kernel update<br />
<pre><br />
root@midm9b:~# ln -s ~/git/scripts/etc/update_efi_grub.perl ~/<br />
root@midm9b:~# ~/update_efi_grub.perl -u<br />
EFI dir: /boot/efi-sda<br />
/boot/efi-sda: update grub: rsync -av --delete-after --modify-window=2 /boot/efi/grub/ /boot/efi-sda/grub<br />
building file list ... done<br />
<br />
sent 5,313 bytes received 11 bytes 10,648.00 bytes/sec<br />
total size is 7,944,644 speedup is 1,492.23<br />
/boot/efi-sda: update efi: rsync -av --delete-after --modify-window=2 /boot/efi/EFI/ /boot/efi-sda/EFI<br />
building file list ... done<br />
<br />
sent 216 bytes received 11 bytes 454.00 bytes/sec<br />
total size is 5,452,378 speedup is 24,019.29<br />
EFI dir: /boot/efi-sdb<br />
/boot/efi-sdb: update grub: rsync -av --delete-after --modify-window=2 /boot/efi/grub/ /boot/efi-sdb/grub<br />
building file list ... done<br />
<br />
sent 5,313 bytes received 11 bytes 10,648.00 bytes/sec<br />
total size is 7,944,644 speedup is 1,492.23<br />
/boot/efi-sdb: update efi: rsync -av --delete-after --modify-window=2 /boot/efi/EFI/ /boot/efi-sdb/EFI<br />
building file list ... done<br />
<br />
sent 216 bytes received 11 bytes 454.00 bytes/sec<br />
total size is 5,452,378 speedup is 24,019.29<br />
root@midm9b:~# <br />
</pre><br />
<br />
= Disable NetworkManager =<br />
<br />
NetworkManager is useful for configuring dynamic<br />
network interfaces, i.e. laptops that often move<br />
between networks, or connect to multiple choice<br />
of wifi networks, etc.<br />
<br />
For machines with statically configured network interfaces,<br />
NetworkManager is not necessary.<br />
<br />
As it has been observed to become confused and observed<br />
to malfunction when network links go up and down (it keeps<br />
unnecessarily reconfiguring the ip address, etc), it can<br />
be usefuil to disable it.<br />
<br />
* list all network interfaces<br />
<pre><br />
# /bin/ls -1 /sys/class/net/<br />
enp0s31f6<br />
lo<br />
</pre><br />
* edit /etc/network/interfaces:<br />
<pre><br />
rename enp0s31f6=eth0<br />
auto eth0<br />
iface eth0 inet static<br />
address 142.90.120.94/19<br />
gateway 142.90.100.18<br />
</pre><br />
* statically configure systemd-resolved<br />
** create /etc/systemd/resolved.conf.d/resolved.conf with this contents:<br />
<pre><br />
[Resolve]<br />
DNS=142.90.100.19<br />
Domains=triumf.ca<br />
</pre><br />
** systemctl restart systemd-resolved<br />
** resolvectl<br />
** systemd-analyze cat-config systemd/resolved.conf<br />
* disable NetworkManager<br />
<pre><br />
systemctl disable NetworkManager<br />
</pre><br />
* reboot<br />
<br />
= Configure ECC memory =<br />
<br />
== Configure EDAC ==<br />
<br />
* apt install edac-utils<br />
<br />
=== Intel i3-2120 ===<br />
<pre><br />
root@musr00:~# edac-ctl --mainboard<br />
edac-ctl: mainboard: Supermicro X9SCL/X9SCM<br />
root@musr00:~# edac-ctl --status<br />
edac-ctl: drivers not loaded.<br />
</pre><br />
<br />
=== Intel E-2236 ===<br />
<pre><br />
root@daq00:~# edac-ctl --mainboard<br />
edac-ctl: mainboard: Supermicro X11SCM-F<br />
root@daq00:~# edac-ctl --status<br />
edac-ctl: drivers are loaded.<br />
root@daq00:~# edac-util <br />
edac-util: No errors to report.<br />
root@daq00:~# edac-util -s<br />
edac-util: EDAC drivers are loaded. 1 MC detected<br />
</pre><br />
* check edac sysfs files (Intel)<br />
<pre><br />
root@daq00:~# ls -l /sys/devices/system/edac/mc/mc0<br />
total 0<br />
-r--r--r-- 1 root root 4096 Jan 25 15:10 ce_count<br />
-r--r--r-- 1 root root 4096 Jan 25 15:10 ce_noinfo_count<br />
-r--r--r-- 1 root root 4096 Jan 25 15:10 max_location<br />
-r--r--r-- 1 root root 4096 Jan 25 15:10 mc_name<br />
drwxr-xr-x 2 root root 0 Jan 25 15:10 power<br />
drwxr-xr-x 3 root root 0 Jan 25 15:10 rank0<br />
drwxr-xr-x 3 root root 0 Jan 25 15:10 rank1<br />
drwxr-xr-x 3 root root 0 Jan 25 15:10 rank2<br />
drwxr-xr-x 3 root root 0 Jan 25 15:10 rank3<br />
drwxr-xr-x 3 root root 0 Jan 25 15:10 rank4<br />
drwxr-xr-x 3 root root 0 Jan 25 15:10 rank5<br />
drwxr-xr-x 3 root root 0 Jan 25 15:10 rank6<br />
drwxr-xr-x 3 root root 0 Jan 25 15:10 rank7<br />
--w------- 1 root root 4096 Jan 25 15:10 reset_counters<br />
-r--r--r-- 1 root root 4096 Jan 25 15:10 seconds_since_reset<br />
-r--r--r-- 1 root root 4096 Jan 25 15:10 size_mb<br />
-r--r--r-- 1 root root 4096 Jan 25 15:10 ue_count<br />
-r--r--r-- 1 root root 4096 Jan 25 15:10 ue_noinfo_count<br />
-rw-r--r-- 1 root root 4096 Jan 25 15:10 uevent<br />
root@daq00:~# <br />
</pre><br />
<br />
=== Intel E3-1270 v6 ===<br />
<pre><br />
root@wheel-SYS-5019S-M:~/git/scripts# edac-ctl --mainboard<br />
edac-ctl: mainboard: Supermicro X11SSH-F<br />
root@wheel-SYS-5019S-M:~/git/scripts# edac-ctl --status<br />
edac-ctl: drivers are loaded.<br />
root@grsnis01:~# edac-util<br />
edac-util: No errors to report.<br />
root@grsnis01:~# edac-util -s<br />
edac-util: EDAC drivers are loaded. 1 MC detected<br />
root@grsnis01:~# ls -l /sys/devices/system/edac/mc/mc0<br />
total 0<br />
-r--r--r-- 1 root root 4096 Feb 19 12:35 ce_count<br />
-r--r--r-- 1 root root 4096 Feb 19 12:35 ce_noinfo_count<br />
-r--r--r-- 1 root root 4096 Feb 19 12:35 max_location<br />
-r--r--r-- 1 root root 4096 Feb 19 12:35 mc_name<br />
drwxr-xr-x 2 root root 0 Feb 19 12:35 power<br />
drwxr-xr-x 3 root root 0 Feb 19 12:35 rank0<br />
drwxr-xr-x 3 root root 0 Feb 19 12:35 rank1<br />
drwxr-xr-x 3 root root 0 Feb 19 12:35 rank2<br />
drwxr-xr-x 3 root root 0 Feb 19 12:35 rank3<br />
drwxr-xr-x 3 root root 0 Feb 19 12:35 rank4<br />
drwxr-xr-x 3 root root 0 Feb 19 12:35 rank5<br />
drwxr-xr-x 3 root root 0 Feb 19 12:35 rank6<br />
drwxr-xr-x 3 root root 0 Feb 19 12:35 rank7<br />
--w------- 1 root root 4096 Feb 19 12:35 reset_counters<br />
-r--r--r-- 1 root root 4096 Feb 19 12:35 seconds_since_reset<br />
-r--r--r-- 1 root root 4096 Feb 19 12:35 size_mb<br />
-r--r--r-- 1 root root 4096 Feb 19 12:35 ue_count<br />
-r--r--r-- 1 root root 4096 Feb 19 12:35 ue_noinfo_count<br />
-rw-r--r-- 1 root root 4096 Feb 19 12:35 uevent<br />
root@grsnis01:~# <br />
</pre><br />
<br />
=== Intel E3-1245 v6 ===<br />
<br />
<pre><br />
[root@alphagdaq ~]# edac-ctl --mainboard<br />
edac-ctl: mainboard: Supermicro X11SSH-F<br />
[root@alphagdaq ~]# edac-ctl --mainboard<br />
edac-ctl: mainboard: Supermicro X11SSH-F<br />
[root@alphagdaq ~]# edac-ctl --status<br />
edac-ctl: drivers are loaded.<br />
[root@alphagdaq ~]# edac-util<br />
edac-util: No errors to report.<br />
[root@alphagdaq ~]# edac-util -s<br />
edac-util: EDAC drivers are loaded. 1 MC detected<br />
[root@alphagdaq ~]# ras-mc-ctl --layout<br />
+-----------------------------------------------+<br />
| mc0 |<br />
| csrow0 | csrow1 | csrow2 | csrow3 |<br />
----------+-----------------------------------------------+<br />
channel1: | 8192 MB | 8192 MB | 8192 MB | 8192 MB |<br />
channel0: | 8192 MB | 8192 MB | 8192 MB | 8192 MB |<br />
----------+-----------------------------------------------+<br />
[root@alphagdaq ~]# ras-mc-ctl --error-count<br />
Label CE UE<br />
mc#0csrow#3channel#0 0 0<br />
mc#0csrow#2channel#1 0 0<br />
mc#0csrow#3channel#1 0 0<br />
mc#0csrow#0channel#0 0 0<br />
mc#0csrow#1channel#1 0 0<br />
mc#0csrow#0channel#1 0 0<br />
mc#0csrow#1channel#0 0 0<br />
mc#0csrow#2channel#0 0 0<br />
[root@alphagdaq ~]# ras-mc-ctl --mainboard<br />
ras-mc-ctl: mainboard: Supermicro model X11SSH-F<br />
[root@alphagdaq ~]# ras-mc-ctl --summary<br />
DBD::SQLite::db prepare failed: no such table: mc_event at /usr/sbin/ras-mc-ctl line 1129.<br />
Can't call method "execute" on an undefined value at /usr/sbin/ras-mc-ctl line 1130.<br />
[root@alphagdaq ~]# <br />
</pre><br />
<br />
=== AMD 3700X ===<br />
<br />
(memory is non-ECC)<br />
<br />
<pre><br />
root@daq13:~# edac-ctl --mainboard<br />
edac-ctl: mainboard: ASUSTeK COMPUTER INC. ROG STRIX B550-E GAMING<br />
root@daq13:~# <br />
root@daq13:~# <br />
root@daq13:~# edac-ctl --status<br />
edac-ctl: drivers not loaded.<br />
root@daq13:~# edac-util <br />
edac-util: Error: No memory controller data found.<br />
root@daq13:~# edac-util -s<br />
edac-util: EDAC drivers loaded. No memory controllers found<br />
root@daq13:~# ls -l /sys/devices/system/edac/mc<br />
total 0<br />
drwxr-xr-x 2 root root 0 Jan 25 15:26 power<br />
lrwxrwxrwx 1 root root 0 Jan 21 16:16 subsystem -> ../../../../bus/edac<br />
-rw-r--r-- 1 root root 4096 Jan 21 16:16 uevent<br />
</pre><br />
<br />
(memory is ECC)<br />
<br />
<pre><br />
root@trinatdaq:~# edac-ctl --mainboard<br />
edac-ctl: mainboard: ASUSTeK COMPUTER INC. ROG STRIX B550-E GAMING<br />
root@trinatdaq:~# edac-ctl --status<br />
edac-ctl: drivers are loaded.<br />
root@trinatdaq:~# edac-util <br />
edac-util: No errors to report.<br />
root@trinatdaq:~# edac-util -s<br />
edac-util: EDAC drivers are loaded. 1 MC detected<br />
root@trinatdaq:~# ls -l /sys/devices/system/edac/mc<br />
total 0<br />
drwxr-xr-x 7 root root 0 Dec 15 13:04 mc0<br />
drwxr-xr-x 2 root root 0 Dec 15 13:04 power<br />
lrwxrwxrwx 1 root root 0 Dec 13 18:31 subsystem -> ../../../../bus/edac<br />
-rw-r--r-- 1 root root 4096 Dec 13 18:31 uevent<br />
root@trinatdaq:~# ls -l /sys/devices/system/edac/mc/mc0<br />
total 0<br />
-r--r--r-- 1 root root 4096 Dec 15 13:04 ce_count<br />
-r--r--r-- 1 root root 4096 Dec 15 13:04 ce_noinfo_count<br />
-r--r--r-- 1 root root 4096 Dec 15 13:04 max_location<br />
-r--r--r-- 1 root root 4096 Dec 15 13:04 mc_name<br />
drwxr-xr-x 2 root root 0 Dec 15 13:04 power<br />
drwxr-xr-x 3 root root 0 Dec 15 13:04 rank4<br />
drwxr-xr-x 3 root root 0 Dec 15 13:04 rank5<br />
drwxr-xr-x 3 root root 0 Dec 15 13:04 rank6<br />
drwxr-xr-x 3 root root 0 Dec 15 13:04 rank7<br />
--w------- 1 root root 4096 Dec 15 13:04 reset_counters<br />
-rw-r--r-- 1 root root 4096 Dec 15 13:04 sdram_scrub_rate<br />
-r--r--r-- 1 root root 4096 Dec 15 13:04 seconds_since_reset<br />
-r--r--r-- 1 root root 4096 Dec 15 13:04 size_mb<br />
-r--r--r-- 1 root root 4096 Dec 15 13:04 ue_count<br />
-r--r--r-- 1 root root 4096 Dec 15 13:04 ue_noinfo_count<br />
-rw-r--r-- 1 root root 4096 Dec 15 13:04 uevent<br />
root@trinatdaq:~# <br />
</pre><br />
<br />
=== AMD 5000G ===<br />
<br />
* no linux driver for AMD 5000-series "G" CPU<br />
* no mention of ECC in the BIOS settings<br />
* unclear status of ECC support in AMD documentation (sais only "pro" "G" CPUs have ECC)<br />
* unclear status of ECC support in ASUS documentation (web page out of date)<br />
<br />
=== AMD 5600X ===<br />
<br />
<pre><br />
root@daq17:~# edac-ctl --mainboard<br />
edac-ctl: mainboard: ASUSTeK COMPUTER INC. ROG STRIX B550-XE GAMING WIFI<br />
root@daq17:~# edac-ctl --status<br />
edac-ctl: drivers are loaded.<br />
root@daq17:~# edac-util<br />
edac-util: No errors to report.<br />
root@daq17:~# edac-util -s<br />
edac-util: EDAC drivers are loaded. 1 MC detected<br />
root@daq17:~# ls -l /sys/devices/system/edac/mc<br />
total 0<br />
drwxr-xr-x 7 root root 0 Aug 19 19:27 mc0<br />
drwxr-xr-x 2 root root 0 Aug 19 19:27 power<br />
lrwxrwxrwx 1 root root 0 May 10 10:11 subsystem -> ../../../../bus/edac<br />
-rw-r--r-- 1 root root 4096 May 10 10:11 uevent<br />
root@daq17:~# ls -l /sys/devices/system/edac/mc/mc0<br />
total 0<br />
-r--r--r-- 1 root root 4096 Aug 19 19:27 ce_count<br />
-r--r--r-- 1 root root 4096 Aug 19 19:27 ce_noinfo_count<br />
-r--r--r-- 1 root root 4096 Aug 19 19:27 max_location<br />
-r--r--r-- 1 root root 4096 Aug 19 19:27 mc_name<br />
drwxr-xr-x 2 root root 0 Aug 19 19:27 power<br />
drwxr-xr-x 3 root root 0 Aug 19 19:27 rank4<br />
drwxr-xr-x 3 root root 0 Aug 19 19:27 rank5<br />
drwxr-xr-x 3 root root 0 Aug 19 19:27 rank6<br />
drwxr-xr-x 3 root root 0 Aug 19 19:27 rank7<br />
--w------- 1 root root 4096 Aug 19 19:27 reset_counters<br />
-rw-r--r-- 1 root root 4096 Aug 19 19:27 sdram_scrub_rate<br />
-r--r--r-- 1 root root 4096 Aug 19 19:27 seconds_since_reset<br />
-r--r--r-- 1 root root 4096 Aug 19 19:27 size_mb<br />
-r--r--r-- 1 root root 4096 Aug 19 19:27 ue_count<br />
-r--r--r-- 1 root root 4096 Aug 19 19:27 ue_noinfo_count<br />
-rw-r--r-- 1 root root 4096 Aug 19 19:27 uevent<br />
root@daq17:~# <br />
</pre><br />
<br />
=== AMD 3955WX ===<br />
<br />
<pre><br />
root@alphasuperdaq:~/git/scripts/quotareport# edac-ctl --mainboard<br />
edac-ctl: mainboard: ASUSTeK COMPUTER INC. Pro WS WRX80E-SAGE SE WIFI<br />
root@alphasuperdaq:~/git/scripts/quotareport# edac-ctl --status<br />
edac-ctl: drivers are loaded.<br />
root@alphasuperdaq:~/git/scripts/quotareport# edac-util <br />
edac-util: No errors to report.<br />
root@alphasuperdaq:~/git/scripts/quotareport# edac-util -s<br />
edac-util: EDAC drivers are loaded. 1 MC detected<br />
root@alphasuperdaq:~/git/scripts/quotareport# ls -l /sys/devices/system/edac/mc<br />
total 0<br />
drwxr-xr-x 19 root root 0 Dez 12 04:48 mc0<br />
drwxr-xr-x 2 root root 0 Dez 12 04:48 power<br />
lrwxrwxrwx 1 root root 0 Dez 9 05:31 subsystem -> ../../../../bus/edac<br />
-rw-r--r-- 1 root root 4096 Dez 9 05:31 uevent<br />
root@alphasuperdaq:~/git/scripts/quotareport# <br />
root@alphasuperdaq:~# ls -l /sys/devices/system/edac/mc/mc0<br />
total 0<br />
-r--r--r-- 1 root root 4096 Feb 28 22:19 ce_count<br />
-r--r--r-- 1 root root 4096 Feb 28 22:19 ce_noinfo_count<br />
-r--r--r-- 1 root root 4096 Feb 28 22:19 max_location<br />
-r--r--r-- 1 root root 4096 Feb 28 22:19 mc_name<br />
drwxr-xr-x 2 root root 0 Dez 12 04:48 power<br />
drwxr-xr-x 3 root root 0 Dez 12 04:48 rank0<br />
drwxr-xr-x 3 root root 0 Dez 12 04:48 rank1<br />
drwxr-xr-x 3 root root 0 Dez 12 04:48 rank10<br />
drwxr-xr-x 3 root root 0 Dez 12 04:48 rank11<br />
drwxr-xr-x 3 root root 0 Dez 12 04:48 rank12<br />
drwxr-xr-x 3 root root 0 Dez 12 04:48 rank13<br />
drwxr-xr-x 3 root root 0 Dez 12 04:48 rank14<br />
drwxr-xr-x 3 root root 0 Dez 12 04:48 rank15<br />
drwxr-xr-x 3 root root 0 Dez 12 04:48 rank2<br />
drwxr-xr-x 3 root root 0 Dez 12 04:48 rank3<br />
drwxr-xr-x 3 root root 0 Dez 12 04:48 rank4<br />
drwxr-xr-x 3 root root 0 Dez 12 04:48 rank5<br />
drwxr-xr-x 3 root root 0 Dez 12 04:48 rank6<br />
drwxr-xr-x 3 root root 0 Dez 12 04:48 rank7<br />
drwxr-xr-x 3 root root 0 Dez 12 04:48 rank8<br />
drwxr-xr-x 3 root root 0 Dez 12 04:48 rank9<br />
--w------- 1 root root 4096 Feb 28 22:19 reset_counters<br />
-rw-r--r-- 1 root root 4096 Feb 28 22:19 sdram_scrub_rate<br />
-r--r--r-- 1 root root 4096 Feb 28 22:19 seconds_since_reset<br />
-r--r--r-- 1 root root 4096 Feb 28 22:19 size_mb<br />
-r--r--r-- 1 root root 4096 Feb 28 22:19 ue_count<br />
-r--r--r-- 1 root root 4096 Feb 28 22:19 ue_noinfo_count<br />
-rw-r--r-- 1 root root 4096 Feb 28 22:19 uevent<br />
root@alphasuperdaq:~# <br />
root@alphasuperdaq:~# ras-mc-ctl --layout<br />
Use of uninitialized value $max_pos[3] in modulus (%) at /usr/sbin/ras-mc-ctl line 868.<br />
Use of uninitialized value $d in numeric ge (>=) at /usr/sbin/ras-mc-ctl line 869.<br />
Use of uninitialized value $d in sprintf at /usr/sbin/ras-mc-ctl line 872.<br />
Use of uninitialized value $pos[3] in join or string at /usr/sbin/ras-mc-ctl line 791.<br />
Use of uninitialized value $pos[3] in join or string at /usr/sbin/ras-mc-ctl line 791.<br />
Use of uninitialized value $pos[3] in join or string at /usr/sbin/ras-mc-ctl line 791.<br />
Use of uninitialized value $pos[3] in join or string at /usr/sbin/ras-mc-ctl line 791.<br />
Use of uninitialized value $pos[3] in join or string at /usr/sbin/ras-mc-ctl line 791.<br />
Use of uninitialized value $pos[3] in join or string at /usr/sbin/ras-mc-ctl line 791.<br />
Use of uninitialized value $pos[3] in join or string at /usr/sbin/ras-mc-ctl line 791.<br />
Use of uninitialized value $pos[3] in join or string at /usr/sbin/ras-mc-ctl line 791.<br />
Use of uninitialized value $pos[3] in join or string at /usr/sbin/ras-mc-ctl line 791.<br />
Use of uninitialized value $pos[3] in join or string at /usr/sbin/ras-mc-ctl line 791.<br />
Use of uninitialized value $pos[3] in join or string at /usr/sbin/ras-mc-ctl line 791.<br />
Use of uninitialized value $pos[3] in join or string at /usr/sbin/ras-mc-ctl line 791.<br />
Use of uninitialized value $pos[3] in join or string at /usr/sbin/ras-mc-ctl line 791.<br />
Use of uninitialized value $pos[3] in join or string at /usr/sbin/ras-mc-ctl line 791.<br />
Use of uninitialized value $pos[3] in join or string at /usr/sbin/ras-mc-ctl line 791.<br />
Use of uninitialized value $pos[3] in join or string at /usr/sbin/ras-mc-ctl line 791.<br />
+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+<br />
| mc0 |<br />
| csrow0 | csrow1 |<br />
| channel0 | channel1 | channel2 | channel3 | channel4 | channel5 | channel6 | channel7 | channel0 | channel1 | channel2 | channel3 | channel4 | channel5 | channel6 | channel7 |<br />
----+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+<br />
<br />
0: | 0 MB | 0 MB | 0 MB | 0 MB | 0 MB | 0 MB | 0 MB | 0 MB | 0 MB | 0 MB | 0 MB | 0 MB | 0 MB | 0 MB | 0 MB | 0 MB |<br />
----+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+<br />
root@alphasuperdaq:~# ras-mc-ctl --error-count<br />
Label CE UE<br />
mc#0csrow#0channel#2 0 0<br />
mc#0csrow#1channel#7 0 0<br />
mc#0csrow#0channel#3 0 0<br />
mc#0csrow#1channel#4 0 0<br />
mc#0csrow#1channel#2 0 0<br />
mc#0csrow#0channel#7 0 0<br />
mc#0csrow#1channel#3 0 0<br />
mc#0csrow#0channel#4 0 0<br />
mc#0csrow#1channel#1 0 0<br />
mc#0csrow#1channel#0 0 0<br />
mc#0csrow#1channel#5 0 0<br />
mc#0csrow#0channel#6 0 0<br />
mc#0csrow#0channel#1 0 0<br />
mc#0csrow#0channel#5 0 0<br />
mc#0csrow#0channel#0 0 0<br />
mc#0csrow#1channel#6 0 0<br />
root@alphasuperdaq:~# ras-mc-ctl --mainboard<br />
ras-mc-ctl: mainboard: ASUSTeK COMPUTER INC. model Pro WS WRX80E-SAGE SE WIFI<br />
root@alphasuperdaq:~# ras-mc-ctl --summary<br />
No Memory errors.<br />
<br />
No PCIe AER errors.<br />
<br />
No Extlog errors.<br />
<br />
DBD::SQLite::db prepare failed: no such table: devlink_event at /usr/sbin/ras-mc-ctl line 1181.<br />
Can't call method "execute" on an undefined value at /usr/sbin/ras-mc-ctl line 1182.<br />
root@alphasuperdaq:~#<br />
</pre><br />
<br />
== Configure rasdaemon ==<br />
<br />
<pre><br />
apt install rasdaemon<br />
</pre><br />
<pre><br />
systemctl enable rasdaemon<br />
systemctl restart rasdaemon<br />
systemctl status rasdaemon<br />
</pre><br />
<br />
<pre><br />
● rasdaemon.service - RAS daemon to log the RAS events<br />
Loaded: loaded (/lib/systemd/system/rasdaemon.service; enabled; vendor preset: enabled)<br />
Active: active (running) since Mon 2021-01-25 15:16:37 PST; 3min 5s ago<br />
Main PID: 2477175 (rasdaemon)<br />
Tasks: 1 (limit: 76958)<br />
Memory: 17.1M<br />
CGroup: /system.slice/rasdaemon.service<br />
└─2477175 /usr/sbin/rasdaemon -f -r<br />
<br />
Jan 25 15:16:37 daq00.triumf.ca rasdaemon[2477175]: rasdaemon: ras:extlog_mem_event event enabled<br />
Jan 25 15:16:37 daq00.triumf.ca rasdaemon[2477175]: rasdaemon: Enabled event ras:extlog_mem_event<br />
Jan 25 15:16:37 daq00.triumf.ca rasdaemon[2477175]: ras:extlog_mem_event event enabled<br />
Jan 25 15:16:37 daq00.triumf.ca rasdaemon[2477175]: rasdaemon: Listening to events for cpus 0 to 11<br />
Jan 25 15:16:37 daq00.triumf.ca rasdaemon[2477175]: Enabled event ras:extlog_mem_event<br />
Jan 25 15:16:37 daq00.triumf.ca rasdaemon[2477175]: rasdaemon: Recording mc_event events<br />
Jan 25 15:16:37 daq00.triumf.ca rasdaemon[2477175]: rasdaemon: Recording aer_event events<br />
Jan 25 15:16:37 daq00.triumf.ca rasdaemon[2477175]: rasdaemon: Recording extlog_event events<br />
Jan 25 15:16:37 daq00.triumf.ca rasdaemon[2477175]: rasdaemon: Recording mce_record events<br />
Jan 25 15:16:37 daq00.triumf.ca rasdaemon[2477175]: rasdaemon: Recording arm_event events<br />
</pre><br />
<br />
== Get reports ==<br />
<br />
* Intel 2x32GB ECC DIMMs<br />
<pre><br />
root@daq00:~# ras-mc-ctl --layout<br />
+-------------------------+<br />
| mc0 |<br />
| csrow0 | csrow1 |<br />
----------+-------------------------+<br />
channel1: | 16384 MB | 16384 MB |<br />
channel0: | 16384 MB | 16384 MB |<br />
----------+-------------------------+<br />
root@daq00:~# ras-mc-ctl --error-count<br />
Label CE UE<br />
mc#0csrow#1channel#1 0 0<br />
mc#0csrow#1channel#0 0 0<br />
mc#0csrow#0channel#0 0 0<br />
mc#0csrow#0channel#1 0 0<br />
root@daq00:~# <br />
</pre><br />
<br />
* Intel 4x16GB ECC DIMMs<br />
<pre><br />
root@daq00:~# ras-mc-ctl --error-count<br />
Label CE UE<br />
mc#0csrow#0channel#1 0 0<br />
mc#0csrow#2channel#0 0 0<br />
mc#0csrow#0channel#0 0 0<br />
mc#0csrow#2channel#1 0 0<br />
mc#0csrow#1channel#0 0 0<br />
mc#0csrow#1channel#1 0 0<br />
mc#0csrow#3channel#0 0 0<br />
mc#0csrow#3channel#1 0 0<br />
root@daq00:~# <br />
root@daq00:~# ras-mc-ctl --layout<br />
+-----------------------+<br />
| mc0 |<br />
| csrow0 | csrow1 |<br />
----------+-----------------------+<br />
channel1: | 8192 MB | 8192 MB |<br />
channel0: | 8192 MB | 8192 MB |<br />
----------+-----------------------+<br />
root@daq00:~# <br />
root@daq00:~# <br />
root@daq00:~# <br />
root@daq00:~# ras-mc-ctl --print-labels<br />
ras-mc-ctl: Error: No dimm labels for Supermicro model X11SCM-F<br />
root@daq00:~# ras-mc-ctl --mainboard<br />
ras-mc-ctl: mainboard: Supermicro model X11SCM-F<br />
root@daq00:~# ras-mc-ctl --summary<br />
No Memory errors.<br />
<br />
No PCIe AER errors.<br />
<br />
No Extlog errors.<br />
<br />
DBD::SQLite::db prepare failed: no such table: devlink_event at /usr/sbin/ras-mc-ctl line 1181.<br />
Can't call method "execute" on an undefined value at /usr/sbin/ras-mc-ctl line 1182.<br />
root@daq00:~# <br />
</pre><br />
<br />
note: ubuntu LTS 22.04 DBD::SQLite::db error is not there.<br />
<br />
= sensors =<br />
<br />
== ASUS P9X79 WS ==<br />
<br />
* https://www.asus.com/supportonly/P9X79%20WS/HelpDesk_Manual/<br />
* BIOS version 4802<br />
* modprobe nct6775<br />
* modprobe coretemp<br />
<br />
<pre><br />
root@daq14:~# sensors<br />
coretemp-isa-0000<br />
Adapter: ISA adapter<br />
Package id 0: +35.0°C (high = +82.0°C, crit = +100.0°C)<br />
Core 0: +29.0°C (high = +82.0°C, crit = +100.0°C)<br />
Core 1: +24.0°C (high = +82.0°C, crit = +100.0°C)<br />
Core 2: +35.0°C (high = +82.0°C, crit = +100.0°C)<br />
Core 3: +32.0°C (high = +82.0°C, crit = +100.0°C)<br />
<br />
nouveau-pci-0200<br />
Adapter: PCI adapter<br />
GPU core: 900.00 mV (min = +0.85 V, max = +1.00 V)<br />
temp1: +39.0°C (high = +95.0°C, hyst = +3.0°C)<br />
(crit = +105.0°C, hyst = +5.0°C)<br />
(emerg = +135.0°C, hyst = +5.0°C)<br />
<br />
nct6776-isa-0290<br />
Adapter: ISA adapter<br />
Vcore: 1.04 V (min = +0.00 V, max = +1.74 V)<br />
in1: 1.01 V (min = +0.00 V, max = +0.00 V) ALARM<br />
AVCC: 3.33 V (min = +0.00 V, max = +0.00 V) ALARM<br />
+3.3V: 3.33 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in4: 1.01 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in5: 2.04 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in6: 904.00 mV (min = +0.00 V, max = +0.00 V) ALARM<br />
3VSB: 3.41 V (min = +0.00 V, max = +0.00 V) ALARM<br />
Vbat: 3.30 V (min = +0.00 V, max = +0.00 V) ALARM<br />
fan1: 1265 RPM (min = 0 RPM)<br />
fan2: 1909 RPM (min = 0 RPM)<br />
fan3: 0 RPM (min = 0 RPM)<br />
fan4: 0 RPM (min = 0 RPM)<br />
fan5: 0 RPM (min = 0 RPM)<br />
SYSTIN: +34.0°C (high = +0.0°C, hyst = +0.0°C) ALARM sensor = thermistor<br />
CPUTIN: +58.0°C (high = +80.0°C, hyst = +75.0°C) sensor = thermal diode<br />
AUXTIN: +31.5°C (high = +80.0°C, hyst = +75.0°C) sensor = thermistor<br />
PECI Agent 0: +31.0°C (high = +80.0°C, hyst = +75.0°C)<br />
(crit = +96.0°C)<br />
PCH_CHIP_TEMP: +0.0°C <br />
PCH_CPU_TEMP: +0.0°C <br />
PCH_MCH_TEMP: +0.0°C <br />
intrusion0: ALARM<br />
intrusion1: ALARM<br />
beep_enable: disabled<br />
<br />
root@daq14:~# <br />
</pre><br />
<br />
= Enable CPU turbo mode =<br />
<br />
* Intel CPU has a nominal CPU frequency (i.e. 3.4GHz) and a turbo-boost CPU frequency (i.e. 4.0GHz). Here we will enable this turbo-boost mode.<br />
* Find out CPU capability<br />
<pre><br />
root@daq01:~# lscpu | grep Hz<br />
Model name: Intel(R) Core(TM) i7-6700 CPU @ 3.40GHz<br />
CPU MHz: 3965.803<br />
CPU max MHz: 4000.0000<br />
CPU min MHz: 800.0000<br />
root@daq01:~# <br />
</pre><br />
* Look up this CPU in the Intel ARK database - google for the CPU model name, i.e.<br />
https://ark.intel.com/content/www/us/en/ark/products/88196/intel-core-i7-6700-processor-8m-cache-up-to-4-00-ghz.html<br />
* Find current frequency settings:<br />
<pre><br />
root@daq01:~# cpupower frequency-info<br />
analyzing CPU 0:<br />
driver: intel_pstate<br />
CPUs which run at the same hardware frequency: 0<br />
CPUs which need to have their frequency coordinated by software: 0<br />
maximum transition latency: Cannot determine or is not supported.<br />
hardware limits: 800 MHz - 4.00 GHz<br />
available cpufreq governors: performance powersave<br />
current policy: frequency should be within 800 MHz and 4.00 GHz.<br />
The governor "powersave" may decide which speed to use<br />
within this range.<br />
current CPU frequency: Unable to call hardware<br />
current CPU frequency: 2.72 GHz (asserted by call to kernel)<br />
boost state support:<br />
Supported: yes<br />
Active: yes<br />
root@daq01:~# <br />
</pre><br />
* Note the following:<br />
** current governor is "powersave"<br />
** "performance" governor is available<br />
** "boost state support" is supported and active.<br />
* Confirm CPU frequency governor:<br />
<pre><br />
root@daq01:~# cat /sys/devices/system/cpu/cpu*/cpufreq/scaling_governor<br />
powersave<br />
powersave<br />
powersave<br />
powersave<br />
powersave<br />
powersave<br />
powersave<br />
powersave<br />
root@daq01:~# <br />
</pre> <br />
* Change governor to "performance":<br />
<pre><br />
root@daq01:~# cpupower frequency-set --governor performance<br />
Setting cpu: 0<br />
Setting cpu: 1<br />
Setting cpu: 2<br />
Setting cpu: 3<br />
Setting cpu: 4<br />
Setting cpu: 5<br />
Setting cpu: 6<br />
Setting cpu: 7<br />
root@daq01:~# cat /sys/devices/system/cpu/cpu*/cpufreq/scaling_governor<br />
performance<br />
performance<br />
performance<br />
performance<br />
performance<br />
performance<br />
performance<br />
performance<br />
root@daq01:~# cpupower frequency-info<br />
analyzing CPU 0:<br />
driver: intel_pstate<br />
CPUs which run at the same hardware frequency: 0<br />
CPUs which need to have their frequency coordinated by software: 0<br />
maximum transition latency: Cannot determine or is not supported.<br />
hardware limits: 800 MHz - 4.00 GHz<br />
available cpufreq governors: performance powersave<br />
current policy: frequency should be within 800 MHz and 4.00 GHz.<br />
The governor "performance" may decide which speed to use<br />
within this range.<br />
current CPU frequency: Unable to call hardware<br />
current CPU frequency: 3.93 GHz (asserted by call to kernel)<br />
boost state support:<br />
Supported: yes<br />
Active: yes<br />
</pre><br />
* monitor CPU frequency:<br />
<pre><br />
root@daq01:~# cpupower monitor<br />
| Nehalem || Mperf || Idle_Stats <br />
CPU| C3 | C6 | PC3 | PC6 || C0 | Cx | Freq || POLL | C1 | C1E | C3 | C6 | C7s | C8 <br />
0| 0.00| 0.00| 0.00| 0.00|| 88.80| 11.20| 3973|| 0.00| 0.00| 0.01| 0.02| 0.31| 0.00| 4.25<br />
4| 0.00| 0.00| 0.00| 0.00|| 4.70| 95.30| 3945|| 0.00| 0.00| 0.00| 0.00| 0.00| 0.00| 95.03<br />
1| 0.73| 3.70| 0.00| 0.00|| 4.52| 95.48| 3864|| 0.00| 0.01| 1.19| 0.44| 2.82| 0.00| 90.23<br />
5| 0.73| 3.70| 0.00| 0.00|| 0.37| 99.63| 3807|| 0.00| 0.00| 0.03| 0.09| 1.70| 0.00| 97.64<br />
2| 2.28| 12.86| 0.00| 0.00|| 1.41| 98.59| 3829|| 0.00| 0.86| 3.17| 0.46| 7.70| 0.00| 85.87<br />
6| 2.28| 12.86| 0.00| 0.00|| 2.88| 97.12| 3856|| 0.00| 0.11| 4.56| 2.15| 10.31| 0.00| 78.99<br />
3| 1.33| 4.81| 0.00| 0.00|| 0.99| 99.01| 3804|| 0.00| 0.49| 0.79| 0.01| 1.03| 0.00| 96.12<br />
7| 1.34| 4.81| 0.00| 0.00|| 1.26| 98.74| 3818|| 0.00| 0.01| 2.32| 0.47| 5.02| 0.00| 90.06<br />
root@daq01:~# <br />
</pre><br />
* check that the CPU is not overheating:<br />
<pre><br />
root@daq01:~# sensors<br />
coretemp-isa-0000<br />
Adapter: ISA adapter<br />
Package id 0: +51.0°C (high = +84.0°C, crit = +100.0°C)<br />
Core 0: +51.0°C (high = +84.0°C, crit = +100.0°C)<br />
Core 1: +38.0°C (high = +84.0°C, crit = +100.0°C)<br />
Core 2: +34.0°C (high = +84.0°C, crit = +100.0°C)<br />
Core 3: +32.0°C (high = +84.0°C, crit = +100.0°C)<br />
</pre><br />
* congratulations, we are running at 4 GHz now!<br />
<br />
= Setup ubuntu as gateway to private network =<br />
<br />
See also:<br />
* https://daq.triumf.ca/DaqWiki/index.php/VME-CPU#Setup_the_boot_host_computer_.28el7.29<br />
* http://www.triumf.info/wiki/DAQwiki/index.php/Dhcpd_on_eth1<br />
<br />
== Steps to do ==<br />
<br />
* assign network numbers to the private network, i.e. 192.168.1.x, 192.168.2.x, etc<br />
* (on the gateway machine, each private network interface has to have a different network number)<br />
* (each network interface can have multiple networks attached, via VLANs or via eth0:0, eth0:1 constructs)<br />
* assign IP addresses on the private network, save them in /etc/hosts i.e. "hvps 192.168.1.10"<br />
* (for simplicity, assign 192.168.1.1 to the gateway machine itself)<br />
* (IP addresses 192.168.1.0 and 192.168.1.255 are "special", do not use them)<br />
* setup DNS server (dnsmasq) to serve contents of /etc/hosts via DNS (otherwise, many programs will see inconsistent name to IP address mapping)<br />
* setup DHCP server (ISC dhcpd or dnsmasq) to give out the IP addresses<br />
* setup tftp, pxelinux and NFS for diskless booting<br />
* setup time server (chronyd) to provide common time to all devices<br />
* setup NAT so machines on private network can access the internet (to get OS updates, etc)<br />
* setup NIS and NFS so machines on the private network can use common home directories<br />
* setup rsync backup of machines on the private network<br />
<br />
== setup hosts ==<br />
<br />
* edit /etc/hosts<br />
<pre><br />
192.168.1.101 dsfe01<br />
... and so forth<br />
</pre><br />
<br />
== setup dns and dhcp ==<br />
<br />
* apt install dnsmasq<br />
* edit /etc/dnsmasq.conf<br />
<pre><br />
# /etc/dnsmasq.conf<br />
# DNS settings<br />
#port=0 # disable DNS function<br />
port=53 # enable DNS function<br />
domain-needed<br />
bogus-priv<br />
no-resolv<br />
server=142.90.100.19<br />
# DHCP settings<br />
interface=enp1s0f0 # DHCP interface<br />
#dhcp-range=192.168.1.50,192.168.1.150,infinite<br />
dhcp-range=192.168.1.0,static<br />
#log-dhcp<br />
quiet-dhcp<br />
#dhcp-ignore=tag:!known<br />
dhcp-boot=pxelinux.0<br />
#dhcp-host=ac:1f:6b:9e:7f:4a,192.168.1.100,10m<br />
dhcp-host=ac:1f:6b:9e:7f:4a,dsfe01,infinite<br />
# TFTP settings<br />
enable-tftp<br />
tftp-root=/tftpboot<br />
</pre><br />
* #mkdir /zssd/tftpboot ### per tftp-root (if no ZFS)<br />
* zfs create -o mountpoint=/tftpboot rpool/tftpboot ### (if root is ZFS)<br />
* systemctl stop systemd-resolved.service<br />
* systemctl disable systemd-resolved.service<br />
* rm /etc/resolv.conf<br />
* create new /etc/resolv.conf with this contents:<br />
<pre><br />
nameserver 127.0.0.1<br />
search snolab.ca<br />
</pre><br />
* systemctl enable dnsmasq<br />
* systemctl restart dnsmasq<br />
<br />
== setup chronyd ==<br />
<br />
* enable ntp server:<br />
* configure and enable chronyd per instructions above<br />
* echo "allow 192.168.1.0/24" > /etc/chrony/conf.d/allow-localhost.conf<br />
* systemctl restart chronyd<br />
* chronyc tracking ### wait until time is synchronized (a few seconds)<br />
<br />
== setup diskless network booting ==<br />
<br />
=== setup pxelinux ===<br />
<pre><br />
cd ~<br />
wget https://www.kernel.org/pub/linux/utils/boot/syslinux/4.xx/syslinux-4.03.tar.bz2<br />
tar xjvf syslinux-4.03.tar.bz2<br />
cd syslinux-4.03<br />
cp -pv ./core/pxelinux.0 ./com32/hdt/hdt.c32 ./memdisk/memdisk ./com32/menu/menu.c32 /zssd/tftpboot/<br />
</pre><br />
* cd /zssd/tftpboot<br />
<pre><br />
wget http://ladd00.triumf.ca/tftpboot/memtest86+-4.20.iso.zip<br />
wget http://ladd00.triumf.ca/tftpboot/memtest86+-5.01.iso.gz<br />
wget http://ladd00.triumf.ca/tftpboot/modules.alias<br />
wget http://ladd00.triumf.ca/tftpboot/modules.pcimap<br />
wget http://ladd00.triumf.ca/tftpboot/pci.ids<br />
</pre><br />
* mkdir pxelinux.cfg<br />
* emacs -nw pxelinux.cfg/default<br />
<pre><br />
default menu.c32<br />
prompt 0<br />
<br />
menu title Welcome to the DSVSLICE PXE boot menu<br />
<br />
timeout 50<br />
<br />
label hdt<br />
kernel hdt.c32<br />
<br />
label memtest86+-5.01 <br />
kernel memdisk iso initrd=memtest86+-5.01.iso.gz <br />
<br />
label memtest86+-4.20<br />
kernel memdisk iso initrd=memtest86+-4.20.iso.zip<br />
<br />
label vmlinuz-5.3.0-26-generic<br />
menu default<br />
kernel vmlinuz-5.3.0-26-generic<br />
append initrd=initrd.img-5.3.0-26-generic boot=nfs root=/dev/nfs netboot=nfs nfsroot=192.168.1.1:/zssd/nfsroot/dsfe01 toram ip=dhcp panic=60 BOOTIF=enp1s0f0<br />
<br />
#end<br />
</pre><br />
<br />
=== setup linux kernel ===<br />
<br />
* copy the kernel files<br />
<pre><br />
cd /boot<br />
rsync -av config* initrd* System.map* vmlinuz* /zssd/tftpboot/<br />
</pre><br />
* cd /zssd/tftpboot<br />
* chmod a+r *<br />
<br />
=== setup nfs ===<br />
<br />
* apt-get install nfs-kernel-server<br />
* emacs -nw /etc/exports<br />
<pre><br />
/zssd/nfsroot/dsfe01 dsfe01(rw,no_root_squash,async,no_subtree_check)<br />
</pre><br />
* enable services<br />
<pre><br />
systemctl enable nfs-server<br />
systemctl enable nfs-mountd<br />
systemctl enable nfs-idmapd<br />
systemctl restart nfs-server<br />
systemctl restart nfs-mountd<br />
systemctl restart nfs-idmapd<br />
</pre><br />
* after editing /etc/exports, run<br />
<pre><br />
exportfs -av<br />
</pre><br />
<br />
=== setup userland ===<br />
<br />
* zfs create zssd/nfsroot<br />
* zfs set dedup=verify zssd/nfsroot ### enable deduplication to save disk space because most linux images have mostly identical files<br />
* clone ubuntu<br />
<pre><br />
mkdir /zssd/nfsroot/dsfe01<br />
cd /<br />
rsync -avx . /zssd/nfsroot/dsfe01<br />
</pre><br />
* edit config files:<br />
* cd /zssd/nfsroot/dsfe01<br />
* emacs -nw etc/hostname ### change to dsfe01<br />
* emacs -nw etc/mailname ### change to dsfe01<br />
* emacs -nw etc/yp.conf ### change daq00.triumf.ca to musr00.triumf.ca<br />
* emacs -nw etc/defaultdomain ### change to MUSR-NIS<br />
* cp -pvf ../lxcpet-SL610/etc/ssh/*key* etc/ssh/ ### preserve the ssh keys<br />
* emacs -nw opt/gonodeinfo/gonodeinfo.conf ### update information<br />
* emacs -nw root/.ssh/authorized_keys ### update root ssh keys<br />
* emacs -nw etc/fstab ### add this<br />
<pre><br />
192.168.1.1:/zssd/nfsroot/dsfe01 / nfs defaults,nolock 0 0<br />
</pre><br />
* emacs -nw etc/chrony/chrony.conf<br />
** comment-out all "pool" and "server" entries<br />
** add entry "server 192.168.1.1 iburst"<br />
<br />
After dsfe01 is booted:<br />
<br />
* disable services:<br />
<pre><br />
systemctl disable apache2<br />
systemctl disable dnsmasq<br />
systemctl disable zfs-import-cache<br />
</pre><br />
<br />
To setup additional machines, clone dsfe01 instead of cloning the gateway machine<br />
<br />
=== Allow manpages to be viewed ===<br />
<br />
If <code>/</code> is mounted over NFS, <code>man</code> will report a permission error. Fix it with:<br />
<br />
<pre><br />
ln -s /etc/apparmor.d/usr.bin.man /etc/apparmor.d/disable/<br />
apparmor_parser -R /etc/apparmor.d/usr.bin.man<br />
</pre><br />
<br />
== setup shared home directory ==<br />
<br />
=== on the gateway machine ===<br />
* define netgroups<br />
* emacs -nw /etc/netgroup<br />
<pre><br />
dsfe (dsfe01,,) (dsfe02,,)<br />
</pre><br />
* emacs -nw /etc/nsswitch.conf ### edit the netgroup line to read:<br />
<pre><br />
netgroup: files<br />
</pre><br />
* export the home directories:<br />
* emacs -nw /etc/exports ### add this:<br />
<pre><br />
/zssd/home1 @dsfe(rw,no_root_squash,async,no_subtree_check)<br />
</pre><br />
* exportfs -rc<br />
<br />
=== on the frontend machine ===<br />
<br />
* mkdir /home<br />
* emacs -nw /etc/fstab ### add this:<br />
<pre><br />
192.168.1.1:/zssd/home1 /home nfs defaults 0 0<br />
</pre><br />
* mount -a<br />
<br />
== setup NAT ==<br />
<br />
NAT allows machines on the private network to connect to the internet: https://en.wikipedia.org/wiki/Network_address_translation<br />
<br />
In these examples:<br />
* replace "eno1" with name of the outgoing interface (the one connected to the TRIUMF network).<br />
* replace "enp11s0" with name of the private network interface (192.168.1.x network)<br />
<br />
* emacs -nw /etc/rc.local ### add this:<br />
<pre><br />
# /etc/rc.local<br />
<br />
/sbin/iptables -t nat -A POSTROUTING -o eno1 -j MASQUERADE<br />
iptables -L -v<br />
<br />
# uncomment following lines if machine has prohibitive FORWARD rules:<br />
#/sbin/iptables -I FORWARD -i eno1 -o enp11s0 -m state --state RELATED,ESTABLISHED -j ACCEPT<br />
#/sbin/iptables -I FORWARD -i enp11s0 -o eno1 -j ACCEPT<br />
#iptables -L -v<br />
<br />
iptables -L -v<br />
sysctl -w net.ipv4.ip_forward=1<br />
#sysctl -a | grep forward<br />
<br />
sh /etc/firewall-rfc1918.sh<br />
<br />
# end<br />
</pre><br />
* emacs -nw /etc/firewall-rfc1918.sh<br />
<pre><br />
# firewall-rfc1918.sh<br />
<br />
# prevent RFC1918 private network IP addresses from<br />
# going in and out from our uplink.<br />
<br />
ETH=eno1<br />
<br />
iptables -F in-rfc1918<br />
iptables -N in-rfc1918<br />
iptables -A in-rfc1918 --dst 10.0.0.0/8 -j REJECT<br />
iptables -A in-rfc1918 --dst 172.16.0.0/12 -j REJECT<br />
iptables -A in-rfc1918 --dst 192.168.0.0/16 -j REJECT<br />
iptables -D INPUT -j in-rfc1918 -i $ETH<br />
iptables -D INPUT -j in-rfc1918 -i $ETH<br />
iptables -I INPUT -j in-rfc1918 -i $ETH<br />
<br />
iptables -F out-rfc1918<br />
iptables -N out-rfc1918<br />
iptables -A out-rfc1918 --dst 10.0.0.0/8 -j REJECT<br />
iptables -A out-rfc1918 --dst 172.16.0.0/12 -j REJECT<br />
iptables -A out-rfc1918 --dst 192.168.0.0/16 -j REJECT<br />
iptables -D OUTPUT -j out-rfc1918 -o $ETH<br />
iptables -D OUTPUT -j out-rfc1918 -o $ETH<br />
iptables -I OUTPUT -j out-rfc1918 -o $ETH<br />
<br />
iptables -L -v<br />
<br />
#end<br />
</pre><br />
<br />
= KVM =<br />
<br />
<pre><br />
apt install cpu-checker<br />
<br />
root@daq13:~# kvm-ok <br />
INFO: /dev/kvm exists<br />
KVM acceleration can be used<br />
root@daq13:~# <br />
<br />
(if not, shutdown, go into BIOS settings, enable CPU virtualization)<br />
<br />
apt install virtinst ### will install many packages<br />
apt install libvirt-clients libvirt-daemon-system-systemd libvirt-daemon qemu qemu-kvm libvirt-daemon-system virtinst bridge-utils<br />
<br />
root@daq13:/home1/wheel# virsh list --all<br />
Id Name State<br />
------------------------------<br />
1 ubuntu-guest running<br />
<br />
apt install virt-manager<br />
<br />
virt-install --name ubuntu-guest --os-variant ubuntu20.04 --vcpus 2 --ram 2048 --location /daq/daqstore/olchansk/linux/Ubuntu/ubuntu-20.04.3-desktop-amd64.iso --network bridge=virbr0,model=virtio --graphics none --extra-args='console=ttyS0,115200n8 serial'<br />
<br />
virtual machine will start, boot, etc<br />
to get out of it, CTRL + Shift followed by ]<br />
<br />
ssh wheel@daq13<br />
virt-manager<br />
<br />
run virt-install again, omit "--graphics none", open graphics console from virt-manager, it booted into ubuntu installer desktop<br />
<br />
virt-install --name test10 --os-variant centos6.10 --vcpus 2 --ram 2048 --import --filesystem /kvm_ladd00,/ --network bridge=virbr0,model=virtio --boot kernel=/kvm_ladd00/boot/vmlinuz-2.6.32-754.35.1.el6.x86_64,initrd=/kvm_ladd00/boot/initramfs-2.6.32-754.35.1.el6.x86_64.img,kernel_args="root=/dev/sda console=ttyS0,115200n8 serial" --graphics none<br />
<br />
virt-install --name test14 --os-variant centos6.10 --vcpus 2 --ram 2048 --import --disk /tmp/xxx/ladd00.img,bus=sata --network bridge=virbr0,model=virtio --boot kernel=/kvm_ladd00/boot/vmlinuz-2.6.32-754.35.1.el6.x86_64,initrd=/kvm_ladd00/boot/initramfs-2.6.32-754.35.1.el6.x86_64.img,kernel_args="root=/dev/sda console=ttyS0,115200n8 serial rdshell" --graphics none --check path_in_use=off<br />
</pre><br />
<br />
build image<br />
<br />
<pre><br />
dd if=/dev/zero of=/tmp/xxx/ladd00.img bs=1024M count=20<br />
mkfs.ext3 /tmp/xxx/ladd00.img ### ext4 fails to mount by SL6 kernel, "unknown ext4 options"<br />
cd /kvm_ladd00/<br />
mount -o loop /tmp/xxx/ladd00.img /mnt/tmp<br />
rsync -av . /mnt/tmp/ --delete<br />
umount /mnt/tmp<br />
</pre><br />
<br />
on the guest, configure network: /etc/rc.local<br />
<pre><br />
#!/bin/sh<br />
#<br />
# This script will be executed *after* all the other init scripts.<br />
# You can put your own initialization stuff in here if you don't<br />
# want to do the full Sys V style init stuff.<br />
<br />
touch /var/lock/subsys/local<br />
<br />
ifconfig eth2 192.168.122.2<br />
route add -net 0.0.0.0 gw 192.168.122.1<br />
ifconfig -a<br />
netstat -rn<br />
<br />
# end<br />
</pre><br />
<br />
= ARM cross-compiler =<br />
<br />
<pre><br />
apt install libgcc-9-dev-arm64-cross<br />
apt install gcc-arm-linux-gnueabi<br />
apt install gcc-arm-linux-gnueabihf<br />
apt install g++-arm-linux-gnueabihf<br />
apt install g++-arm-linux-gnueabi<br />
</pre><br />
<br />
<pre><br />
arm-linux-gnueabi-gcc -o ttcp1 ttcp.c -march=armv7 -static<br />
arm-linux-gnueabi-gcc -o memcpy.armv7 memcpy.cc -march=armv7 -static -O2<br />
</pre></div>
Lindner
https://daq00.triumf.ca/DaqWiki/index.php?title=Ubuntu&diff=7107
Ubuntu
2023-04-05T20:05:15Z
<p>Lindner: /* enable NIS (ubuntu 22.04, debian 11) */</p>
<hr />
<div>= About Ubuntu =<br />
<br />
AAA<br />
<br />
<br />
<br />
= Ubuntu version =<br />
<br />
<pre><br />
lsb_release -a<br />
uname -a<br />
</pre><br />
<br />
= Ubuntu installer =<br />
<br />
* updated for Ububtu LTS 20.04.01, 22.04.1<br />
<br />
* download the latest Ubuntu LTS desktop installer iso image<br />
* dd the image to a USB key<br />
* power down, disconnect all disks (all HDDs, all SSDs, all M.2)<br />
* connect the SSD to be used as system disk<br />
* if system will use mirrored SSDs (using ZFS mirror), leave second SSD disconnected, we will activate it later<br />
* power up<br />
* boot from USB key in legacy mode or UEFI mode (select this in the BIOS boot menu - F8 for ASUS, F11 for Supermicro)<br />
* follow the instruction:<br />
* "try ubuntu or install ubuntu" - choose "install"<br />
* select language - accept default<br />
* "updates and other software" - accept default settings ("normal install")<br />
* "installation type" - select "advanced features" and "experimental: use ZFS"<br />
* accept partition choice<br />
* "where are you?" - select "Vancouver" (PST time zone)<br />
* "who are you?" - leave all fields blank, except "username" set to "wheel", "password" set to the root password. hostname will be set later after configuring the network<br />
* installation runs in a few minutes, when finished, reboot<br />
* login as user wheel<br />
* answer annouying questions:<br />
* "livepatch" - say "next"<br />
* "help improve" - select "do not send", say "next"<br />
* "privacy" - leave "location" as "off", say "next"<br />
* "ready to go", say "done"<br />
* right-click on the desktop, say "open in terminal", a shell will open<br />
* say "sudo /bin/bash", enter the root password, you now have the root shell<br />
* run nm-connection-editor to configure the network. use netmask 255.255.224.0, gateway 142.90.100.18, DNS 142.90.100.19, search path "triumf.ca"<br />
* after network is up (can ping ladd00), continue with post-installation steps below<br />
<br />
= Install instructions =<br />
<br />
== prepare ==<br />
<pre><br />
apt update<br />
apt upgrade<br />
</pre><br />
<br />
== install ssh ==<br />
<pre><br />
apt install ssh<br />
</pre><br />
<br />
== configure hostname ==<br />
<pre><br />
vi /etc/hostname<br />
</pre><br />
<br />
== disable swap ==<br />
<br />
ubuntu installer creates a 2 GB swap partition, not useful<br />
on 32-64 GB machine, disable it:<br />
<pre><br />
vi /etc/fstab ### comment out the "swap" line<br />
</pre><br />
<br />
== maybe reboot ==<br />
<br />
this is a good point to reboot the machine to boot<br />
the latest kernel and to set the correct hostname<br />
<br />
== install etckeeper ==<br />
<br />
keep contents of /etc in a git repository:<br />
<br />
<pre><br />
apt -y install etckeeper<br />
</pre><br />
<br />
== set timezone ==<br />
<pre><br />
timedatectl list-timezones | grep -i vancouver<br />
timedatectl set-timezone America/Vancouver<br />
</pre><br />
<br />
== install time synchronization ==<br />
<pre><br />
apt -y install chrony<br />
echo server time1.triumf.ca iburst >> /etc/chrony/chrony.conf<br />
echo server time2.triumf.ca iburst >> /etc/chrony/chrony.conf<br />
echo server time3.triumf.ca iburst >> /etc/chrony/chrony.conf<br />
systemctl disable systemd-timesyncd.service<br />
systemctl stop systemd-timesyncd.service<br />
systemctl disable ntp<br />
systemctl stop ntp<br />
systemctl enable chrony<br />
systemctl restart chrony<br />
chronyc sources<br />
chronyc tracking<br />
</pre><br />
<br />
== reenable systemd-timesyncd ==<br />
<br />
ONLY IF CHRONY DOES NOT WORK<br />
<br />
<pre><br />
apt remove chrony<br />
systemctl enable systemd-timesyncd.service<br />
systemctl restart systemd-timesyncd.service<br />
systemctl status systemd-timesyncd.service<br />
timedatectl status<br />
timedatectl timesync-status<br />
</pre><br />
<br />
== enable outgoing email (debian 11) ==<br />
<br />
this is different from ubuntu 20. it uses /etc/mailname and it hardwires the hostname into main.cf.<br />
<br />
== enable outgoing email ==<br />
<br />
* TRIUMF: use smtp.triumf.ca<br />
* CERN: use cernmx.cern.ch<br />
<br />
<pre><br />
apt install postfix ### select "satellite system", enter full hostname "xxx.triumf.ca", enter "smtp.triumf.ca"<br />
apt install mailutils<br />
dpkg-reconfigure postfix ### (if postfix already installed)<br />
</pre><br />
<pre><br />
echo olchansk@triumf.ca lindner@triumf.ca bsmith@triumf.ca >> ~root/.forward<br />
mailx root<br />
test<br />
^D<br />
</pre><br />
<br />
== enable ping for all users (debian 11) ==<br />
<br />
Without this tweak, Debian will report "operation not permitted" if a user tries to ping somewhere.<br />
<br />
<pre><br />
echo 'net.ipv4.ping_group_range = 0 1000' > /etc/sysctl.d/99-ping.conf<br />
</pre><br />
<br />
== install missing packages ==<br />
<br />
(apt eats terminal input, even the "yes |" trick does not quite work,<br />
repeat the following commands until they report that everything<br />
is installed)<br />
<br />
<pre><br />
yes | apt -y install ssh tcsh ethtool ncat rsync strace net-tools sysstat smartmontools lm-sensors traceroute time minicom screen git lsof debsums tmux<br />
yes | apt -y install lsb-release<br />
yes | apt -y install flex bison<br />
yes | apt -y install neofetch<br />
yes | apt -y install snmp snmp-mibs-downloader<br />
yes | apt -y install git subversion g++ gfortran cmake doxygen<br />
yes | apt -y install python<br />
yes | apt -y install curl libcurl4 libcurl4-openssl-dev<br />
yes | apt -y install mariadb-client ### mysql client<br />
yes | apt -y install libz-dev sqlite3 libsqlite3-dev unixodbc-dev<br />
yes | apt -y install libssl-dev<br />
yes | apt -y install emacs xemacs21 joe<br />
yes | apt -y install gnuplot dos2unix<br />
yes | apt -y install mutt bsd-mailx # email clients<br />
yes | apt -y install liblz4-tool pbzip2<br />
yes | apt -y install libc6-dev-i386 # otherwise no /usr/include/sys/types.h<br />
yes | apt -y install libreadline-dev<br />
yes | apt -y install chromium-browser chromium-codecs-ffmpeg-extra<br />
yes | apt -y install ubuntu-mate-themes<br />
yes | apt -y install libmotif-dev libxmu-dev<br />
yes | apt -y install libusb-dev libusb-1.0-0-dev<br />
yes | apt -y install xfig gsfonts-x11 gsfonts-other # install fonts for xfig<br />
yes | apt -y install libjson-perl<br />
yes | apt -y install libgsl-dev # additional GNU Scientific Library<br />
yes | apt -y install qt5-default # Qt development<br />
yes | apt -y install python3.8-full python3.8-dev python3.8-dbg python3-pip ### for pyROOT<br />
yes | apt -y install imagemagick imagemagick-common ckeditor # for elog<br />
yes | apt -y install libjpeg-dev libjpeg-progs libjpeg-tools<br />
yes | apt -y install linux-tools-common linux-tools-generic # cpupower frequency-info<br />
</pre><br />
<br />
Ubuntu LTS 20.04:<br />
<pre><br />
yes | apt -y install linux-image-generic-hwe-20.04 linux-tools-virtual-hwe-20.04 # enable linux 5.11 series kernel<br />
</pre><br />
<br />
== install git/scripts ==<br />
<pre><br />
mkdir ~root/git<br />
cd ~root/git<br />
git clone https://daq00.triumf.ca/~olchansk/git/scripts.git<br />
cd scripts<br />
git pull<br />
</pre><br />
<br />
== disable swap (debian 11) ==<br />
<br />
* on 64 GB RAM machines swap is not useful<br />
* on machines booted from network (NFS-ROOT), swap does not work<br />
* on machines running from flash (RPi, etc), flash is too slow for useful swap<br />
* swap configured by linux installers invariably has wrong size and is not useful<br />
<br />
<pre><br />
systemctl disable dphys-swapfile<br />
systemctl stop dphys-swapfile<br />
dphys-swapfile uninstall<br />
</pre><br />
<br />
== configure DNS ==<br />
<br />
<pre><br />
cd ~/git/scripts<br />
git pull<br />
mkdir /etc/systemd/resolved.conf.d<br />
cp etc/resolved-triumf.conf /etc/systemd/resolved.conf.d/<br />
systemctl restart systemd-resolved<br />
resolvectl<br />
#systemd-analyze cat-config systemd/resolved.conf<br />
</pre><br />
<br />
== install ganglia ==<br />
<br />
<pre><br />
yes | apt-get -y install ganglia-monitor<br />
systemctl enable ganglia-monitor<br />
</pre><br />
<pre><br />
cd ~root/git/scripts<br />
git pull<br />
cp etc/gmond-ubuntu.conf /etc/ganglia/gmond.conf<br />
ln -s ganglia/gmond.conf /etc<br />
# ln -s arm-linux-gnueabihf/ganglia /usr/lib/ganglia ### fix path for ARM CPU<br />
# ln -s i386-linux-gnu/ganglia /usr/lib/ganglia ### fix path for 32-bit Intel CPU<br />
systemctl restart ganglia-monitor<br />
systemctl status ganglia-monitor<br />
ps -efw | grep gmond<br />
</pre><br />
<pre><br />
cd ~root/git/scripts/ganglia<br />
make install<br />
./ganglia-all.perl<br />
</pre><br />
<br />
== install gonodeinfo ==<br />
<br />
* go to https://bitbucket.org/dd1/gonodeinfo follow instructions:<br />
<pre><br />
yes | apt-get -y install golang<br />
mkdir ~/git<br />
cd ~/git<br />
git clone https://bitbucket.org/dd1/gonodeinfo.git<br />
cd gonodeinfo<br />
git pull<br />
make<br />
make install # install gonodeinfo agent<br />
cd ~ # this is important<br />
</pre><br />
* edit /etc/gonodeinfo.conf<br />
* change "Description", "Location", "User" and "Administrator" as appropriate (or delete them)<br />
* change "Servers" to read: Servers: daq00.triumf.ca:8601<br />
* run "gonodeinfo -v"<br />
* if error is "connection refused". go to the nodeinfo server to add this client to the access control list:<br />
* on the gonodeinfo server: run /opt/gonodeinfo/gonodereceive.exe -a daq13<br />
* try gonodeinfo again, there should be no error<br />
* on the gonodeinfo server: run gonodereport, look at the web pages, the new machine should be listed now<br />
<br />
== install libz.so.1 for CentOS compatibility ==<br />
<br />
KO - confirm which versions on quartus need this.<br />
<br />
<pre><br />
yes | apt-get -y install zlib1g<br />
yes | apt-get -y install zlib1g:i386 libc6:i386 libgcc1:i386 gcc-6-base:i386<br />
</pre><br />
<br />
== install libpng12.so.0 for Quartus compatibility ==<br />
<br />
(does not work anymore!!!)<br />
<br />
<pre><br />
wget http://ftp.ca.debian.org/debian/pool/main/libp/libpng/libpng12-0_1.2.50-2+deb8u2_amd64.deb<br />
dpkg --install libpng12-0_1.2.50-2+deb8u2_amd64.deb<br />
</pre><br />
<br />
== install libpng12.so.0 for Quartus 13.0sp1 ==<br />
<br />
<pre><br />
wget https://daq00.triumf.ca/~olchansk/linux/libpng12.so.0<br />
wget https://daq00.triumf.ca/~olchansk/linux/libpng12.so.0.50.0<br />
/bin/cp -pv libpng12.so.0 libpng12.so.0.50.0 /lib/x86_64-linux-gnu/<br />
</pre><br />
<br />
== install packages for Xilinx ==<br />
<br />
<pre><br />
apt install texinfo<br />
apt install zlib1g:i386<br />
</pre><br />
<br />
== install packages for building ROOT ==<br />
<br />
<pre><br />
apt -y install libx11-dev libxpm-dev libxft-dev libxext-dev libpng-dev libjpeg-dev xlibmesa-glu-dev libxml2-dev libgsl-dev cmake<br />
</pre><br />
<br />
== install 32-bit libraries for PHYSICA ==<br />
<br />
these instructions are for running 32-bit physica executable built for SL6 on ubuntu LTS 20.04<br />
<br />
install physica sources (cannot build, do not have g77)<br />
<br />
<pre><br />
cd ~/packages<br />
git clone https://bitbucket.org/ttriumfdaq/physica.git<br />
</pre><br />
<br />
install 32-bit libraries using ubuntu package manager:<br />
<br />
<pre><br />
apt install lib32z1 # libz.so<br />
</pre><br />
<br />
copy 32-bit SL6 shared libraries to /lib32<br />
<br />
<pre><br />
root@trinatdaq:~# cp /daq/daqstore/olchansk/daq/physica-SL6/libX11.so.6 /lib32/<br />
root@trinatdaq:~# cp /daq/daqstore/olchansk/daq/physica-SL6/libgd.so.2 /lib32/<br />
root@trinatdaq:~# cp /daq/daqstore/olchansk/daq/physica-SL6/libpng12.so.0 /lib32/<br />
root@trinatdaq:~# cp /daq/daqstore/olchansk/daq/physica-SL6/libreadline.so.6 /lib32/<br />
root@trinatdaq:~# cp /daq/daqstore/olchansk/daq/physica-SL6/libncurses.so.5 /lib32/<br />
root@trinatdaq:~# cp /daq/daqstore/olchansk/daq/physica-SL6/libg2c.so.0 /lib32/<br />
root@trinatdaq:~# cp /daq/daqstore/olchansk/daq/physica-SL6/libxcb.so.1 /lib32/<br />
root@trinatdaq:~# cp /daq/daqstore/olchansk/daq/physica-SL6/libXpm.so.4 /lib32/<br />
root@trinatdaq:~# cp /daq/daqstore/olchansk/daq/physica-SL6/libjpeg.so.62 /lib32/<br />
root@trinatdaq:~# cp /daq/daqstore/olchansk/daq/physica-SL6/libfontconfig.so.1 /lib32/<br />
root@trinatdaq:~# cp /daq/daqstore/olchansk/daq/physica-SL6/libfreetype.so.6 /lib32/<br />
root@trinatdaq:~# cp /daq/daqstore/olchansk/daq/physica-SL6/libtinfo.so.5 /lib32/<br />
root@trinatdaq:~# cp /daq/daqstore/olchansk/daq/physica-SL6/libXau.so.6 /lib32/<br />
root@trinatdaq:~# cp /daq/daqstore/olchansk/daq/physica-SL6/libexpat.so.1 /lib32/<br />
</pre><br />
<br />
ldd should report:<br />
<br />
<pre><br />
trinatdaq:trinat> ldd /usr/local/physica/physica.exe<br />
linux-gate.so.1 (0xf7fa2000)<br />
libX11.so.6 => /lib32/libX11.so.6 (0xf7e43000)<br />
libgd.so.2 => /lib32/libgd.so.2 (0xf7dfe000)<br />
libpng12.so.0 => /lib32/libpng12.so.0 (0xf7dd6000)<br />
libz.so.1 => /lib32/libz.so.1 (0xf7db8000)<br />
libreadline.so.6 => /lib32/libreadline.so.6 (0xf7d7e000)<br />
libncurses.so.5 => /lib32/libncurses.so.5 (0xf7d5b000)<br />
libg2c.so.0 => /lib32/libg2c.so.0 (0xf7d3d000)<br />
libm.so.6 => /lib32/libm.so.6 (0xf7c39000)<br />
libgcc_s.so.1 => /lib32/libgcc_s.so.1 (0xf7c1a000)<br />
libc.so.6 => /lib32/libc.so.6 (0xf7a2f000)<br />
libxcb.so.1 => /lib32/libxcb.so.1 (0xf7a05000)<br />
libdl.so.2 => /lib32/libdl.so.2 (0xf79ff000)<br />
libXpm.so.4 => /lib32/libXpm.so.4 (0xf79ee000)<br />
libjpeg.so.62 => /lib32/libjpeg.so.62 (0xf7997000)<br />
libfontconfig.so.1 => /lib32/libfontconfig.so.1 (0xf7962000)<br />
libfreetype.so.6 => /lib32/libfreetype.so.6 (0xf78c9000)<br />
libtinfo.so.5 => /lib32/libtinfo.so.5 (0xf78b0000)<br />
/lib/ld-linux.so.2 (0xf7fa4000)<br />
libXau.so.6 => /lib32/libXau.so.6 (0xf78ad000)<br />
libexpat.so.1 => /lib32/libexpat.so.1 (0xf7885000)<br />
trinatdaq:trinat> <br />
</pre><br />
<br />
set login environment:<br />
<br />
<pre><br />
setenv TRIUMF_FONTS $HOME/packages/physica/fonts<br />
setenv PHYSICA_DIR $HOME/packages/physica<br />
alias physica $PHYSICA_DIR/physica-SL6-32<br />
</pre><br />
<br />
test:<br />
<br />
<pre><br />
cd ~/packages/physica<br />
physica<br />
@rangauss.pcm<br />
</pre><br />
<br />
== install lightdm ==<br />
<br />
unlike the default gdm login manager, lightdm shows the machine hostname and does not require an extra mouse click to swicth from screen saver to login mode.<br />
<br />
<pre><br />
apt -y install lightdm<br />
# select lightdm<br />
</pre><br />
<br />
== install desktop environments ==<br />
<br />
note: default display manager and default desktop are deficient, please do not skip this step.<br />
<br />
note: if apt asks to choose the display manager, select "lightdm"<br />
<br />
note: KO - I recommend the "MATE" desktop.<br />
<br />
note: you will have to cut-and-paste this several times because "apt" eats commands, even with "-y" and even piped from "yes".<br />
<br />
<pre><br />
# install MATE desktop<br />
DEBIAN_FRONTEND=noninteractive apt -y install ubuntu-mate-core ubuntu-mate-desktop ubuntu-mate-themes<br />
# install Cinnamon desktop<br />
DEBIAN_FRONTEND=noninteractive apt -y install cinnamon<br />
# install KDE desktop<br />
DEBIAN_FRONTEND=noninteractive apt -y install kubuntu-desktop<br />
# install Lxqt desktop<br />
DEBIAN_FRONTEND=noninteractive apt -y install lxqt<br />
# install Xfce4 desktop<br />
DEBIAN_FRONTEND=noninteractive apt -y install xfce4<br />
</pre><br />
<br />
== install ROOT ==<br />
<br />
Please install ROOT per instructions at http://root.cern.ch.<br />
<br />
NOTE1: The ROOT package available from Ubuntu repositories is severely out of date and cannot be used with MIDAS and ROOTANA. ### DO NOT DO THIS! apt-get install root-system<br />
<br />
NOTE2: as of 2017-Jan-09, ROOT binary kits for Ubuntu do not work (use GCC 5 instead of GCC6), build from source instead.<br />
<br />
== Install x2go ==<br />
<br />
KO - is this still needed? does it cause any security problems?<br />
<br />
x2go instructions, thanks to Art O.<br />
<br />
<pre><br />
add-apt-repository ppa:x2go/stable<br />
apt-get update<br />
apt-get install x2goserver x2goserver-xsession<br />
</pre><br />
<br />
== enable root login from ladd00/daq00 ==<br />
<pre><br />
ssh localhost<br />
CTRL-C<br />
/bin/cp ~root/git/scripts/etc/authorized_keys ~root/.ssh/<br />
</pre><br />
<br />
== install smart-status ==<br />
<pre><br />
ln -s ~/git/scripts/smart-status/smart-status.perl ~root/<br />
</pre><br />
<br />
== enable boot menu and boot messages ==<br />
<br />
This will enable the grub menu (with a 10 sec timeout) and<br />
replace black screen with exciting linux boot messages.<br />
<br />
* emacs -nw /etc/default/grub<br />
<pre><br />
GRUB_DEFAULT=0<br />
#GRUB_TIMEOUT_STYLE=hidden<br />
GRUB_TIMEOUT=10<br />
GRUB_DISTRIBUTOR=`lsb_release -i -s 2> /dev/null || echo Debian`<br />
#GRUB_CMDLINE_LINUX_DEFAULT="vga=769 video=640x480"<br />
GRUB_CMDLINE_LINUX_DEFAULT=""<br />
GRUB_CMDLINE_LINUX=""<br />
#GRUB_GFXMODE=640x480<br />
</pre><br />
* update grub config:<br />
<pre><br />
grub-mkconfig -o /boot/grub/grub.cfg<br />
</pre><br />
<br />
== reboot ==<br />
<br />
this completes installation of the base system.<br />
<br />
following sections modify basic ubuntu to fix known problems and to enable special stuff.<br />
<br />
= Enable automatic updates =<br />
<br />
<pre><br />
apt install unattended-upgrades<br />
cd ~/git/scripts<br />
git pull<br />
/bin/cp -v etc/99apt-conf-ko /etc/apt/apt.conf.d/<br />
apt-config dump | grep Unattended<br />
</pre><br />
<br />
Following is obsolete:<br />
<br />
* emacs -nw /etc/apt/apt.conf.d/50unattended-upgrades<br />
** uncomment in Allowed-Origins "-security" and "-updates"<br />
** add in Allowed-Origins: "Google LLC:stable";<br />
** uncomment/add: "Unattended-Upgrade::Mail "root";<br />
* emacs -nw /etc/apt/apt.conf.d/10periodic<br />
<pre><br />
APT::Periodic::Update-Package-Lists "1";<br />
APT::Periodic::Download-Upgradeable-Packages "1";<br />
APT::Periodic::AutocleanInterval "7";<br />
APT::Periodic::Unattended-Upgrade "1";<br />
</pre><br />
* test: unattended-upgrade --dry-run -v<br />
<br />
= Fix bpool is full =<br />
<br />
!!! only if ROOT on ZFS !!!<br />
<br />
There is an error in the zsys package that causes bpool to run out of space,<br />
see [[#Ubuntu zsys]] for more details.<br />
<br />
To fix:<br />
<pre><br />
cd ~/git/scripts<br />
git pull<br />
cp etc/zsys.conf /etc/<br />
zsysctl service reload<br />
zsysctl service gc<br />
zpool list bpool<br />
zfs list bpool<br />
df /boot<br />
</pre><br />
<br />
= IPMI instructions =<br />
<br />
IPMI is the board management hardware on Supermicro and other server motherboards. This includes hardware sensors - fan rotation speed, temperatures and power supply voltages.<br />
<br />
<pre><br />
apt-get install ipmitool<br />
systemctl enable ipmievd<br />
systemctl restart ipmievd<br />
</pre><br />
<br />
Run:<br />
* ipmitool sel list ### event list<br />
* ipmitool sel elist ### event list<br />
* ipmitool sel clear ### clear event list (if it becomes full)<br />
* ipmitool sensor ### report hardware sensors<br />
<br />
= move /home/wheel =<br />
<br />
note: this MUST be done if ZFS root and NIS/autofs with /home.<br />
<br />
Default location of wheel's home directory will collide with autofs /home, it has to be moved,<br />
for example to /wheel.<br />
<br />
<pre><br />
# logout from the wheel user<br />
# go to another computer<br />
ssh root@daqubuntuxxx<br />
zfs list | grep wheel ### identify zfs name wheel_xxxxxx<br />
zfs set mountpoint=/wheel rpool/USERDATA/wheel_hm8fzh<br />
emacs -nw /etc/passwd ### change wheel's home directory from /home/wheel to /wheel<br />
su - wheel ### check that user wheel still works<br />
</pre><br />
<br />
= enable NIS (ubuntu 22.04, debian 11) =<br />
<br />
<pre><br />
apt -y install rpcbind nis<br />
echo DAQ-NIS >> /etc/defaultdomain<br />
echo ypserver daq00.triumf.ca >> /etc/yp.conf<br />
systemctl enable ypbind.service<br />
systemctl restart ypbind.service<br />
systemctl status ypbind.service<br />
ypwhich -m<br />
</pre><br />
<br />
enable ypserv:<br />
<br />
<pre><br />
sed -i s/NISSERVER=false/NISSERVER=slave/ /etc/default/nis<br />
/usr/lib/yp/ypinit -s daq00<br />
echo ypserver localhost >> /etc/yp.conf<br />
sed -i "s/ypserver .*/ypserver localhost/" /etc/yp.conf<br />
systemctl enable ypserv<br />
systemctl restart ypserv<br />
systemctl restart ypbind<br />
</pre><br />
<br />
edit /etc/nsswitch.conf to read:<br />
<br />
<pre><br />
# begin get data from nis<br />
passwd: files nis<br />
group: files nis<br />
shadow: files nis<br />
automount: files nis<br />
netgroup: files nis<br />
# end get data from nis<br />
</pre><br />
<br />
enable hourly update of nis maps:<br />
<br />
<pre><br />
mkdir ~root/git<br />
cd ~root/git<br />
git clone http://daq00.triumf.ca/~olchansk/git/scripts.git<br />
cd ~/git/scripts/etc<br />
git pull<br />
ln -s $PWD/ypxfr-cron-hourly /etc/cron.hourly<br />
</pre><br />
<br />
If this is a new machine, then on the master NIS node (daq00), add this new node to /etc/netgroup, and update NIS maps (cd /var/yp; make)<br />
<br />
= enable NIS (ubuntu 20.04) =<br />
<br />
* apt-get -y install portmap nis ### will ask for NIS domain (DAQ-NIS)<br />
* dpkg-reconfigure nis ### reconfigure if already installed<br />
* ypwhich -m<br />
* edit /etc/default/nis<br />
** set "NISSERVER=slave"<br />
** Ubuntu LTS 20.04, check that "YPBINDARGS=" is blank, remove "-no-dbus" if it is there<br />
* #edit /etc/yp.conf, comment-out everything, add "domain DAQ-NIS server localhost"<br />
* edit /etc/yp.conf, comment-out everything, add "ypserver localhost"<br />
* /usr/lib/yp/ypinit -s daq00<br />
* systemctl enable nis<br />
* systemctl restart nis<br />
* ypwhich<br />
* ypwhich -m<br />
* ypcat -k passwd<br />
* vi /etc/nsswitch.conf ### add the automount line, modify the passwd, group and shadow lines to read this:<br />
<pre><br />
# begin get data from nis<br />
passwd: files nis<br />
group: files nis<br />
shadow: files nis<br />
automount: files nis<br />
netgroup: files nis<br />
# end get data from nis<br />
</pre><br />
* enable hourly update of NIS maps<br />
<pre><br />
mkdir ~root/git<br />
cd ~root/git<br />
git clone http://ladd00.triumf.ca/~olchansk/git/scripts.git<br />
cd ~/git/scripts/etc<br />
git pull<br />
ln -s $PWD/ypxfr-cron-hourly /etc/cron.hourly<br />
</pre><br />
* ### NOT NEEDED sudo vi /etc/idmapd.conf ### add line: "Domain = triumf.ca"<br />
<br />
= enable autofs =<br />
<br />
<pre><br />
apt -y install autofs<br />
systemctl enable autofs<br />
systemctl restart autofs<br />
ls -l /home/olchansk ### test autofs, check file owner is correct<br />
</pre><br />
<br />
= enable NFS server =<br />
<br />
<pre><br />
apt install nfs-kernel-server<br />
#edit /etc/exports<br />
systemctl enable nfs-server<br />
systemctl restart nfs-server<br />
</pre><br />
<br />
= NIS master =<br />
<br />
notes for setting up the NIS master<br />
<br />
== wheel user ==<br />
<br />
"wheel" is the default administrative user. We do not want it's password exported to NIS (encrypted password hash is world visible) and we do not want it's home directory exported to NFS (~wheel/.ssh is world visible and potentially writable: anybody can change ~wheel/.ssh/authorized_keys).<br />
<br />
* move wheel's home directory from /home/wheel to /wheel (see special section about this)<br />
* change wheel's UID and GID from 1000 to a value below MINUID in /var/yp/Makefile<br />
<br />
== coherent uids ==<br />
<br />
we do not want system accounts defined in /etc/passwd of the NIS master<br />
to be included in the NIS map "passwd". this causes trouble on NIS clients<br />
where newly installed packages fail to create local system users because same<br />
user already exists in NIS.<br />
<br />
This is controlled by MINUID in /var/yp/Makefile.<br />
<br />
Historical TRIUMF uids start from around 200, but several clusters do not have any historic TRIUMF uids below 500 and MINUID is set to:<br />
* DAQ-NIS: MINUID=200<br />
* ISAC-NIS: MINUID=500<br />
* TITAN-NIS: MINUID=500<br />
* MUSR-NIS: MINUID=500<br />
* TIG-NIS: MINUID=500 (100 on SL6 mother8pi)<br />
<br />
Ubuntu 20 has two programs to create users:<br />
* adduser - creates new users with UID 1000 and up as specified in /etc/adduser.conf. No problems here.<br />
* adduser --system - creates new system users with UID 100 and up as specified in /etc/adduser.conf. No problems here.<br />
* useradd - creates new users with UID 1000 and up as specified in /etc/login.defs. No problems here.<br />
* useradd --system - creates new system users with UID 999 and down (read "man useradd", section at the end about SYS_UID_MAX). This collides with NIS MINUID, these system users will be included in the NIS map and cause trouble.<br />
<br />
This problem cannot be fixed, SYS_UID_MIN, SYS_UID_MAX and UID_MIN in /etc/login.defs do not seem<br />
to have any effect on UIDs chosen by "useradd --system". (tested on Ubuntu LTS 20.04).<br />
<br />
So far only these system accounts seem to be affected by this:<br />
* systemd-coredump<br />
* ganglia<br />
<br />
To fix:<br />
* run "sort -r -n -t: -k3 /etc/passwd" to identify the last unused system user uid (range 100..200)<br />
* run "sort -r -n -t: -k3 /etc/group" to identify the last unused system user gid (range 100.200)<br />
* systemd-coredump: manually change UID and GID (package systemd-coredump is usually not installed)<br />
* ganglia: same thing, then change ownership on all ganglia files.<br />
<br />
Also read systemd author's opinion on system vs user UIDs:<br />
https://github.com/systemd/systemd/issues/4850#issuecomment-265698275<br />
<br />
= Fix systemd-logind NIS breakage =<br />
<br />
!!! THIS IS NOT NEEDED FOR UBUNTU LTS 20.04 !!!<br />
<br />
there is a delay in ssh logins for normal users. "ssh -v" shows the delay is after "pledge...". this<br />
fix removes the delay.<br />
<br />
systemd developers think that we should not use NIS and made sure there are<br />
problems if we do. To give them credit, they do offer a workaround. Read this:<br />
https://github.com/poettering/systemd/commit/695fe4078f0df6564a1be1c4a6a9e8a640d23b67<br />
<br />
<pre><br />
mkdir /etc/systemd/system/systemd-logind.service.d<br />
echo -e "[Service]\nIPAddressDeny=\n" > /etc/systemd/system/systemd-logind.service.d/local.conf<br />
systemctl daemon-reload<br />
systemctl cat systemd-logind.service<br />
</pre><br />
<br />
= Fix systemd-udevd NIS breakage =<br />
<br />
see same problem as above with udev getting stuck. ubuntu lts 20.04.<br />
<br />
<pre><br />
mkdir /etc/systemd/system/systemd-udevd.service.d<br />
echo -e "[Service]\nIPAddressDeny=\n" > /etc/systemd/system/systemd-udevd.service.d/local.conf<br />
systemctl daemon-reload<br />
systemctl cat systemd-udevd.service<br />
</pre><br />
<br />
= Configure USB device permissions =<br />
<br />
Configure USB device permissions for user access to USB-serial devices, Altera USB Blaster, etc.<br />
<br />
* create file /etc/udev/rules.d/99-usb-chmod.rules with this contents:<br />
<br />
<pre><br />
emacs -nw /etc/udev/rules.d/99-usb-chmod.rules<br />
ACTION=="add", SUBSYSTEM=="usbmisc", RUN+="/bin/chmod a+wr $env{DEVNAME}" <br />
ACTION=="add", SUBSYSTEM=="usb_device", RUN+="/bin/chmod a+wr /dev/%c"<br />
ACTION=="add", SUBSYSTEM=="usb_device", RUN+="/bin/chmod a+wr /proc/%c"<br />
ACTION=="add", ENV{DEVTYPE}=="usb_device", RUN+="/bin/chmod a+wr $env{DEVNAME}"<br />
ACTION=="add", ENV{DEVTYPE}=="usb_device", RUN+="/bin/chmod a+wr $env{DEVICE}"<br />
ACTION=="add", ENV{PHYSDEVBUS}=="usb-serial", RUN+="/bin/chmod a+wr $env{DEVNAME}"<br />
ACTION=="add", ENV{DEVPATH}=="/class/tty/ttyS*", RUN+="/bin/chmod a+wr $env{DEVNAME}"<br />
ACTION=="add", SUBSYSTEM=="tty", DEVPATH=="*ttyUSB*", RUN+="/bin/chmod a+rw $env{DEVNAME}"<br />
ACTION=="add", SUBSYSTEM=="tty", DEVPATH=="*ttyACM*", RUN+="/bin/chmod a+rw $env{DEVNAME}"<br />
ACTION=="add", SUBSYSTEM=="tty", DEVPATH=="*ttyS*", RUN+="/bin/chmod a+rw $env{DEVNAME}"<br />
ACTION=="add", DEVPATH=="*video*", RUN+="/bin/chmod a+rw $env{DEVNAME}"<br />
</pre><br />
<br />
* reload udev rules: udevadm control --reload-rules<br />
* apply new permissions: udevadm trigger --action=add<br />
* watch udev activity: udevadm monitor -p<br />
<br />
= Configure lightdm display manager =<br />
<br />
* enable it<br />
<pre><br />
echo lightdm | dpkg-reconfigure -fteletype lightdm<br />
systemctl disable gdm<br />
systemctl disable sddm<br />
systemctl enable lightdm<br />
</pre><br />
<br />
* make the MATE desktop as default<br />
<pre><br />
cd ~root/git/scripts/<br />
git pull<br />
/bin/cp -v etc/lightdm_default_mate.conf /etc/lightdm/lightdm.conf.d/<br />
</pre><br />
<br />
* enable login by NIS users<br />
<pre><br />
/bin/cp -v etc/lightdm_enable_nis_login.conf /etc/lightdm/lightdm.conf.d/<br />
</pre><br />
<br />
* restart lightdm<br />
<pre><br />
systemctl stop gdm<br />
systemctl restart lightdm<br />
</pre><br />
<br />
= Install libpng12.so.0 =<br />
<br />
Quartus 16 needs libpng12:<br />
<br />
<pre><br />
wget http://mirrors.kernel.org/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.54-1ubuntu1_amd64.deb<br />
dpkg --install libpng12-0_1.2.54-1ubuntu1_amd64.deb<br />
</pre><br />
<br />
= Install google-chrome =<br />
<br />
<pre><br />
wget https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb<br />
dpkg -i google-chrome-stable_current_amd64.deb<br />
</pre><br />
<br />
confirm autoupdate is enabled, observe dl.google.com is present in the list of repositories:<br />
<pre><br />
apt update<br />
...<br />
Get:5 https://dl.google.com/linux/chrome/deb stable/main amd64 Packages [1,094 B]<br />
...<br />
</pre><br />
<br />
FOLLOWING IS OBSOLETE:<br />
<br />
Instructions from here:<br />
https://www.ubuntuupdates.org/ppa/google_chrome?dist=stable<br />
<br />
<pre><br />
wget -q -O - https://dl-ssl.google.com/linux/linux_signing_key.pub | apt-key add -<br />
sh -c 'echo "deb [arch=amd64] http://dl.google.com/linux/chrome/deb/ stable main" >> /etc/apt/sources.list.d/google-tmp.list'<br />
apt update<br />
apt install google-chrome-stable<br />
/bin/rm -f /etc/apt/sources.list.d/google-tmp.list<br />
</pre><br />
<br />
= Install amanda client =<br />
<br />
ONLY ONE MACHINES THAT HOST HOME DIRECTORIES<br />
<br />
* apt install amanda-client<br />
* edit /etc/amandahosts<br />
<pre><br />
amanda.triumf.ca amanda amdump<br />
</pre><br />
* check permissions on /etc/amandahosts:<br />
<pre><br />
root@daq00:/var/log/amanda# ls -l /etc/amandahosts<br />
-rw------- 1 backup backup 49 Jan 27 10:48 /etc/amandahosts<br />
</pre><br />
* fix if needed: chown backup.backup /etc/amandahosts; chmod a= /etc/amandahosts; chmod u=wr /etc/amandahosts<br />
* edit /etc/amanda-security.conf, add this line:<br />
<pre><br />
runtar:gnutar_path=/usr/bin/tar<br />
</pre><br />
<br />
On the amanda machine:<br />
<br />
* in amanda disklist, use dump type "bsdtcp-comp-user-tar"<br />
* su - amanda and run amcheck -c daily daq00<br />
<pre><br />
-bash-4.1$ amcheck -c daily daq00<br />
<br />
Amanda Backup Client Hosts Check<br />
--------------------------------<br />
Client check: 1 host checked in 0.092 seconds. 0 problems found.<br />
<br />
(brought to you by Amanda 3.3.7p1.git.685ff76d)<br />
</pre><br />
<br />
= Enable rc.local =<br />
<br />
For reasons unknown, Ubuntu LTS 20.04 does not enable /etc/rc.local. Do this:<br />
<br />
<pre><br />
cd ~/git/scripts<br />
git pull<br />
cp -n -v etc/rc.local /etc/<br />
chmod a+rx /etc/rc.local<br />
cp etc/rc-local.service /etc/systemd/system/<br />
systemctl daemon-reload<br />
systemctl enable rc-local<br />
systemctl start rc-local<br />
systemctl status rc-local<br />
</pre><br />
<br />
= Disable unwanted services =<br />
<br />
<pre><br />
systemctl disable mpd<br />
systemctl disable snapd<br />
systemctl disable ModemManager<br />
systemctl --global mask tracker-extract-3.service<br />
systemctl --global mask tracker-miner-fs-3.service<br />
systemctl daemon-reload<br />
</pre><br />
<br />
= Disable sleep and suspend =<br />
<br />
note: we see some computers randomly shutdown or go to sleep, log files indicates the "sleep" or "suspend" button was pushed by user, but no such buttons actually exist. this is the fix for this:<br />
<br />
<pre><br />
systemctl mask sleep.target suspend.target hibernate.target hybrid-sleep.target systemd-suspend.service systemd-hybrid-sleep.service<br />
</pre><br />
<br />
= Enable crontab @reboot for MIDAS =<br />
<br />
startup scripts have a bug - cron @reboot entries for normal users can run before autofs is ready, so if the home directory is on autofs/NFS, it cannot be accessed and the cron job fails. If MIDAS is supposed to be started by cron @reboot, it will not start (there *will* be an error message in /var/log/cron).<br />
<br />
<pre><br />
mkdir /etc/systemd/system/cron.service.d<br />
echo -e "[Unit]\nAfter=ypbind.service autofs.service\n" > /etc/systemd/system/cron.service.d/local.conf<br />
systemctl daemon-reload<br />
systemctl cat cron.service<br />
</pre><br />
<br />
Explore the systemd dependency tree using "systemctl list-dependencies" maybe with "--all".<br />
<br />
Visualize the exact boot sequence from previous boot: "systemd-analyze plot > xxx.svg", look at the svg file using a web browser.<br />
<br />
Crontab entry to start midas: (install in the midas user crontab, not root crontab)<br />
<br />
<pre><br />
su - midasuser<br />
crontab -l<br />
#@reboot /bin/bash -l -c "/home/trinat/bin/start-daq-applications"<br />
#@reboot /bin/tcsh -c "/home/trinat/bin/start-daq-applications"<br />
</pre><br />
<br />
= Install apache httpd proxy for midas and elog =<br />
<br />
This will configure the HTTPS/SSL certificate using "certbot" and "letsencrypt" and configure an HTTPS web server using apache2.<br />
<br />
First, configure apache2:<br />
<br />
* execute these commands:<br />
<pre><br />
apt -y install apache2<br />
cd /etc/apache2<br />
</pre><br />
* create new file conf-available/ssl-daq14.conf # use actual hostname instead of daq14<br />
<pre><br />
SSLSessionCache shmcb:/run/httpd/sslcache(512000)<br />
SSLSessionCacheTimeout 300<br />
SSLRandomSeed startup file:/dev/urandom 256<br />
SSLRandomSeed connect builtin<br />
SSLCryptoDevice builtin<br />
</pre><br />
* create new file sites-available/daq14-ssl.conf # use actual hostname instead of daq14<br />
<pre><br />
<IfModule mod_ssl.c><br />
<VirtualHost *:443><br />
ServerName daq14.triumf.ca<br />
DocumentRoot /var/www/html<br />
ErrorLog /var/log/apache2/daq14.log<br />
SSLEngine on<br />
# note SSLProtocol, SSLCipherSuite and some other settings are overwritten by /etc/letsencrypt/options-ssl-apache.conf<br />
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1<br />
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!SEED:!IDEA:!RC4<br />
## use port specified in elogd.cfg<br />
#ProxyPass /elog/ http://localhost:8082/ retry=1 <br />
## use mhttpd port<br />
#ProxyPass / http://localhost:8080/ retry=1 <br />
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"<br />
<Location /><br />
SSLRequireSSL<br />
AuthType Basic<br />
AuthName "DAQ password protected site"<br />
Require valid-user<br />
# create password file: touch /etc/apache2/htpasswd<br />
# to add new user or change password: htpasswd /etc/apache2/htpasswd username<br />
AuthUserFile /etc/apache2/htpasswd<br />
</Location><br />
</VirtualHost><br />
</IfModule><br />
</pre><br />
* stop apache2 from listening on port 80: edit /etc/apache2/ports.conf, comment-out the line "Listen 80"<br />
* stop apache2 from listening on port 80: edit /etc/apache2/ports.conf, comment-out the line "Listen 80"<br />
* enable ssl module<br />
* enable new configurations<br />
<pre><br />
a2enmod ssl<br />
a2enmod headers<br />
a2enmod proxy<br />
a2enmod proxy_http<br />
a2enconf ssl-daq14<br />
a2ensite daq14-ssl<br />
</pre><br />
* disable default ssl sites<br />
<pre><br />
a2dissite 000-default-le-ssl<br />
a2dissite 000-default<br />
ls -l /etc/apache2/sites-enabled/ ### should show only daq14-ssl.conf<br />
</pre><br />
* check that there are no syntax problems<br />
<pre><br />
apache2ctl configtest<br />
</pre><br />
* enable and start apache2:<br />
<pre><br />
systemctl enable apache2<br />
systemctl restart apache2<br />
systemctl status apache2<br />
</pre><br />
* apache2 may fail to start, look in /var/log/apache2/error.log and /var/log/apache2/daq14.log<br />
* if it says "Failed to configure ... certificate", proceed to the step for setting certbot.<br />
* try to access https://daq14.triumf.ca<br />
** you should see a complaint about self-signed certificate<br />
** you should see a request for password (do not login yet)<br />
** if you get "connection refused", HTTPS port 443 may need to be enabled in the local firewall, look at documentation for ufw.<br />
Second, configure certbot:<br />
<br />
(Note: as of 2018-01-18 certbot requires use of http port 80 to get the initial https certificate,<br />
renewal can continue to use the https port 443)<br />
<br />
(Note: as of 2019-01-?? certbot requires use of port 80 for renewals)<br />
<br />
* check that port 80 is not used by anything:<br />
* netstat -an | grep LISTEN | grep ^tcp | grep 80<br />
* lsof -P | grep -i tcp | grep LISTEN | grep 80<br />
* if lsof reports that apache2 is listening on port 80, follow the apache2 instructions above (remove "listen 80" from apache2.conf<br />
<br />
* install certbot (if necessary open tcp port 80 in the firewall, see documentation for ufw):<br />
<pre><br />
apt install certbot python3-certbot-apache<br />
certbot certonly --standalone --installer apache<br />
</pre><br />
* then answer questions:<br />
* "activate HTTPS for daq14.triumf.ca" - say ok<br />
* "enter email address" - enter your own email address<br />
* "please read terms..." - read the terms and say "agree"<br />
* it will take a few moments...<br />
* "congratulations..." - say ok.<br />
<pre><br />
certbot install --apache --cert-name daq14.triumf.ca<br />
</pre><br />
* then answer questions:<br />
* "choose redirect..." - say "1" (no redirect)<br />
* look inside /etc/apache2/sites-enabled/daq14-ssl.conf to see that SSLCertificateFile & co point to certbot certificates in<br />
/etc/letsencrypt/live/daq14.triumf.ca/<br />
* to check current renewal and to update the certbot config file in /etc/letsencrypt/renewal, run this:<br />
<pre><br />
certbot renew --standalone --installer apache --force-renewal<br />
</pre><br />
<br />
NOTE: this certificate will expire in 3 months, automatic renewal should work with current version of certbot<br />
<br />
Third, activate password protection:<br />
<br />
* as shown in the config file above, create password file and initial user: (replace "midas" with specific username)<br />
<pre><br />
touch /etc/apache2/htpasswd<br />
htpasswd /etc/apache2/htpasswd midas<br />
</pre><br />
<br />
* restart apache2<br />
<pre><br />
systemctl restart apache2<br />
systemctl status apache2<br />
</pre><br />
<br />
From here:<br />
* enable proxy for MIDAS mhttpd - uncomment redirect in the config file above<br />
* enable proxy for ELOG - ditto<br />
<pre><br />
a2enmod proxy<br />
a2enmod proxy_http<br />
apache2ctl configtest<br />
systemctl restart apache2<br />
</pre><br />
<br />
From here:<br />
* enable proxy for MIDAS mhttpd - uncomment redirect in the config file above<br />
* enable proxy for ELOG - ditto<br />
<pre><br />
a2enmod proxy<br />
a2enmod proxy_http<br />
apache2ctl configtest<br />
systemctl restart apache2<br />
</pre><br />
* try accessing MIDAS https://daq14.triumf.ca/ (make sure mhttpd is running)<br />
* if it's not working, check odb setting FIXME!<br />
* try accessing ELog https://daq14.triumf.ca/elog/ (make sure elogd is running)<br />
* if it's not working, check elogd.cfg file and make sure<br />
<pre><br />
SSL = 0<br />
</pre><br />
<br />
NOTE: if certbot fails with errors about 'module' object has no attribute 'pyopenssl',<br />
try this: pip install requests==2.6.0<br />
<br />
= Enable elog PDF preview =<br />
<br />
see https://stackoverflow.com/questions/52998331/imagemagick-security-policy-pdf-blocking-conversion<br />
<br />
* xemacs -nw /etc/ImageMagick-6/policy.xml<br />
* remove this section at the end:<br />
<pre><br />
<!-- disable ghostscript format types --><br />
<policy domain="coder" rights="none" pattern="PS" /><br />
<policy domain="coder" rights="none" pattern="PS2" /><br />
<policy domain="coder" rights="none" pattern="PS3" /><br />
<policy domain="coder" rights="none" pattern="EPS" /><br />
<policy domain="coder" rights="none" pattern="PDF" /><br />
<policy domain="coder" rights="none" pattern="XPS" /><br />
</pre><br />
<br />
= Install ZFS quota report =<br />
<br />
If there are any ZFS volumes, install script to report disk and quota usage<br />
<br />
<pre><br />
cd ~/git/scripts/quotareport<br />
git pull<br />
mkdir /var/www/html/zfsquotareport<br />
cp -pv ~/git/scripts/quotareport/sorttable.js /var/www/html/zfsquotareport/<br />
ln -s $PWD/zfsquotareport.perl /etc/cron.daily/<br />
touch /etc/crontab<br />
</pre><br />
<br />
If httpd is configured to redirect "/" to MIDAS mhttpd:<br />
* add following to /etc/apache2/sites-enabled/xxx-ssl.conf in front of "ProxyPass / ..."<br />
* run "systemctl reload apache2"<br />
<pre><br />
## do not proxy zfs quota report directory <br />
ProxyPass /zfsquotareport/ ! <br />
</pre><br />
<br />
= Install PHP =<br />
<br />
* apt install php libapache2-mod-php<br />
* systemctl restart apache2<br />
* create /var/www/html/info.php<br />
<pre><br />
<?php <br />
<br />
phpinfo(); <br />
</pre><br />
* open https://daq00.triumf.ca/info.php<br />
<br />
= Configure TRIUMF printers =<br />
<br />
<pre><br />
systemctl stop cups<br />
systemctl disable cups<br />
echo "ServerName printers.triumf.ca" > /etc/cups/client.conf<br />
lpstat -a<br />
</pre><br />
<br />
= Enable core dumps =<br />
<br />
By default, Ubuntu LTS 20.04 installs the apport package<br />
which disabled core dumps from user applications. (google it up!).<br />
It is not meant to do this and documentation claims that<br />
it is not installed and not enabled by default. Oh, well...<br />
<br />
<pre><br />
apt remove apport<br />
apt autoremove ### will remove apport-symptoms and a few other packages<br />
</pre><br />
<br />
After this, core dumps are written to file "core" in the current directory.<br />
See /proc/sys/kernel/core_pattern and /proc/sys/kernel/core_uses_pid.<br />
<br />
= Enable debugger =<br />
<br />
By default, Ubuntu LTS 20.04 does not permit debugger to attach and debug<br />
already running programs. To enable it, add following to /etc/rc.local<br />
<br />
<pre><br />
echo 0 > /proc/sys/kernel/yama/ptrace_scope<br />
</pre><br />
<br />
= Disable Ubuntu Pro nag =<br />
<br />
If "apt upgrade" requests Ubuntu Pro or esm-apps, disable the nag:<br />
<pre><br />
/bin/mv /etc/apt/apt.conf.d/20apt-esm-hook.conf /etc/apt/apt.conf.d/20apt-esm-hook.conf-disable<br />
</pre><br />
<br />
= Update packages =<br />
<br />
* apt-get update # update package list<br />
* apt-get dist-upgrade # install updated packages and update "kept back" packages<br />
* apt-get autoremove # remove packages that apt thinks should be removed<br />
<br />
= Finish installation =<br />
<br />
Congratulations. There is nothing more to do!<br />
<br />
* reboot<br />
<pre><br />
shutdown -r now<br />
</pre><br />
<br />
= Install ZFS =<br />
<br />
!!! after installing all the packages, after updating the system, after updating the linux kernel, after rebooting into latest kernel !!!<br />
<br />
<pre><br />
apt-get install zfsutils-linux<br />
</pre><br />
<br />
Follow generic ZFS instructions: [[ZFS]]<br />
<br />
= Update to new version of Ubuntu =<br />
<br />
<pre><br />
vi /etc/update-manager/release-upgrades # set "Prompt=normal"<br />
do-release-upgrade<br />
</pre><br />
<br />
Update Ubuntu LTS 20.04 to LTS 22.04:<br />
<br />
== daqubuntu ==<br />
<br />
<pre><br />
# reboot to clear out all updates<br />
# vi /etc/update-manager/release-upgrades # set "Prompt=normal"<br />
# do-release-upgrade -c<br />
Checking for a new Ubuntu release<br />
New release '22.04 LTS' available.<br />
Run 'do-release-upgrade' to upgrade to it.<br />
# do-release-upgrade<br />
...<br />
say yes...<br />
...<br />
login.defs, say "Y" (erase local changes, use packaged version)<br />
/etc/systemd/resolved.conf, say "Y" (same as above)<br />
firefox snap, say yes<br />
unable to reach snap store, say "skip"<br />
/etc/gmond.conf, say "Y"<br />
/var/yp/Makefile, say "install the package maintainer's version"<br />
/etc/ypserv.conf, same thing<br />
/etc/ypserv.securenets, same thing<br />
/etc/default/nis, same thing<br />
/etc/speech-dispatcher/modules/mary-generic.conf, same thing<br />
/etc/apt/apt.conf.d/50unattended-upgrades, same thing<br />
...<br />
278 packages are going to be removed, say yes<br />
...<br />
restart required, say yes<br />
...<br />
no ping... yes ping...<br />
...<br />
ssh daqubuntu, ok<br />
apt update, fail, DNS does not work, "host security.ubuntu.com" does not resolve.<br />
fix resolver per https://daq00.triumf.ca/DaqWiki/index.php/Ubuntu#Disable_NetworkManager<br />
apt update, apt upgrade now works, 0 packages to update<br />
NIS does not work.<br />
</pre><br />
<br />
== midm9a ==<br />
<br />
<pre><br />
login.defs<br />
firefox snap<br />
gmond.conf<br />
ypserv<br />
/etc/default/nis<br />
unattended-upgrades<br />
amanda-security.conf<br />
remove obsolete (no)<br />
reboot<br />
configure dns<br />
reenable nis<br />
</pre><br />
<br />
== daq17 ==<br />
<br />
<pre><br />
firefox snap<br />
imagemagick policy.xml<br />
gmond.conf<br />
chrony.conf<br />
/var/yp/Makefile<br />
ypserv.conf<br />
ypserv.securenets<br />
/etc/default/nis<br />
50unattended-upgrades<br />
</pre><br />
<br />
== daq00 ==<br />
<br />
per https://serverpilot.io/docs/how-to-upgrade-ubuntu-20.04-to-22.04/<br />
<br />
<pre><br />
do-release-upgrade -f DistUpgradeViewNonInteractive<br />
</pre><br />
<br />
if it exists "too soon" without doing anything, run it without "-f xxx", most likely it does not like something about this machine. in case of daq00 it did not like how the EFI partitions were mounted. after fixing it, non-interactive upgrade was successful.<br />
<br />
= Ubuntu package manager =<br />
<br />
* apt-get install xxx # install package xxx<br />
* apt-get update<br />
* apt-get upgrade<br />
* apt-get dist-upgrade<br />
* apt-get autoremove # remove automatically installed packages required by a removed package<br />
* apt-get remove xxx # remove package xxx<br />
* apt-cache search . # list all available packages<br />
* apt-cache show "." | grep ^Package # list al available packages<br />
* apt-cache madison root-system # show all available versions of package root-system<br />
* apt list # list all installed packages<br />
* dpkg --listfiles libpng16-16 # list all files from this package<br />
* apt list --installed # list all installed packages<br />
* dpkg -S /bin/bash # what package provides this file?<br />
* dpkg -L bash # what files provided by this package?<br />
* debsums -ce # show modified config files<br />
* apt-config dump # show apt configuration<br />
<br />
= Ubuntu zsys =<br />
<br />
* manages system snapshots<br />
* documentation: https://github.com/ubuntu/zsys<br />
* documentation: (go to next article via link "newer" at the bottom) https://didrocks.fr/2020/05/21/zfs-focus-on-ubuntu-20.04-lts-whats-new/<br />
* ubuntu 20.04 bug, too many snapshots cause /boot to become full and updates fail. https://github.com/ubuntu/zsys/issues/155<br />
* solution: use custom /etc/zsys.conf, limit number of snapshots to 10, see trinatdaq:/etc/zsys.conf<br />
* zsys commands:<br />
<pre><br />
update-grub # list of all snapshots, errors if some snapshots are broken<br />
zsysctl state remove lnc0k7 --system # remove snapshot<br />
xemacs -nw /etc/zsys.conf; zsysctl service reload; zsysctl service gc # cause gc to run with new settings in zsys.conf<br />
zfs list -r -t snapshot -o name,used,referenced,creation bpool/BOOT # list snapshots<br />
zsysctl show # show snapshots<br />
</pre><br />
<br />
= Ubuntu cloning =<br />
<br />
to clone a ubuntu image:<br />
<br />
<pre><br />
cd /nfsroot/lxcpet<br />
emacs -nw etc/hostname ### change hostname<br />
emacs -nw etc/mailname ### change hostname (debian 11)<br />
emacs -nw etc/defaultdomain ### change the NIS domainname<br />
emacs -nw etc/yp.conf ### change the NIS server<br />
cp -pvf ../lxcpet-SL610/etc/ssh/*key* etc/ssh/ ### preserve the ssh keys<br />
emacs -nw opt/gonodeinfo/gonodeinfo.conf ### update information<br />
emacs -nw root/.ssh/authorized_keys ### update root ssh keys<br />
</pre><br />
<br />
= Ubuntu boot loader =<br />
<br />
== boot from ZFS ==<br />
<br />
* use UEFI boot with syslinux, see here: https://daq.triumf.ca/DaqWiki/index.php/SLinstall#Configure_UEFI_boot<br />
* apt install zfs-initramfs<br />
* update-initramfs -v -u<br />
* ZFS structure:<br />
<pre><br />
root@daq00:~# zfs list<br />
NAME USED AVAIL REFER MOUNTPOINT<br />
rpool 147G 1.62T 96K /<br />
rpool/ROOT 17.8G 1.62T 96K none<br />
rpool/ROOT/ubuntu_00aaaa 17.8G 1.62T 6.22G /<br />
</pre><br />
* copy OS image to rpool/ROOT/ubuntu_00aaaa<br />
* zfs set mountpoint=/ rpool<br />
* zfs set mountpoint=none rpool/ROOT<br />
* zfs set mountpoint=/ rpool/ROOT/ubuntu_00aaaa<br />
* zfs get all | grep mountpoint<br />
<pre><br />
rpool mountpoint / local<br />
rpool/ROOT mountpoint none local<br />
rpool/ROOT/ubuntu_00aaaa mountpoint / local<br />
</pre><br />
* in linux kernel command line (syslinux.cfg), set "root=" to "root=ZFS=rpool/ROOT/ubuntu_00aaaa"<br />
<br />
== boot from ZFS mirror ==<br />
<br />
=== setup the EFI partitions ===<br />
<br />
* assuming /dev/sdb is already setup for EFI boot, setup /dev/sda the same way:<br />
* partition the second boot disk same as first boot disk:<br />
<pre><br />
root@grsnis01:~# gdisk -l /dev/sdb<br />
Found valid GPT with protective MBR; using GPT.<br />
Number Start (sector) End (sector) Size Code Name<br />
1 2048 1050623 512.0 MiB EF00 EFI system partition<br />
2 1050624 3907029134 1.8 TiB 8300 Linux filesystem<br />
root@grsnis01:~# <br />
</pre><br />
* mkfs.msdos /dev/sdX1<br />
* create mount points<br />
<pre><br />
mkdir /boot/efi-sda<br />
mkdir /boot/efi-sdb<br />
</pre><br />
* add to /etc/fstab<br />
<pre><br />
/dev/sda1 /boot/efi-sda vfat umask=0022,fmask=0022,dmask=0022,nofail 0 1 <br />
/dev/sdb1 /boot/efi-sdb vfat umask=0022,fmask=0022,dmask=0022,nofail 0 1 <br />
</pre><br />
* mount -a<br />
* df | grep boot<br />
<pre><br />
root@grsnis01:~# df | grep boot<br />
/dev/sdb1 523248 98100 425148 19% /boot/efi-sdb<br />
/dev/sda1 523248 4 523244 1% /boot/efi-sda<br />
</pre><br />
* copy boot files to new boot disk<br />
* cd /boot/efi-sdX; rsync -av . /boot/efi-sdY<br />
* set BIOS to boot from "UEFI Hard drive", disable legacy boot (except for booting from USB key in legacy mode)<br />
* if using UEFI boot syslinux per these instructions, linux kernel update has to be done manually:<br />
* run ~/git/scripts/etc/update_efi_mirror.perl, follow instructions that it prints.<br />
<br />
=== setup zfs partitions ===<br />
<br />
use partitions compatible with Ubuntu "install on ZFS"<br />
<br />
* gdisk "o" to create new GPT partition table<br />
* gdisk "n" +512M ef00 to create EFI partition<br />
* gdisk "n" +2G 8200 to create linux swap partition (not used)<br />
* gdisk "n" +2G BE00 to create ZFS bpool partition<br />
* gdisk "n" xxx BF00 create ZFS rpool partition<br />
<br />
<pre><br />
# gdisk -l /dev/sda<br />
Number Start (sector) End (sector) Size Code Name<br />
1 2048 1050623 512.0 MiB EF00 EFI System Partition<br />
2 1050624 5244927 2.0 GiB 8200 <br />
3 5244928 9439231 2.0 GiB BE00 <br />
4 9439232 234441614 107.3 GiB BF00 <br />
root@midm9a:~# <br />
</pre><br />
<br />
=== setup zfs mirror ===<br />
<br />
* see here: https://daq.triumf.ca/DaqWiki/index.php/ZFS#Convert_pool_from_single_to_mirror<br />
<pre><br />
root@grsnis01:~# ls -l /dev/disk/by-id/ata*part2<br />
lrwxrwxrwx 1 root root 10 Feb 19 16:47 /dev/disk/by-id/ata-WDC_WDS200T2B0A-00SM50_205007801081-part2 -> ../../sda2<br />
lrwxrwxrwx 1 root root 10 Feb 19 16:47 /dev/disk/by-id/ata-WDC_WDS200T2B0A-00SM50_205007801101-part2 -> ../../sdb2<br />
<br />
root@grsnis01:~# zpool status<br />
pool: rpool<br />
state: ONLINE<br />
scan: none requested<br />
config:<br />
<br />
NAME STATE READ WRITE CKSUM<br />
rpool ONLINE 0 0 0<br />
ata-WDC_WDS200T2B0A-00SM50_205007801101-part2 ONLINE 0 0 0<br />
<br />
errors: No known data errors<br />
<br />
root@grsnis01:~# zpool attach rpool ata-WDC_WDS200T2B0A-00SM50_205007801101-part2 /dev/disk/by-id/ata-WDC_WDS200T2B0A-00SM50_205007801081-part2<br />
<br />
root@grsnis01:~# zpool status<br />
pool: rpool<br />
state: ONLINE<br />
status: One or more devices is currently being resilvered. The pool will<br />
continue to function, possibly in a degraded state.<br />
action: Wait for the resilver to complete.<br />
scan: resilver in progress since Fri Feb 19 16:54:39 2021<br />
12.6G scanned at 3.16G/s, 1.02G issued at 262M/s, 12.6G total<br />
1.02G resilvered, 8.09% done, 0 days 00:00:45 to go<br />
config:<br />
<br />
NAME STATE READ WRITE CKSUM<br />
rpool ONLINE 0 0 0<br />
mirror-0 ONLINE 0 0 0<br />
ata-WDC_WDS200T2B0A-00SM50_205007801101-part2 ONLINE 0 0 0<br />
ata-WDC_WDS200T2B0A-00SM50_205007801081-part2 ONLINE 0 0 0 (resilvering)<br />
<br />
errors: No known data errors<br />
</pre><br />
* wait<br />
<pre><br />
root@grsnis01:~# zpool status<br />
pool: rpool<br />
state: ONLINE<br />
scan: resilvered 12.7G in 0 days 00:00:40 with 0 errors on Fri Feb 19 16:55:19 2021<br />
config:<br />
<br />
NAME STATE READ WRITE CKSUM<br />
rpool ONLINE 0 0 0<br />
mirror-0 ONLINE 0 0 0<br />
ata-WDC_WDS200T2B0A-00SM50_205007801101-part2 ONLINE 0 0 0<br />
ata-WDC_WDS200T2B0A-00SM50_205007801081-part2 ONLINE 0 0 0<br />
<br />
errors: No known data errors<br />
</pre><br />
<br />
== maintenance commands ==<br />
<br />
* update-initramfs -v -u<br />
* grub-install /dev/sda<br />
<br />
= Convert from single to dual mirrored ZFS SSD =<br />
<br />
Assuming Ubuntu LTS 22.04 with "instal on ZFS" option, we will<br />
add a second SSD, configure ZFS to use both SSDs in mirrored<br />
configuration and setup grub to boot from either SSD. This<br />
is intended to create a full redundant system where failure<br />
of either SSD does not break the system.<br />
<br />
* identify first SSD<br />
<pre><br />
root@midm9b:~# ./smart-status.perl <br />
Disk model serial temperature realloc pending uncorr CRC err RRER Errors Link<br />
/dev/sda WD Blue SA510 2.5 250GB 22243Z803769 24 . ? ? . ? . 6.0<br />
root@midm9b:~# <br />
</pre><br />
* connect second SSD of identical size<br />
<pre><br />
root@midm9b:~# ./smart-status.perl <br />
Disk model serial temperature realloc pending uncorr CRC err RRER Errors Link<br />
/dev/sda WD Blue SA510 2.5 250GB 22243Z803769 24 . ? ? . ? . 6.0<br />
/dev/sdb WD Blue SA510 2.5 250GB 22243Z803852 25 . ? ? . ? . 6.0<br />
root@midm9b:~# <br />
</pre><br />
* if second SSD is not autodetected, reboot<br />
* list partition table of first SSD:<br />
<pre><br />
root@midm9b:~# fdisk -l /dev/sda<br />
Disk /dev/sda: 232.89 GiB, 250059350016 bytes, 488397168 sectors<br />
Disk model: WD Blue SA510 2.<br />
Units: sectors of 1 * 512 = 512 bytes<br />
Sector size (logical/physical): 512 bytes / 512 bytes<br />
I/O size (minimum/optimal): 512 bytes / 512 bytes<br />
Disklabel type: gpt<br />
Disk identifier: 951A4174-B4C6-400D-99F5-BE9B5627FA8E<br />
<br />
Device Start End Sectors Size Type<br />
/dev/sda1 2048 1050623 1048576 512M EFI System<br />
/dev/sda2 1050624 5244927 4194304 2G Linux swap<br />
/dev/sda3 5244928 9439231 4194304 2G Solaris boot<br />
/dev/sda4 9439232 488397134 478957903 228.4G Solaris root<br />
root@midm9b:~# <br />
</pre><br />
* create identical partitions on second SSD, use sector numbers from above.<br />
<pre><br />
root@midm9b:~# gdisk /dev/sdb<br />
GPT fdisk (gdisk) version 1.0.8<br />
<br />
Partition table scan:<br />
MBR: not present<br />
BSD: not present<br />
APM: not present<br />
GPT: not present<br />
<br />
Creating new GPT entries in memory.<br />
<br />
Command (? for help): n<br />
Partition number (1-128, default 1): <br />
First sector (34-488397134, default = 2048) or {+-}size{KMGTP}: <br />
Last sector (2048-488397134, default = 488397134) or {+-}size{KMGTP}: 1050623<br />
Current type is 8300 (Linux filesystem)<br />
Hex code or GUID (L to show codes, Enter = 8300): ef00<br />
Changed type of partition to 'EFI system partition'<br />
<br />
Command (? for help): n<br />
Partition number (2-128, default 2): <br />
First sector (34-488397134, default = 1050624) or {+-}size{KMGTP}: <br />
Last sector (1050624-488397134, default = 488397134) or {+-}size{KMGTP}: 5244927<br />
Current type is 8300 (Linux filesystem)<br />
Hex code or GUID (L to show codes, Enter = 8300): 8200<br />
Changed type of partition to 'Linux swap'<br />
<br />
Command (? for help): n<br />
Partition number (3-128, default 3): <br />
First sector (34-488397134, default = 5244928) or {+-}size{KMGTP}: <br />
Last sector (5244928-488397134, default = 488397134) or {+-}size{KMGTP}: 9439231<br />
Current type is 8300 (Linux filesystem)<br />
Hex code or GUID (L to show codes, Enter = 8300): be00<br />
Changed type of partition to 'Solaris boot'<br />
<br />
Command (? for help): n<br />
Partition number (4-128, default 4): <br />
First sector (34-488397134, default = 9439232) or {+-}size{KMGTP}: <br />
Last sector (9439232-488397134, default = 488397134) or {+-}size{KMGTP}: <br />
Current type is 8300 (Linux filesystem)<br />
Hex code or GUID (L to show codes, Enter = 8300): bf00<br />
Changed type of partition to 'Solaris root'<br />
<br />
Command (? for help): w<br />
<br />
Final checks complete. About to write GPT data. THIS WILL OVERWRITE EXISTING<br />
PARTITIONS!!<br />
<br />
Do you want to proceed? (Y/N): y<br />
OK; writing new GUID partition table (GPT) to /dev/sdb.<br />
The operation has completed successfully.<br />
root@midm9b:~# fdisk -l /dev/sda /dev/sdb<br />
Disk /dev/sda: 232.89 GiB, 250059350016 bytes, 488397168 sectors<br />
Disk model: WD Blue SA510 2.<br />
Units: sectors of 1 * 512 = 512 bytes<br />
Sector size (logical/physical): 512 bytes / 512 bytes<br />
I/O size (minimum/optimal): 512 bytes / 512 bytes<br />
Disklabel type: gpt<br />
Disk identifier: 951A4174-B4C6-400D-99F5-BE9B5627FA8E<br />
<br />
Device Start End Sectors Size Type<br />
/dev/sda1 2048 1050623 1048576 512M EFI System<br />
/dev/sda2 1050624 5244927 4194304 2G Linux swap<br />
/dev/sda3 5244928 9439231 4194304 2G Solaris boot<br />
/dev/sda4 9439232 488397134 478957903 228.4G Solaris root<br />
<br />
<br />
Disk /dev/sdb: 232.89 GiB, 250059350016 bytes, 488397168 sectors<br />
Disk model: WD Blue SA510 2.<br />
Units: sectors of 1 * 512 = 512 bytes<br />
Sector size (logical/physical): 512 bytes / 512 bytes<br />
I/O size (minimum/optimal): 512 bytes / 512 bytes<br />
Disklabel type: gpt<br />
Disk identifier: EB251739-30C6-422F-A505-5887B5A0B603<br />
<br />
Device Start End Sectors Size Type<br />
/dev/sdb1 2048 1050623 1048576 512M EFI System<br />
/dev/sdb2 1050624 5244927 4194304 2G Linux swap<br />
/dev/sdb3 5244928 9439231 4194304 2G Solaris boot<br />
/dev/sdb4 9439232 488397134 478957903 228.4G Solaris root<br />
root@midm9b:~# <br />
</pre><br />
* identify second SSD partitions<br />
<pre><br />
root@midm9b:~# ls -l /dev/disk/by-id/ata*part3<br />
lrwxrwxrwx 1 root root 10 Jan 20 18:37 /dev/disk/by-id/ata-WD_Blue_SA510_2.5_250GB_22243Z803769-part3 -> ../../sda3<br />
lrwxrwxrwx 1 root root 10 Jan 20 19:34 /dev/disk/by-id/ata-WD_Blue_SA510_2.5_250GB_22243Z803852-part3 -> ../../sdb3<br />
root@midm9b:~# ls -l /dev/disk/by-id/ata*part4<br />
lrwxrwxrwx 1 root root 10 Jan 20 18:37 /dev/disk/by-id/ata-WD_Blue_SA510_2.5_250GB_22243Z803769-part4 -> ../../sda4<br />
lrwxrwxrwx 1 root root 10 Jan 20 19:34 /dev/disk/by-id/ata-WD_Blue_SA510_2.5_250GB_22243Z803852-part4 -> ../../sdb4<br />
</pre><br />
* convert bpool from single disk to mirrored disk:<br />
<pre><br />
root@midm9b:~# zpool status<br />
pool: bpool<br />
state: ONLINE<br />
config:<br />
<br />
NAME STATE READ WRITE CKSUM<br />
bpool ONLINE 0 0 0<br />
99e03dc0-7d4d-f24b-8fa1-f042b9f135db ONLINE 0 0 0<br />
<br />
errors: No known data errors<br />
<br />
pool: rpool<br />
state: ONLINE<br />
config:<br />
<br />
NAME STATE READ WRITE CKSUM<br />
rpool ONLINE 0 0 0<br />
f6fd54f8-3af7-b943-ae3d-a4e480537fb9 ONLINE 0 0 0<br />
<br />
errors: No known data errors<br />
root@midm9b:~# zpool attach bpool 99e03dc0-7d4d-f24b-8fa1-f042b9f135db /dev/disk/by-id/ata-WD_Blue_SA510_2.5_250GB_22243Z803852-part3<br />
root@midm9b:~# zpool status bpool<br />
pool: bpool<br />
state: ONLINE<br />
scan: resilvered 247M in 00:00:00 with 0 errors on Fri Jan 20 19:39:40 2023<br />
config:<br />
<br />
NAME STATE READ WRITE CKSUM<br />
bpool ONLINE 0 0 0<br />
mirror-0 ONLINE 0 0 0<br />
99e03dc0-7d4d-f24b-8fa1-f042b9f135db ONLINE 0 0 0<br />
ata-WD_Blue_SA510_2.5_250GB_22243Z803852-part3 ONLINE 0 0 0<br />
<br />
errors: No known data errors<br />
</pre><br />
* convert rpool<br />
<pre><br />
root@midm9b:~# ls -l /dev/disk/by-id/ata*part4<br />
lrwxrwxrwx 1 root root 10 Jan 20 18:37 /dev/disk/by-id/ata-WD_Blue_SA510_2.5_250GB_22243Z803769-part4 -> ../../sda4<br />
lrwxrwxrwx 1 root root 10 Jan 20 19:34 /dev/disk/by-id/ata-WD_Blue_SA510_2.5_250GB_22243Z803852-part4 -> ../../sdb4<br />
root@midm9b:~# zpool attach rpool f6fd54f8-3af7-b943-ae3d-a4e480537fb9 /dev/disk/by-id/ata-WD_Blue_SA510_2.5_250GB_22243Z803852-part4<br />
root@midm9b:~# zpool status rpool<br />
pool: rpool<br />
state: ONLINE<br />
status: One or more devices is currently being resilvered. The pool will<br />
continue to function, possibly in a degraded state.<br />
action: Wait for the resilver to complete.<br />
scan: resilver in progress since Fri Jan 20 19:40:45 2023<br />
5.83G scanned at 664M/s, 2.92M issued at 332K/s, 9.11G total<br />
0B resilvered, 0.03% done, no estimated completion time<br />
config:<br />
<br />
NAME STATE READ WRITE CKSUM<br />
rpool ONLINE 0 0 0<br />
mirror-0 ONLINE 0 0 0<br />
f6fd54f8-3af7-b943-ae3d-a4e480537fb9 ONLINE 0 0 0<br />
ata-WD_Blue_SA510_2.5_250GB_22243Z803852-part4 ONLINE 0 0 0<br />
<br />
errors: No known data errors<br />
root@midm9b:~# <br />
</pre><br />
* wait for resilver to complete<br />
<pre><br />
root@midm9b:~# zpool status<br />
pool: bpool<br />
state: ONLINE<br />
scan: resilvered 247M in 00:00:00 with 0 errors on Fri Jan 20 19:39:40 2023<br />
config:<br />
<br />
NAME STATE READ WRITE CKSUM<br />
bpool ONLINE 0 0 0<br />
mirror-0 ONLINE 0 0 0<br />
99e03dc0-7d4d-f24b-8fa1-f042b9f135db ONLINE 0 0 0<br />
ata-WD_Blue_SA510_2.5_250GB_22243Z803852-part3 ONLINE 0 0 0<br />
<br />
errors: No known data errors<br />
<br />
pool: rpool<br />
state: ONLINE<br />
scan: resilvered 9.65G in 00:00:36 with 0 errors on Fri Jan 20 19:41:21 2023<br />
config:<br />
<br />
NAME STATE READ WRITE CKSUM<br />
rpool ONLINE 0 0 0<br />
mirror-0 ONLINE 0 0 0<br />
f6fd54f8-3af7-b943-ae3d-a4e480537fb9 ONLINE 0 0 0<br />
ata-WD_Blue_SA510_2.5_250GB_22243Z803852-part4 ONLINE 0 0 0<br />
<br />
errors: No known data errors<br />
</pre><br />
* enable booting from second SSD: (instead of /dev/sda1, /dev/sdb1, use UUID=xxx)<br />
<pre><br />
root@midm9b:~# mkfs.msdos /dev/sdb1<br />
root@midm9b:~# mkdir /boot/efi-sda<br />
root@midm9b:~# mkdir /boot/efi-sdb<br />
root@midm9b:~# echo "/dev/sda1 /boot/efi-sda vfat umask=0022,fmask=0022,dmask=0022,nofail 0 1" >> /etc/fstab<br />
root@midm9b:~# echo "/dev/sdb1 /boot/efi-sdb vfat umask=0022,fmask=0022,dmask=0022,nofail 0 1" >> /etc/fstab<br />
root@midm9b:~# mount -a<br />
root@midm9b:~# df -kl<br />
Filesystem 1K-blocks Used Available Use% Mounted on<br />
...<br />
/dev/sda1 523244 13720 509524 3% /boot/efi<br />
/dev/sdb1 523244 4 523240 1% /boot/efi-sdb<br />
...<br />
root@midm9b:~# rsync -av /boot/efi/ /boot/efi-sdb/<br />
sending incremental file list<br />
EFI/<br />
...<br />
root@midm9b:~# ls -l /boot/efi-sda<br />
total 8<br />
drwxr-xr-x 4 root root 4096 Jan 19 23:26 EFI<br />
drwxr-xr-x 5 root root 4096 Jan 19 23:26 grub<br />
root@midm9b:~# ls -l /boot/efi-sdb<br />
total 8<br />
drwxr-xr-x 4 root root 4096 Jan 19 23:26 EFI<br />
drwxr-xr-x 5 root root 4096 Jan 19 23:26 grub<br />
root@midm9b:~# <br />
</pre><br />
* setup script to update grub on second SSD, it must be run manually after every kernel update<br />
<pre><br />
root@midm9b:~# ln -s ~/git/scripts/etc/update_efi_grub.perl ~/<br />
root@midm9b:~# ~/update_efi_grub.perl -u<br />
EFI dir: /boot/efi-sda<br />
/boot/efi-sda: update grub: rsync -av --delete-after --modify-window=2 /boot/efi/grub/ /boot/efi-sda/grub<br />
building file list ... done<br />
<br />
sent 5,313 bytes received 11 bytes 10,648.00 bytes/sec<br />
total size is 7,944,644 speedup is 1,492.23<br />
/boot/efi-sda: update efi: rsync -av --delete-after --modify-window=2 /boot/efi/EFI/ /boot/efi-sda/EFI<br />
building file list ... done<br />
<br />
sent 216 bytes received 11 bytes 454.00 bytes/sec<br />
total size is 5,452,378 speedup is 24,019.29<br />
EFI dir: /boot/efi-sdb<br />
/boot/efi-sdb: update grub: rsync -av --delete-after --modify-window=2 /boot/efi/grub/ /boot/efi-sdb/grub<br />
building file list ... done<br />
<br />
sent 5,313 bytes received 11 bytes 10,648.00 bytes/sec<br />
total size is 7,944,644 speedup is 1,492.23<br />
/boot/efi-sdb: update efi: rsync -av --delete-after --modify-window=2 /boot/efi/EFI/ /boot/efi-sdb/EFI<br />
building file list ... done<br />
<br />
sent 216 bytes received 11 bytes 454.00 bytes/sec<br />
total size is 5,452,378 speedup is 24,019.29<br />
root@midm9b:~# <br />
</pre><br />
<br />
= Disable NetworkManager =<br />
<br />
NetworkManager is useful for configuring dynamic<br />
network interfaces, i.e. laptops that often move<br />
between networks, or connect to multiple choice<br />
of wifi networks, etc.<br />
<br />
For machines with statically configured network interfaces,<br />
NetworkManager is not necessary.<br />
<br />
As it has been observed to become confused and observed<br />
to malfunction when network links go up and down (it keeps<br />
unnecessarily reconfiguring the ip address, etc), it can<br />
be usefuil to disable it.<br />
<br />
* list all network interfaces<br />
<pre><br />
# /bin/ls -1 /sys/class/net/<br />
enp0s31f6<br />
lo<br />
</pre><br />
* edit /etc/network/interfaces:<br />
<pre><br />
rename enp0s31f6=eth0<br />
auto eth0<br />
iface eth0 inet static<br />
address 142.90.120.94/19<br />
gateway 142.90.100.18<br />
</pre><br />
* statically configure systemd-resolved<br />
** create /etc/systemd/resolved.conf.d/resolved.conf with this contents:<br />
<pre><br />
[Resolve]<br />
DNS=142.90.100.19<br />
Domains=triumf.ca<br />
</pre><br />
** systemctl restart systemd-resolved<br />
** resolvectl<br />
** systemd-analyze cat-config systemd/resolved.conf<br />
* disable NetworkManager<br />
<pre><br />
systemctl disable NetworkManager<br />
</pre><br />
* reboot<br />
<br />
= Configure ECC memory =<br />
<br />
== Configure EDAC ==<br />
<br />
* apt install edac-utils<br />
<br />
=== Intel i3-2120 ===<br />
<pre><br />
root@musr00:~# edac-ctl --mainboard<br />
edac-ctl: mainboard: Supermicro X9SCL/X9SCM<br />
root@musr00:~# edac-ctl --status<br />
edac-ctl: drivers not loaded.<br />
</pre><br />
<br />
=== Intel E-2236 ===<br />
<pre><br />
root@daq00:~# edac-ctl --mainboard<br />
edac-ctl: mainboard: Supermicro X11SCM-F<br />
root@daq00:~# edac-ctl --status<br />
edac-ctl: drivers are loaded.<br />
root@daq00:~# edac-util <br />
edac-util: No errors to report.<br />
root@daq00:~# edac-util -s<br />
edac-util: EDAC drivers are loaded. 1 MC detected<br />
</pre><br />
* check edac sysfs files (Intel)<br />
<pre><br />
root@daq00:~# ls -l /sys/devices/system/edac/mc/mc0<br />
total 0<br />
-r--r--r-- 1 root root 4096 Jan 25 15:10 ce_count<br />
-r--r--r-- 1 root root 4096 Jan 25 15:10 ce_noinfo_count<br />
-r--r--r-- 1 root root 4096 Jan 25 15:10 max_location<br />
-r--r--r-- 1 root root 4096 Jan 25 15:10 mc_name<br />
drwxr-xr-x 2 root root 0 Jan 25 15:10 power<br />
drwxr-xr-x 3 root root 0 Jan 25 15:10 rank0<br />
drwxr-xr-x 3 root root 0 Jan 25 15:10 rank1<br />
drwxr-xr-x 3 root root 0 Jan 25 15:10 rank2<br />
drwxr-xr-x 3 root root 0 Jan 25 15:10 rank3<br />
drwxr-xr-x 3 root root 0 Jan 25 15:10 rank4<br />
drwxr-xr-x 3 root root 0 Jan 25 15:10 rank5<br />
drwxr-xr-x 3 root root 0 Jan 25 15:10 rank6<br />
drwxr-xr-x 3 root root 0 Jan 25 15:10 rank7<br />
--w------- 1 root root 4096 Jan 25 15:10 reset_counters<br />
-r--r--r-- 1 root root 4096 Jan 25 15:10 seconds_since_reset<br />
-r--r--r-- 1 root root 4096 Jan 25 15:10 size_mb<br />
-r--r--r-- 1 root root 4096 Jan 25 15:10 ue_count<br />
-r--r--r-- 1 root root 4096 Jan 25 15:10 ue_noinfo_count<br />
-rw-r--r-- 1 root root 4096 Jan 25 15:10 uevent<br />
root@daq00:~# <br />
</pre><br />
<br />
=== Intel E3-1270 v6 ===<br />
<pre><br />
root@wheel-SYS-5019S-M:~/git/scripts# edac-ctl --mainboard<br />
edac-ctl: mainboard: Supermicro X11SSH-F<br />
root@wheel-SYS-5019S-M:~/git/scripts# edac-ctl --status<br />
edac-ctl: drivers are loaded.<br />
root@grsnis01:~# edac-util<br />
edac-util: No errors to report.<br />
root@grsnis01:~# edac-util -s<br />
edac-util: EDAC drivers are loaded. 1 MC detected<br />
root@grsnis01:~# ls -l /sys/devices/system/edac/mc/mc0<br />
total 0<br />
-r--r--r-- 1 root root 4096 Feb 19 12:35 ce_count<br />
-r--r--r-- 1 root root 4096 Feb 19 12:35 ce_noinfo_count<br />
-r--r--r-- 1 root root 4096 Feb 19 12:35 max_location<br />
-r--r--r-- 1 root root 4096 Feb 19 12:35 mc_name<br />
drwxr-xr-x 2 root root 0 Feb 19 12:35 power<br />
drwxr-xr-x 3 root root 0 Feb 19 12:35 rank0<br />
drwxr-xr-x 3 root root 0 Feb 19 12:35 rank1<br />
drwxr-xr-x 3 root root 0 Feb 19 12:35 rank2<br />
drwxr-xr-x 3 root root 0 Feb 19 12:35 rank3<br />
drwxr-xr-x 3 root root 0 Feb 19 12:35 rank4<br />
drwxr-xr-x 3 root root 0 Feb 19 12:35 rank5<br />
drwxr-xr-x 3 root root 0 Feb 19 12:35 rank6<br />
drwxr-xr-x 3 root root 0 Feb 19 12:35 rank7<br />
--w------- 1 root root 4096 Feb 19 12:35 reset_counters<br />
-r--r--r-- 1 root root 4096 Feb 19 12:35 seconds_since_reset<br />
-r--r--r-- 1 root root 4096 Feb 19 12:35 size_mb<br />
-r--r--r-- 1 root root 4096 Feb 19 12:35 ue_count<br />
-r--r--r-- 1 root root 4096 Feb 19 12:35 ue_noinfo_count<br />
-rw-r--r-- 1 root root 4096 Feb 19 12:35 uevent<br />
root@grsnis01:~# <br />
</pre><br />
<br />
=== Intel E3-1245 v6 ===<br />
<br />
<pre><br />
[root@alphagdaq ~]# edac-ctl --mainboard<br />
edac-ctl: mainboard: Supermicro X11SSH-F<br />
[root@alphagdaq ~]# edac-ctl --mainboard<br />
edac-ctl: mainboard: Supermicro X11SSH-F<br />
[root@alphagdaq ~]# edac-ctl --status<br />
edac-ctl: drivers are loaded.<br />
[root@alphagdaq ~]# edac-util<br />
edac-util: No errors to report.<br />
[root@alphagdaq ~]# edac-util -s<br />
edac-util: EDAC drivers are loaded. 1 MC detected<br />
[root@alphagdaq ~]# ras-mc-ctl --layout<br />
+-----------------------------------------------+<br />
| mc0 |<br />
| csrow0 | csrow1 | csrow2 | csrow3 |<br />
----------+-----------------------------------------------+<br />
channel1: | 8192 MB | 8192 MB | 8192 MB | 8192 MB |<br />
channel0: | 8192 MB | 8192 MB | 8192 MB | 8192 MB |<br />
----------+-----------------------------------------------+<br />
[root@alphagdaq ~]# ras-mc-ctl --error-count<br />
Label CE UE<br />
mc#0csrow#3channel#0 0 0<br />
mc#0csrow#2channel#1 0 0<br />
mc#0csrow#3channel#1 0 0<br />
mc#0csrow#0channel#0 0 0<br />
mc#0csrow#1channel#1 0 0<br />
mc#0csrow#0channel#1 0 0<br />
mc#0csrow#1channel#0 0 0<br />
mc#0csrow#2channel#0 0 0<br />
[root@alphagdaq ~]# ras-mc-ctl --mainboard<br />
ras-mc-ctl: mainboard: Supermicro model X11SSH-F<br />
[root@alphagdaq ~]# ras-mc-ctl --summary<br />
DBD::SQLite::db prepare failed: no such table: mc_event at /usr/sbin/ras-mc-ctl line 1129.<br />
Can't call method "execute" on an undefined value at /usr/sbin/ras-mc-ctl line 1130.<br />
[root@alphagdaq ~]# <br />
</pre><br />
<br />
=== AMD 3700X ===<br />
<br />
(memory is non-ECC)<br />
<br />
<pre><br />
root@daq13:~# edac-ctl --mainboard<br />
edac-ctl: mainboard: ASUSTeK COMPUTER INC. ROG STRIX B550-E GAMING<br />
root@daq13:~# <br />
root@daq13:~# <br />
root@daq13:~# edac-ctl --status<br />
edac-ctl: drivers not loaded.<br />
root@daq13:~# edac-util <br />
edac-util: Error: No memory controller data found.<br />
root@daq13:~# edac-util -s<br />
edac-util: EDAC drivers loaded. No memory controllers found<br />
root@daq13:~# ls -l /sys/devices/system/edac/mc<br />
total 0<br />
drwxr-xr-x 2 root root 0 Jan 25 15:26 power<br />
lrwxrwxrwx 1 root root 0 Jan 21 16:16 subsystem -> ../../../../bus/edac<br />
-rw-r--r-- 1 root root 4096 Jan 21 16:16 uevent<br />
</pre><br />
<br />
(memory is ECC)<br />
<br />
<pre><br />
root@trinatdaq:~# edac-ctl --mainboard<br />
edac-ctl: mainboard: ASUSTeK COMPUTER INC. ROG STRIX B550-E GAMING<br />
root@trinatdaq:~# edac-ctl --status<br />
edac-ctl: drivers are loaded.<br />
root@trinatdaq:~# edac-util <br />
edac-util: No errors to report.<br />
root@trinatdaq:~# edac-util -s<br />
edac-util: EDAC drivers are loaded. 1 MC detected<br />
root@trinatdaq:~# ls -l /sys/devices/system/edac/mc<br />
total 0<br />
drwxr-xr-x 7 root root 0 Dec 15 13:04 mc0<br />
drwxr-xr-x 2 root root 0 Dec 15 13:04 power<br />
lrwxrwxrwx 1 root root 0 Dec 13 18:31 subsystem -> ../../../../bus/edac<br />
-rw-r--r-- 1 root root 4096 Dec 13 18:31 uevent<br />
root@trinatdaq:~# ls -l /sys/devices/system/edac/mc/mc0<br />
total 0<br />
-r--r--r-- 1 root root 4096 Dec 15 13:04 ce_count<br />
-r--r--r-- 1 root root 4096 Dec 15 13:04 ce_noinfo_count<br />
-r--r--r-- 1 root root 4096 Dec 15 13:04 max_location<br />
-r--r--r-- 1 root root 4096 Dec 15 13:04 mc_name<br />
drwxr-xr-x 2 root root 0 Dec 15 13:04 power<br />
drwxr-xr-x 3 root root 0 Dec 15 13:04 rank4<br />
drwxr-xr-x 3 root root 0 Dec 15 13:04 rank5<br />
drwxr-xr-x 3 root root 0 Dec 15 13:04 rank6<br />
drwxr-xr-x 3 root root 0 Dec 15 13:04 rank7<br />
--w------- 1 root root 4096 Dec 15 13:04 reset_counters<br />
-rw-r--r-- 1 root root 4096 Dec 15 13:04 sdram_scrub_rate<br />
-r--r--r-- 1 root root 4096 Dec 15 13:04 seconds_since_reset<br />
-r--r--r-- 1 root root 4096 Dec 15 13:04 size_mb<br />
-r--r--r-- 1 root root 4096 Dec 15 13:04 ue_count<br />
-r--r--r-- 1 root root 4096 Dec 15 13:04 ue_noinfo_count<br />
-rw-r--r-- 1 root root 4096 Dec 15 13:04 uevent<br />
root@trinatdaq:~# <br />
</pre><br />
<br />
=== AMD 5000G ===<br />
<br />
* no linux driver for AMD 5000-series "G" CPU<br />
* no mention of ECC in the BIOS settings<br />
* unclear status of ECC support in AMD documentation (sais only "pro" "G" CPUs have ECC)<br />
* unclear status of ECC support in ASUS documentation (web page out of date)<br />
<br />
=== AMD 5600X ===<br />
<br />
<pre><br />
root@daq17:~# edac-ctl --mainboard<br />
edac-ctl: mainboard: ASUSTeK COMPUTER INC. ROG STRIX B550-XE GAMING WIFI<br />
root@daq17:~# edac-ctl --status<br />
edac-ctl: drivers are loaded.<br />
root@daq17:~# edac-util<br />
edac-util: No errors to report.<br />
root@daq17:~# edac-util -s<br />
edac-util: EDAC drivers are loaded. 1 MC detected<br />
root@daq17:~# ls -l /sys/devices/system/edac/mc<br />
total 0<br />
drwxr-xr-x 7 root root 0 Aug 19 19:27 mc0<br />
drwxr-xr-x 2 root root 0 Aug 19 19:27 power<br />
lrwxrwxrwx 1 root root 0 May 10 10:11 subsystem -> ../../../../bus/edac<br />
-rw-r--r-- 1 root root 4096 May 10 10:11 uevent<br />
root@daq17:~# ls -l /sys/devices/system/edac/mc/mc0<br />
total 0<br />
-r--r--r-- 1 root root 4096 Aug 19 19:27 ce_count<br />
-r--r--r-- 1 root root 4096 Aug 19 19:27 ce_noinfo_count<br />
-r--r--r-- 1 root root 4096 Aug 19 19:27 max_location<br />
-r--r--r-- 1 root root 4096 Aug 19 19:27 mc_name<br />
drwxr-xr-x 2 root root 0 Aug 19 19:27 power<br />
drwxr-xr-x 3 root root 0 Aug 19 19:27 rank4<br />
drwxr-xr-x 3 root root 0 Aug 19 19:27 rank5<br />
drwxr-xr-x 3 root root 0 Aug 19 19:27 rank6<br />
drwxr-xr-x 3 root root 0 Aug 19 19:27 rank7<br />
--w------- 1 root root 4096 Aug 19 19:27 reset_counters<br />
-rw-r--r-- 1 root root 4096 Aug 19 19:27 sdram_scrub_rate<br />
-r--r--r-- 1 root root 4096 Aug 19 19:27 seconds_since_reset<br />
-r--r--r-- 1 root root 4096 Aug 19 19:27 size_mb<br />
-r--r--r-- 1 root root 4096 Aug 19 19:27 ue_count<br />
-r--r--r-- 1 root root 4096 Aug 19 19:27 ue_noinfo_count<br />
-rw-r--r-- 1 root root 4096 Aug 19 19:27 uevent<br />
root@daq17:~# <br />
</pre><br />
<br />
=== AMD 3955WX ===<br />
<br />
<pre><br />
root@alphasuperdaq:~/git/scripts/quotareport# edac-ctl --mainboard<br />
edac-ctl: mainboard: ASUSTeK COMPUTER INC. Pro WS WRX80E-SAGE SE WIFI<br />
root@alphasuperdaq:~/git/scripts/quotareport# edac-ctl --status<br />
edac-ctl: drivers are loaded.<br />
root@alphasuperdaq:~/git/scripts/quotareport# edac-util <br />
edac-util: No errors to report.<br />
root@alphasuperdaq:~/git/scripts/quotareport# edac-util -s<br />
edac-util: EDAC drivers are loaded. 1 MC detected<br />
root@alphasuperdaq:~/git/scripts/quotareport# ls -l /sys/devices/system/edac/mc<br />
total 0<br />
drwxr-xr-x 19 root root 0 Dez 12 04:48 mc0<br />
drwxr-xr-x 2 root root 0 Dez 12 04:48 power<br />
lrwxrwxrwx 1 root root 0 Dez 9 05:31 subsystem -> ../../../../bus/edac<br />
-rw-r--r-- 1 root root 4096 Dez 9 05:31 uevent<br />
root@alphasuperdaq:~/git/scripts/quotareport# <br />
root@alphasuperdaq:~# ls -l /sys/devices/system/edac/mc/mc0<br />
total 0<br />
-r--r--r-- 1 root root 4096 Feb 28 22:19 ce_count<br />
-r--r--r-- 1 root root 4096 Feb 28 22:19 ce_noinfo_count<br />
-r--r--r-- 1 root root 4096 Feb 28 22:19 max_location<br />
-r--r--r-- 1 root root 4096 Feb 28 22:19 mc_name<br />
drwxr-xr-x 2 root root 0 Dez 12 04:48 power<br />
drwxr-xr-x 3 root root 0 Dez 12 04:48 rank0<br />
drwxr-xr-x 3 root root 0 Dez 12 04:48 rank1<br />
drwxr-xr-x 3 root root 0 Dez 12 04:48 rank10<br />
drwxr-xr-x 3 root root 0 Dez 12 04:48 rank11<br />
drwxr-xr-x 3 root root 0 Dez 12 04:48 rank12<br />
drwxr-xr-x 3 root root 0 Dez 12 04:48 rank13<br />
drwxr-xr-x 3 root root 0 Dez 12 04:48 rank14<br />
drwxr-xr-x 3 root root 0 Dez 12 04:48 rank15<br />
drwxr-xr-x 3 root root 0 Dez 12 04:48 rank2<br />
drwxr-xr-x 3 root root 0 Dez 12 04:48 rank3<br />
drwxr-xr-x 3 root root 0 Dez 12 04:48 rank4<br />
drwxr-xr-x 3 root root 0 Dez 12 04:48 rank5<br />
drwxr-xr-x 3 root root 0 Dez 12 04:48 rank6<br />
drwxr-xr-x 3 root root 0 Dez 12 04:48 rank7<br />
drwxr-xr-x 3 root root 0 Dez 12 04:48 rank8<br />
drwxr-xr-x 3 root root 0 Dez 12 04:48 rank9<br />
--w------- 1 root root 4096 Feb 28 22:19 reset_counters<br />
-rw-r--r-- 1 root root 4096 Feb 28 22:19 sdram_scrub_rate<br />
-r--r--r-- 1 root root 4096 Feb 28 22:19 seconds_since_reset<br />
-r--r--r-- 1 root root 4096 Feb 28 22:19 size_mb<br />
-r--r--r-- 1 root root 4096 Feb 28 22:19 ue_count<br />
-r--r--r-- 1 root root 4096 Feb 28 22:19 ue_noinfo_count<br />
-rw-r--r-- 1 root root 4096 Feb 28 22:19 uevent<br />
root@alphasuperdaq:~# <br />
root@alphasuperdaq:~# ras-mc-ctl --layout<br />
Use of uninitialized value $max_pos[3] in modulus (%) at /usr/sbin/ras-mc-ctl line 868.<br />
Use of uninitialized value $d in numeric ge (>=) at /usr/sbin/ras-mc-ctl line 869.<br />
Use of uninitialized value $d in sprintf at /usr/sbin/ras-mc-ctl line 872.<br />
Use of uninitialized value $pos[3] in join or string at /usr/sbin/ras-mc-ctl line 791.<br />
Use of uninitialized value $pos[3] in join or string at /usr/sbin/ras-mc-ctl line 791.<br />
Use of uninitialized value $pos[3] in join or string at /usr/sbin/ras-mc-ctl line 791.<br />
Use of uninitialized value $pos[3] in join or string at /usr/sbin/ras-mc-ctl line 791.<br />
Use of uninitialized value $pos[3] in join or string at /usr/sbin/ras-mc-ctl line 791.<br />
Use of uninitialized value $pos[3] in join or string at /usr/sbin/ras-mc-ctl line 791.<br />
Use of uninitialized value $pos[3] in join or string at /usr/sbin/ras-mc-ctl line 791.<br />
Use of uninitialized value $pos[3] in join or string at /usr/sbin/ras-mc-ctl line 791.<br />
Use of uninitialized value $pos[3] in join or string at /usr/sbin/ras-mc-ctl line 791.<br />
Use of uninitialized value $pos[3] in join or string at /usr/sbin/ras-mc-ctl line 791.<br />
Use of uninitialized value $pos[3] in join or string at /usr/sbin/ras-mc-ctl line 791.<br />
Use of uninitialized value $pos[3] in join or string at /usr/sbin/ras-mc-ctl line 791.<br />
Use of uninitialized value $pos[3] in join or string at /usr/sbin/ras-mc-ctl line 791.<br />
Use of uninitialized value $pos[3] in join or string at /usr/sbin/ras-mc-ctl line 791.<br />
Use of uninitialized value $pos[3] in join or string at /usr/sbin/ras-mc-ctl line 791.<br />
Use of uninitialized value $pos[3] in join or string at /usr/sbin/ras-mc-ctl line 791.<br />
+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+<br />
| mc0 |<br />
| csrow0 | csrow1 |<br />
| channel0 | channel1 | channel2 | channel3 | channel4 | channel5 | channel6 | channel7 | channel0 | channel1 | channel2 | channel3 | channel4 | channel5 | channel6 | channel7 |<br />
----+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+<br />
<br />
0: | 0 MB | 0 MB | 0 MB | 0 MB | 0 MB | 0 MB | 0 MB | 0 MB | 0 MB | 0 MB | 0 MB | 0 MB | 0 MB | 0 MB | 0 MB | 0 MB |<br />
----+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+<br />
root@alphasuperdaq:~# ras-mc-ctl --error-count<br />
Label CE UE<br />
mc#0csrow#0channel#2 0 0<br />
mc#0csrow#1channel#7 0 0<br />
mc#0csrow#0channel#3 0 0<br />
mc#0csrow#1channel#4 0 0<br />
mc#0csrow#1channel#2 0 0<br />
mc#0csrow#0channel#7 0 0<br />
mc#0csrow#1channel#3 0 0<br />
mc#0csrow#0channel#4 0 0<br />
mc#0csrow#1channel#1 0 0<br />
mc#0csrow#1channel#0 0 0<br />
mc#0csrow#1channel#5 0 0<br />
mc#0csrow#0channel#6 0 0<br />
mc#0csrow#0channel#1 0 0<br />
mc#0csrow#0channel#5 0 0<br />
mc#0csrow#0channel#0 0 0<br />
mc#0csrow#1channel#6 0 0<br />
root@alphasuperdaq:~# ras-mc-ctl --mainboard<br />
ras-mc-ctl: mainboard: ASUSTeK COMPUTER INC. model Pro WS WRX80E-SAGE SE WIFI<br />
root@alphasuperdaq:~# ras-mc-ctl --summary<br />
No Memory errors.<br />
<br />
No PCIe AER errors.<br />
<br />
No Extlog errors.<br />
<br />
DBD::SQLite::db prepare failed: no such table: devlink_event at /usr/sbin/ras-mc-ctl line 1181.<br />
Can't call method "execute" on an undefined value at /usr/sbin/ras-mc-ctl line 1182.<br />
root@alphasuperdaq:~#<br />
</pre><br />
<br />
== Configure rasdaemon ==<br />
<br />
<pre><br />
apt install rasdaemon<br />
</pre><br />
<pre><br />
systemctl enable rasdaemon<br />
systemctl restart rasdaemon<br />
systemctl status rasdaemon<br />
</pre><br />
<br />
<pre><br />
● rasdaemon.service - RAS daemon to log the RAS events<br />
Loaded: loaded (/lib/systemd/system/rasdaemon.service; enabled; vendor preset: enabled)<br />
Active: active (running) since Mon 2021-01-25 15:16:37 PST; 3min 5s ago<br />
Main PID: 2477175 (rasdaemon)<br />
Tasks: 1 (limit: 76958)<br />
Memory: 17.1M<br />
CGroup: /system.slice/rasdaemon.service<br />
└─2477175 /usr/sbin/rasdaemon -f -r<br />
<br />
Jan 25 15:16:37 daq00.triumf.ca rasdaemon[2477175]: rasdaemon: ras:extlog_mem_event event enabled<br />
Jan 25 15:16:37 daq00.triumf.ca rasdaemon[2477175]: rasdaemon: Enabled event ras:extlog_mem_event<br />
Jan 25 15:16:37 daq00.triumf.ca rasdaemon[2477175]: ras:extlog_mem_event event enabled<br />
Jan 25 15:16:37 daq00.triumf.ca rasdaemon[2477175]: rasdaemon: Listening to events for cpus 0 to 11<br />
Jan 25 15:16:37 daq00.triumf.ca rasdaemon[2477175]: Enabled event ras:extlog_mem_event<br />
Jan 25 15:16:37 daq00.triumf.ca rasdaemon[2477175]: rasdaemon: Recording mc_event events<br />
Jan 25 15:16:37 daq00.triumf.ca rasdaemon[2477175]: rasdaemon: Recording aer_event events<br />
Jan 25 15:16:37 daq00.triumf.ca rasdaemon[2477175]: rasdaemon: Recording extlog_event events<br />
Jan 25 15:16:37 daq00.triumf.ca rasdaemon[2477175]: rasdaemon: Recording mce_record events<br />
Jan 25 15:16:37 daq00.triumf.ca rasdaemon[2477175]: rasdaemon: Recording arm_event events<br />
</pre><br />
<br />
== Get reports ==<br />
<br />
* Intel 2x32GB ECC DIMMs<br />
<pre><br />
root@daq00:~# ras-mc-ctl --layout<br />
+-------------------------+<br />
| mc0 |<br />
| csrow0 | csrow1 |<br />
----------+-------------------------+<br />
channel1: | 16384 MB | 16384 MB |<br />
channel0: | 16384 MB | 16384 MB |<br />
----------+-------------------------+<br />
root@daq00:~# ras-mc-ctl --error-count<br />
Label CE UE<br />
mc#0csrow#1channel#1 0 0<br />
mc#0csrow#1channel#0 0 0<br />
mc#0csrow#0channel#0 0 0<br />
mc#0csrow#0channel#1 0 0<br />
root@daq00:~# <br />
</pre><br />
<br />
* Intel 4x16GB ECC DIMMs<br />
<pre><br />
root@daq00:~# ras-mc-ctl --error-count<br />
Label CE UE<br />
mc#0csrow#0channel#1 0 0<br />
mc#0csrow#2channel#0 0 0<br />
mc#0csrow#0channel#0 0 0<br />
mc#0csrow#2channel#1 0 0<br />
mc#0csrow#1channel#0 0 0<br />
mc#0csrow#1channel#1 0 0<br />
mc#0csrow#3channel#0 0 0<br />
mc#0csrow#3channel#1 0 0<br />
root@daq00:~# <br />
root@daq00:~# ras-mc-ctl --layout<br />
+-----------------------+<br />
| mc0 |<br />
| csrow0 | csrow1 |<br />
----------+-----------------------+<br />
channel1: | 8192 MB | 8192 MB |<br />
channel0: | 8192 MB | 8192 MB |<br />
----------+-----------------------+<br />
root@daq00:~# <br />
root@daq00:~# <br />
root@daq00:~# <br />
root@daq00:~# ras-mc-ctl --print-labels<br />
ras-mc-ctl: Error: No dimm labels for Supermicro model X11SCM-F<br />
root@daq00:~# ras-mc-ctl --mainboard<br />
ras-mc-ctl: mainboard: Supermicro model X11SCM-F<br />
root@daq00:~# ras-mc-ctl --summary<br />
No Memory errors.<br />
<br />
No PCIe AER errors.<br />
<br />
No Extlog errors.<br />
<br />
DBD::SQLite::db prepare failed: no such table: devlink_event at /usr/sbin/ras-mc-ctl line 1181.<br />
Can't call method "execute" on an undefined value at /usr/sbin/ras-mc-ctl line 1182.<br />
root@daq00:~# <br />
</pre><br />
<br />
note: ubuntu LTS 22.04 DBD::SQLite::db error is not there.<br />
<br />
= sensors =<br />
<br />
== ASUS P9X79 WS ==<br />
<br />
* https://www.asus.com/supportonly/P9X79%20WS/HelpDesk_Manual/<br />
* BIOS version 4802<br />
* modprobe nct6775<br />
* modprobe coretemp<br />
<br />
<pre><br />
root@daq14:~# sensors<br />
coretemp-isa-0000<br />
Adapter: ISA adapter<br />
Package id 0: +35.0°C (high = +82.0°C, crit = +100.0°C)<br />
Core 0: +29.0°C (high = +82.0°C, crit = +100.0°C)<br />
Core 1: +24.0°C (high = +82.0°C, crit = +100.0°C)<br />
Core 2: +35.0°C (high = +82.0°C, crit = +100.0°C)<br />
Core 3: +32.0°C (high = +82.0°C, crit = +100.0°C)<br />
<br />
nouveau-pci-0200<br />
Adapter: PCI adapter<br />
GPU core: 900.00 mV (min = +0.85 V, max = +1.00 V)<br />
temp1: +39.0°C (high = +95.0°C, hyst = +3.0°C)<br />
(crit = +105.0°C, hyst = +5.0°C)<br />
(emerg = +135.0°C, hyst = +5.0°C)<br />
<br />
nct6776-isa-0290<br />
Adapter: ISA adapter<br />
Vcore: 1.04 V (min = +0.00 V, max = +1.74 V)<br />
in1: 1.01 V (min = +0.00 V, max = +0.00 V) ALARM<br />
AVCC: 3.33 V (min = +0.00 V, max = +0.00 V) ALARM<br />
+3.3V: 3.33 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in4: 1.01 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in5: 2.04 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in6: 904.00 mV (min = +0.00 V, max = +0.00 V) ALARM<br />
3VSB: 3.41 V (min = +0.00 V, max = +0.00 V) ALARM<br />
Vbat: 3.30 V (min = +0.00 V, max = +0.00 V) ALARM<br />
fan1: 1265 RPM (min = 0 RPM)<br />
fan2: 1909 RPM (min = 0 RPM)<br />
fan3: 0 RPM (min = 0 RPM)<br />
fan4: 0 RPM (min = 0 RPM)<br />
fan5: 0 RPM (min = 0 RPM)<br />
SYSTIN: +34.0°C (high = +0.0°C, hyst = +0.0°C) ALARM sensor = thermistor<br />
CPUTIN: +58.0°C (high = +80.0°C, hyst = +75.0°C) sensor = thermal diode<br />
AUXTIN: +31.5°C (high = +80.0°C, hyst = +75.0°C) sensor = thermistor<br />
PECI Agent 0: +31.0°C (high = +80.0°C, hyst = +75.0°C)<br />
(crit = +96.0°C)<br />
PCH_CHIP_TEMP: +0.0°C <br />
PCH_CPU_TEMP: +0.0°C <br />
PCH_MCH_TEMP: +0.0°C <br />
intrusion0: ALARM<br />
intrusion1: ALARM<br />
beep_enable: disabled<br />
<br />
root@daq14:~# <br />
</pre><br />
<br />
= Enable CPU turbo mode =<br />
<br />
* Intel CPU has a nominal CPU frequency (i.e. 3.4GHz) and a turbo-boost CPU frequency (i.e. 4.0GHz). Here we will enable this turbo-boost mode.<br />
* Find out CPU capability<br />
<pre><br />
root@daq01:~# lscpu | grep Hz<br />
Model name: Intel(R) Core(TM) i7-6700 CPU @ 3.40GHz<br />
CPU MHz: 3965.803<br />
CPU max MHz: 4000.0000<br />
CPU min MHz: 800.0000<br />
root@daq01:~# <br />
</pre><br />
* Look up this CPU in the Intel ARK database - google for the CPU model name, i.e.<br />
https://ark.intel.com/content/www/us/en/ark/products/88196/intel-core-i7-6700-processor-8m-cache-up-to-4-00-ghz.html<br />
* Find current frequency settings:<br />
<pre><br />
root@daq01:~# cpupower frequency-info<br />
analyzing CPU 0:<br />
driver: intel_pstate<br />
CPUs which run at the same hardware frequency: 0<br />
CPUs which need to have their frequency coordinated by software: 0<br />
maximum transition latency: Cannot determine or is not supported.<br />
hardware limits: 800 MHz - 4.00 GHz<br />
available cpufreq governors: performance powersave<br />
current policy: frequency should be within 800 MHz and 4.00 GHz.<br />
The governor "powersave" may decide which speed to use<br />
within this range.<br />
current CPU frequency: Unable to call hardware<br />
current CPU frequency: 2.72 GHz (asserted by call to kernel)<br />
boost state support:<br />
Supported: yes<br />
Active: yes<br />
root@daq01:~# <br />
</pre><br />
* Note the following:<br />
** current governor is "powersave"<br />
** "performance" governor is available<br />
** "boost state support" is supported and active.<br />
* Confirm CPU frequency governor:<br />
<pre><br />
root@daq01:~# cat /sys/devices/system/cpu/cpu*/cpufreq/scaling_governor<br />
powersave<br />
powersave<br />
powersave<br />
powersave<br />
powersave<br />
powersave<br />
powersave<br />
powersave<br />
root@daq01:~# <br />
</pre> <br />
* Change governor to "performance":<br />
<pre><br />
root@daq01:~# cpupower frequency-set --governor performance<br />
Setting cpu: 0<br />
Setting cpu: 1<br />
Setting cpu: 2<br />
Setting cpu: 3<br />
Setting cpu: 4<br />
Setting cpu: 5<br />
Setting cpu: 6<br />
Setting cpu: 7<br />
root@daq01:~# cat /sys/devices/system/cpu/cpu*/cpufreq/scaling_governor<br />
performance<br />
performance<br />
performance<br />
performance<br />
performance<br />
performance<br />
performance<br />
performance<br />
root@daq01:~# cpupower frequency-info<br />
analyzing CPU 0:<br />
driver: intel_pstate<br />
CPUs which run at the same hardware frequency: 0<br />
CPUs which need to have their frequency coordinated by software: 0<br />
maximum transition latency: Cannot determine or is not supported.<br />
hardware limits: 800 MHz - 4.00 GHz<br />
available cpufreq governors: performance powersave<br />
current policy: frequency should be within 800 MHz and 4.00 GHz.<br />
The governor "performance" may decide which speed to use<br />
within this range.<br />
current CPU frequency: Unable to call hardware<br />
current CPU frequency: 3.93 GHz (asserted by call to kernel)<br />
boost state support:<br />
Supported: yes<br />
Active: yes<br />
</pre><br />
* monitor CPU frequency:<br />
<pre><br />
root@daq01:~# cpupower monitor<br />
| Nehalem || Mperf || Idle_Stats <br />
CPU| C3 | C6 | PC3 | PC6 || C0 | Cx | Freq || POLL | C1 | C1E | C3 | C6 | C7s | C8 <br />
0| 0.00| 0.00| 0.00| 0.00|| 88.80| 11.20| 3973|| 0.00| 0.00| 0.01| 0.02| 0.31| 0.00| 4.25<br />
4| 0.00| 0.00| 0.00| 0.00|| 4.70| 95.30| 3945|| 0.00| 0.00| 0.00| 0.00| 0.00| 0.00| 95.03<br />
1| 0.73| 3.70| 0.00| 0.00|| 4.52| 95.48| 3864|| 0.00| 0.01| 1.19| 0.44| 2.82| 0.00| 90.23<br />
5| 0.73| 3.70| 0.00| 0.00|| 0.37| 99.63| 3807|| 0.00| 0.00| 0.03| 0.09| 1.70| 0.00| 97.64<br />
2| 2.28| 12.86| 0.00| 0.00|| 1.41| 98.59| 3829|| 0.00| 0.86| 3.17| 0.46| 7.70| 0.00| 85.87<br />
6| 2.28| 12.86| 0.00| 0.00|| 2.88| 97.12| 3856|| 0.00| 0.11| 4.56| 2.15| 10.31| 0.00| 78.99<br />
3| 1.33| 4.81| 0.00| 0.00|| 0.99| 99.01| 3804|| 0.00| 0.49| 0.79| 0.01| 1.03| 0.00| 96.12<br />
7| 1.34| 4.81| 0.00| 0.00|| 1.26| 98.74| 3818|| 0.00| 0.01| 2.32| 0.47| 5.02| 0.00| 90.06<br />
root@daq01:~# <br />
</pre><br />
* check that the CPU is not overheating:<br />
<pre><br />
root@daq01:~# sensors<br />
coretemp-isa-0000<br />
Adapter: ISA adapter<br />
Package id 0: +51.0°C (high = +84.0°C, crit = +100.0°C)<br />
Core 0: +51.0°C (high = +84.0°C, crit = +100.0°C)<br />
Core 1: +38.0°C (high = +84.0°C, crit = +100.0°C)<br />
Core 2: +34.0°C (high = +84.0°C, crit = +100.0°C)<br />
Core 3: +32.0°C (high = +84.0°C, crit = +100.0°C)<br />
</pre><br />
* congratulations, we are running at 4 GHz now!<br />
<br />
= Setup ubuntu as gateway to private network =<br />
<br />
See also:<br />
* https://daq.triumf.ca/DaqWiki/index.php/VME-CPU#Setup_the_boot_host_computer_.28el7.29<br />
* http://www.triumf.info/wiki/DAQwiki/index.php/Dhcpd_on_eth1<br />
<br />
== Steps to do ==<br />
<br />
* assign network numbers to the private network, i.e. 192.168.1.x, 192.168.2.x, etc<br />
* (on the gateway machine, each private network interface has to have a different network number)<br />
* (each network interface can have multiple networks attached, via VLANs or via eth0:0, eth0:1 constructs)<br />
* assign IP addresses on the private network, save them in /etc/hosts i.e. "hvps 192.168.1.10"<br />
* (for simplicity, assign 192.168.1.1 to the gateway machine itself)<br />
* (IP addresses 192.168.1.0 and 192.168.1.255 are "special", do not use them)<br />
* setup DNS server (dnsmasq) to serve contents of /etc/hosts via DNS (otherwise, many programs will see inconsistent name to IP address mapping)<br />
* setup DHCP server (ISC dhcpd or dnsmasq) to give out the IP addresses<br />
* setup tftp, pxelinux and NFS for diskless booting<br />
* setup time server (chronyd) to provide common time to all devices<br />
* setup NAT so machines on private network can access the internet (to get OS updates, etc)<br />
* setup NIS and NFS so machines on the private network can use common home directories<br />
* setup rsync backup of machines on the private network<br />
<br />
== setup hosts ==<br />
<br />
* edit /etc/hosts<br />
<pre><br />
192.168.1.101 dsfe01<br />
... and so forth<br />
</pre><br />
<br />
== setup dns and dhcp ==<br />
<br />
* apt install dnsmasq<br />
* edit /etc/dnsmasq.conf<br />
<pre><br />
# /etc/dnsmasq.conf<br />
# DNS settings<br />
#port=0 # disable DNS function<br />
port=53 # enable DNS function<br />
domain-needed<br />
bogus-priv<br />
no-resolv<br />
server=142.90.100.19<br />
# DHCP settings<br />
interface=enp1s0f0 # DHCP interface<br />
#dhcp-range=192.168.1.50,192.168.1.150,infinite<br />
dhcp-range=192.168.1.0,static<br />
#log-dhcp<br />
quiet-dhcp<br />
#dhcp-ignore=tag:!known<br />
dhcp-boot=pxelinux.0<br />
#dhcp-host=ac:1f:6b:9e:7f:4a,192.168.1.100,10m<br />
dhcp-host=ac:1f:6b:9e:7f:4a,dsfe01,infinite<br />
# TFTP settings<br />
enable-tftp<br />
tftp-root=/tftpboot<br />
</pre><br />
* #mkdir /zssd/tftpboot ### per tftp-root (if no ZFS)<br />
* zfs create -o mountpoint=/tftpboot rpool/tftpboot ### (if root is ZFS)<br />
* systemctl stop systemd-resolved.service<br />
* systemctl disable systemd-resolved.service<br />
* rm /etc/resolv.conf<br />
* create new /etc/resolv.conf with this contents:<br />
<pre><br />
nameserver 127.0.0.1<br />
search snolab.ca<br />
</pre><br />
* systemctl enable dnsmasq<br />
* systemctl restart dnsmasq<br />
<br />
== setup chronyd ==<br />
<br />
* enable ntp server:<br />
* configure and enable chronyd per instructions above<br />
* echo "allow 192.168.1.0/24" > /etc/chrony/conf.d/allow-localhost.conf<br />
* systemctl restart chronyd<br />
* chronyc tracking ### wait until time is synchronized (a few seconds)<br />
<br />
== setup diskless network booting ==<br />
<br />
=== setup pxelinux ===<br />
<pre><br />
cd ~<br />
wget https://www.kernel.org/pub/linux/utils/boot/syslinux/4.xx/syslinux-4.03.tar.bz2<br />
tar xjvf syslinux-4.03.tar.bz2<br />
cd syslinux-4.03<br />
cp -pv ./core/pxelinux.0 ./com32/hdt/hdt.c32 ./memdisk/memdisk ./com32/menu/menu.c32 /zssd/tftpboot/<br />
</pre><br />
* cd /zssd/tftpboot<br />
<pre><br />
wget http://ladd00.triumf.ca/tftpboot/memtest86+-4.20.iso.zip<br />
wget http://ladd00.triumf.ca/tftpboot/memtest86+-5.01.iso.gz<br />
wget http://ladd00.triumf.ca/tftpboot/modules.alias<br />
wget http://ladd00.triumf.ca/tftpboot/modules.pcimap<br />
wget http://ladd00.triumf.ca/tftpboot/pci.ids<br />
</pre><br />
* mkdir pxelinux.cfg<br />
* emacs -nw pxelinux.cfg/default<br />
<pre><br />
default menu.c32<br />
prompt 0<br />
<br />
menu title Welcome to the DSVSLICE PXE boot menu<br />
<br />
timeout 50<br />
<br />
label hdt<br />
kernel hdt.c32<br />
<br />
label memtest86+-5.01 <br />
kernel memdisk iso initrd=memtest86+-5.01.iso.gz <br />
<br />
label memtest86+-4.20<br />
kernel memdisk iso initrd=memtest86+-4.20.iso.zip<br />
<br />
label vmlinuz-5.3.0-26-generic<br />
menu default<br />
kernel vmlinuz-5.3.0-26-generic<br />
append initrd=initrd.img-5.3.0-26-generic boot=nfs root=/dev/nfs netboot=nfs nfsroot=192.168.1.1:/zssd/nfsroot/dsfe01 toram ip=dhcp panic=60 BOOTIF=enp1s0f0<br />
<br />
#end<br />
</pre><br />
<br />
=== setup linux kernel ===<br />
<br />
* copy the kernel files<br />
<pre><br />
cd /boot<br />
rsync -av config* initrd* System.map* vmlinuz* /zssd/tftpboot/<br />
</pre><br />
* cd /zssd/tftpboot<br />
* chmod a+r *<br />
<br />
=== setup nfs ===<br />
<br />
* apt-get install nfs-kernel-server<br />
* emacs -nw /etc/exports<br />
<pre><br />
/zssd/nfsroot/dsfe01 dsfe01(rw,no_root_squash,async,no_subtree_check)<br />
</pre><br />
* enable services<br />
<pre><br />
systemctl enable nfs-server<br />
systemctl enable nfs-mountd<br />
systemctl enable nfs-idmapd<br />
systemctl restart nfs-server<br />
systemctl restart nfs-mountd<br />
systemctl restart nfs-idmapd<br />
</pre><br />
* after editing /etc/exports, run<br />
<pre><br />
exportfs -av<br />
</pre><br />
<br />
=== setup userland ===<br />
<br />
* zfs create zssd/nfsroot<br />
* zfs set dedup=verify zssd/nfsroot ### enable deduplication to save disk space because most linux images have mostly identical files<br />
* clone ubuntu<br />
<pre><br />
mkdir /zssd/nfsroot/dsfe01<br />
cd /<br />
rsync -avx . /zssd/nfsroot/dsfe01<br />
</pre><br />
* edit config files:<br />
* cd /zssd/nfsroot/dsfe01<br />
* emacs -nw etc/hostname ### change to dsfe01<br />
* emacs -nw etc/mailname ### change to dsfe01<br />
* emacs -nw etc/yp.conf ### change daq00.triumf.ca to musr00.triumf.ca<br />
* emacs -nw etc/defaultdomain ### change to MUSR-NIS<br />
* cp -pvf ../lxcpet-SL610/etc/ssh/*key* etc/ssh/ ### preserve the ssh keys<br />
* emacs -nw opt/gonodeinfo/gonodeinfo.conf ### update information<br />
* emacs -nw root/.ssh/authorized_keys ### update root ssh keys<br />
* emacs -nw etc/fstab ### add this<br />
<pre><br />
192.168.1.1:/zssd/nfsroot/dsfe01 / nfs defaults,nolock 0 0<br />
</pre><br />
* emacs -nw etc/chrony/chrony.conf<br />
** comment-out all "pool" and "server" entries<br />
** add entry "server 192.168.1.1 iburst"<br />
<br />
After dsfe01 is booted:<br />
<br />
* disable services:<br />
<pre><br />
systemctl disable apache2<br />
systemctl disable dnsmasq<br />
systemctl disable zfs-import-cache<br />
</pre><br />
<br />
To setup additional machines, clone dsfe01 instead of cloning the gateway machine<br />
<br />
=== Allow manpages to be viewed ===<br />
<br />
If <code>/</code> is mounted over NFS, <code>man</code> will report a permission error. Fix it with:<br />
<br />
<pre><br />
ln -s /etc/apparmor.d/usr.bin.man /etc/apparmor.d/disable/<br />
apparmor_parser -R /etc/apparmor.d/usr.bin.man<br />
</pre><br />
<br />
== setup shared home directory ==<br />
<br />
=== on the gateway machine ===<br />
* define netgroups<br />
* emacs -nw /etc/netgroup<br />
<pre><br />
dsfe (dsfe01,,) (dsfe02,,)<br />
</pre><br />
* emacs -nw /etc/nsswitch.conf ### edit the netgroup line to read:<br />
<pre><br />
netgroup: files<br />
</pre><br />
* export the home directories:<br />
* emacs -nw /etc/exports ### add this:<br />
<pre><br />
/zssd/home1 @dsfe(rw,no_root_squash,async,no_subtree_check)<br />
</pre><br />
* exportfs -rc<br />
<br />
=== on the frontend machine ===<br />
<br />
* mkdir /home<br />
* emacs -nw /etc/fstab ### add this:<br />
<pre><br />
192.168.1.1:/zssd/home1 /home nfs defaults 0 0<br />
</pre><br />
* mount -a<br />
<br />
== setup NAT ==<br />
<br />
NAT allows machines on the private network to connect to the internet: https://en.wikipedia.org/wiki/Network_address_translation<br />
<br />
In these examples:<br />
* replace "eno1" with name of the outgoing interface (the one connected to the TRIUMF network).<br />
* replace "enp11s0" with name of the private network interface (192.168.1.x network)<br />
<br />
* emacs -nw /etc/rc.local ### add this:<br />
<pre><br />
# /etc/rc.local<br />
<br />
/sbin/iptables -t nat -A POSTROUTING -o eno1 -j MASQUERADE<br />
iptables -L -v<br />
<br />
# uncomment following lines if machine has prohibitive FORWARD rules:<br />
#/sbin/iptables -I FORWARD -i eno1 -o enp11s0 -m state --state RELATED,ESTABLISHED -j ACCEPT<br />
#/sbin/iptables -I FORWARD -i enp11s0 -o eno1 -j ACCEPT<br />
#iptables -L -v<br />
<br />
iptables -L -v<br />
sysctl -w net.ipv4.ip_forward=1<br />
#sysctl -a | grep forward<br />
<br />
sh /etc/firewall-rfc1918.sh<br />
<br />
# end<br />
</pre><br />
* emacs -nw /etc/firewall-rfc1918.sh<br />
<pre><br />
# firewall-rfc1918.sh<br />
<br />
# prevent RFC1918 private network IP addresses from<br />
# going in and out from our uplink.<br />
<br />
ETH=eno1<br />
<br />
iptables -F in-rfc1918<br />
iptables -N in-rfc1918<br />
iptables -A in-rfc1918 --dst 10.0.0.0/8 -j REJECT<br />
iptables -A in-rfc1918 --dst 172.16.0.0/12 -j REJECT<br />
iptables -A in-rfc1918 --dst 192.168.0.0/16 -j REJECT<br />
iptables -D INPUT -j in-rfc1918 -i $ETH<br />
iptables -D INPUT -j in-rfc1918 -i $ETH<br />
iptables -I INPUT -j in-rfc1918 -i $ETH<br />
<br />
iptables -F out-rfc1918<br />
iptables -N out-rfc1918<br />
iptables -A out-rfc1918 --dst 10.0.0.0/8 -j REJECT<br />
iptables -A out-rfc1918 --dst 172.16.0.0/12 -j REJECT<br />
iptables -A out-rfc1918 --dst 192.168.0.0/16 -j REJECT<br />
iptables -D OUTPUT -j out-rfc1918 -o $ETH<br />
iptables -D OUTPUT -j out-rfc1918 -o $ETH<br />
iptables -I OUTPUT -j out-rfc1918 -o $ETH<br />
<br />
iptables -L -v<br />
<br />
#end<br />
</pre><br />
<br />
= KVM =<br />
<br />
<pre><br />
apt install cpu-checker<br />
<br />
root@daq13:~# kvm-ok <br />
INFO: /dev/kvm exists<br />
KVM acceleration can be used<br />
root@daq13:~# <br />
<br />
(if not, shutdown, go into BIOS settings, enable CPU virtualization)<br />
<br />
apt install virtinst ### will install many packages<br />
apt install libvirt-clients libvirt-daemon-system-systemd libvirt-daemon qemu qemu-kvm libvirt-daemon-system virtinst bridge-utils<br />
<br />
root@daq13:/home1/wheel# virsh list --all<br />
Id Name State<br />
------------------------------<br />
1 ubuntu-guest running<br />
<br />
apt install virt-manager<br />
<br />
virt-install --name ubuntu-guest --os-variant ubuntu20.04 --vcpus 2 --ram 2048 --location /daq/daqstore/olchansk/linux/Ubuntu/ubuntu-20.04.3-desktop-amd64.iso --network bridge=virbr0,model=virtio --graphics none --extra-args='console=ttyS0,115200n8 serial'<br />
<br />
virtual machine will start, boot, etc<br />
to get out of it, CTRL + Shift followed by ]<br />
<br />
ssh wheel@daq13<br />
virt-manager<br />
<br />
run virt-install again, omit "--graphics none", open graphics console from virt-manager, it booted into ubuntu installer desktop<br />
<br />
virt-install --name test10 --os-variant centos6.10 --vcpus 2 --ram 2048 --import --filesystem /kvm_ladd00,/ --network bridge=virbr0,model=virtio --boot kernel=/kvm_ladd00/boot/vmlinuz-2.6.32-754.35.1.el6.x86_64,initrd=/kvm_ladd00/boot/initramfs-2.6.32-754.35.1.el6.x86_64.img,kernel_args="root=/dev/sda console=ttyS0,115200n8 serial" --graphics none<br />
<br />
virt-install --name test14 --os-variant centos6.10 --vcpus 2 --ram 2048 --import --disk /tmp/xxx/ladd00.img,bus=sata --network bridge=virbr0,model=virtio --boot kernel=/kvm_ladd00/boot/vmlinuz-2.6.32-754.35.1.el6.x86_64,initrd=/kvm_ladd00/boot/initramfs-2.6.32-754.35.1.el6.x86_64.img,kernel_args="root=/dev/sda console=ttyS0,115200n8 serial rdshell" --graphics none --check path_in_use=off<br />
</pre><br />
<br />
build image<br />
<br />
<pre><br />
dd if=/dev/zero of=/tmp/xxx/ladd00.img bs=1024M count=20<br />
mkfs.ext3 /tmp/xxx/ladd00.img ### ext4 fails to mount by SL6 kernel, "unknown ext4 options"<br />
cd /kvm_ladd00/<br />
mount -o loop /tmp/xxx/ladd00.img /mnt/tmp<br />
rsync -av . /mnt/tmp/ --delete<br />
umount /mnt/tmp<br />
</pre><br />
<br />
on the guest, configure network: /etc/rc.local<br />
<pre><br />
#!/bin/sh<br />
#<br />
# This script will be executed *after* all the other init scripts.<br />
# You can put your own initialization stuff in here if you don't<br />
# want to do the full Sys V style init stuff.<br />
<br />
touch /var/lock/subsys/local<br />
<br />
ifconfig eth2 192.168.122.2<br />
route add -net 0.0.0.0 gw 192.168.122.1<br />
ifconfig -a<br />
netstat -rn<br />
<br />
# end<br />
</pre><br />
<br />
= ARM cross-compiler =<br />
<br />
<pre><br />
apt install libgcc-9-dev-arm64-cross<br />
apt install gcc-arm-linux-gnueabi<br />
apt install gcc-arm-linux-gnueabihf<br />
apt install g++-arm-linux-gnueabihf<br />
apt install g++-arm-linux-gnueabi<br />
</pre><br />
<br />
<pre><br />
arm-linux-gnueabi-gcc -o ttcp1 ttcp.c -march=armv7 -static<br />
arm-linux-gnueabi-gcc -o memcpy.armv7 memcpy.cc -march=armv7 -static -O2<br />
</pre></div>
Lindner
https://daq00.triumf.ca/DaqWiki/index.php?title=Ubuntu&diff=6440
Ubuntu
2022-06-08T20:18:59Z
<p>Lindner: /* NIS and autofs instructions */</p>
<hr />
<div>= About Ubuntu =<br />
<br />
AAA<br />
<br />
<br />
<br />
= Ubuntu version =<br />
<br />
<pre><br />
lsb_release -a<br />
uname -a<br />
</pre><br />
<br />
= Ubuntu installer =<br />
<br />
* updated for Ububtu LTS 20.04.01<br />
<br />
* download the latest Ubuntu LTS desktop installer iso image<br />
* dd the image to a USB key<br />
* power down, disconnect all disks (all HDDs, all SSDs, all M.2)<br />
* connect the SSD to be used as system disk<br />
* if system will use mirrored SSDs (using ZFS mirror), leave second SSD disconnected, we will activate it later<br />
* power up<br />
* boot from USB key in legacy mode or UEFI mode (select this in the BIOS boot menu - F8 for ASUS, F11 for Supermicro)<br />
* follow the instruction:<br />
* "try ubuntu or install ubuntu" - choose "install"<br />
* select language - accept default<br />
* "updates and other software" - accept default settings ("normal install")<br />
* "installation type" - select "advanced features" and "experimental: use ZFS"<br />
* accept partition choice<br />
* "where are you?" - select "Vancouver" (PST time zone)<br />
* "who are you?" - leave all fields blank, except "username" set to "wheel", "password" set to the root password. hostname will be set later after configuring the network<br />
* installation runs in a few minutes, when finished, reboot<br />
* login as user wheel<br />
* answer annouying questions:<br />
* "livepatch" - say "next"<br />
* "help improve" - select "do not send", say "next"<br />
* "privacy" - leave "location" as "off", say "next"<br />
* "ready to go", say "done"<br />
* right-click on the desktop, say "open in terminal", a shell will open<br />
* say "sudo /bin/bash", enter the root password, you now have the root shell<br />
* run nm-connection-editor to configure the network<br />
* after network is up (can ping ladd00), continue with post-installation steps below<br />
<br />
= Install instructions =<br />
<br />
== prepare ==<br />
<pre><br />
apt-get update<br />
apt-get upgrade<br />
</pre><br />
<br />
== install ssh ==<br />
<pre><br />
apt install ssh<br />
</pre><br />
<br />
== configure hostname ==<br />
<pre><br />
vi /etc/hostname<br />
</pre><br />
<br />
== disable swap ==<br />
<br />
ubuntu installer creates a 2 GB swap partition, not useful<br />
on 32-64 GB machine, disable it:<br />
<pre><br />
vi /etc/fstab ### comment out the "swap" line<br />
</pre><br />
<br />
== maybe reboot ==<br />
<br />
this is a good point to reboot the machine to boot<br />
the latest kernel and to set the correct hostname<br />
<br />
== install time synchronization ==<br />
<pre><br />
apt-get -y install chrony<br />
</pre><br />
<pre><br />
echo server time1.triumf.ca iburst >> /etc/chrony/chrony.conf<br />
echo server time2.triumf.ca iburst >> /etc/chrony/chrony.conf<br />
echo server time3.triumf.ca iburst >> /etc/chrony/chrony.conf<br />
systemctl disable systemd-timesyncd.service<br />
systemctl stop systemd-timesyncd.service<br />
systemctl disable ntp<br />
systemctl stop ntp<br />
systemctl enable chrony<br />
systemctl restart chrony<br />
chronyc sources<br />
chronyc tracking<br />
</pre><br />
<br />
== enable outgoing email (debian 11) ==<br />
<br />
this is different from ubuntu 20. it uses /etc/mailname and it hardwires the hostname into main.cf.<br />
<br />
== enable outgoing email ==<br />
<br />
* TRIUMF: use smtp.triumf.ca<br />
* CERN: use cernmx.cern.ch<br />
<br />
<pre><br />
apt install postfix ### select "satellite system", enter full hostname "xxx.triumf.ca", enter "smtp.triumf.ca"<br />
dpkg-reconfigure postfix ### (if postfix already installed)<br />
</pre><br />
<pre><br />
apt-get install -y mailutils<br />
</pre><br />
<pre><br />
echo olchansk@triumf.ca lindner@triumf.ca >> ~root/.forward<br />
mailx root<br />
test<br />
^D<br />
</pre><br />
<br />
== install missing packages ==<br />
<br />
(apt eats terminal input, even the "yes |" trick does not quite work,<br />
repeat the following commands until they report that everything<br />
is installed)<br />
<br />
<pre><br />
yes | apt -y install ssh tcsh ethtool ncat rsync strace net-tools sysstat smartmontools lm-sensors traceroute time minicom screen git lsof<br />
yes | apt -y install lsb-release<br />
yes | apt -y install flex bison<br />
yes | apt -y install neofetch<br />
yes | apt -y install snmp snmp-mibs-downloader<br />
yes | apt -y install git subversion g++ gfortran cmake doxygen<br />
yes | apt -y install python<br />
yes | apt -y install curl libcurl4 libcurl4-openssl-dev<br />
yes | apt -y install mariadb-client ### mysql client<br />
yes | apt -y install libz-dev sqlite3 libsqlite3-dev unixodbc-dev<br />
yes | apt -y install libssl-dev<br />
yes | apt -y install emacs xemacs21 joe<br />
yes | apt -y install gnuplot dos2unix<br />
yes | apt -y install mutt bsd-mailx # email clients<br />
yes | apt -y install liblz4-tool pbzip2<br />
yes | apt -y install libc6-dev-i386 # otherwise no /usr/include/sys/types.h<br />
yes | apt -y install libreadline-dev<br />
yes | apt -y install chromium-browser chromium-codecs-ffmpeg-extra<br />
yes | apt -y install ubuntu-mate-themes<br />
yes | apt -y install libmotif-dev libxmu-dev<br />
yes | apt -y install libusb-dev libusb-1.0-0-dev<br />
yes | apt -y install xfig gsfonts-x11 gsfonts-other # install fonts for xfig<br />
yes | apt -y install libjson-perl<br />
yes | apt -y install libgsl-dev # additional GNU Scientific Library<br />
yes | apt -y install qt5-default # Qt development<br />
yes | apt -y install python3.8-full python3.8-dev python3.8-dbg python3-pip ### for pyROOT<br />
yes | apt -y install imagemagick imagemagick-common ckeditor # for elog<br />
yes | apt -y install linux-tools-common linux-tools-generic # cpupower frequency-info<br />
yes | apt -y install linux-image-generic-hwe-20.04 linux-tools-virtual-hwe-20.04 # enable linux 5.11 series kernel<br />
</pre><br />
<br />
== install git/scripts ==<br />
<pre><br />
mkdir ~root/git<br />
cd ~root/git<br />
git clone https://daq00.triumf.ca/~olchansk/git/scripts.git<br />
cd scripts<br />
git pull<br />
</pre><br />
<br />
== disable swap (debian 11) ==<br />
<br />
* on 64 GB RAM machines swap is not useful<br />
* on machines booted from network (NFS-ROOT), swap does not work<br />
* on machines running from flash (RPi, etc), flash is too slow for useful swap<br />
* swap configured by linux installers invariably has wrong size and is not useful<br />
<br />
<pre><br />
systemctl disable dphys-swapfile<br />
systemctl stop dphys-swapfile<br />
dphys-swapfile uninstall<br />
</pre><br />
<br />
== install ganglia ==<br />
<br />
<pre><br />
yes | apt-get -y install ganglia-monitor<br />
systemctl enable ganglia-monitor<br />
</pre><br />
<pre><br />
cd ~root/git/scripts<br />
git pull<br />
cp etc/gmond-ubuntu.conf /etc/ganglia/gmond.conf<br />
ln -s ganglia/gmond.conf /etc<br />
# ln -s arm-linux-gnueabihf/ganglia /usr/lib/ganglia ### fix path for ARM CPU<br />
# ln -s i386-linux-gnu/ganglia /usr/lib/ganglia ### fix path for 32-bit Intel CPU<br />
systemctl restart ganglia-monitor<br />
systemctl status ganglia-monitor<br />
ps -efw | grep gmond<br />
</pre><br />
<pre><br />
cd ~root/git/scripts/ganglia<br />
make install<br />
./ganglia-all.perl<br />
</pre><br />
<br />
== install gonodeinfo ==<br />
<br />
* go to https://bitbucket.org/dd1/gonodeinfo follow instructions:<br />
<pre><br />
yes | apt-get -y install golang<br />
mkdir ~/git<br />
cd ~/git<br />
git clone https://bitbucket.org/dd1/gonodeinfo.git<br />
cd gonodeinfo<br />
git pull<br />
make<br />
make install # install gonodeinfo agent<br />
cd ~ # this is important<br />
</pre><br />
* edit /etc/gonodeinfo.conf<br />
* change "Description", "Location", "User" and "Administrator" as appropriate (or delete them)<br />
* change "Servers" to read: Servers: daq00.triumf.ca:8601<br />
* run "gonodeinfo -v"<br />
* if error is "connection refused". go to the nodeinfo server to add this client to the access control list:<br />
* on the gonodeinfo server: run /opt/gonodeinfo/gonodereceive.exe -a daq13<br />
* try gonodeinfo again, there should be no error<br />
* on the gonodeinfo server: run gonodereport, look at the web pages, the new machine should be listed now<br />
<br />
== install libz.so.1 for CentOS compatibility ==<br />
<br />
KO - confirm which versions on quartus need this.<br />
<br />
<pre><br />
yes | apt-get -y install zlib1g<br />
yes | apt-get -y install zlib1g:i386 libc6:i386 libgcc1:i386 gcc-6-base:i386<br />
</pre><br />
<br />
== install libpng12.so.0 for Quartus compatibility ==<br />
<br />
(does not work anymore!!!)<br />
<br />
<pre><br />
wget http://ftp.ca.debian.org/debian/pool/main/libp/libpng/libpng12-0_1.2.50-2+deb8u2_amd64.deb<br />
dpkg --install libpng12-0_1.2.50-2+deb8u2_amd64.deb<br />
</pre><br />
<br />
== install libpng12.so.0 for Quartus 13.0sp1 ==<br />
<br />
<pre><br />
wget https://daq00.triumf.ca/~olchansk/linux/libpng12.so.0<br />
wget https://daq00.triumf.ca/~olchansk/linux/libpng12.so.0.50.0<br />
/bin/cp -pv libpng12.so.0 libpng12.so.0.50.0 /lib/x86_64-linux-gnu/<br />
</pre><br />
<br />
== install packages for building ROOT ==<br />
<br />
<pre><br />
apt -y install libx11-dev libxpm-dev libxft-dev libxext-dev libpng-dev libjpeg-dev xlibmesa-glu-dev libxml2-dev libgsl-dev cmake<br />
</pre><br />
<br />
== install 32-bit libraries for PHYSICA ==<br />
<br />
these instructions are for running 32-bit physica executable built for SL6 on ubuntu LTS 20.04<br />
<br />
install physica sources (cannot build, do not have g77)<br />
<br />
<pre><br />
cd ~/packages<br />
git clone https://bitbucket.org/ttriumfdaq/physica.git<br />
</pre><br />
<br />
install 32-bit libraries using ubuntu package manager:<br />
<br />
<pre><br />
apt install lib32z1 # libz.so<br />
</pre><br />
<br />
copy 32-bit SL6 shared libraries to /lib32<br />
<br />
<pre><br />
root@trinatdaq:~# cp /daq/daqstore/olchansk/daq/physica-SL6/libX11.so.6 /lib32/<br />
root@trinatdaq:~# cp /daq/daqstore/olchansk/daq/physica-SL6/libgd.so.2 /lib32/<br />
root@trinatdaq:~# cp /daq/daqstore/olchansk/daq/physica-SL6/libpng12.so.0 /lib32/<br />
root@trinatdaq:~# cp /daq/daqstore/olchansk/daq/physica-SL6/libreadline.so.6 /lib32/<br />
root@trinatdaq:~# cp /daq/daqstore/olchansk/daq/physica-SL6/libncurses.so.5 /lib32/<br />
root@trinatdaq:~# cp /daq/daqstore/olchansk/daq/physica-SL6/libg2c.so.0 /lib32/<br />
root@trinatdaq:~# cp /daq/daqstore/olchansk/daq/physica-SL6/libxcb.so.1 /lib32/<br />
root@trinatdaq:~# cp /daq/daqstore/olchansk/daq/physica-SL6/libXpm.so.4 /lib32/<br />
root@trinatdaq:~# cp /daq/daqstore/olchansk/daq/physica-SL6/libjpeg.so.62 /lib32/<br />
root@trinatdaq:~# cp /daq/daqstore/olchansk/daq/physica-SL6/libfontconfig.so.1 /lib32/<br />
root@trinatdaq:~# cp /daq/daqstore/olchansk/daq/physica-SL6/libfreetype.so.6 /lib32/<br />
root@trinatdaq:~# cp /daq/daqstore/olchansk/daq/physica-SL6/libtinfo.so.5 /lib32/<br />
root@trinatdaq:~# cp /daq/daqstore/olchansk/daq/physica-SL6/libXau.so.6 /lib32/<br />
root@trinatdaq:~# cp /daq/daqstore/olchansk/daq/physica-SL6/libexpat.so.1 /lib32/<br />
</pre><br />
<br />
ldd should report:<br />
<br />
<pre><br />
trinatdaq:trinat> ldd /usr/local/physica/physica.exe<br />
linux-gate.so.1 (0xf7fa2000)<br />
libX11.so.6 => /lib32/libX11.so.6 (0xf7e43000)<br />
libgd.so.2 => /lib32/libgd.so.2 (0xf7dfe000)<br />
libpng12.so.0 => /lib32/libpng12.so.0 (0xf7dd6000)<br />
libz.so.1 => /lib32/libz.so.1 (0xf7db8000)<br />
libreadline.so.6 => /lib32/libreadline.so.6 (0xf7d7e000)<br />
libncurses.so.5 => /lib32/libncurses.so.5 (0xf7d5b000)<br />
libg2c.so.0 => /lib32/libg2c.so.0 (0xf7d3d000)<br />
libm.so.6 => /lib32/libm.so.6 (0xf7c39000)<br />
libgcc_s.so.1 => /lib32/libgcc_s.so.1 (0xf7c1a000)<br />
libc.so.6 => /lib32/libc.so.6 (0xf7a2f000)<br />
libxcb.so.1 => /lib32/libxcb.so.1 (0xf7a05000)<br />
libdl.so.2 => /lib32/libdl.so.2 (0xf79ff000)<br />
libXpm.so.4 => /lib32/libXpm.so.4 (0xf79ee000)<br />
libjpeg.so.62 => /lib32/libjpeg.so.62 (0xf7997000)<br />
libfontconfig.so.1 => /lib32/libfontconfig.so.1 (0xf7962000)<br />
libfreetype.so.6 => /lib32/libfreetype.so.6 (0xf78c9000)<br />
libtinfo.so.5 => /lib32/libtinfo.so.5 (0xf78b0000)<br />
/lib/ld-linux.so.2 (0xf7fa4000)<br />
libXau.so.6 => /lib32/libXau.so.6 (0xf78ad000)<br />
libexpat.so.1 => /lib32/libexpat.so.1 (0xf7885000)<br />
trinatdaq:trinat> <br />
</pre><br />
<br />
set login environment:<br />
<br />
<pre><br />
setenv TRIUMF_FONTS $HOME/packages/physica/fonts<br />
setenv PHYSICA_DIR $HOME/packages/physica<br />
alias physica $PHYSICA_DIR/physica-SL6-32<br />
</pre><br />
<br />
test:<br />
<br />
<pre><br />
cd ~/packages/physica<br />
physica<br />
@rangauss.pcm<br />
</pre><br />
<br />
== install desktop environments ==<br />
<br />
note: default display manager and default desktop are deficient, please do not skip this step.<br />
<br />
note: if apt asks to choose the display manager, select "lightdm"<br />
<br />
note: KO - I recommend the "MATE" desktop.<br />
<br />
note: you will have to cut-and-paste this several times because "apt" eats commands, even with "-y" and even piped from "yes".<br />
<br />
<pre><br />
# install MATE desktop<br />
yes | apt -y install ubuntu-mate-core ubuntu-mate-desktop ubuntu-mate-themes<br />
# install Cinnamon desktop<br />
yes | apt -y install cinnamon<br />
# install KDE desktop<br />
yes | apt -y install kubuntu-desktop<br />
# install Lxqt desktop<br />
yes | apt -y install lxqt<br />
# install Xfce4 desktop<br />
yes | apt -y install xfce4<br />
</pre><br />
<br />
== install ROOT ==<br />
<br />
Please install ROOT per instructions at http://root.cern.ch.<br />
<br />
NOTE1: The ROOT package available from Ubuntu repositories is severely out of date and cannot be used with MIDAS and ROOTANA. ### DO NOT DO THIS! apt-get install root-system<br />
<br />
NOTE2: as of 2017-Jan-09, ROOT binary kits for Ubuntu do not work (use GCC 5 instead of GCC6), build from source instead.<br />
<br />
== Install x2go ==<br />
<br />
KO - is this still needed? does it cause any security problems?<br />
<br />
x2go instructions, thanks to Art O.<br />
<br />
<pre><br />
add-apt-repository ppa:x2go/stable<br />
apt-get update<br />
apt-get install x2goserver x2goserver-xsession<br />
</pre><br />
<br />
== enable root login from ladd00/daq00 ==<br />
<pre><br />
ssh localhost<br />
CTRL-C<br />
/bin/cp ~root/git/scripts/etc/authorized_keys ~root/.ssh/<br />
</pre><br />
<br />
== install smart-status ==<br />
<pre><br />
ln -s ~/git/scripts/smart-status/smart-status.perl ~root/<br />
</pre><br />
<br />
== reboot ==<br />
<br />
this completes installation of the base system.<br />
<br />
following sections modify basic ubuntu to fix known problems and to enable special stuff.<br />
<br />
= Enable automatic updates =<br />
<br />
* apt install unattended-upgrades<br />
* emacs -nw /etc/apt/apt.conf.d/50unattended-upgrades<br />
** uncomment in Allowed-Origins "-security" and "-updates"<br />
** add in Allowed-Origins: "Google LLC:stable";<br />
** uncomment/add: "Unattended-Upgrade::Mail "root";<br />
* emacs -nw /etc/apt/apt.conf.d/10periodic<br />
<pre><br />
APT::Periodic::Update-Package-Lists "1";<br />
APT::Periodic::Download-Upgradeable-Packages "1";<br />
APT::Periodic::AutocleanInterval "7";<br />
APT::Periodic::Unattended-Upgrade "1";<br />
</pre><br />
* test: unattended-upgrade --dry-run -v<br />
<br />
= Fix bpool is full =<br />
<br />
!!! only if ROOT on ZFS !!!<br />
<br />
There is an error in the zsys package that causes bpool to run out of space,<br />
see [[#Ubuntu zsys]] for more details.<br />
<br />
To fix:<br />
<pre><br />
cd ~/git/scripts<br />
git pull<br />
cp etc/zsys.conf /etc/<br />
zsysctl service reload<br />
zsysctl service gc<br />
zpool list bpool<br />
zfs list bpool<br />
df /boot<br />
</pre><br />
<br />
= IPMI instructions =<br />
<br />
IPMI is the board management hardware on Supermicro and other server motherboards. This includes hardware sensors - fan rotation speed, temperatures and power supply voltages.<br />
<br />
<pre><br />
apt-get install ipmitool<br />
systemctl enable ipmievd<br />
systemctl restart ipmievd<br />
</pre><br />
<br />
Run:<br />
* ipmitool sel list ### event list<br />
* ipmitool sel elist ### event list<br />
* ipmitool sel clear ### clear event list (if it becomes full)<br />
* ipmitool sensor ### report hardware sensors<br />
<br />
= move /home/wheel =<br />
<br />
note: this MUST be done if ZFS root and NIS/autofs with /home.<br />
<br />
Default location of wheel's home directory will collide with autofs /home, it has to be moved,<br />
for example to /wheel.<br />
<br />
<pre><br />
# logout from the wheel user<br />
# go to another computer<br />
ssh root@daqubuntuxxx<br />
zfs list | grep wheel ### identify zfs name wheel_xxxxxx<br />
zfs set mountpoint=/wheel rpool/USERDATA/wheel_hm8fzh<br />
emacs -nw /etc/passwd ### change wheel's home directory from /home/wheel to /wheel<br />
su - wheel ### check that user wheel still works<br />
</pre><br />
<br />
= NIS instructions (debian 11) =<br />
<br />
<pre><br />
apt -y install rpcbind nis<br />
echo DAQ-NIS >> /etc/defaultdomain<br />
echo ypserver daq00.triumf.ca >> /etc/yp.conf<br />
systemctl enable ypbind.service<br />
systemctl restart ypbind.service<br />
systemctl status ypbind.service<br />
ypwhich -m<br />
</pre><br />
<br />
then as below:<br />
<br />
= NIS and autofs instructions =<br />
<br />
* apt-get -y install portmap nis ### will ask for NIS domain (DAQ-NIS)<br />
* dpkg-reconfigure nis ### reconfigure if already installed<br />
* ypwhich -m<br />
* edit /etc/default/nis<br />
** set "NISSERVER=slave"<br />
** Ubuntu LTS 20.04, check that "YPBINDARGS=" is blank, remove "-no-dbus" if it is there<br />
* #edit /etc/yp.conf, comment-out everything, add "domain DAQ-NIS server localhost"<br />
* edit /etc/yp.conf, comment-out everything, add "ypserver localhost"<br />
* /usr/lib/yp/ypinit -s daq00<br />
* systemctl enable nis<br />
* systemctl restart nis<br />
* ypwhich<br />
* ypwhich -m<br />
* ypcat -k passwd<br />
* apt-get -y install autofs<br />
* systemctl enable autofs<br />
* vi /etc/nsswitch.conf ### add the automount line, modify the passwd, group and shadow lines to read this:<br />
<pre><br />
# begin get data from nis<br />
passwd: files nis<br />
group: files nis<br />
shadow: files nis<br />
automount: files nis<br />
netgroup: files nis<br />
# end get data from nis<br />
</pre><br />
* systemctl restart autofs<br />
* enable hourly update of NIS maps<br />
<pre><br />
mkdir ~root/git<br />
cd ~root/git<br />
git clone http://ladd00.triumf.ca/~olchansk/git/scripts.git<br />
cd ~/git/scripts/etc<br />
git pull<br />
ln -s $PWD/ypxfr-cron-hourly /etc/cron.hourly<br />
</pre><br />
* ### NOT NEEDED sudo vi /etc/idmapd.conf ### add line: "Domain = triumf.ca"<br />
* ls -l /home/olchansk ### test autofs, check file owner is correct<br />
<br />
= NIS master =<br />
<br />
notes for setting up the NIS master<br />
<br />
== wheel user ==<br />
<br />
"wheel" is the default administrative user. We do not want it's password exported to NIS (encrypted password hash is world visible) and we do not want it's home directory exported to NFS (~wheel/.ssh is world visible and potentially writable: anybody can change ~wheel/.ssh/authorized_keys).<br />
<br />
* move wheel's home directory from /home/wheel to /wheel (see special section about this)<br />
* change wheel's UID and GID from 1000 to a value below NIMUID in /var/yp/Makefile<br />
<br />
== coherent uids ==<br />
<br />
we do not want system accounts defined in /etc/passwd of the NIS master<br />
to be included in the NIS map "passwd". this causes trouble on NIS clients<br />
where newly installed packages fail to create local system users because same<br />
user already exists in NIS.<br />
<br />
This is controlled by MINUID in /var/yp/Makefile.<br />
<br />
Historical TRIUMF uids start from around 200, but several clusters do not have any historic TRIUMF uids below 500 and MINUID is set to:<br />
* DAQ-NIS: MINUID=200<br />
* ISAC-NIS: MINUID=500<br />
* TITAN-NIS: MINUID=500<br />
* MUSR-NIS: MINUID=500<br />
* TIG-NIS: MINUID=500 (100 on SL6 mother8pi)<br />
<br />
Ubuntu 20 has two programs to create users:<br />
* adduser - creates new users with UID 1000 and up as specified in /etc/adduser.conf. No problems here.<br />
* adduser --system - creates new system users with UID 100 and up as specified in /etc/adduser.conf. No problems here.<br />
* useradd - creates new users with UID 1000 and up as specified in /etc/login.defs. No problems here.<br />
* useradd --system - creates new system users with UID 999 and down (read "man useradd", section at the end about SYS_UID_MAX). This collides with NIS MINUID, these system users will be included in the NIS map and cause trouble.<br />
<br />
This problem cannot be fixed, SYS_UID_MIN, SYS_UID_MAX and UID_MIN in /etc/login.defs do not seem<br />
to have any effect on UIDs chosen by "useradd --system". (tested on Ubuntu LTS 20.04).<br />
<br />
So far only these system accounts seem to be affected by this:<br />
* systemd-coredump<br />
* ganglia<br />
<br />
To fix:<br />
* run "sort -r -n -t: -k3 /etc/passwd" to identify the last unused system user uid (range 100..200)<br />
* run "sort -r -n -t: -k3 /etc/group" to identify the last unused system user gid (range 100.200)<br />
* systemd-coredump: manually change UID and GID (package systemd-coredump is usually not installed)<br />
* ganglia: same thing, then change ownership on all ganglia files.<br />
<br />
Also read systemd author's opinion on system vs user UIDs:<br />
https://github.com/systemd/systemd/issues/4850#issuecomment-265698275<br />
<br />
= Fix systemd-logind NIS breakage =<br />
<br />
!!! THIS IS NOT NEEDED FOR UBUNTU LTS 20.04 !!!<br />
<br />
there is a delay in ssh logins for normal users. "ssh -v" shows the delay is after "pledge...". this<br />
fix removes the delay.<br />
<br />
systemd developers think that we should not use NIS and made sure there are<br />
problems if we do. To give them credit, they do offer a workaround. Read this:<br />
https://github.com/poettering/systemd/commit/695fe4078f0df6564a1be1c4a6a9e8a640d23b67<br />
<br />
<pre><br />
mkdir /etc/systemd/system/systemd-logind.service.d<br />
echo -e "[Service]\nIPAddressDeny=\n" > /etc/systemd/system/systemd-logind.service.d/local.conf<br />
systemctl daemon-reload<br />
systemctl cat systemd-logind.service<br />
</pre><br />
<br />
= Fix systemd-udevd NIS breakage =<br />
<br />
see same problem as above with udev getting stuck. ubuntu lts 20.04.<br />
<br />
<pre><br />
mkdir /etc/systemd/system/systemd-udevd.service.d<br />
echo -e "[Service]\nIPAddressDeny=\n" > /etc/systemd/system/systemd-udevd.service.d/local.conf<br />
systemctl daemon-reload<br />
systemctl cat systemd-udevd.service<br />
</pre><br />
<br />
= Configure lightdm display manager =<br />
<br />
* enable it<br />
<pre><br />
echo lightdm | dpkg-reconfigure -fteletype lightdm<br />
systemctl disable gdm<br />
systemctl disable sddm<br />
systemctl enable lightdm<br />
</pre><br />
<br />
* make the MATE desktop as default<br />
<pre><br />
cd ~root/git/scripts/<br />
git pull<br />
/bin/cp -v etc/lightdm_default_mate.conf /etc/lightdm/lightdm.conf.d/<br />
</pre><br />
<br />
* enable login by NIS users<br />
<pre><br />
/bin/cp -v etc/lightdm_enable_nis_login.conf /etc/lightdm/lightdm.conf.d/<br />
</pre><br />
<br />
* restart lightdm<br />
<pre><br />
systemctl stop gdm<br />
systemctl restart lightdm<br />
</pre><br />
<br />
= Install libpng12.so.0 =<br />
<br />
Quartus 16 needs libpng12:<br />
<br />
<pre><br />
wget http://mirrors.kernel.org/ubuntu/pool/main/libp/libpng/libpng12-0_1.2.54-1ubuntu1_amd64.deb<br />
dpkg --install libpng12-0_1.2.54-1ubuntu1_amd64.deb<br />
</pre><br />
<br />
= Install google-chrome =<br />
<br />
Instructions from here:<br />
https://www.ubuntuupdates.org/ppa/google_chrome?dist=stable<br />
<br />
<pre><br />
wget -q -O - https://dl-ssl.google.com/linux/linux_signing_key.pub | apt-key add -<br />
sh -c 'echo "deb [arch=amd64] http://dl.google.com/linux/chrome/deb/ stable main" >> /etc/apt/sources.list.d/google-tmp.list'<br />
apt update<br />
apt install google-chrome-stable<br />
/bin/rm -f /etc/apt/sources.list.d/google-tmp.list<br />
</pre><br />
<br />
= Install amanda client =<br />
<br />
* apt install amanda-client<br />
* edit /etc/amandahosts<br />
<pre><br />
amanda.triumf.ca amanda amdump<br />
</pre><br />
* check permissions on /etc/amandahosts:<br />
<pre><br />
root@daq00:/var/log/amanda# ls -l /etc/amandahosts<br />
-rw------- 1 backup backup 49 Jan 27 10:48 /etc/amandahosts<br />
</pre><br />
* fix if needed: chown backup.backup /etc/amandahosts; chmod a= /etc/amandahosts; chmod u=wr /etc/amandahosts<br />
* edit /etc/amanda-security.conf, add this line:<br />
<pre><br />
runtar:gnutar_path=/usr/bin/tar<br />
</pre><br />
<br />
On the amanda machine:<br />
<br />
* in amanda disklist, use dump type "bsdtcp-comp-user-tar"<br />
* su - amanda and run amcheck -c daq00<br />
<pre><br />
-bash-4.1$ amcheck -c daily daq00<br />
<br />
Amanda Backup Client Hosts Check<br />
--------------------------------<br />
Client check: 1 host checked in 0.092 seconds. 0 problems found.<br />
<br />
(brought to you by Amanda 3.3.7p1.git.685ff76d)<br />
</pre><br />
<br />
= Enable rc.local =<br />
<br />
For reasons unknown, Ubuntu LTS 20.04 does not enable /etc/rc.local. Do this:<br />
<br />
<pre><br />
cd ~/git/scripts<br />
git pull<br />
cp etc/rc.local /etc/<br />
chmod a+rx /etc/rc.local<br />
cp etc/rc-local.service /etc/systemd/system/<br />
systemctl daemon-reload<br />
systemctl enable rc-local<br />
systemctl start rc-local<br />
systemctl status rc-local<br />
</pre><br />
<br />
= Disable unwanted services =<br />
<br />
<pre><br />
systemctl disable mpd<br />
systemctl disable snapd<br />
systemctl disable ModemManager<br />
</pre><br />
<br />
= Disable sleep and suspend =<br />
<br />
note: we see some computers randomly shutdown or go to sleep, log files indicates the "sleep" or "suspend" button was pushed by user, but no such buttons actually exist. this is the fix for this:<br />
<br />
<pre><br />
systemctl mask sleep.target suspend.target hibernate.target hybrid-sleep.target systemd-suspend.service systemd-hybrid-sleep.service<br />
</pre><br />
<br />
= Enable crontab @reboot for MIDAS =<br />
<br />
startup scripts have a bug - cron @reboot entries for normal users can run before autofs is ready, so if the home directory is on autofs/NFS, it cannot be accessed and the cron job fails. If MIDAS is supposed to be started by cron @reboot, it will not start (there *will* be an error message in /var/log/cron).<br />
<br />
<pre><br />
mkdir /etc/systemd/system/cron.service.d<br />
echo -e "[Unit]\nAfter=ypbind.service autofs.service\n" > /etc/systemd/system/cron.service.d/local.conf<br />
systemctl daemon-reload<br />
systemctl cat cron.service<br />
</pre><br />
<br />
Explore the systemd dependency tree using "systemctl list-dependencies" maybe with "--all".<br />
<br />
Visualize the exact boot sequence from previous boot: "systemd-analyze plot > xxx.svg", look at the svg file using a web browser.<br />
<br />
Crontab entry to start midas: (install in the midas user crontab, not root crontab)<br />
<br />
<pre><br />
su - midasuser<br />
crontab -l<br />
#@reboot /bin/bash -l -c "/home/trinat/bin/start-daq-applications"<br />
#@reboot /bin/tcsh -c "/home/trinat/bin/start-daq-applications"<br />
</pre><br />
<br />
= Install apache httpd proxy for midas and elog =<br />
<br />
This will configure the HTTPS/SSL certificate using "certbot" and "letsencrypt" and configure an HTTPS web server using apache2.<br />
<br />
First, configure apache2:<br />
<br />
* execute these commands:<br />
<pre><br />
apt -y install apache2<br />
cd /etc/apache2<br />
</pre><br />
* create new file conf-available/ssl-daq14.conf # use actual hostname instead of daq14<br />
<pre><br />
SSLSessionCache shmcb:/run/httpd/sslcache(512000)<br />
SSLSessionCacheTimeout 300<br />
SSLRandomSeed startup file:/dev/urandom 256<br />
SSLRandomSeed connect builtin<br />
SSLCryptoDevice builtin<br />
</pre><br />
* create new file sites-available/daq14-ssl.conf # use actual hostname instead of daq14<br />
<pre><br />
<IfModule mod_ssl.c><br />
<VirtualHost *:443><br />
ServerName daq14.triumf.ca<br />
DocumentRoot /var/www/html<br />
ErrorLog /var/log/apache2/daq14.log<br />
SSLEngine on<br />
# note SSLProtocol, SSLCipherSuite and some other settings are overwritten by /etc/letsencrypt/options-ssl-apache.conf<br />
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1<br />
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!SEED:!IDEA:!RC4<br />
## use port specified in elogd.cfg<br />
#ProxyPass /elog/ http://localhost:8082/ retry=1 <br />
## use mhttpd port<br />
#ProxyPass / http://localhost:8080/ retry=1 <br />
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"<br />
<Location /><br />
SSLRequireSSL<br />
AuthType Basic<br />
AuthName "DAQ password protected site"<br />
Require valid-user<br />
# create password file: touch /etc/apache2/htpasswd<br />
# to add new user or change password: htpasswd /etc/apache2/htpasswd username<br />
AuthUserFile /etc/apache2/htpasswd<br />
</Location><br />
</VirtualHost><br />
</IfModule><br />
</pre><br />
* stop apache2 from listening on port 80: edit /etc/apache2/ports.conf, comment-out the line "Listen 80"<br />
* stop apache2 from listening on port 80: edit /etc/apache2/ports.conf, comment-out the line "Listen 80"<br />
* enable ssl module<br />
* enable new configurations<br />
<pre><br />
a2enmod ssl<br />
a2enmod headers<br />
a2enmod proxy<br />
a2enmod proxy_http<br />
a2enconf ssl-daq14<br />
a2ensite daq14-ssl<br />
</pre><br />
* disable default ssl sites<br />
<pre><br />
a2dissite 000-default-le-ssl<br />
a2dissite 000-default<br />
ls -l /etc/apache2/sites-enabled/ ### should show only daq14-ssl.conf<br />
</pre><br />
* check that there are no syntax problems<br />
<pre><br />
apache2ctl configtest<br />
</pre><br />
* enable and start apache2:<br />
<pre><br />
systemctl enable apache2<br />
systemctl restart apache2<br />
systemctl status apache2<br />
</pre><br />
* apache2 may fail to start, look in /var/log/apache2/error.log and /var/log/apache2/daq14.log<br />
* if it says "Failed to configure ... certificate", proceed to the step for setting certbot.<br />
* try to access https://daq14.triumf.ca<br />
** you should see a complaint about self-signed certificate<br />
** you should see a request for password (do not login yet)<br />
** if you get "connection refused", HTTPS port 443 may need to be enabled in the local firewall, look at documentation for ufw.<br />
Second, configure certbot:<br />
<br />
(Note: as of 2018-01-18 certbot requires use of http port 80 to get the initial https certificate,<br />
renewal can continue to use the https port 443)<br />
<br />
(Note: as of 2019-01-?? certbot requires use of port 80 for renewals)<br />
<br />
* check that port 80 is not used by anything:<br />
* netstat -an | grep LISTEN | grep ^tcp | grep 80<br />
* lsof -P | grep -i tcp | grep LISTEN | grep 80<br />
* if lsof reports that apache2 is listening on port 80, follow the apache2 instructions above (remove "listen 80" from apache2.conf<br />
<br />
* install certbot (if necessary open tcp port 80 in the firewall, see documentation for ufw):<br />
<pre><br />
apt install certbot python3-certbot-apache<br />
certbot certonly --standalone --installer apache<br />
</pre><br />
* then answer questions:<br />
* "activate HTTPS for daq14.triumf.ca" - say ok<br />
* "enter email address" - enter your own email address<br />
* "please read terms..." - read the terms and say "agree"<br />
* it will take a few moments...<br />
* "congratulations..." - say ok.<br />
<pre><br />
certbot install --apache --cert-name daq14.triumf.ca<br />
</pre><br />
* then answer questions:<br />
* "choose redirect..." - say "1" (no redirect)<br />
* look inside /etc/apache2/sites-enabled/daq14-ssl.conf to see that SSLCertificateFile & co point to certbot certificates in<br />
/etc/letsencrypt/live/daq14.triumf.ca/<br />
* to check current renewal and to update the certbot config file in /etc/letsencrypt/renewal, run this:<br />
<pre><br />
certbot renew --standalone --installer apache --force-renewal<br />
</pre><br />
<br />
NOTE: this certificate will expire in 3 months, automatic renewal should work with current version of certbot<br />
<br />
Third, activate password protection:<br />
<br />
* as shown in the config file above, create password file and initial user: (replace "midas" with specific username)<br />
<pre><br />
touch /etc/apache2/htpasswd<br />
htpasswd /etc/apache2/htpasswd midas<br />
</pre><br />
<br />
* restart apache2<br />
<pre><br />
systemctl restart apache2<br />
systemctl status apache2<br />
</pre><br />
<br />
From here:<br />
* enable proxy for MIDAS mhttpd - uncomment redirect in the config file above<br />
* enable proxy for ELOG - ditto<br />
<pre><br />
a2enmod proxy<br />
a2enmod proxy_http<br />
apache2ctl configtest<br />
systemctl restart apache2<br />
</pre><br />
<br />
From here:<br />
* enable proxy for MIDAS mhttpd - uncomment redirect in the config file above<br />
* enable proxy for ELOG - ditto<br />
<pre><br />
a2enmod proxy<br />
a2enmod proxy_http<br />
apache2ctl configtest<br />
systemctl restart apache2<br />
</pre><br />
* try accessing MIDAS https://daq14.triumf.ca/ (make sure mhttpd is running)<br />
* if it's not working, check odb setting FIXME!<br />
* try accessing ELog https://daq14.triumf.ca/elog/ (make sure elogd is running)<br />
* if it's not working, check elogd.cfg file and make sure<br />
<pre><br />
SSL = 0<br />
</pre><br />
<br />
NOTE: if certbot fails with errors about 'module' object has no attribute 'pyopenssl',<br />
try this: pip install requests==2.6.0<br />
<br />
= Enable elog PDF preview =<br />
<br />
see https://stackoverflow.com/questions/52998331/imagemagick-security-policy-pdf-blocking-conversion<br />
<br />
* xemacs -nw /etc/ImageMagick-6/policy.xml<br />
* remove this section at the end:<br />
<pre><br />
<!-- disable ghostscript format types --><br />
<policy domain="coder" rights="none" pattern="PS" /><br />
<policy domain="coder" rights="none" pattern="PS2" /><br />
<policy domain="coder" rights="none" pattern="PS3" /><br />
<policy domain="coder" rights="none" pattern="EPS" /><br />
<policy domain="coder" rights="none" pattern="PDF" /><br />
<policy domain="coder" rights="none" pattern="XPS" /><br />
</pre><br />
<br />
= Install ZFS quota report =<br />
<br />
If there are any ZFS volumes, install script to report disk and quota usage<br />
<br />
<pre><br />
cd ~/git/scripts/quotareport<br />
git pull<br />
mkdir /var/www/html/zfsquotareport<br />
cp -pv ~/git/scripts/quotareport/sorttable.js /var/www/html/zfsquotareport/<br />
ln -s $PWD/zfsquotareport.perl /etc/cron.daily/<br />
touch /etc/crontab<br />
</pre><br />
<br />
If httpd is configured to redirect "/" to MIDAS mhttpd:<br />
* add following to /etc/apache2/sites-enabled/xxx-ssl.conf in front of "ProxyPass / ..."<br />
* run "systemctl reload apache2"<br />
<pre><br />
## do not proxy zfs quota report directory <br />
ProxyPass /zfsquotareport/ ! <br />
</pre><br />
<br />
= Install PHP =<br />
<br />
* apt install php libapache2-mod-php<br />
* systemctl restart apache2<br />
* create /var/www/html/info.php<br />
<pre><br />
<?php <br />
<br />
phpinfo(); <br />
</pre><br />
* open https://daq00.triumf.ca/info.php<br />
<br />
= Configure TRIUMF printers =<br />
<br />
<pre><br />
systemctl stop cups<br />
systemctl disable cups<br />
echo "ServerName printers.triumf.ca" > /etc/cups/client.conf<br />
lpstat -a<br />
</pre><br />
<br />
= Enable core dumps =<br />
<br />
By default, Ubuntu LTS 20.04 installs the apport package<br />
which disabled core dumps from user applications. (google it up!).<br />
It is not meant to do this and documentation claims that<br />
it is not installed and not enabled by default. Oh, well...<br />
<br />
<pre><br />
apt remove apport<br />
apt autoremove ### will remove apport-symptoms and a few other packages<br />
</pre><br />
<br />
After this, core dumps are written to file "core" in the current directory.<br />
See /proc/sys/kernel/core_pattern and /proc/sys/kernel/core_uses_pid.<br />
<br />
= Enable debugger =<br />
<br />
By default, Ubuntu LTS 20.04 does not permit debugger to attach and debug<br />
already running programs. To enable it, add following to /etc/rc.local<br />
<br />
<pre><br />
echo 0 > /proc/sys/kernel/yama/ptrace_scope<br />
</pre><br />
<br />
= Configure GRUB boot loader =<br />
<br />
This will enable the grub menu (with a 10 sec timeout) and<br />
replace black screen with exciting linux boot messages.<br />
<br />
* emacs -nw /etc/default/grub<br />
<pre><br />
GRUB_DEFAULT=0<br />
#GRUB_TIMEOUT_STYLE=hidden<br />
GRUB_TIMEOUT=10<br />
GRUB_DISTRIBUTOR=`lsb_release -i -s 2> /dev/null || echo Debian`<br />
#GRUB_CMDLINE_LINUX_DEFAULT="vga=769 video=640x480"<br />
GRUB_CMDLINE_LINUX_DEFAULT=""<br />
GRUB_CMDLINE_LINUX=""<br />
#GRUB_GFXMODE=640x480<br />
</pre><br />
* update grub config:<br />
<pre><br />
grub-mkconfig -o /boot/grub/grub.cfg<br />
</pre><br />
<br />
= Update packages =<br />
<br />
* apt-get update # update package list<br />
* apt-get dist-upgrade # install updated packages and update "kept back" packages<br />
* apt-get autoremove # remove packages that apt thinks should be removed<br />
<br />
= Finish installation =<br />
<br />
* reboot<br />
<pre><br />
shutdown -r now<br />
</pre><br />
<br />
= Install ZFS =<br />
<br />
!!! after installing all the packages, after updating the system, after updating the linux kernel, after rebooting into latest kernel !!!<br />
<br />
<pre><br />
apt-get install zfsutils-linux<br />
</pre><br />
<br />
Follow generic ZFS instructions: [[ZFS]]<br />
<br />
= Update to new version of Ubuntu =<br />
<br />
<pre><br />
vi /etc/update-manager/release-upgrades # set "Prompt=normal"<br />
do-release-upgrade<br />
</pre><br />
<br />
= Ubuntu package manager =<br />
<br />
* apt-get install xxx # install package xxx<br />
* apt-get update<br />
* apt-get upgrade<br />
* apt-get dist-upgrade<br />
* apt-get autoremove # remove automatically installed packages required by a removed package<br />
* apt-get remove xxx # remove package xxx<br />
* apt-cache search . # list all available packages<br />
* apt-cache show "." | grep ^Package # list al available packages<br />
* apt-cache madison root-system # show all available versions of package root-system<br />
* apt list # list all installed packages<br />
* dpkg --listfiles libpng16-16 # list all files from this package<br />
* apt list --installed # list all installed packages<br />
* dpkg -S /bin/bash # what package provides this file?<br />
* dpkg -L bash # what files provided by this package?<br />
<br />
= Ubuntu zsys =<br />
<br />
* manages system snapshots<br />
* documentation: https://github.com/ubuntu/zsys<br />
* documentation: (go to next article via link "newer" at the bottom) https://didrocks.fr/2020/05/21/zfs-focus-on-ubuntu-20.04-lts-whats-new/<br />
* ubuntu 20.04 bug, too many snapshots cause /boot to become full and updates fail. https://github.com/ubuntu/zsys/issues/155<br />
* solution: use custom /etc/zsys.conf, limit number of snapshots to 10, see trinatdaq:/etc/zsys.conf<br />
* zsys commands:<br />
<pre><br />
update-grub # list of all snapshots, errors if some snapshots are broken<br />
zsysctl state remove lnc0k7 --system # remove snapshot<br />
xemacs -nw /etc/zsys.conf; zsysctl service reload; zsysctl service gc # cause gc to run with new settings in zsys.conf<br />
zfs list -r -t snapshot -o name,used,referenced,creation bpool/BOOT # list snapshots<br />
zsysctl show # show snapshots<br />
</pre><br />
<br />
= Ubuntu cloning =<br />
<br />
to clone a ubuntu image:<br />
<br />
<pre><br />
cd /nfsroot/lxcpet<br />
emacs -nw etc/hostname ### change hostname<br />
emacs -nw etc/mailname ### change hostname (debian 11)<br />
emacs -nw etc/defaultdomain ### change the NIS domainname<br />
emacs -nw etc/yp.conf ### change the NIS server<br />
cp -pvf ../lxcpet-SL610/etc/ssh/*key* etc/ssh/ ### preserve the ssh keys<br />
emacs -nw opt/gonodeinfo/gonodeinfo.conf ### update information<br />
emacs -nw root/.ssh/authorized_keys ### update root ssh keys<br />
</pre><br />
<br />
= Ubuntu boot loader =<br />
<br />
== boot from ZFS ==<br />
<br />
* use UEFI boot with syslinux, see here: https://daq.triumf.ca/DaqWiki/index.php/SLinstall#Configure_UEFI_boot<br />
* apt install zfs-initramfs<br />
* update-initramfs -v -u<br />
* ZFS structure:<br />
<pre><br />
root@daq00:~# zfs list<br />
NAME USED AVAIL REFER MOUNTPOINT<br />
rpool 147G 1.62T 96K /<br />
rpool/ROOT 17.8G 1.62T 96K none<br />
rpool/ROOT/ubuntu_00aaaa 17.8G 1.62T 6.22G /<br />
</pre><br />
* copy OS image to rpool/ROOT/ubuntu_00aaaa<br />
* zfs set mountpoint=/ rpool<br />
* zfs set mountpoint=none rpool/ROOT<br />
* zfs set mountpoint=/ rpool/ROOT/ubuntu_00aaaa<br />
* zfs get all | grep mountpoint<br />
<pre><br />
rpool mountpoint / local<br />
rpool/ROOT mountpoint none local<br />
rpool/ROOT/ubuntu_00aaaa mountpoint / local<br />
</pre><br />
* in linux kernel command line (syslinux.cfg), set "root=" to "root=ZFS=rpool/ROOT/ubuntu_00aaaa"<br />
<br />
== boot from ZFS mirror ==<br />
<br />
=== setup the EFI partitions ===<br />
<br />
* assuming /dev/sdb is already setup for EFI boot, setup /dev/sda the same way:<br />
* partition the second boot disk same as first boot disk:<br />
<pre><br />
root@grsnis01:~# gdisk -l /dev/sdb<br />
Found valid GPT with protective MBR; using GPT.<br />
Number Start (sector) End (sector) Size Code Name<br />
1 2048 1050623 512.0 MiB EF00 EFI system partition<br />
2 1050624 3907029134 1.8 TiB 8300 Linux filesystem<br />
root@grsnis01:~# <br />
</pre><br />
* mkfs.msdos /dev/sdX1<br />
* create mount points<br />
<pre><br />
mkdir /boot/efi-sda<br />
mkdir /boot/efi-sdb<br />
</pre><br />
* add to /etc/fstab<br />
<pre><br />
/dev/sda1 /boot/efi-sda vfat umask=0022,fmask=0022,dmask=0022,nofail 0 1 <br />
/dev/sdb1 /boot/efi-sdb vfat umask=0022,fmask=0022,dmask=0022,nofail 0 1 <br />
</pre><br />
* mount -a<br />
* df | grep boot<br />
<pre><br />
root@grsnis01:~# df | grep boot<br />
/dev/sdb1 523248 98100 425148 19% /boot/efi-sdb<br />
/dev/sda1 523248 4 523244 1% /boot/efi-sda<br />
</pre><br />
* copy boot files to new boot disk<br />
* cd /boot/efi-sdX; rsync -av . /boot/efi-sdY<br />
* set BIOS to boot from "UEFI Hard drive", disable legacy boot (except for booting from USB key in legacy mode)<br />
* if using UEFI boot syslinux per these instructions, linux kernel update has to be done manually by running the script update_efi_mirror.perl (provided by K.O.), follow instructions that it prints.<br />
<br />
=== zetup zfs mirror ===<br />
<br />
* see here: https://daq.triumf.ca/DaqWiki/index.php/ZFS#Convert_pool_from_single_to_mirror<br />
<pre><br />
root@grsnis01:~# ls -l /dev/disk/by-id/ata*part2<br />
lrwxrwxrwx 1 root root 10 Feb 19 16:47 /dev/disk/by-id/ata-WDC_WDS200T2B0A-00SM50_205007801081-part2 -> ../../sda2<br />
lrwxrwxrwx 1 root root 10 Feb 19 16:47 /dev/disk/by-id/ata-WDC_WDS200T2B0A-00SM50_205007801101-part2 -> ../../sdb2<br />
<br />
root@grsnis01:~# zpool status<br />
pool: rpool<br />
state: ONLINE<br />
scan: none requested<br />
config:<br />
<br />
NAME STATE READ WRITE CKSUM<br />
rpool ONLINE 0 0 0<br />
ata-WDC_WDS200T2B0A-00SM50_205007801101-part2 ONLINE 0 0 0<br />
<br />
errors: No known data errors<br />
<br />
root@grsnis01:~# zpool attach rpool ata-WDC_WDS200T2B0A-00SM50_205007801101-part2 /dev/disk/by-id/ata-WDC_WDS200T2B0A-00SM50_205007801081-part2<br />
<br />
root@grsnis01:~# zpool status<br />
pool: rpool<br />
state: ONLINE<br />
status: One or more devices is currently being resilvered. The pool will<br />
continue to function, possibly in a degraded state.<br />
action: Wait for the resilver to complete.<br />
scan: resilver in progress since Fri Feb 19 16:54:39 2021<br />
12.6G scanned at 3.16G/s, 1.02G issued at 262M/s, 12.6G total<br />
1.02G resilvered, 8.09% done, 0 days 00:00:45 to go<br />
config:<br />
<br />
NAME STATE READ WRITE CKSUM<br />
rpool ONLINE 0 0 0<br />
mirror-0 ONLINE 0 0 0<br />
ata-WDC_WDS200T2B0A-00SM50_205007801101-part2 ONLINE 0 0 0<br />
ata-WDC_WDS200T2B0A-00SM50_205007801081-part2 ONLINE 0 0 0 (resilvering)<br />
<br />
errors: No known data errors<br />
</pre><br />
* wait<br />
<pre><br />
root@grsnis01:~# zpool status<br />
pool: rpool<br />
state: ONLINE<br />
scan: resilvered 12.7G in 0 days 00:00:40 with 0 errors on Fri Feb 19 16:55:19 2021<br />
config:<br />
<br />
NAME STATE READ WRITE CKSUM<br />
rpool ONLINE 0 0 0<br />
mirror-0 ONLINE 0 0 0<br />
ata-WDC_WDS200T2B0A-00SM50_205007801101-part2 ONLINE 0 0 0<br />
ata-WDC_WDS200T2B0A-00SM50_205007801081-part2 ONLINE 0 0 0<br />
<br />
errors: No known data errors<br />
</pre><br />
<br />
== maintenance commands ==<br />
<br />
* update-initramfs -v -u<br />
* grub-install /dev/sda<br />
<br />
= Disable NetworkManager =<br />
<br />
NetworkManager is useful for configuring dynamic<br />
network interfaces, i.e. laptops that often move<br />
between networks, or connect to multiple choice<br />
of wifi networks, etc.<br />
<br />
For machines with statically configured network interfaces,<br />
NetworkManager is not necessary.<br />
<br />
As it has been observed to become confused and observed<br />
to malfunction when network links go up and down (it keeps<br />
unnecessarily reconfiguring the ip address, etc), it can<br />
be usefuil to disable it.<br />
<br />
* list all network interfaces<br />
<pre><br />
# /bin/ls -1 /sys/class/net/<br />
enp0s31f6<br />
lo<br />
</pre><br />
* edit /etc/network/interfaces:<br />
<pre><br />
rename enp0s31f6=eth0<br />
auto eth0<br />
iface eth0 inet static<br />
address 142.90.120.94/19<br />
gateway 142.90.100.18<br />
</pre><br />
* statically configure systemd-resolved<br />
<pre><br />
xemacs -nw /etc/systemd/resolved.conf ### to read this:<br />
XXX<br />
[Resolve] <br />
DNS=142.90.100.19<br />
Domains=triumf.ca<br />
XXX<br />
systemctl restart systemd-resolved<br />
resolvectl<br />
</pre><br />
* disable NetworkManager<br />
<pre><br />
systemctl disable NetworkManager<br />
</pre><br />
* reboot<br />
<br />
= Configure ECC memory =<br />
<br />
== Configure EDAC ==<br />
<br />
* apt install edac-utils<br />
<br />
=== Intel E-2236 ===<br />
<pre><br />
root@daq00:~# edac-ctl --mainboard<br />
edac-ctl: mainboard: Supermicro X11SCM-F<br />
root@daq00:~# edac-ctl --status<br />
edac-ctl: drivers are loaded.<br />
root@daq00:~# edac-util <br />
edac-util: No errors to report.<br />
root@daq00:~# edac-util -s<br />
edac-util: EDAC drivers are loaded. 1 MC detected<br />
</pre><br />
* check edac sysfs files (Intel)<br />
<pre><br />
root@daq00:~# ls -l /sys/devices/system/edac/mc/mc0<br />
total 0<br />
-r--r--r-- 1 root root 4096 Jan 25 15:10 ce_count<br />
-r--r--r-- 1 root root 4096 Jan 25 15:10 ce_noinfo_count<br />
-r--r--r-- 1 root root 4096 Jan 25 15:10 max_location<br />
-r--r--r-- 1 root root 4096 Jan 25 15:10 mc_name<br />
drwxr-xr-x 2 root root 0 Jan 25 15:10 power<br />
drwxr-xr-x 3 root root 0 Jan 25 15:10 rank0<br />
drwxr-xr-x 3 root root 0 Jan 25 15:10 rank1<br />
drwxr-xr-x 3 root root 0 Jan 25 15:10 rank2<br />
drwxr-xr-x 3 root root 0 Jan 25 15:10 rank3<br />
drwxr-xr-x 3 root root 0 Jan 25 15:10 rank4<br />
drwxr-xr-x 3 root root 0 Jan 25 15:10 rank5<br />
drwxr-xr-x 3 root root 0 Jan 25 15:10 rank6<br />
drwxr-xr-x 3 root root 0 Jan 25 15:10 rank7<br />
--w------- 1 root root 4096 Jan 25 15:10 reset_counters<br />
-r--r--r-- 1 root root 4096 Jan 25 15:10 seconds_since_reset<br />
-r--r--r-- 1 root root 4096 Jan 25 15:10 size_mb<br />
-r--r--r-- 1 root root 4096 Jan 25 15:10 ue_count<br />
-r--r--r-- 1 root root 4096 Jan 25 15:10 ue_noinfo_count<br />
-rw-r--r-- 1 root root 4096 Jan 25 15:10 uevent<br />
root@daq00:~# <br />
</pre><br />
<br />
=== Intel E3-1270 v6 ===<br />
<pre><br />
root@wheel-SYS-5019S-M:~/git/scripts# edac-ctl --mainboard<br />
edac-ctl: mainboard: Supermicro X11SSH-F<br />
root@wheel-SYS-5019S-M:~/git/scripts# edac-ctl --status<br />
edac-ctl: drivers are loaded.<br />
root@grsnis01:~# edac-util<br />
edac-util: No errors to report.<br />
root@grsnis01:~# edac-util -s<br />
edac-util: EDAC drivers are loaded. 1 MC detected<br />
root@grsnis01:~# ls -l /sys/devices/system/edac/mc/mc0<br />
total 0<br />
-r--r--r-- 1 root root 4096 Feb 19 12:35 ce_count<br />
-r--r--r-- 1 root root 4096 Feb 19 12:35 ce_noinfo_count<br />
-r--r--r-- 1 root root 4096 Feb 19 12:35 max_location<br />
-r--r--r-- 1 root root 4096 Feb 19 12:35 mc_name<br />
drwxr-xr-x 2 root root 0 Feb 19 12:35 power<br />
drwxr-xr-x 3 root root 0 Feb 19 12:35 rank0<br />
drwxr-xr-x 3 root root 0 Feb 19 12:35 rank1<br />
drwxr-xr-x 3 root root 0 Feb 19 12:35 rank2<br />
drwxr-xr-x 3 root root 0 Feb 19 12:35 rank3<br />
drwxr-xr-x 3 root root 0 Feb 19 12:35 rank4<br />
drwxr-xr-x 3 root root 0 Feb 19 12:35 rank5<br />
drwxr-xr-x 3 root root 0 Feb 19 12:35 rank6<br />
drwxr-xr-x 3 root root 0 Feb 19 12:35 rank7<br />
--w------- 1 root root 4096 Feb 19 12:35 reset_counters<br />
-r--r--r-- 1 root root 4096 Feb 19 12:35 seconds_since_reset<br />
-r--r--r-- 1 root root 4096 Feb 19 12:35 size_mb<br />
-r--r--r-- 1 root root 4096 Feb 19 12:35 ue_count<br />
-r--r--r-- 1 root root 4096 Feb 19 12:35 ue_noinfo_count<br />
-rw-r--r-- 1 root root 4096 Feb 19 12:35 uevent<br />
root@grsnis01:~# <br />
</pre><br />
<br />
=== Intel E3-1245 v6 ===<br />
<br />
<pre><br />
[root@alphagdaq ~]# edac-ctl --mainboard<br />
edac-ctl: mainboard: Supermicro X11SSH-F<br />
[root@alphagdaq ~]# edac-ctl --mainboard<br />
edac-ctl: mainboard: Supermicro X11SSH-F<br />
[root@alphagdaq ~]# edac-ctl --status<br />
edac-ctl: drivers are loaded.<br />
[root@alphagdaq ~]# edac-util<br />
edac-util: No errors to report.<br />
[root@alphagdaq ~]# edac-util -s<br />
edac-util: EDAC drivers are loaded. 1 MC detected<br />
[root@alphagdaq ~]# ras-mc-ctl --layout<br />
+-----------------------------------------------+<br />
| mc0 |<br />
| csrow0 | csrow1 | csrow2 | csrow3 |<br />
----------+-----------------------------------------------+<br />
channel1: | 8192 MB | 8192 MB | 8192 MB | 8192 MB |<br />
channel0: | 8192 MB | 8192 MB | 8192 MB | 8192 MB |<br />
----------+-----------------------------------------------+<br />
[root@alphagdaq ~]# ras-mc-ctl --error-count<br />
Label CE UE<br />
mc#0csrow#3channel#0 0 0<br />
mc#0csrow#2channel#1 0 0<br />
mc#0csrow#3channel#1 0 0<br />
mc#0csrow#0channel#0 0 0<br />
mc#0csrow#1channel#1 0 0<br />
mc#0csrow#0channel#1 0 0<br />
mc#0csrow#1channel#0 0 0<br />
mc#0csrow#2channel#0 0 0<br />
[root@alphagdaq ~]# ras-mc-ctl --mainboard<br />
ras-mc-ctl: mainboard: Supermicro model X11SSH-F<br />
[root@alphagdaq ~]# ras-mc-ctl --summary<br />
DBD::SQLite::db prepare failed: no such table: mc_event at /usr/sbin/ras-mc-ctl line 1129.<br />
Can't call method "execute" on an undefined value at /usr/sbin/ras-mc-ctl line 1130.<br />
[root@alphagdaq ~]# <br />
</pre><br />
<br />
=== AMD 3700X ===<br />
<br />
(memory is non-ECC)<br />
<br />
<pre><br />
root@daq13:~# edac-ctl --mainboard<br />
edac-ctl: mainboard: ASUSTeK COMPUTER INC. ROG STRIX B550-E GAMING<br />
root@daq13:~# <br />
root@daq13:~# <br />
root@daq13:~# edac-ctl --status<br />
edac-ctl: drivers not loaded.<br />
root@daq13:~# edac-util <br />
edac-util: Error: No memory controller data found.<br />
root@daq13:~# edac-util -s<br />
edac-util: EDAC drivers loaded. No memory controllers found<br />
root@daq13:~# ls -l /sys/devices/system/edac/mc<br />
total 0<br />
drwxr-xr-x 2 root root 0 Jan 25 15:26 power<br />
lrwxrwxrwx 1 root root 0 Jan 21 16:16 subsystem -> ../../../../bus/edac<br />
-rw-r--r-- 1 root root 4096 Jan 21 16:16 uevent<br />
</pre><br />
<br />
(memory is ECC)<br />
<br />
<pre><br />
root@trinatdaq:~# edac-ctl --mainboard<br />
edac-ctl: mainboard: ASUSTeK COMPUTER INC. ROG STRIX B550-E GAMING<br />
root@trinatdaq:~# edac-ctl --status<br />
edac-ctl: drivers are loaded.<br />
root@trinatdaq:~# edac-util <br />
edac-util: No errors to report.<br />
root@trinatdaq:~# edac-util -s<br />
edac-util: EDAC drivers are loaded. 1 MC detected<br />
root@trinatdaq:~# ls -l /sys/devices/system/edac/mc<br />
total 0<br />
drwxr-xr-x 7 root root 0 Dec 15 13:04 mc0<br />
drwxr-xr-x 2 root root 0 Dec 15 13:04 power<br />
lrwxrwxrwx 1 root root 0 Dec 13 18:31 subsystem -> ../../../../bus/edac<br />
-rw-r--r-- 1 root root 4096 Dec 13 18:31 uevent<br />
root@trinatdaq:~# ls -l /sys/devices/system/edac/mc/mc0<br />
total 0<br />
-r--r--r-- 1 root root 4096 Dec 15 13:04 ce_count<br />
-r--r--r-- 1 root root 4096 Dec 15 13:04 ce_noinfo_count<br />
-r--r--r-- 1 root root 4096 Dec 15 13:04 max_location<br />
-r--r--r-- 1 root root 4096 Dec 15 13:04 mc_name<br />
drwxr-xr-x 2 root root 0 Dec 15 13:04 power<br />
drwxr-xr-x 3 root root 0 Dec 15 13:04 rank4<br />
drwxr-xr-x 3 root root 0 Dec 15 13:04 rank5<br />
drwxr-xr-x 3 root root 0 Dec 15 13:04 rank6<br />
drwxr-xr-x 3 root root 0 Dec 15 13:04 rank7<br />
--w------- 1 root root 4096 Dec 15 13:04 reset_counters<br />
-rw-r--r-- 1 root root 4096 Dec 15 13:04 sdram_scrub_rate<br />
-r--r--r-- 1 root root 4096 Dec 15 13:04 seconds_since_reset<br />
-r--r--r-- 1 root root 4096 Dec 15 13:04 size_mb<br />
-r--r--r-- 1 root root 4096 Dec 15 13:04 ue_count<br />
-r--r--r-- 1 root root 4096 Dec 15 13:04 ue_noinfo_count<br />
-rw-r--r-- 1 root root 4096 Dec 15 13:04 uevent<br />
root@trinatdaq:~# <br />
</pre><br />
<br />
=== AMD 5000G ===<br />
<br />
* no linux driver for AMD 5000-series "G" CPU<br />
* no mention of ECC in the BIOS settings<br />
* unclear status of ECC support in AMD documentation (sais only "pro" "G" CPUs have ECC)<br />
* unclear status of ECC support in ASUS documentation (web page out of date)<br />
<br />
=== AMD 3955WX ===<br />
<br />
<pre><br />
root@alphasuperdaq:~/git/scripts/quotareport# edac-ctl --mainboard<br />
edac-ctl: mainboard: ASUSTeK COMPUTER INC. Pro WS WRX80E-SAGE SE WIFI<br />
root@alphasuperdaq:~/git/scripts/quotareport# edac-ctl --status<br />
edac-ctl: drivers are loaded.<br />
root@alphasuperdaq:~/git/scripts/quotareport# edac-util <br />
edac-util: No errors to report.<br />
root@alphasuperdaq:~/git/scripts/quotareport# edac-util -s<br />
edac-util: EDAC drivers are loaded. 1 MC detected<br />
root@alphasuperdaq:~/git/scripts/quotareport# ls -l /sys/devices/system/edac/mc<br />
total 0<br />
drwxr-xr-x 19 root root 0 Dez 12 04:48 mc0<br />
drwxr-xr-x 2 root root 0 Dez 12 04:48 power<br />
lrwxrwxrwx 1 root root 0 Dez 9 05:31 subsystem -> ../../../../bus/edac<br />
-rw-r--r-- 1 root root 4096 Dez 9 05:31 uevent<br />
root@alphasuperdaq:~/git/scripts/quotareport# <br />
root@alphasuperdaq:~# ls -l /sys/devices/system/edac/mc/mc0<br />
total 0<br />
-r--r--r-- 1 root root 4096 Feb 28 22:19 ce_count<br />
-r--r--r-- 1 root root 4096 Feb 28 22:19 ce_noinfo_count<br />
-r--r--r-- 1 root root 4096 Feb 28 22:19 max_location<br />
-r--r--r-- 1 root root 4096 Feb 28 22:19 mc_name<br />
drwxr-xr-x 2 root root 0 Dez 12 04:48 power<br />
drwxr-xr-x 3 root root 0 Dez 12 04:48 rank0<br />
drwxr-xr-x 3 root root 0 Dez 12 04:48 rank1<br />
drwxr-xr-x 3 root root 0 Dez 12 04:48 rank10<br />
drwxr-xr-x 3 root root 0 Dez 12 04:48 rank11<br />
drwxr-xr-x 3 root root 0 Dez 12 04:48 rank12<br />
drwxr-xr-x 3 root root 0 Dez 12 04:48 rank13<br />
drwxr-xr-x 3 root root 0 Dez 12 04:48 rank14<br />
drwxr-xr-x 3 root root 0 Dez 12 04:48 rank15<br />
drwxr-xr-x 3 root root 0 Dez 12 04:48 rank2<br />
drwxr-xr-x 3 root root 0 Dez 12 04:48 rank3<br />
drwxr-xr-x 3 root root 0 Dez 12 04:48 rank4<br />
drwxr-xr-x 3 root root 0 Dez 12 04:48 rank5<br />
drwxr-xr-x 3 root root 0 Dez 12 04:48 rank6<br />
drwxr-xr-x 3 root root 0 Dez 12 04:48 rank7<br />
drwxr-xr-x 3 root root 0 Dez 12 04:48 rank8<br />
drwxr-xr-x 3 root root 0 Dez 12 04:48 rank9<br />
--w------- 1 root root 4096 Feb 28 22:19 reset_counters<br />
-rw-r--r-- 1 root root 4096 Feb 28 22:19 sdram_scrub_rate<br />
-r--r--r-- 1 root root 4096 Feb 28 22:19 seconds_since_reset<br />
-r--r--r-- 1 root root 4096 Feb 28 22:19 size_mb<br />
-r--r--r-- 1 root root 4096 Feb 28 22:19 ue_count<br />
-r--r--r-- 1 root root 4096 Feb 28 22:19 ue_noinfo_count<br />
-rw-r--r-- 1 root root 4096 Feb 28 22:19 uevent<br />
root@alphasuperdaq:~# <br />
root@alphasuperdaq:~# ras-mc-ctl --layout<br />
Use of uninitialized value $max_pos[3] in modulus (%) at /usr/sbin/ras-mc-ctl line 868.<br />
Use of uninitialized value $d in numeric ge (>=) at /usr/sbin/ras-mc-ctl line 869.<br />
Use of uninitialized value $d in sprintf at /usr/sbin/ras-mc-ctl line 872.<br />
Use of uninitialized value $pos[3] in join or string at /usr/sbin/ras-mc-ctl line 791.<br />
Use of uninitialized value $pos[3] in join or string at /usr/sbin/ras-mc-ctl line 791.<br />
Use of uninitialized value $pos[3] in join or string at /usr/sbin/ras-mc-ctl line 791.<br />
Use of uninitialized value $pos[3] in join or string at /usr/sbin/ras-mc-ctl line 791.<br />
Use of uninitialized value $pos[3] in join or string at /usr/sbin/ras-mc-ctl line 791.<br />
Use of uninitialized value $pos[3] in join or string at /usr/sbin/ras-mc-ctl line 791.<br />
Use of uninitialized value $pos[3] in join or string at /usr/sbin/ras-mc-ctl line 791.<br />
Use of uninitialized value $pos[3] in join or string at /usr/sbin/ras-mc-ctl line 791.<br />
Use of uninitialized value $pos[3] in join or string at /usr/sbin/ras-mc-ctl line 791.<br />
Use of uninitialized value $pos[3] in join or string at /usr/sbin/ras-mc-ctl line 791.<br />
Use of uninitialized value $pos[3] in join or string at /usr/sbin/ras-mc-ctl line 791.<br />
Use of uninitialized value $pos[3] in join or string at /usr/sbin/ras-mc-ctl line 791.<br />
Use of uninitialized value $pos[3] in join or string at /usr/sbin/ras-mc-ctl line 791.<br />
Use of uninitialized value $pos[3] in join or string at /usr/sbin/ras-mc-ctl line 791.<br />
Use of uninitialized value $pos[3] in join or string at /usr/sbin/ras-mc-ctl line 791.<br />
Use of uninitialized value $pos[3] in join or string at /usr/sbin/ras-mc-ctl line 791.<br />
+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+<br />
| mc0 |<br />
| csrow0 | csrow1 |<br />
| channel0 | channel1 | channel2 | channel3 | channel4 | channel5 | channel6 | channel7 | channel0 | channel1 | channel2 | channel3 | channel4 | channel5 | channel6 | channel7 |<br />
----+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+<br />
<br />
0: | 0 MB | 0 MB | 0 MB | 0 MB | 0 MB | 0 MB | 0 MB | 0 MB | 0 MB | 0 MB | 0 MB | 0 MB | 0 MB | 0 MB | 0 MB | 0 MB |<br />
----+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+<br />
root@alphasuperdaq:~# ras-mc-ctl --error-count<br />
Label CE UE<br />
mc#0csrow#0channel#2 0 0<br />
mc#0csrow#1channel#7 0 0<br />
mc#0csrow#0channel#3 0 0<br />
mc#0csrow#1channel#4 0 0<br />
mc#0csrow#1channel#2 0 0<br />
mc#0csrow#0channel#7 0 0<br />
mc#0csrow#1channel#3 0 0<br />
mc#0csrow#0channel#4 0 0<br />
mc#0csrow#1channel#1 0 0<br />
mc#0csrow#1channel#0 0 0<br />
mc#0csrow#1channel#5 0 0<br />
mc#0csrow#0channel#6 0 0<br />
mc#0csrow#0channel#1 0 0<br />
mc#0csrow#0channel#5 0 0<br />
mc#0csrow#0channel#0 0 0<br />
mc#0csrow#1channel#6 0 0<br />
root@alphasuperdaq:~# ras-mc-ctl --mainboard<br />
ras-mc-ctl: mainboard: ASUSTeK COMPUTER INC. model Pro WS WRX80E-SAGE SE WIFI<br />
root@alphasuperdaq:~# ras-mc-ctl --summary<br />
No Memory errors.<br />
<br />
No PCIe AER errors.<br />
<br />
No Extlog errors.<br />
<br />
DBD::SQLite::db prepare failed: no such table: devlink_event at /usr/sbin/ras-mc-ctl line 1181.<br />
Can't call method "execute" on an undefined value at /usr/sbin/ras-mc-ctl line 1182.<br />
root@alphasuperdaq:~#<br />
</pre><br />
<br />
== Configure rasdaemon ==<br />
<br />
* apt install rasdaemon<br />
* systemctl enable rasdaemon<br />
* systemctl start rasdaemon<br />
* systemctl status rasdaemon<br />
<pre><br />
● rasdaemon.service - RAS daemon to log the RAS events<br />
Loaded: loaded (/lib/systemd/system/rasdaemon.service; enabled; vendor preset: enabled)<br />
Active: active (running) since Mon 2021-01-25 15:16:37 PST; 3min 5s ago<br />
Main PID: 2477175 (rasdaemon)<br />
Tasks: 1 (limit: 76958)<br />
Memory: 17.1M<br />
CGroup: /system.slice/rasdaemon.service<br />
└─2477175 /usr/sbin/rasdaemon -f -r<br />
<br />
Jan 25 15:16:37 daq00.triumf.ca rasdaemon[2477175]: rasdaemon: ras:extlog_mem_event event enabled<br />
Jan 25 15:16:37 daq00.triumf.ca rasdaemon[2477175]: rasdaemon: Enabled event ras:extlog_mem_event<br />
Jan 25 15:16:37 daq00.triumf.ca rasdaemon[2477175]: ras:extlog_mem_event event enabled<br />
Jan 25 15:16:37 daq00.triumf.ca rasdaemon[2477175]: rasdaemon: Listening to events for cpus 0 to 11<br />
Jan 25 15:16:37 daq00.triumf.ca rasdaemon[2477175]: Enabled event ras:extlog_mem_event<br />
Jan 25 15:16:37 daq00.triumf.ca rasdaemon[2477175]: rasdaemon: Recording mc_event events<br />
Jan 25 15:16:37 daq00.triumf.ca rasdaemon[2477175]: rasdaemon: Recording aer_event events<br />
Jan 25 15:16:37 daq00.triumf.ca rasdaemon[2477175]: rasdaemon: Recording extlog_event events<br />
Jan 25 15:16:37 daq00.triumf.ca rasdaemon[2477175]: rasdaemon: Recording mce_record events<br />
Jan 25 15:16:37 daq00.triumf.ca rasdaemon[2477175]: rasdaemon: Recording arm_event events<br />
</pre><br />
<br />
== Get reports ==<br />
<br />
* Intel 2x32GB ECC DIMMs<br />
<pre><br />
root@daq00:~# ras-mc-ctl --layout<br />
+-------------------------+<br />
| mc0 |<br />
| csrow0 | csrow1 |<br />
----------+-------------------------+<br />
channel1: | 16384 MB | 16384 MB |<br />
channel0: | 16384 MB | 16384 MB |<br />
----------+-------------------------+<br />
root@daq00:~# ras-mc-ctl --error-count<br />
Label CE UE<br />
mc#0csrow#1channel#1 0 0<br />
mc#0csrow#1channel#0 0 0<br />
mc#0csrow#0channel#0 0 0<br />
mc#0csrow#0channel#1 0 0<br />
root@daq00:~# <br />
</pre><br />
<br />
* Intel 4x16GB ECC DIMMs<br />
<pre><br />
root@daq00:~# ras-mc-ctl --error-count<br />
Label CE UE<br />
mc#0csrow#0channel#1 0 0<br />
mc#0csrow#2channel#0 0 0<br />
mc#0csrow#0channel#0 0 0<br />
mc#0csrow#2channel#1 0 0<br />
mc#0csrow#1channel#0 0 0<br />
mc#0csrow#1channel#1 0 0<br />
mc#0csrow#3channel#0 0 0<br />
mc#0csrow#3channel#1 0 0<br />
root@daq00:~# <br />
root@daq00:~# ras-mc-ctl --layout<br />
+-----------------------+<br />
| mc0 |<br />
| csrow0 | csrow1 |<br />
----------+-----------------------+<br />
channel1: | 8192 MB | 8192 MB |<br />
channel0: | 8192 MB | 8192 MB |<br />
----------+-----------------------+<br />
root@daq00:~# <br />
root@daq00:~# <br />
root@daq00:~# <br />
root@daq00:~# ras-mc-ctl --print-labels<br />
ras-mc-ctl: Error: No dimm labels for Supermicro model X11SCM-F<br />
root@daq00:~# ras-mc-ctl --mainboard<br />
ras-mc-ctl: mainboard: Supermicro model X11SCM-F<br />
root@daq00:~# ras-mc-ctl --summary<br />
No Memory errors.<br />
<br />
No PCIe AER errors.<br />
<br />
No Extlog errors.<br />
<br />
DBD::SQLite::db prepare failed: no such table: devlink_event at /usr/sbin/ras-mc-ctl line 1181.<br />
Can't call method "execute" on an undefined value at /usr/sbin/ras-mc-ctl line 1182.<br />
root@daq00:~# <br />
</pre><br />
<br />
= sensors =<br />
<br />
== ASUS P9X79 WS ==<br />
<br />
* https://www.asus.com/supportonly/P9X79%20WS/HelpDesk_Manual/<br />
* BIOS version 4802<br />
* modprobe nct6775<br />
* modprobe coretemp<br />
<br />
<pre><br />
root@daq14:~# sensors<br />
coretemp-isa-0000<br />
Adapter: ISA adapter<br />
Package id 0: +35.0°C (high = +82.0°C, crit = +100.0°C)<br />
Core 0: +29.0°C (high = +82.0°C, crit = +100.0°C)<br />
Core 1: +24.0°C (high = +82.0°C, crit = +100.0°C)<br />
Core 2: +35.0°C (high = +82.0°C, crit = +100.0°C)<br />
Core 3: +32.0°C (high = +82.0°C, crit = +100.0°C)<br />
<br />
nouveau-pci-0200<br />
Adapter: PCI adapter<br />
GPU core: 900.00 mV (min = +0.85 V, max = +1.00 V)<br />
temp1: +39.0°C (high = +95.0°C, hyst = +3.0°C)<br />
(crit = +105.0°C, hyst = +5.0°C)<br />
(emerg = +135.0°C, hyst = +5.0°C)<br />
<br />
nct6776-isa-0290<br />
Adapter: ISA adapter<br />
Vcore: 1.04 V (min = +0.00 V, max = +1.74 V)<br />
in1: 1.01 V (min = +0.00 V, max = +0.00 V) ALARM<br />
AVCC: 3.33 V (min = +0.00 V, max = +0.00 V) ALARM<br />
+3.3V: 3.33 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in4: 1.01 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in5: 2.04 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in6: 904.00 mV (min = +0.00 V, max = +0.00 V) ALARM<br />
3VSB: 3.41 V (min = +0.00 V, max = +0.00 V) ALARM<br />
Vbat: 3.30 V (min = +0.00 V, max = +0.00 V) ALARM<br />
fan1: 1265 RPM (min = 0 RPM)<br />
fan2: 1909 RPM (min = 0 RPM)<br />
fan3: 0 RPM (min = 0 RPM)<br />
fan4: 0 RPM (min = 0 RPM)<br />
fan5: 0 RPM (min = 0 RPM)<br />
SYSTIN: +34.0°C (high = +0.0°C, hyst = +0.0°C) ALARM sensor = thermistor<br />
CPUTIN: +58.0°C (high = +80.0°C, hyst = +75.0°C) sensor = thermal diode<br />
AUXTIN: +31.5°C (high = +80.0°C, hyst = +75.0°C) sensor = thermistor<br />
PECI Agent 0: +31.0°C (high = +80.0°C, hyst = +75.0°C)<br />
(crit = +96.0°C)<br />
PCH_CHIP_TEMP: +0.0°C <br />
PCH_CPU_TEMP: +0.0°C <br />
PCH_MCH_TEMP: +0.0°C <br />
intrusion0: ALARM<br />
intrusion1: ALARM<br />
beep_enable: disabled<br />
<br />
root@daq14:~# <br />
</pre><br />
<br />
= Enable CPU turbo mode =<br />
<br />
* Intel CPU has a nominal CPU frequency (i.e. 3.4GHz) and a turbo-boost CPU frequency (i.e. 4.0GHz). Here we will enable this turbo-boost mode.<br />
* Find out CPU capability<br />
<pre><br />
root@daq01:~# lscpu | grep Hz<br />
Model name: Intel(R) Core(TM) i7-6700 CPU @ 3.40GHz<br />
CPU MHz: 3965.803<br />
CPU max MHz: 4000.0000<br />
CPU min MHz: 800.0000<br />
root@daq01:~# <br />
</pre><br />
* Look up this CPU in the Intel ARK database - google for the CPU model name, i.e.<br />
https://ark.intel.com/content/www/us/en/ark/products/88196/intel-core-i7-6700-processor-8m-cache-up-to-4-00-ghz.html<br />
* Find current frequency settings:<br />
<pre><br />
root@daq01:~# cpupower frequency-info<br />
analyzing CPU 0:<br />
driver: intel_pstate<br />
CPUs which run at the same hardware frequency: 0<br />
CPUs which need to have their frequency coordinated by software: 0<br />
maximum transition latency: Cannot determine or is not supported.<br />
hardware limits: 800 MHz - 4.00 GHz<br />
available cpufreq governors: performance powersave<br />
current policy: frequency should be within 800 MHz and 4.00 GHz.<br />
The governor "powersave" may decide which speed to use<br />
within this range.<br />
current CPU frequency: Unable to call hardware<br />
current CPU frequency: 2.72 GHz (asserted by call to kernel)<br />
boost state support:<br />
Supported: yes<br />
Active: yes<br />
root@daq01:~# <br />
</pre><br />
* Note the following:<br />
** current governor is "powersave"<br />
** "performance" governor is available<br />
** "boost state support" is supported and active.<br />
* Confirm CPU frequency governor:<br />
<pre><br />
root@daq01:~# cat /sys/devices/system/cpu/cpu*/cpufreq/scaling_governor<br />
powersave<br />
powersave<br />
powersave<br />
powersave<br />
powersave<br />
powersave<br />
powersave<br />
powersave<br />
root@daq01:~# <br />
</pre> <br />
* Change governor to "performance":<br />
<pre><br />
root@daq01:~# cpupower frequency-set --governor performance<br />
Setting cpu: 0<br />
Setting cpu: 1<br />
Setting cpu: 2<br />
Setting cpu: 3<br />
Setting cpu: 4<br />
Setting cpu: 5<br />
Setting cpu: 6<br />
Setting cpu: 7<br />
root@daq01:~# cat /sys/devices/system/cpu/cpu*/cpufreq/scaling_governor<br />
performance<br />
performance<br />
performance<br />
performance<br />
performance<br />
performance<br />
performance<br />
performance<br />
root@daq01:~# cpupower frequency-info<br />
analyzing CPU 0:<br />
driver: intel_pstate<br />
CPUs which run at the same hardware frequency: 0<br />
CPUs which need to have their frequency coordinated by software: 0<br />
maximum transition latency: Cannot determine or is not supported.<br />
hardware limits: 800 MHz - 4.00 GHz<br />
available cpufreq governors: performance powersave<br />
current policy: frequency should be within 800 MHz and 4.00 GHz.<br />
The governor "performance" may decide which speed to use<br />
within this range.<br />
current CPU frequency: Unable to call hardware<br />
current CPU frequency: 3.93 GHz (asserted by call to kernel)<br />
boost state support:<br />
Supported: yes<br />
Active: yes<br />
</pre><br />
* monitor CPU frequency:<br />
<pre><br />
root@daq01:~# cpupower monitor<br />
| Nehalem || Mperf || Idle_Stats <br />
CPU| C3 | C6 | PC3 | PC6 || C0 | Cx | Freq || POLL | C1 | C1E | C3 | C6 | C7s | C8 <br />
0| 0.00| 0.00| 0.00| 0.00|| 88.80| 11.20| 3973|| 0.00| 0.00| 0.01| 0.02| 0.31| 0.00| 4.25<br />
4| 0.00| 0.00| 0.00| 0.00|| 4.70| 95.30| 3945|| 0.00| 0.00| 0.00| 0.00| 0.00| 0.00| 95.03<br />
1| 0.73| 3.70| 0.00| 0.00|| 4.52| 95.48| 3864|| 0.00| 0.01| 1.19| 0.44| 2.82| 0.00| 90.23<br />
5| 0.73| 3.70| 0.00| 0.00|| 0.37| 99.63| 3807|| 0.00| 0.00| 0.03| 0.09| 1.70| 0.00| 97.64<br />
2| 2.28| 12.86| 0.00| 0.00|| 1.41| 98.59| 3829|| 0.00| 0.86| 3.17| 0.46| 7.70| 0.00| 85.87<br />
6| 2.28| 12.86| 0.00| 0.00|| 2.88| 97.12| 3856|| 0.00| 0.11| 4.56| 2.15| 10.31| 0.00| 78.99<br />
3| 1.33| 4.81| 0.00| 0.00|| 0.99| 99.01| 3804|| 0.00| 0.49| 0.79| 0.01| 1.03| 0.00| 96.12<br />
7| 1.34| 4.81| 0.00| 0.00|| 1.26| 98.74| 3818|| 0.00| 0.01| 2.32| 0.47| 5.02| 0.00| 90.06<br />
root@daq01:~# <br />
</pre><br />
* check that the CPU is not overheating:<br />
<pre><br />
root@daq01:~# sensors<br />
coretemp-isa-0000<br />
Adapter: ISA adapter<br />
Package id 0: +51.0°C (high = +84.0°C, crit = +100.0°C)<br />
Core 0: +51.0°C (high = +84.0°C, crit = +100.0°C)<br />
Core 1: +38.0°C (high = +84.0°C, crit = +100.0°C)<br />
Core 2: +34.0°C (high = +84.0°C, crit = +100.0°C)<br />
Core 3: +32.0°C (high = +84.0°C, crit = +100.0°C)<br />
</pre><br />
* congratulations, we are running at 4 GHz now!<br />
<br />
= Setup ubuntu as gateway to private network =<br />
<br />
See also:<br />
* https://daq.triumf.ca/DaqWiki/index.php/VME-CPU#Setup_the_boot_host_computer_.28el7.29<br />
* http://www.triumf.info/wiki/DAQwiki/index.php/Dhcpd_on_eth1<br />
<br />
== Steps to do ==<br />
<br />
* assign network numbers to the private network, i.e. 192.168.1.x, 192.168.2.x, etc<br />
* (on the gateway machine, each private network interface has to have a different network number)<br />
* (each network interface can have multiple networks attached, via VLANs or via eth0:0, eth0:1 constructs)<br />
* assign IP addresses on the private network, save them in /etc/hosts i.e. "hvps 192.168.1.10"<br />
* (for simplicity, assign 192.168.1.1 to the gateway machine itself)<br />
* (IP addresses 192.168.1.0 and 192.168.1.255 are "special", do not use them)<br />
* setup DNS server (dnsmasq) to serve contents of /etc/hosts via DNS (otherwise, many programs will see inconsistent name to IP address mapping)<br />
* setup DHCP server (ISC dhcpd or dnsmasq) to give out the IP addresses<br />
* setup tftp, pxelinux and NFS for diskless booting<br />
* setup time server (chronyd) to provide common time to all devices<br />
* setup NAT so machines on private network can access the internet (to get OS updates, etc)<br />
* setup NIS and NFS so machines on the private network can use common home directories<br />
* setup rsync backup of machines on the private network<br />
<br />
== setup hosts ==<br />
<br />
* edit /etc/hosts<br />
<pre><br />
192.168.1.101 dsfe01<br />
... and so forth<br />
</pre><br />
<br />
== setup dns and dhcp ==<br />
<br />
* apt-get install dnsmasq<br />
* edit /etc/dnsmasq.conf<br />
<pre><br />
# /etc/dnsmasq.conf<br />
# DNS settings<br />
#port=0 # disable DNS function<br />
port=53 # enable DNS function<br />
domain-needed<br />
bogus-priv<br />
no-resolv<br />
server=142.90.100.19<br />
# DHCP settings<br />
interface=enp1s0f0 # DHCP interface<br />
#dhcp-range=192.168.1.50,192.168.1.150,infinite<br />
dhcp-range=192.168.1.0,static<br />
#log-dhcp<br />
quiet-dhcp<br />
#dhcp-ignore=tag:!known<br />
dhcp-boot=pxelinux.0<br />
#dhcp-host=ac:1f:6b:9e:7f:4a,192.168.1.100,10m<br />
dhcp-host=ac:1f:6b:9e:7f:4a,dsfe01,infinite<br />
# TFTP settings<br />
enable-tftp<br />
tftp-root=/tftpboot<br />
</pre><br />
* #mkdir /zssd/tftpboot ### per tftp-root (if no ZFS)<br />
* zfs create -o mountpoint=/tftpboot rpool/tftpboot ### (if root is ZFS)<br />
* systemctl enable dnsmasq<br />
* systemctl restart dnsmasq<br />
<br />
== setup chronyd ==<br />
<br />
* enable ntp server:<br />
* configure and enable chronyd per instructions above<br />
* emacs -nw /etc/chrony/chrony.conf<br />
** add "allow 192.168.1.0/24" at the end<br />
* systemctl restart chronyd<br />
* chronyc tracking ### wait until time is synchronized (a few seconds)<br />
<br />
== setup diskless network booting ==<br />
<br />
=== setup pxelinux ===<br />
<pre><br />
cd ~<br />
wget https://www.kernel.org/pub/linux/utils/boot/syslinux/4.xx/syslinux-4.03.tar.bz2<br />
tar xjvf syslinux-4.03.tar.bz2<br />
cd syslinux-4.03<br />
cp -pv ./core/pxelinux.0 ./com32/hdt/hdt.c32 ./memdisk/memdisk ./com32/menu/menu.c32 /zssd/tftpboot/<br />
</pre><br />
* cd /zssd/tftpboot<br />
<pre><br />
wget http://ladd00.triumf.ca/tftpboot/memtest86+-4.20.iso.zip<br />
wget http://ladd00.triumf.ca/tftpboot/memtest86+-5.01.iso.gz<br />
wget http://ladd00.triumf.ca/tftpboot/modules.alias<br />
wget http://ladd00.triumf.ca/tftpboot/modules.pcimap<br />
wget http://ladd00.triumf.ca/tftpboot/pci.ids<br />
</pre><br />
* mkdir pxelinux.cfg<br />
* emacs -nw pxelinux.cfg/default<br />
<pre><br />
default menu.c32<br />
prompt 0<br />
<br />
menu title Welcome to the DSVSLICE PXE boot menu<br />
<br />
timeout 50<br />
<br />
label hdt<br />
kernel hdt.c32<br />
<br />
label memtest86+-5.01 <br />
kernel memdisk iso initrd=memtest86+-5.01.iso.gz <br />
<br />
label memtest86+-4.20<br />
kernel memdisk iso initrd=memtest86+-4.20.iso.zip<br />
<br />
label vmlinuz-5.3.0-26-generic<br />
menu default<br />
kernel vmlinuz-5.3.0-26-generic<br />
append initrd=initrd.img-5.3.0-26-generic boot=nfs root=/dev/nfs netboot=nfs nfsroot=192.168.1.1:/zssd/nfsroot/dsfe01 toram ip=dhcp panic=60 BOOTIF=enp1s0f0<br />
<br />
#end<br />
</pre><br />
<br />
=== setup linux kernel ===<br />
<br />
* copy the kernel files<br />
<pre><br />
cd /boot<br />
rsync -av config* initrd* System.map* vmlinuz* /zssd/tftpboot/<br />
</pre><br />
* cd /zssd/tftpboot<br />
* chmod a+r *<br />
<br />
=== setup nfs ===<br />
<br />
* apt-get install nfs-kernel-server<br />
* emacs -nw /etc/exports<br />
<pre><br />
/zssd/nfsroot/dsfe01 dsfe01(rw,no_root_squash,async,no_subtree_check)<br />
</pre><br />
* enable services<br />
<pre><br />
systemctl enable nfs-server<br />
systemctl enable nfs-mountd<br />
systemctl enable nfs-idmapd<br />
systemctl restart nfs-server<br />
systemctl restart nfs-mountd<br />
systemctl restart nfs-idmapd<br />
</pre><br />
* after editing /etc/exports, run<br />
<pre><br />
exportfs -av<br />
</pre><br />
<br />
=== setup userland ===<br />
<br />
* zfs create zssd/nfsroot<br />
* zfs set dedup=verify zssd/nfsroot ### enable deduplication to save disk space because most linux images have mostly identical files<br />
* clone ubuntu<br />
<pre><br />
mkdir /zssd/nfsroot/dsfe01<br />
cd /<br />
rsync -avx . /zssd/nfsroot/dsfe01<br />
</pre><br />
* edit config files:<br />
* cd /zssd/nfsroot/dsfe01<br />
* emacs -nw etc/hostname ### change to dsfe01<br />
* emacs -nw etc/mailname ### change to dsfe01<br />
* emacs -nw etc/yp.conf ### change daq00.triumf.ca to musr00.triumf.ca<br />
* emacs -nw etc/defaultdomain ### change to MUSR-NIS<br />
* cp -pvf ../lxcpet-SL610/etc/ssh/*key* etc/ssh/ ### preserve the ssh keys<br />
* emacs -nw opt/gonodeinfo/gonodeinfo.conf ### update information<br />
* emacs -nw root/.ssh/authorized_keys ### update root ssh keys<br />
* emacs -nw etc/fstab ### add this<br />
<pre><br />
192.168.1.1:/zssd/nfsroot/dsfe01 / nfs defaults,nolock 0 0<br />
</pre><br />
* emacs -nw etc/chrony/chrony.conf<br />
** comment-out all "pool" and "server" entries<br />
** add entry "server 192.168.1.1 iburst"<br />
<br />
After dsfe01 is booted:<br />
<br />
* disable services:<br />
<pre><br />
systemctl disable apache2<br />
systemctl disable dnsmasq<br />
systemctl disable zfs-import-cache<br />
</pre><br />
<br />
To setup additional machines, clone dsfe01 instead of cloning the gateway machine<br />
<br />
=== Allow manpages to be viewed ===<br />
<br />
If <code>/</code> is mounted over NFS, <code>man</code> will report a permission error. Fix it with:<br />
<br />
<pre><br />
ln -s /etc/apparmor.d/usr.bin.man /etc/apparmor.d/disable/<br />
apparmor_parser -R /etc/apparmor.d/usr.bin.man<br />
</pre><br />
<br />
== setup shared home directory ==<br />
<br />
=== on the gateway machine ===<br />
* define netgroups<br />
* emacs -nw /etc/netgroup<br />
<pre><br />
dsfe (dsfe01,,) (dsfe02,,)<br />
</pre><br />
* emacs -nw /etc/nsswitch.conf ### edit the netgroup line to read:<br />
<pre><br />
netgroup: files<br />
</pre><br />
* export the home directories:<br />
* emacs -nw /etc/exports ### add this:<br />
<pre><br />
/zssd/home1 @dsfe(rw,no_root_squash,async,no_subtree_check)<br />
</pre><br />
* exportfs -rc<br />
<br />
=== on the frontend machine ===<br />
<br />
* mkdir /home<br />
* emacs -nw /etc/fstab ### add this:<br />
<pre><br />
192.168.1.1:/zssd/home1 /home nfs defaults 0 0<br />
</pre><br />
* mount -a<br />
<br />
== setup NAT ==<br />
<br />
NAT allows machines on the private network to connect to the internet: https://en.wikipedia.org/wiki/Network_address_translation<br />
<br />
In these examples:<br />
* replace "eno1" with name of the outgoing interface (the one connected to the TRIUMF network).<br />
* replace "enp11s0" with name of the private network interface (192.168.1.x network)<br />
<br />
* emacs -nw /etc/rc.local ### add this:<br />
<pre><br />
# /etc/rc.local<br />
<br />
/sbin/iptables -t nat -A POSTROUTING -o eno1 -j MASQUERADE<br />
iptables -L -v<br />
<br />
# uncomment following lines if machine has prohibitive FORWARD rules:<br />
#/sbin/iptables -I FORWARD -i eno1 -o enp11s0 -m state --state RELATED,ESTABLISHED -j ACCEPT<br />
#/sbin/iptables -I FORWARD -i enp11s0 -o eno1 -j ACCEPT<br />
#iptables -L -v<br />
<br />
iptables -L -v<br />
sysctl -w net.ipv4.ip_forward=1<br />
#sysctl -a | grep forward<br />
<br />
sh /etc/firewall-rfc1918.sh<br />
<br />
# end<br />
</pre><br />
* emacs -nw /etc/firewall-rfc1918.sh<br />
<pre><br />
# firewall-rfc1918.sh<br />
<br />
# prevent RFC1918 private network IP addresses from<br />
# going in and out from our uplink.<br />
<br />
ETH=eno1<br />
<br />
iptables -F in-rfc1918<br />
iptables -N in-rfc1918<br />
iptables -A in-rfc1918 --dst 10.0.0.0/8 -j REJECT<br />
iptables -A in-rfc1918 --dst 172.16.0.0/12 -j REJECT<br />
iptables -A in-rfc1918 --dst 192.168.0.0/16 -j REJECT<br />
iptables -D INPUT -j in-rfc1918 -i $ETH<br />
iptables -D INPUT -j in-rfc1918 -i $ETH<br />
iptables -I INPUT -j in-rfc1918 -i $ETH<br />
<br />
iptables -F out-rfc1918<br />
iptables -N out-rfc1918<br />
iptables -A out-rfc1918 --dst 10.0.0.0/8 -j REJECT<br />
iptables -A out-rfc1918 --dst 172.16.0.0/12 -j REJECT<br />
iptables -A out-rfc1918 --dst 192.168.0.0/16 -j REJECT<br />
iptables -D OUTPUT -j out-rfc1918 -o $ETH<br />
iptables -D OUTPUT -j out-rfc1918 -o $ETH<br />
iptables -I OUTPUT -j out-rfc1918 -o $ETH<br />
<br />
iptables -L -v<br />
<br />
#end<br />
</pre><br />
<br />
= KVM =<br />
<br />
<pre><br />
apt install cpu-checker<br />
<br />
root@daq13:~# kvm-ok <br />
INFO: /dev/kvm exists<br />
KVM acceleration can be used<br />
root@daq13:~# <br />
<br />
(if not, shutdown, go into BIOS settings, enable CPU virtualization)<br />
<br />
apt install virtinst ### will install many packages<br />
apt install libvirt-clients libvirt-daemon-system-systemd libvirt-daemon qemu qemu-kvm libvirt-daemon-system virtinst bridge-utils<br />
<br />
root@daq13:/home1/wheel# virsh list --all<br />
Id Name State<br />
------------------------------<br />
1 ubuntu-guest running<br />
<br />
apt install virt-manager<br />
<br />
virt-install --name ubuntu-guest --os-variant ubuntu20.04 --vcpus 2 --ram 2048 --location /daq/daqstore/olchansk/linux/Ubuntu/ubuntu-20.04.3-desktop-amd64.iso --network bridge=virbr0,model=virtio --graphics none --extra-args='console=ttyS0,115200n8 serial'<br />
<br />
virtual machine will start, boot, etc<br />
to get out of it, CTRL + Shift followed by ]<br />
<br />
ssh wheel@daq13<br />
virt-manager<br />
<br />
run virt-install again, omit "--graphics none", open graphics console from virt-manager, it booted into ubuntu installer desktop<br />
<br />
virt-install --name test10 --os-variant centos6.10 --vcpus 2 --ram 2048 --import --filesystem /kvm_ladd00,/ --network bridge=virbr0,model=virtio --boot kernel=/kvm_ladd00/boot/vmlinuz-2.6.32-754.35.1.el6.x86_64,initrd=/kvm_ladd00/boot/initramfs-2.6.32-754.35.1.el6.x86_64.img,kernel_args="root=/dev/sda console=ttyS0,115200n8 serial" --graphics none<br />
<br />
virt-install --name test14 --os-variant centos6.10 --vcpus 2 --ram 2048 --import --disk /tmp/xxx/ladd00.img,bus=sata --network bridge=virbr0,model=virtio --boot kernel=/kvm_ladd00/boot/vmlinuz-2.6.32-754.35.1.el6.x86_64,initrd=/kvm_ladd00/boot/initramfs-2.6.32-754.35.1.el6.x86_64.img,kernel_args="root=/dev/sda console=ttyS0,115200n8 serial rdshell" --graphics none --check path_in_use=off<br />
</pre><br />
<br />
build image<br />
<br />
<pre><br />
dd if=/dev/zero of=/tmp/xxx/ladd00.img bs=1024M count=20<br />
mkfs.ext3 /tmp/xxx/ladd00.img ### ext4 fails to mount by SL6 kernel, "unknown ext4 options"<br />
cd /kvm_ladd00/<br />
mount -o loop /tmp/xxx/ladd00.img /mnt/tmp<br />
rsync -av . /mnt/tmp/ --delete<br />
umount /mnt/tmp<br />
</pre><br />
<br />
on the guest, configure network: /etc/rc.local<br />
<pre><br />
#!/bin/sh<br />
#<br />
# This script will be executed *after* all the other init scripts.<br />
# You can put your own initialization stuff in here if you don't<br />
# want to do the full Sys V style init stuff.<br />
<br />
touch /var/lock/subsys/local<br />
<br />
ifconfig eth2 192.168.122.2<br />
route add -net 0.0.0.0 gw 192.168.122.1<br />
ifconfig -a<br />
netstat -rn<br />
<br />
# end<br />
</pre></div>
Lindner
https://daq00.triumf.ca/DaqWiki/index.php?title=TRB3_Centos-7_instructions&diff=4641
TRB3 Centos-7 instructions
2021-06-14T14:09:19Z
<p>Lindner: /* TRB3 MIDAS implementation */</p>
<hr />
<div>== Introduction == <br />
<br />
See [https://www.triumf.info/wiki/DAQwiki/index.php/GSI_TRB3 main TRB3 document] for introductory material.<br />
<br />
== Centos-7 network setup == <br />
<br />
Install a switch of second network port. Do the following to configure DHCP on second network port, to assign IP to the TRB3. This example uses 192.168.1.X addresses; the Centos-7 machine is 192.168.1.253, the TRB3 is meant to be assigned 192.1681.1.1. This example uses TRB #171; adapt the instructions to your TRB number.<br />
<br />
1) Assign a static 192.168.1.253 IP to your second network interface, using nm-connection-editor. This is what the configuration looks like afterwards for me<br />
<br />
<pre><br />
[root@daq11 tmp]# cat /etc/sysconfig/network-scripts/ifcfg-static_trb3 <br />
HWADDR=30:85:A9:A9:17:83<br />
TYPE=Ethernet<br />
PROXY_METHOD=none<br />
BROWSER_ONLY=no<br />
BOOTPROTO=none<br />
IPADDR=192.168.1.253<br />
PREFIX=24<br />
GATEWAY=192.168.1.253<br />
DEFROUTE=yes<br />
IPV4_FAILURE_FATAL=no<br />
IPV6INIT=yes<br />
IPV6_AUTOCONF=yes<br />
IPV6_DEFROUTE=yes<br />
IPV6_FAILURE_FATAL=no<br />
IPV6_PRIVACY=no<br />
IPV6_ADDR_GEN_MODE=stable-privacy<br />
NAME=static_trb3<br />
UUID=89793cba-7645-42cf-ac24-f7e48bd08948<br />
ONBOOT=yes<br />
<br />
[root@daq11 tmp]# ifconfig enp12s0<br />
enp12s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500<br />
inet 192.168.1.253 netmask 255.255.255.0 broadcast 192.168.1.255<br />
inet6 fe80::f3e:f38e:d9ba:d654 prefixlen 64 scopeid 0x20<link><br />
ether 30:85:a9:a9:17:83 txqueuelen 1000 (Ethernet)<br />
RX packets 52604116955 bytes 23147929921965 (21.0 TiB)<br />
RX errors 0 dropped 0 overruns 0 frame 0<br />
TX packets 13999033 bytes 1196314909 (1.1 GiB)<br />
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0<br />
device interrupt 19 memory 0xfb100000-fb120000 <br />
</pre><br />
<br />
2) Install dhcp <br />
<pre><br />
yum -y install dhcp <br />
</pre><br />
<br />
3) Configure DHCP to look for the expected IP address for TRB3<br />
<br />
<pre><br />
[root@daq11 tmp]# cat /etc/dhcp/dhcpd.conf<br />
<br />
allow booting;<br />
allow bootp;<br />
ignore unknown-clients;<br />
#ddns-update-style ad-hoc;<br />
<br />
# set lease time to 3 days<br />
default-lease-time 259200;<br />
max-lease-time 259200;<br />
<br />
# Define the new subnet<br />
subnet 192.168.1.0 netmask 255.255.255.0 {<br />
interface enp12s0;<br />
range 192.168.1.100 192.168.1.250; <br />
not authoritative;<br />
deny unknown-clients;<br />
} <br />
<br />
# Define IP for TRB3<br />
group {<br />
default-lease-time infinite;<br />
max-lease-time infinite;<br />
host trb171 { fixed-address 192.168.1.1; hardware ethernet da:7a:36:e9:37:ac; }<br />
}<br />
</pre><br />
<br />
<br />
4) Start DHCP and see if it assigns correct IP to TRB3<br />
<br />
<pre><br />
[root@daq11 tmp]# systemctl enable dhcpd<br />
Created symlink from /etc/systemd/system/multi-user.target.wants/dhcpd.service to /usr/lib/systemd/system/dhcpd.service.<br />
[root@daq11 tmp]# systemctl restart dhcpd;<br />
<br />
<power cycle TRB3><br />
<check ping works><br />
[root@daq11 tmp]# ping 192.168.1.1<br />
PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data.<br />
64 bytes from 192.168.1.1: icmp_seq=2 ttl=255 time=0.087 ms<br />
64 bytes from 192.168.1.1: icmp_seq=3 ttl=255 time=0.144 ms<br />
<br />
[root@daq11 tmp]# systemctl status dhcpd<br />
● dhcpd.service - DHCPv4 Server Daemon<br />
Loaded: loaded (/usr/lib/systemd/system/dhcpd.service; enabled; vendor preset: disabled)<br />
Active: active (running) since Mon 2018-04-09 16:20:35 PDT; 18s ago<br />
Docs: man:dhcpd(8)<br />
man:dhcpd.conf(5)<br />
Main PID: 10650 (dhcpd)<br />
Status: "Dispatching packets..."<br />
CGroup: /system.slice/dhcpd.service<br />
└─10650 /usr/sbin/dhcpd -f -cf /etc/dhcp/dhcpd.conf -user dhcpd -group dhcpd --no-pid<br />
<br />
Apr 09 16:20:35 daq11.triumf.ca dhcpd[10650]: Wrote 0 new dynamic host decls to leases file.<br />
Apr 09 16:20:35 daq11.triumf.ca dhcpd[10650]: Wrote 0 leases to leases file.<br />
Apr 09 16:20:35 daq11.triumf.ca dhcpd[10650]: Listening on LPF/enp12s0/30:85:a9:a9:17:83/192.168.1.0/24<br />
Apr 09 16:20:35 daq11.triumf.ca dhcpd[10650]: Sending on LPF/enp12s0/30:85:a9:a9:17:83/192.168.1.0/24<br />
Apr 09 16:20:35 daq11.triumf.ca dhcpd[10650]: Sending on Socket/fallback/fallback-net<br />
Apr 09 16:20:35 daq11.triumf.ca systemd[1]: Started DHCPv4 Server Daemon.<br />
Apr 09 16:20:49 daq11.triumf.ca dhcpd[10650]: DHCPDISCOVER from da:7a:36:e9:37:ac via enp12s0<br />
Apr 09 16:20:49 daq11.triumf.ca dhcpd[10650]: DHCPOFFER on 192.168.1.1 to da:7a:36:e9:37:ac via enp12s0<br />
Apr 09 16:20:49 daq11.triumf.ca dhcpd[10650]: DHCPREQUEST for 192.168.1.1 (192.168.1.253) from da:7a:36:e9:37:ac via enp12s0<br />
Apr 09 16:20:49 daq11.triumf.ca dhcpd[10650]: DHCPACK on 192.168.1.1 to da:7a:36:e9:37:ac via enp12s0<br />
</pre><br />
<br />
5) Assign hostname to this IP<br />
<pre><br />
[root@daq11 tmp]# more /etc/hosts<br />
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4<br />
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6<br />
192.168.1.1 trb171<br />
</pre><br />
<br />
6) Open a hole in firewall to the TRB3<br />
<pre><br />
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.1.1/32" port protocol="tcp" port="0-65535" accept"<br />
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.1.1/32" port protocol="udp" port="0-65535" accept"<br />
firewall-cmd --add-port=5071/udp --permanent<br />
firewall-cmd --reload<br />
</pre><br />
<br />
== Centos-7 Software Setup == <br />
<br />
The TRB3 software and associated analysis packages are developed on newer operating systems than Centos-7 (namely Opensuse). So a certain amount of work is needed to get the software to work on Centos-7. <br />
<br />
1) I started by copying over the software in trbsoft from an existing installation.<br />
<br />
scp trbsoft_backup.tar.gz trb3@ladd00:/data0/trb3/.<br />
<br />
2) The main problem is with the TRB3 code requiring a newer version of perl. I used perlbrew to setup a newer version of perl than Centos-7 supports:<br />
<br />
Following the instructions on website:<br />
<br />
[https://perlbrew.pl/ https://perlbrew.pl/ ]<br />
<br />
<pre><br />
source ~/perl5/perlbrew/etc/bashrc<br />
perlbrew init<br />
perlbrew install perl-5.24.0<br />
</pre><br />
<br />
and then add this line to login script<br />
<br />
<pre><br />
rm -f /home/trb3/.perlbrew/init<br />
source ~/perl5/perlbrew/etc/bashrc<br />
perlbrew switch perl-5.24.0 <br />
</pre><br />
<br />
3) Rebuild libtrbnet with different perl<br />
<br />
<pre><br />
cd ~/trbsoft/trbnettools/libtrbnet_perl<br />
perl Makefile.PL<br />
cd ..<br />
make TRB3=1 clean<br />
make TRB3=1<br />
make TRB3=1 install<br />
</pre><br />
<br />
4) Modify <br />
<br />
<pre><br />
~/trbsoft/daqtools/merge_serial_address.pl<br />
and<br />
~/trbsoft/daqtools/web/cts_gui<br />
</pre><br />
<br />
to use the perlbrew version of perl, rather than the system default. <br />
<br />
<br />
5) Rebuild DABC (optional: this step is not necessary if we use the UDP version of the frontend, which is default now)<br />
<br />
Make sure you have ROOT (ie ROOTSYS) setup properly<br />
<br />
<pre><br />
svn co https://subversion.gsi.de/dabc/trb3 trb3<br />
cd trb3<br />
make<br />
</pre><br />
<br />
This seems to build dabc and stream successfully. go4 doesn't compile cleanly, but this doesn't matter for the MIDAS frontend readout.<br />
<br />
6) Modify the IP and MAC address in the file trbsoft/daqtools/users/triumf_trb171/db/register_configgbe_ip.db. This should be the IP and MAC address of the private IP interface on the server computer; so the IP is 192.168.1.253 in our case; use ipconfig to check the MAC.<br />
<br />
7) Setup your login script (BASH in this case):<br />
<br />
<pre><br />
<br />
DAQ_TOOLS_PATH=~/trbsoft/daqtools<br />
USER_DIR=~/trbsoft/daqtools/users/triumf_trb171<br />
TRB_WEB_DIR=$DAQ_TOOLS_PATH/web<br />
<br />
export PATH=$PATH:$DAQ_TOOLS_PATH:$HOME/trbsoft/trbnettools/bin<br />
export PATH=$PATH:$DAQ_TOOLS_PATH/tools<br />
export PATH=$PATH:$USER_DIR<br />
export PATH=$PATH:$HOME/trbsoft/trb3/dabc/bin/<br />
export LD_LIBRARY_PATH=$HOME/trbsoft/trb3/dabc/lib/<br />
<br />
# Use perl 5.24<br />
rm -f /home/trb3/.perlbrew/init<br />
source ~/perl5/perlbrew/etc/bashrc<br />
perlbrew switch perl-5.24.0 <br />
<br />
### TL<br />
### This part restarts the trbnetd server;<br />
### this server takes instructions from trbcmd executable and<br />
### passes them actually to the TRB.<br />
export TRB3_SERVER=trb171:26000<br />
export TRBNETDPID=$(pgrep -f "trbnetd -i 171")<br />
<br />
export DAQOPSERVER=localhost:171<br />
<br />
export LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:/home/trb3/trbsoft/trbnettools/libtrbnet<br />
<br />
test -s ~/.alias && . ~/.alias || true<br />
<br />
# PATH="/home/trb3/perl5/bin${PATH:+:${PATH}}"; export PATH;<br />
PERL5LIB="/home/trb3/perl5/perlbrew/perls/perl-5.24.0/lib/5.24.0/:/home/trb3/trbsoft/daqtools/web/include:/home/trb3/trbsoft/trbnettools/libtrbnet_perl/blib/lib:/usr/share/perl5/vendor_perl"; export PERL5LIB;<br />
#PERL_LOCAL_LIB_ROOT="/home/trb3/perl5${PERL_LOCAL_LIB_ROOT:+:${PERL_LOCAL_LIB_ROOT}}"; export PERL_LOCAL_LIB_ROOT;<br />
#PERL_MB_OPT="--install_base \"/home/trb3/perl5\""; export PERL_MB_OPT;<br />
#PERL_MM_OPT="INSTALL_BASE=/home/trb3/perl5"; export PERL_MM_OPT;<br />
export LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:/home/trb3/trbsoft/trbnettools/libtrbnet_perl/blib/arch/auto/HADES/TrbNet/<br />
<br />
<br />
# setup ROOT <br />
source ~/packages/root/bin/thisroot.sh <br />
<br />
# setup MIDAS<br />
export MIDASSYS=${HOME}/packages/midas<br />
export PATH=${PATH}:${MIDASSYS}/linux/bin<br />
export MIDAS_EXPTAB=${HOME}/online/exptab<br />
export ROOTANASYS=${HOME}/packages/rootana<br />
<br />
<br />
</pre><br />
<br />
<br />
8) Now start the trb3 program and initialize the TRB3<br />
<br />
<pre><br />
cd ~/trbsoft/daqtools/users/triumf_trb171<br />
source startup.sh<br />
</pre><br />
<br />
<br />
9) If this is a new TRB3, need to modify the following files, <br />
<br />
<pre><br />
trbcmd i 0xffff <br />
# check open to figure out the serial number of new TRB3 FPGAs<br />
# use this info to modify following files:<br />
vi db/addresses_trb3.db<br />
vi $DAQ_TOOLS_PATH/base/serials_trb3.db<br />
vi db/register_configtdc.db<br />
<br />
</pre><br />
<br />
== TRB3 MIDAS implementation == <br />
<br />
We have a working MIDAS readout of the TRB3 TDC data. Currently this readout uses a lot of the original GSI tools for setting up the TRB3 before the readout can start. At this time you need to do steps 1 and 2 described in "Start up instructions" in order to setup the TRB3 before starting the MIDAS frontend. Eventually we will try to remove as many as possible of the original GSI tools. <br />
<br />
MIDAS frontend code is available here:<br />
<br />
https://bitbucket.org/ttriumfdaq/trb3_frontend<br />
<br />
The MIDAS frontend is setup to read events directly from the UDP buffer. You can see a running MIDAS TRB3 frontend here:<br />
<br />
<br />
<br />
=== Setting up for MIDAS data taking === <br />
<br />
We are using the account trb3@daq11.triumf.ca for running this DAQ. If you need to restart the DAQ system, do the following<br />
<br />
* Run the setup program that will initialize the TRB3 and set the 10kHz software trigger<br />
<pre> <br />
cd /home/trb3/trbsoft/daqtools/users/triumf_trb171<br />
source startup.sh<br />
</pre><br />
<br />
* (Optional) We can also start a webgui that allows us to check/configure the TRB3 separate from MIDAS; this is sometimes useful for monitoring. To do this, do<br />
<pre><br />
cd /home/trb3/trbsoft/daqtools/web<br />
export PERL5LIB=/home/trb3/perl5/perlbrew/perls/perl-5.24.0/lib/5.24.0/:/home/trb3/trbsoft/daqtools/web/include:/home/trb3/trbsoft/trbnettools/libtrbnet_perl/bli b/lib:/usr/share/perl5/vendor_perl<br />
./cts_gui --noopenxterm --port=1234 --endpoint=0xc001<br />
</pre><br />
This allows access to GSI [http://daq11:1234/ web GUI].<br />
<br />
* Start the MIDAS TRB3 readout frontend, if not running:<br />
<pre><br />
/home/trb3/online/trb3_frontend/fetrb3UDP.exe -D<br />
</pre><br />
<br />
Actually, the default fetrb3UDP program does not create all the ODB settings that it should. It misses one setting, which specifies the name of the bank for a particular address. Create this variable after running the program the first time, using odbedit:<br />
<br />
<pre><br />
[local:trb3:R]Settings> cd /Equipment/TRB3_UDP/Settings<br />
[local:trb3:S]Settings>create STRING trb765 <br />
String length [32]:<br />
[local:trb3:S]Settings>move trb765 1<br />
[local:trb3:S]Settings>set trb765 TRBA<br />
</pre><br />
<br />
As noted, we currently (April 9) we have the TRB3 setup with a 10kHz software trigger.<br />
<br />
== Running the analyzer == <br />
<br />
I added simple decoder and histograming classes to rootana. Currently I have only implemented the crude TDC calibration into the TRB3 bank decoders. In the long run we may want to integrate the fine TDC calibration directly into the frontend. <br />
<br />
To look at the analyzer display, run the following<br />
<br />
<pre><br />
/home/trb3/online/trb3_frontend/analyzer/anaDisplay.exe<br />
</pre><br />
<br />
The display shows different histograms, arranged by FPGA and channel number. Histograms are<br />
<br />
# The TDC times for each channel, with crude calibration applied<br />
# The TDC raw fine times; ie, the raw counts for the sub-5ns part of the TDCs<br />
# TDC time difference histograms; for this canvas you can set the reference FPGA and channel<br />
<br />
Analyzer notes:<br />
* On the physical TRB3 board the FPGAs are numbered as being 1-4, but the analyzer converts these to the more normal 0-3 indexing.<br />
* Channel 0 is also the TDC associated with the actual trigger; in our case, the time of the software trigger<br />
* For FPGA 0 and 1 the firmware is configured so we are reading both leading and falling TDC edges; so for these FPGAs channel 1 is the leading edge of the first input and channel 2 is the trailing edge of the first input, and so on. For FPGAs 2 and 3 we are only reading the leading edge of the TDCs.<br />
<br />
To dump data from MIDAS file, do following<br />
<br />
<pre><br />
cd /home/trb3/online/trb3_frontend/analyzer<br />
./ana.exe /home/trb3/online/run00026.mid.gz<br />
</pre><br />
<br />
Modify ana.cxx to analyze the TDC data and type 'make' to recompile ana.exe.</div>
Lindner
https://daq00.triumf.ca/DaqWiki/index.php?title=VMs&diff=4640
VMs
2021-06-11T23:34:00Z
<p>Lindner: </p>
<hr />
<div>The following is a list of virtual machines provided by the Core Computing group which are used by the DAQ group or by related experimental groups. Many of them are for elog instances.<br />
<br />
<br />
{| border="1" <br />
|+<br />
| VM machine name <br />
|Other names<br />
| Group<br />
| VLAN<br />
| Purpose<br />
| Status<br />
|-<br />
| midastestdaq<br />
|<br />
| DAQ<br />
| 1<br />
| Has example MIDAS installation (part of documentation)<br />
| Currently broken<br />
|-<br />
| trdata05<br />
|<br />
| DAQ<br />
| 1<br />
| Provides ~10TB of storage for the DAQ dcache instance.<br />
|<br />
<br />
|-<br />
| ucmsrv0-vm.triumf.ca<br />
| ucnelog<br />
| UCN<br />
| 1<br />
| Providing UCN elog<br />
|<br />
|-<br />
| ucnbackup.triumf.ca<br />
|<br />
| UCN<br />
| 68<br />
| Provides 2TB of storage for raw data backup<br />
|<br />
|-<br />
| ktmserver.triumf.ca<br />
|<br />
| UCN<br />
| 1<br />
| Provides readout and online display for the 1VM4 notch monitor (beamline 1V)<br />
|<br />
|-<br />
| exoelog.triumf.ca<br />
|<br />
| EXO<br />
| 1<br />
| Provides elog for EXO tests<br />
| not really used<br />
|-<br />
| scdms-srv0.triumf.ca<br />
|<br />
| SuperCDMS<br />
| 1<br />
| Testbed for CDMS development on Centos-7; also provides elog.<br />
|<br />
|-<br />
| mpmtelog.triumf.ca<br />
|<br />
| T2K<br />
| 1<br />
| Provides elog for mPMT development<br />
|<br />
|-<br />
| m11elog.triumf.ca<br />
|<br />
| M11<br />
| 1<br />
| Provides elog for M11 beamline<br />
|<br />
|-<br />
| nd280elog-vm<br />
|<br />
| T2K<br />
| 1<br />
| Provides elog for ND280<br />
|<br />
|-<br />
| nd280webservice-vm<br />
|<br />
| T2K<br />
| 1<br />
| Provides various elog services<br />
|<br />
|-<br />
| neut00-vm.triumf.ca<br />
|<br />
| T2K<br />
| 1<br />
| Provides T2KGSC mirror, web & db server<br />
|<br />
|-<br />
| trbsddb-vm.triumf.ca<br />
|<br />
| T2K<br />
| 1<br />
| Provides BSD MySQL Database server<br />
|<br />
|-<br />
| t2kcaldb.triumf.ca<br />
|<br />
| T2K<br />
| 1<br />
| Provides MySQL database for ND280 calibration<br />
|<br />
|-<br />
| t2kcaldb-backup.triumf.ca <br />
|<br />
| T2K<br />
| 1<br />
| Provides MySQL endpoint for calibration database<br />
|<br />
|-<br />
| nd280gsc-backup.triumf.ca <br />
|<br />
| T2K<br />
| 1<br />
| Provides MySQL endpoint for GSC database<br />
|<br />
|<br />
|-<br />
| t2k-fdg-hwdb.triumf.ca<br />
|<br />
| T2K<br />
| 1<br />
| Hosts the FGD hardware database and webserver<br />
|<br />
|<br />
|-<br />
|}</div>
Lindner
https://daq00.triumf.ca/DaqWiki/index.php?title=VMs&diff=4639
VMs
2021-06-11T23:33:46Z
<p>Lindner: </p>
<hr />
<div>The following is a list of virtual machines provided by the Core Computing group which are used by the DAQ group or by related experimental groups. Many of them are for elog instances.<br />
<br />
<br />
{| border="1" <br />
|+<br />
| VM machine name <br />
|Other names<br />
| Group<br />
| VLAN<br />
| Purpose<br />
| Status<br />
|-<br />
| midastestdaq<br />
|<br />
| DAQ<br />
| 1<br />
| Has example MIDAS installation (part of documentation)<br />
| Currently broken<br />
|-<br />
| trdata05<br />
|<br />
| DAQ<br />
| 1<br />
| Provides ~10TB of storage for the DAQ dcache instance.<br />
|<br />
<br />
|-<br />
| ucmsrv0-vm.triumf.ca<br />
| ucnelog<br />
| UCN<br />
| 1<br />
| Providing UCN elog<br />
|<br />
|-<br />
| ucnbackup.triumf.ca<br />
|<br />
| UCN<br />
| 68<br />
| Provides 2TB of storage for raw data backup<br />
|<br />
|-<br />
| ktmserver.triumf.ca<br />
|<br />
| UCN<br />
| 1<br />
| Provides readout and online display for the 1VM4 notch monitor (beamline 1V)<br />
|<br />
|-<br />
| exoelog.triumf.ca<br />
|<br />
| EXO<br />
| 1<br />
| Provides elog for EXO tests<br />
| not really used<br />
|-<br />
| scdms-srv0.triumf.ca<br />
|<br />
| SuperCDMS<br />
| 1<br />
| Testbed for CDMS development on Centos-7; also provides elog.<br />
|<br />
|-<br />
| mpmtelog.triumf.ca<br />
|<br />
| T2K<br />
| 1<br />
| Provides elog for mPMT development<br />
|<br />
|-<br />
| m11elog.triumf.ca<br />
|<br />
| M11<br />
| 1<br />
| Provides elog for M11 beamline<br />
|<br />
|-<br />
| nd280elog-vm<br />
|<br />
| T2K<br />
| 1<br />
| Provides elog for ND280<br />
|<br />
|-<br />
| nd280webservice-vm<br />
|<br />
| T2K<br />
| 1<br />
| Provides various elog services<br />
|<br />
|-<br />
| neut00-vm.triumf.ca<br />
|<br />
| T2K<br />
| 1<br />
| Provides T2KGSC mirror, web & db server<br />
|<br />
|-<br />
| trbsddb-vm.triumf.ca<br />
|<br />
| T2K<br />
| 1<br />
| Provides BSD MySQL Database server<br />
|<br />
|-<br />
| t2kcaldb.triumf.ca<br />
|<br />
| T2K<br />
| 1<br />
| Provides MySQL database for ND280 calibration<br />
|<br />
|-<br />
| t2kcaldb-backup.triumf.ca <br />
|<br />
| T2K<br />
| 1<br />
| Provides MySQL endpoint for calibration database<br />
|<br />
|-<br />
| nd280gsc-backup.triumf.ca <br />
|<br />
| T2K<br />
| 1<br />
| Provides MySQL endpoint for GSC database<br />
|<br />
|<br />
|-<br />
| t2k-fdg-hwdb.triumf.ca<br />
|<br />
| T2K<br />
| 1<br />
| Hosts the FGD hardware database and webserver<br />
|<br />
|<br />
|-<br />
|}<br />
<br />
<br />
VM machine name Other names Group VLAN Purpose Status<br />
midastestdaq DAQ 1 Has example MIDAS installation (part of documentation) Currently broken<br />
trdata05 DAQ 1 Provides ~10TB of storage for the DAQ dcache instance. <br />
ucmsrv0-vm.triumf.ca ucnelog UCN 1 Providing UCN elog <br />
ucnbackup.triumf.ca UCN 68 Provides 2TB of storage for raw data backup <br />
ktmserver.triumf.ca UCN 1 Provides readout and online display for the 1VM4 notch monitor (beamline 1V) <br />
exoelog.triumf.ca EXO 1 Provides elog for EXO tests not really used<br />
scdms-srv0.triumf.ca SuperCDMS 1 Testbed for CDMS development on Centos-7; also provides elog. <br />
mpmtelog.triumf.ca T2K 1 Provides elog for mPMT development <br />
m11elog.triumf.ca M11 1 Provides elog for M11 beamline <br />
nd280elog-vm T2K 1 Provides elog for ND280 <br />
nd280webservice-vm T2K 1 Provides various elog services <br />
neut00-vm.triumf.ca T2K 1 Provides T2KGSC mirror, web & db server <br />
trbsddb-vm.triumf.ca T2K 1 Provides BSD MySQL Database server <br />
t2kcaldb.triumf.ca T2K 1 Provides MySQL database for ND280 calibration <br />
t2kcaldb-backup.triumf.ca T2K 1 Provides MySQL endpoint for calibration database <br />
nd280gsc-backup.triumf.ca T2K 1 Provides MySQL endpoint for GSC database <br />
t2k-fdg-hwdb.triumf.ca T2K 1 Hosts the FGD hardware database and webserver</div>
Lindner
https://daq00.triumf.ca/DaqWiki/index.php?title=VMs&diff=4638
VMs
2021-06-11T23:31:54Z
<p>Lindner: Created page with "The following is a list of virtual machines provided by the Core Computing group which are used by the DAQ group or by related experimental groups. Many of them are for elog i..."</p>
<hr />
<div>The following is a list of virtual machines provided by the Core Computing group which are used by the DAQ group or by related experimental groups. Many of them are for elog instances.<br />
<br />
VM machine name Other names Group VLAN Purpose Status<br />
midastestdaq DAQ 1 Has example MIDAS installation (part of documentation) Currently broken<br />
trdata05 DAQ 1 Provides ~10TB of storage for the DAQ dcache instance. <br />
ucmsrv0-vm.triumf.ca ucnelog UCN 1 Providing UCN elog <br />
ucnbackup.triumf.ca UCN 68 Provides 2TB of storage for raw data backup <br />
ktmserver.triumf.ca UCN 1 Provides readout and online display for the 1VM4 notch monitor (beamline 1V) <br />
exoelog.triumf.ca EXO 1 Provides elog for EXO tests not really used<br />
scdms-srv0.triumf.ca SuperCDMS 1 Testbed for CDMS development on Centos-7; also provides elog. <br />
mpmtelog.triumf.ca T2K 1 Provides elog for mPMT development <br />
m11elog.triumf.ca M11 1 Provides elog for M11 beamline <br />
nd280elog-vm T2K 1 Provides elog for ND280 <br />
nd280webservice-vm T2K 1 Provides various elog services <br />
neut00-vm.triumf.ca T2K 1 Provides T2KGSC mirror, web & db server <br />
trbsddb-vm.triumf.ca T2K 1 Provides BSD MySQL Database server <br />
t2kcaldb.triumf.ca T2K 1 Provides MySQL database for ND280 calibration <br />
t2kcaldb-backup.triumf.ca T2K 1 Provides MySQL endpoint for calibration database <br />
nd280gsc-backup.triumf.ca T2K 1 Provides MySQL endpoint for GSC database <br />
t2k-fdg-hwdb.triumf.ca T2K 1 Hosts the FGD hardware database and webserver</div>
Lindner
https://daq00.triumf.ca/DaqWiki/index.php?title=Sysman&diff=4637
Sysman
2021-06-11T23:31:16Z
<p>Lindner: /* System management */</p>
<hr />
<div>== System management ==<br />
<br />
* [http://daq-plone.triumf.ca/SM/docs/local Misc documentation on the daq-plone site]<br />
* [[Daqinv]] DAQ inventory database<br />
* [[Amanda]] AMANDA backups<br />
* [[DAQ_Cluster]] http://www.triumf.info/wiki/DAQwiki/index.php/ISAC_Cluster http://www.triumf.info/wiki/DAQwiki/index.php/MUSR_Cluster http://www.triumf.info/wiki/DAQwiki/index.php/TITAN<br />
* DAQ cluster management links: [https://ladd00.triumf.ca/gonodeinfo Nodeinfo] [http://ladd00.triumf.ca/triumf_nodeinfo/config.html Nodeinfo] [http://ladd00.triumf.ca/ganglia Ganglia] [http://ladd00.triumf.ca/diskusers/disks.html Diskusers] [http://ladd00.triumf.ca/~olchansk/pingmon/triumf.html network ping monitor] [http://ladd00.triumf.ca/~daqweb/daqbackup/ daqbackup]<br />
* [http://trdata00.triumf.ca:2288 TRDATA dcache status]<br />
* TRIUMF resources: [http://andrew.triumf.ca/domain-cgi/get-node.pl Network database] [http://trweb.triumf.ca/hostmonitor/main_form.php Network monitor] [https://helpdesk.triumf.ca Helpdesk]<br />
* [http://trshare.triumf.ca/~olchansk/triumf_nodeinfo Documentation for nodeinfo]<br />
* [https://daq.triumf.ca/DaqWiki/index.php/DiskScrub Documentation for diskscrub]<br />
* https://www.triumf.info/wiki/DAQwiki/index.php/disk_benchmarks<br />
* [http://trshare.triumf.ca/~olchansk/diskusers Documentation for diskusers]<br />
* [[VMs]] DAQ VMs<br />
<br />
== Linux documentation ==<br />
<br />
* [[SLinstall]] SL5/SL6/CentOS7/CentOS8 install instructions<br />
* [[Ubuntu]] Ubuntu install instructions<br />
* [[Raspbian]] Raspbian OS for ARM processors (Raspberry Pi, Cyclone5 SoC, etc)<br />
* [[ZFS]] ZFS instructions<br />
<br />
== Misc documentation ==<br />
<br />
* https://www.triumf.info/wiki/DAQwiki/index.php/DaqVlanConfig VLANs for DAQ and experiments<br />
* [[PcHardware]] DAQ PC Configurations<br />
* [[PcRackmount]] DAQ Rackmounted Configurations<br />
* https://www.triumf.info/wiki/DAQwiki/index.php/DaqSvn DAQ SVN repositories and instructions (obsolete)<br />
* [[Quartus]] Altera Quartus<br />
* https://www.triumf.info/wiki/DAQwiki/index.php/HADOOP (obsolete)<br />
* https://www.triumf.info/wiki/DAQwiki/index.php/EPICS<br />
* https://www.triumf.info/wiki/DAQwiki/index.php/VNC<br />
* https://www.triumf.info/wiki/DAQwiki/index.php/Cloning_raid1_boot_disks<br />
* https://www.triumf.info/wiki/DAQwiki/index.php/Setup_MIDAS_experiment<br />
* https://www.triumf.info/wiki/DAQwiki/index.php/IEEE_MAC_TRIUMF IEEE MAC addresses assigned to TRIUMF<br />
* https://www.triumf.info/wiki/DAQwiki/index.php/DaqWikiManagement DAQWiki management<br />
* https://www.triumf.info/wiki/DAQwiki/index.php/PHYSICA<br />
* https://www.triumf.info/wiki/DAQwiki/index.php/ROOT<br />
* https://www.triumf.info/wiki/DAQwiki/index.php/MIDAS<br />
* https://www.triumf.info/wiki/DAQwiki/index.php/ROOTANA ROOTANA : ROOT Analyzer for MIDAS<br />
* https://www.triumf.info/wiki/DAQwiki/index.php/ROODY<br />
* https://www.triumf.info/wiki/DAQwiki/index.php/ser2net ser2net USB-Serial-RS232 interface<br />
* [[GIT]]<br />
* https://www.triumf.info/wiki/DAQwiki/index.php/TrdataDcache tradata dcache system for experimental data storage<br />
* https://www.triumf.info/wiki/DAQwiki/index.php/dhcpd_on_eth1 Enabling dhcpd on secondary ethernet port<br />
* https://www.triumf.info/wiki/DAQwiki/index.php/nextcloud<br />
* https://www.triumf.info/wiki/DAQwiki/index.php/DAQ_VMs DAQ and experimental group VMs<br />
* obsolete data acquisition software: [https://daq.triumf.ca/~daqweb/doc/susiq/ SUSIQ] [https://daq.triumf.ca/~daqweb/doc/nova/ NOVA]</div>
Lindner
https://daq00.triumf.ca/DaqWiki/index.php?title=SLinstall&diff=3928
SLinstall
2021-05-01T15:26:03Z
<p>Lindner: /* Configure HTTPS server (CentOS7) */</p>
<hr />
<div>== Notes ==<br />
<br />
* these instructions are periodically updated to include items needed for older/newer versions of Linux. They are marked like this: (SL4.2+) means Scientific Linux 4.2 and newer; (SL4 is equivalent to FC3). (FC5 only) means Fedora Core 5; etc.<br />
* obsolete items are marked by the "#" sign at the beginning of the line and sometimes have a comment about the reason for removal.<br />
* typically, we do not "upgrade" machines using the Red Hat "upgrade" function. Instead, we save critical files from the old installation and do a "fresh install" from scratch<br />
* starting with RHEL7, the recommended OS is CentOS7 (instead of SL7).<br />
<br />
== Disk configurations ==<br />
<br />
The year is 2019 and SSDs are used exclusively, except for bulk data storage, where one used 6-8-10-12 TB HDDs<br />
<br />
For reliability, home directories and data disks must use redundant storage - mdadm raid1 or ZFS raid1/raid6.<br />
<br />
For non-critical machines, a single SSD seems to be reliable enough to use as a boot and OS disk. But since any<br />
storage device can fail at any time without warning, home directories and data disks should use redundant storage.<br />
<br />
Note: for data disks bigger than 4-6TB, mdadm raid1/raid6 is no longer recommended because raid rebuild,<br />
verification and repair time has become unreasonably long. Instead, use ZFS raid1/raid6 which implements online verification,<br />
repair and disk replacement without requiring machine shutdown or OS down time.<br />
<br />
* single SSD - 120GB min - single partition for "/", no swap partition (create a swap file if swap is needed) - for non-critical machine with no local data storage (OS only)<br />
* dual SSD - 2x240GB min - all partitions mirrored (RAID1), 30GB "/", rest for /home1 - for daq station with local user home directories and no bulk data storage<br />
* single SSD + 2x6-8-10-12TB HDD - SSD partition: all "/", HDD partition as ZFS raid1 (mirrored) - for daq station with small local bulk data storage<br />
* single SSD + 6-8x6-8-10-12TB HDD - for small storage server machines - for daq station with local home directories and large bulk data storage.<br />
<br />
For VME processors:<br />
<br />
* network boot - [[VME-CPU#Network_boot]] - only option for V7648/V7750, do not use for V7805 (no netboot from GigE), optional for V7865/XVB-602<br />
* USB boot - 8GB USB for V7805, 16GB USB for V7865/XVB-602<br />
<br />
== Preparation ==<br />
<br />
* save /etc, /var, /root, /opt, (if needed: /usr/local, /tftpboot) by rsync to some data disk (/ladd/data0/root)<br />
* check that "/" partition (it will be overwritten) is different from /home1 and /data partitions<br />
* note the MAC addresses of all network interfaces, add them to ladd00 dhcpd.conf to enable PXE boot into the SL "network installer"<br />
* shutdown<br />
<br />
== Running installer (CentOS7) ==<br />
<br />
CentOS7 can be installed from vanilla CentOS7 installation media or from<br />
a custom USB key build per there instructions:<br />
https://daqshare.triumf.ca/~olchansk/linux/CentOS7/<br />
<br />
The custom installer makes it easy to use a custom kickstart file (ks.cfg).<br />
<br />
Instructions for using the usb-installer:<br />
<br />
* disconnect machine from network<br />
* plug the usb-installer into a usb3 port (blue colour)<br />
* reboot machine, select booting from usb (press F8 on ASUS motherboards)<br />
* usb-installer boot menu offers to install CentOS7, go there<br />
* CentOS7 should boot (many messages scroll on screen)<br />
* into graphical mode<br />
* into installer main menu<br />
* all installer options should "happy" except for the "installation destination"<br />
* go to the "installation destination" menu<br />
** unselect all disks except for the SSD where the OS will be installed<br />
** (MOST IMPORTANT: unselect the USB installer disk!)<br />
** select "I will configure..."<br />
** say "done"<br />
** the "manual partitionning" menu will open<br />
*** use the "-" button to delete all existing partitions<br />
*** select "standard partition"<br />
*** click on the "+" button<br />
*** in the "Add new partition" dialog, set mount point "/", capacity blank, click "add mount point"<br />
*** check capacity (should be full size of SSD), check filesystem type (should be XFS)<br />
*** say "done", there will be a warning about absent swap partition, say "done" again.<br />
*** in the big useless dialog, say "accept changes"<br />
*** should be back to the "installation summary" screen, "installation destination" should be happy now<br />
* after everything is happy, say "begin installation"<br />
* as the installation proceeds, set the password for the root user<br />
* after installation is complete, reboot the machine<br />
* unplug the usb-installer, CentOS7 should boot from SSD into the login screen<br />
* click on "not listed?", login as root<br />
* setup network connection:<br />
** open a terminal<br />
** start "nm-connection-editor"<br />
** click on "+" to create a new connection profile<br />
** select "wired ethernet"<br />
** select "add profile..."<br />
** in "Identity", set "name" to "static"<br />
** in "Identity", check that "Connect automatically" and "Make available..." is enabled<br />
** in "IPv4", set "Addresses" to "manual" instead of "dhcp"<br />
** enter IP address, netmask 255.255.224.0, gateway 142.90.100.18, dns 142.90.100.19, search triumf.ca<br />
** say "Add", then close/quit the network settings<br />
* connect network cable<br />
* network should be up, ping ladd00 should work<br />
* run: yum update -y<br />
* check new kernel is installed: ls -l /boot<br />
* logout and restart (good luck finding these buttons in the gui!)<br />
* confirm correct linux kernel is selected during boot (-229.20, not the original installer kernel)<br />
* login as root, confirm network is up, proceed with the rest of these instructions<br />
<br />
== Configure SSH ==<br />
<br />
(+CentOS7)<br />
<br />
* Login from the console<br />
* restore the SSH keys from backup (/etc/ssh/*key*)<br />
* service sshd restart<br />
* ssh into the new machine as root<br />
* ssh root@localhost, ctrl-C<br />
* ### this is done later from Konstantin's git repository - scp root@ladd00:/root/authorized_keys ~root/.ssh/<br />
* (not needed for SL5.5 kickstart) check that /etc/ssh/ssh_config contains "ForwardX11 yes" and "ForwardX11Trusted yes":<br />
<pre><br />
echo " ForwardX11 yes" >> /etc/ssh/ssh_config<br />
echo " ForwardX11Trusted yes" >> /etc/ssh/ssh_config<br />
</pre><br />
<br />
== Post installation CentOS7 ==<br />
<br />
Set hostname: (use full name, i.e. daq11.triumf.ca)<br />
<pre><br />
emacs -nw /etc/hostname<br />
</pre><br />
<br />
<pre><br />
echo "olchansk@triumf.ca amaudruz@triumf.ca lindner@triumf.ca bsmith@triumf.ca" >> ~root/.forward<br />
chmod a+r /var/log/messages<br />
chmod a+r /var/log/yum.log<br />
</pre><br />
<br />
Activate rc.local:<br />
<pre><br />
chmod a+x /etc/rc.local<br />
chmod a+x /etc/rc.d/rc.local # TL edit<br />
systemctl enable rc-local<br />
systemctl start rc-local<br />
systemctl status rc-local<br />
</pre><br />
<br />
== Disable "persistent network names" (DO NOT DO THIS) ==<br />
<br />
<pre><br />
/bin/touch /etc/udev/rules.d/75-persistent-net-generator.rules<br />
/bin/rm /etc/udev/rules.d/70-persistent-net.rules<br />
#shutdown -r now<br />
</pre><br />
<br />
== Configure NIS client (CentOS7) ==<br />
<br />
<pre><br />
yum -y install ypbind authconfig<br />
echo "NISTIMEOUT=5" >> /etc/sysconfig/network<br />
echo "NETWORKWAIT=yes" >> /etc/sysconfig/network<br />
authconfig --enablenis --enablepreferdns --nisdomain LADD-NIS --nisserver ladd00.triumf.ca --update<br />
ypwhich<br />
ypcat -k passwd<br />
systemctl restart autofs<br />
</pre><br />
* On the master NIS node (ladd00), add this new node to /etc/netgroup, and update NIS maps (cd /var/yp; make)<br />
* Use "system-config-users" to add local user accounts<br />
* enable selinux ssh key login to nfs mounted home directories:<br />
<pre><br />
setsebool -P use_nfs_home_dirs 1<br />
</pre><br />
<br />
== Configure NIS client (CentOS8) ==<br />
<br />
* all the same as for CentOS7<br />
* ensure correct boot order for ypbind (in CentOS 8.1 ypbind is started before network is ready, service file uses "Wants" instead of "After")<br />
<pre><br />
mkdir /etc/systemd/system/ypbind.service.d<br />
echo -e "[Unit]\nAfter=network-online.target\n" > /etc/systemd/system/ypbind.service.d/local.conf<br />
systemctl daemon-reload<br />
systemctl cat ypbind.service<br />
</pre><br />
<br />
== Configure NIS secondary server (CentOS7) ==<br />
<br />
Enable local NIS server, make local machine use it:<br />
<br />
<pre><br />
yum -y install ypserv<br />
/usr/lib64/yp/ypinit -s ladd00 ### (/usr/lib/yp/ypinit on 32-bit machines)<br />
### ypinit will give lots of errors about "rpc.ypxfrd failed: RPC: Can't decode result"; can be ignored<br />
systemctl enable rpcbind ypserv ypxfrd yppasswdd<br />
systemctl start rpcbind ypserv ypxfrd yppasswdd<br />
emacs -nw /etc/yp.conf # change "domain XXX server YYY.triumf.ca" to read "domain XXX server localhost"<br />
systemctl restart ypbind<br />
ypwhich # should say "localhost"<br />
ypcat -k auto.master # should work<br />
</pre><br />
<br />
Punch hole in the firewall: (or "make" on NIS master will complain)<br />
<br />
<pre><br />
echo YPSERV_ARGS=\"-p 800\" >> /etc/sysconfig/network<br />
systemctl restart ypserv<br />
firewall-cmd --get-services<br />
firewall-cmd --add-service rpc-bind --permanent<br />
firewall-cmd --add-port=800/tcp --add-port=800/udp --permanent<br />
firewall-cmd --reload<br />
firewall-cmd --list-all<br />
</pre><br />
<br />
* on the NIS master:<br />
** add the new machine to /var/yp/ypservers, run "make -C /var/yp" and also "cd /var/yp; yppush -h newmachine ypservers"<br />
*** TL (2020-09): we not doing this anymore? I guess it doesn't work anyway...<br />
** if using /var/yp/securenets, copy it from NIS master to new NIS secondary server<br />
<br />
Enable hourly NIS update cron job (DO THIS AFTER git pull scripts, see below)<br />
<br />
<pre><br />
cd ~/git/scripts<br />
git pull<br />
cd etc<br />
cd ~/git/scripts/etc; ln -s $PWD/ypxfr-cron-hourly /etc/cron.hourly<br />
</pre><br />
<br />
== Configure AUTOFS (CentOS7) ==<br />
<br />
<pre><br />
yum -y install autofs<br />
systemctl enable autofs<br />
systemctl start autofs<br />
ls -l /daq/daqshare<br />
</pre><br />
<br />
<br />
<br />
== Label Selinux labels ==<br />
<br />
When upgrading non-selinux machines (el6) to el7 (selinux enforcing) the existing<br />
user home directories will not have the correct selinux labels and many things<br />
will not work, including ssh logins (sshd cannot access ~user/.ssh files).<br />
<br />
<pre><br />
semanage fcontext -a -e /home /home1 ### selinux has special rules for /home, assign them to /home1<br />
restorecon -R -v /home1 ### apply the new rules to files in /home1<br />
ls -Zd /home1/alpha/.ssh<br />
# should say: drwx------. alpha users system_u:object_r:ssh_home_t:s0 /home1/alpha/.ssh<br />
</pre><br />
<br />
== Configure time (CentOS7) ==<br />
<br />
Time server ntpd was replaced by chronyd.<br />
<br />
<pre><br />
yum -y install chrony<br />
echo server time1 iburst >> /etc/chrony.conf<br />
echo server time2 iburst >> /etc/chrony.conf<br />
echo server time3 iburst >> /etc/chrony.conf<br />
systemctl enable chronyd<br />
systemctl restart chronyd<br />
chronyc sources<br />
chronyc tracking<br />
</pre><br />
<br />
* if desired, edit /etc/chrony.conf, remove non-triumf time servers<br />
<br />
== Enable automatic system updates (CentOS7) ==<br />
<br />
Disable yum-cron:<br />
<br />
<pre><br />
rpm --erase yum-cron<br />
/bin/rm -v /var/lock/subsys/yum-cron<br />
/bin/rm -v /etc/cron.daily/0yum-daily.cron<br />
/bin/rm -v /etc/cron.hourly/0yum-hourly.cron<br />
</pre><br />
<br />
Enable yum-autoupdate:<br />
<br />
<pre><br />
yum install -y epel-release<br />
yum install -y yum-changelog yum-protectbase yum-tsflags yum-versionlock<br />
rpm -vh --install http://linuxsoft.cern.ch/cern/centos/7.2/cern/x86_64/Packages/yum-kernel-module-1-5.el7.cern.noarch.rpm<br />
rpm -vh --install http://linuxsoft.cern.ch/cern/centos/7.2/cern/x86_64/Packages/yum-autoupdate-4.4.2-1.el7.cern.noarch.rpm<br />
#rpm -vh --install https://daqshare.triumf.ca/~olchansk/linux/yum-autoupdate-4.4.2-1.el7.cern.noarch.rpm https://daqshare.triumf.ca/~olchansk/linux/yum-kernel-module-1-5.el7.cern.noarch.rpm<br />
systemctl enable yum-autoupdate<br />
systemctl start yum-autoupdate<br />
systemctl status yum-autoupdate<br />
</pre><br />
<br />
== Disable automatic system updates (CentOS7) ==<br />
<br />
<pre><br />
yum -y erase yum-autoupdate<br />
/bin/rm -f /etc/sysconfig/yum-autoupdate.rpmsave<br />
/bin/rm -f /var/lock/subsys/yum-autoupdate<br />
</pre><br />
<br />
== Enable automatic system updates (CentOS8) ==<br />
<br />
<pre><br />
yum -y install dnf-automatic<br />
systemctl enable --now dnf-automatic.timer<br />
systemctl list-timers *dnf-*<br />
</pre><br />
<br />
edit /etc/dnf/automatic.conf<br />
<pre><br />
apply_updates = yes<br />
</pre><br />
<br />
== Configure system services (CentOS7) ==<br />
<br />
* systemctl list-unit-files | grep enabled | sort ### (to see enabled services)<br />
* disable unwanted services:<br />
<pre><br />
systemctl disable bluetooth<br />
systemctl disable dm-event<br />
systemctl disable dmraid-activation<br />
systemctl disable iscsid<br />
systemctl disable iscsi<br />
systemctl disable iscsiuio<br />
systemctl disable libvirtd<br />
systemctl disable lvm2-lmetad<br />
systemctl disable lvm2-monitor<br />
systemctl disable ModemManager<br />
systemctl disable multipathd<br />
systemctl disable netcf-transaction<br />
systemctl disable lvm2-lvmetad.socket<br />
systemctl disable lvm2-lvmpolld.socket<br />
systemctl disable iscsid.socket<br />
systemctl disable iscsiuio.socket<br />
#systemctl disable <br />
</pre><br />
<br />
== Erase unwanted packages (CentOS7) ==<br />
<br />
* PackageKit # bugs users about security updates, hogs yum lock<br />
* perl-homedir # creates unwanted $HOME/perl5<br />
* ModemManager # thinks that all USB-attached devices are modems<br />
* pcp # sends error email to itself, does not work<br />
* abrt # sends email to root about useless crashes, i.e. crash of X when machine is rebooted<br />
* rear # some kind of backup and recovery tool, not clear what it does, but it sends email complaining how it is broken<br />
* bash-completion # "echo $HOME/<TAB>" becomes "echo \$HOME" (notice "\" added before "$") preventing tab-completion from doing anything useful.<br />
<br />
<pre><br />
yum -y erase PackageKit perl-homedir ModemManager pcp abrt abrt-libs abrt-gui-libs rear bash-completion<br />
</pre><br />
<br />
== Disable unwanted package "tracker" ==<br />
<br />
The "tracker" package is part of the GNOME desktop, it scans the content of all files<br />
into a database for quick searching.<br />
<br />
When it malfunctions, bad things happen, i.e. read through<br />
https://bugzilla.redhat.com/show_bug.cgi?id=747689<br />
<br />
Specific problem I see is that it floods the system log with error messages. Also <br />
consumes network and filesystem bandwidth for NFS mounted home directories.<br />
<br />
This package cannot be removed by "yum erase tracker" dues to dependencies<br />
from core GNOME desktop.<br />
<br />
Instead, do this to deactivate it:<br />
<br />
<pre><br />
chmod -x /usr/libexec/tracker-*<br />
chmod -x /usr/bin/tracker<br />
chattr +i /usr/bin/tracker<br />
chattr +i /usr/libexec/tracker-*<br />
</pre><br />
<br />
== Configure external package repositories (CentOS7) ==<br />
<br />
EPEL: (addtional packages)<br />
<pre><br />
yum install epel-release<br />
</pre><br />
<br />
ELREPO: (kernel modules and drivers) (CentOS8)<br />
<pre><br />
yum install elrepo-release<br />
</pre><br />
<br />
ELREPO: (kernel drivers)<br />
<pre><br />
rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org<br />
rpm -Uvh https://www.elrepo.org/elrepo-release-7.0-2.el7.elrepo.noarch.rpm<br />
yum -y install yum-plugin-fastestmirror<br />
</pre><br />
<br />
== Install packages needed to continue with installation ==<br />
<br />
(+CentOS7)<br />
<br />
(these packages are sometimes missing, they are needed to follow following instructions instructions)<br />
<br />
(SL6.5: libotf is a dependancy of emacs - SL6.5 installer fails to install it)<br />
<br />
<pre><br />
yum install ed patch wget git libotf gdisk emacs perl<br />
</pre><br />
<br />
== Configure Konstantin's scripts ==<br />
<br />
(+Centos7)<br />
<br />
<pre><br />
mkdir ~root/git<br />
cd ~root/git<br />
git clone http://ladd00.triumf.ca/~olchansk/git/scripts.git<br />
cd scripts<br />
git pull<br />
</pre><br />
<br />
Go back to the NIS slave server and install the hourly NIS update cron job.<br />
<br />
== Enable yum version lock ==<br />
<br />
<pre><br />
yum install yum-plugin-versionlock<br />
#yum versionlock packagename # yum versionlock rpcbind<br />
#yum versionlock list # list locked packages<br />
#yum versionlock delete packagename # unlock given package<br />
#yum versionlock clear # delete all locks<br />
</pre><br />
<br />
== Configure trusted ssh keys ==<br />
<br />
(+CentOS7)<br />
<br />
<pre><br />
ssh localhost<br />
interrupt by Ctrl-C<br />
/bin/cp ~/git/scripts/etc/authorized_keys ~/.ssh/<br />
</pre><br />
<br />
== Configure hardware sensors ==<br />
<br />
* yum -y install lm_sensors<br />
* sensors-detect (accept default answer to all questions - press ENTER)<br />
* systemctl restart lm_sensors<br />
* sensors (to see available sensors)<br />
<br />
If no sensors are detected by standard drivers, follow motherboard-specific instructions at the bottom of this page.<br />
<br />
== Configure IPMI sensors ==<br />
<br />
Some machines support the IPMI interface for monitoring the hardware: fan speeds, temperatures, voltages.<br />
<br />
* find out if IPMI is supported. Try this:<br />
<pre><br />
dmidecode | grep -i ipmi<br />
</pre><br />
if output is not blank, IPMI is maybe supported.<br />
* install and enable IPMI software:<br />
<pre><br />
yum install "OpenIPMI*" ipmitool<br />
service ipmi start<br />
ipmitool sensor ### to confirm IPMI is present. If output is blank, do not go further.<br />
chkconfig ipmi on<br />
chkconfig ipmievd on<br />
service ipmi restart<br />
service ipmievd restart<br />
tail -100 /var/log/messages ### look at messages logged by ipmievd<br />
</pre><br />
* (CentOS7) install and enable IPMI software:<br />
<pre><br />
yum install "OpenIPMI*" ipmitool<br />
systemctl start ipmi<br />
ipmitool sensor ### to confirm IPMI is present. If output is blank, do not go further.<br />
systemctl list-unit-files | grep -i ipmi<br />
systemctl enable ipmi<br />
systemctl restart ipmi<br />
systemctl status ipmi<br />
systemctl enable ipmievd<br />
systemctl restart ipmievd<br />
systemctl status ipmievd<br />
tail -100 /var/log/messages ### look at messages logged by ipmievd<br />
</pre><br />
<br />
* if ipmievd complains about SEL buffer overflow, clear it manually:<br />
<pre><br />
ipmitool sel list ### show ipmi messages in raw format<br />
ipmitool sel elist ### show ipmi messages in useful format<br />
ipmitool sel elist > file ### save ipmi messages into a file<br />
ipmitool sel clear ### clear all accumulated ipmi messages<br />
</pre><br />
<br />
* useful ipmi commands:<br />
** ipmitool sensor -- read hardware sensors<br />
** ipmitool sel elist -- report all accumulated messages<br />
<br />
== Configure ECC memory ==<br />
<br />
* check that machine has ECC memory: dmidecode --type memory | grep -i ecc<br />
<br />
Configure mcelog (machine check exception)<br />
<br />
* yum install mcelog<br />
* check that mcelog is running: ps -efw | grep mcelog<br />
* (el6) chkconfig mcelogd on; service mcelogd restart<br />
* (el7) systemctl status mcelog.service; systemctl enable mcelog.service; systemctl restart mcelog.service<br />
<br />
Check for MCE (machine check exception) messages:<br />
<br />
* mcelog --client<br />
* grep -i mce /var/log/messages*<br />
* grep -i ecc /var/log/messages*<br />
<br />
Configure EDAC<br />
<br />
<pre><br />
yum install edac-utils<br />
edac-ctl --mainboard<br />
edac-ctl --status<br />
lsmod | grep edac<br />
modprobe ie31200_edac ### driver for Intel E3-1200 series ECC memory<br />
<br />
[root@grsmid00 ~]# ls -l /sys/devices/system/edac/mc/<br />
... empty<br />
<br />
[root@alpha00 ~]# ls -l /sys/devices/system/edac/mc/<br />
drwxr-xr-x. 15 root root 0 Oct 25 16:40 mc0<br />
...<br />
[root@alpha00 ~]# ls -l /sys/devices/system/edac/mc/mc0<br />
total 0<br />
-r--r--r--. 1 root root 4096 Oct 25 16:40 ce_count<br />
-r--r--r--. 1 root root 4096 Oct 25 16:40 ce_noinfo_count<br />
drwxr-xr-x. 3 root root 0 Oct 25 16:40 csrow0<br />
drwxr-xr-x. 3 root root 0 Oct 25 16:40 csrow1<br />
drwxr-xr-x. 3 root root 0 Oct 25 16:40 csrow2<br />
drwxr-xr-x. 3 root root 0 Oct 25 16:40 csrow3<br />
-r--r--r--. 1 root root 4096 Oct 25 16:40 max_location<br />
-r--r--r--. 1 root root 4096 Oct 25 16:40 mc_name<br />
drwxr-xr-x. 2 root root 0 Oct 25 16:40 power<br />
drwxr-xr-x. 3 root root 0 Oct 25 16:40 rank0<br />
drwxr-xr-x. 3 root root 0 Oct 25 16:40 rank1<br />
drwxr-xr-x. 3 root root 0 Oct 25 16:40 rank2<br />
drwxr-xr-x. 3 root root 0 Oct 25 16:40 rank3<br />
drwxr-xr-x. 3 root root 0 Oct 25 16:40 rank4<br />
drwxr-xr-x. 3 root root 0 Oct 25 16:40 rank5<br />
drwxr-xr-x. 3 root root 0 Oct 25 16:40 rank6<br />
drwxr-xr-x. 3 root root 0 Oct 25 16:40 rank7<br />
--w-------. 1 root root 4096 Oct 25 16:40 reset_counters<br />
-r--r--r--. 1 root root 4096 Oct 25 16:40 seconds_since_reset<br />
-r--r--r--. 1 root root 4096 Oct 25 16:40 size_mb<br />
lrwxrwxrwx. 1 root root 0 Oct 2 12:02 subsystem -> ../../../../../bus/mc0<br />
-r--r--r--. 1 root root 4096 Oct 25 16:40 ue_count<br />
-r--r--r--. 1 root root 4096 Oct 25 16:40 ue_noinfo_count<br />
-rw-r--r--. 1 root root 4096 Oct 25 16:40 uevent<br />
[root@alpha00 ~]# <br />
<br />
[root@alpha00 ~]# edac-ctl --status<br />
edac-ctl: drivers are loaded.<br />
<br />
[root@alpha00 ~]# edac-util <br />
edac-util: No errors to report.<br />
<br />
[root@alpha00 ~]# edac-util -s<br />
edac-util: EDAC drivers are loaded. 1 MC detected<br />
</pre><br />
<br />
== Configure SMARTD (CentOS7) ==<br />
<br />
Default el7 smartd config files send deficient email notices about disk failures. Overwrite.<br />
<br />
<pre><br />
/bin/cp ~/git/scripts/etc/smartd.conf /etc/smartmontools/<br />
/bin/cp ~/git/scripts/etc/smartd_warning.sh /etc/smartmontools/<br />
systemctl enable smartd<br />
systemctl restart smartd<br />
systemctl status smartd<br />
</pre><br />
<br />
== Enable User Disk Quotas (OPTIONAL) ==<br />
<br />
(+CentOS7)<br />
<br />
* read http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Storage_Administration_Guide/ch-disk-quotas.html<br />
* emacs -nw /etc/fstab, add "grpquota,usrquota" to filesystem options, e.g.:<br />
<pre><br />
[root@isdaq00 home1]# grep quota /etc/fstab<br />
UUID=5a2aefbd-45db-475e-841e-12ec89220fbd /home1 ext4 defaults,grpquota,usrquota 1 2<br />
</pre><br />
* cd /; umount /home1; mount /home1<br />
* quotacheck -cug /home1<br />
* quotacheck -avug<br />
* quotaon -av<br />
* quota system is now active<br />
* increase the soft quota time limit from default 7days to 30 or 60 days: edquota -t<br />
* set quotas for all users (see below)<br />
* setup warnquota:<br />
** create warnquota config file: emacs -nw /etc/warnquota.conf<br />
<pre><br />
# values can be quoted:<br />
MAIL_CMD = "/usr/sbin/sendmail -t"<br />
FROM = root<br />
SUBJECT = User %i@%h exceeded allocated disk quota<br />
CC_TO = "root"<br />
# If you set this variable CC will be used only when user has less than<br />
# specified grace time left (examples of possible times: 5 seconds, 1 minute,<br />
# 12 hours, 5 days)<br />
# CC_BEFORE = 2 days<br />
SUPPORT = "root"<br />
# Text in the beginning of the mail (if not specified, default text is used)<br />
# This way text can be split to more lines<br />
# Line breaks are done by '|' character<br />
# The expressions %i, %h, %d, and %% are substituted for user/group name,<br />
# host name, domain name, and '%' respectively. For backward compatibility<br />
# %s behaves as %i but is deprecated.<br />
MESSAGE = User "%i" on "%h" has exceeded the allocated disk quota.||Please delete any unnecessary files on following filesystems or|contact the system administrato<br />
r to increase your quota allocation:|<br />
SIGNATURE = --|automated email from warnquota<br />
</pre><br />
** note that %i@%h in the SUBJECT line do not seem to work<br />
** create cron job: emacs -nw /etc/cron.daily/warnquota<br />
<pre><br />
#!/bin/sh<br />
warnquota<br />
#end<br />
</pre><br />
** chmod a+x /etc/cron.daily/warnquota<br />
** touch /etc/crontab<br />
<br />
Useful commands for managing quotas:<br />
* repquota -a | sort -n -k3 ### show quota of all users sorted by disk usage<br />
* edquota -u username ### open "vi" editor to change user quotas<br />
* repquote -a | grep username ### report quota for given user<br />
* setquota -u username 0 0 0 0 /home1 ### disable quotas for given user<br />
* setquota -u username 50000000 100000000 0 0 /home1 ### set quotas for 50GB soft and 100GB hard<br />
* edquota -t ### change user quota time limits<br />
* edquote -tg ### change group quota time limits<br />
<br />
== Enable NFS V4 server (CentOS7) ==<br />
<br />
* create /etc/exports. example: (fsid numbers should be unique and increase 1,2,3,...)<br />
<pre><br />
/home1 @home_export(rw,no_root_squash,async,fsid=1)<br />
/data1 @data_export(rw,no_root_squash,async,fsid=2)<br />
</pre><br />
* check the netgroup file<br />
** if using NIS: check NIS netgroup: ypcat -k netgroup<br />
** if no NIS, create /etc/netgroup: @daqmachines (deap00,,) (deap01,,) (deap02,,)<br />
** if no NIS, edit /etc/nsswitch.conf, make the netgrooup line read: "netgroup: files"<br />
* enable things, start them:<br />
<pre><br />
firewall-cmd --get-services<br />
firewall-cmd --permanent --add-service=nfs<br />
firewall-cmd --reload<br />
firewall-cmd --list-all<br />
systemctl enable nfs-server<br />
systemctl start nfs-server<br />
systemctl status nfs<br />
</pre><br />
<br />
== Enable NFS V3 server (CentOS7) ==<br />
<br />
<pre><br />
ps -efw | grep rpc.mountd # should be running!<br />
firewall-cmd --get-services<br />
firewall-cmd --permanent --add-service=mountd<br />
firewall-cmd --permanent --add-service=rpc-bind<br />
firewall-cmd --reload<br />
firewall-cmd --list-all<br />
</pre><br />
<br />
== Enable NFS V3 server ==<br />
<br />
* edit /etc/hosts.allow, add or uncomment "mountd: 142.90.0.0/255.255.0.0"<br />
* create /etc/exports. example:<br />
<pre><br />
/home1 @home_export(rw,no_root_squash,async)<br />
/data1 @data_export(rw,no_root_squash,async)<br />
</pre><br />
* check the netgroup file<br />
** if using NIS: check NIS netgroup: ypcat -k netgroup<br />
** if no NIS, create /etc/netgroup: @daqmachines (deap00,,) (deap01,,) (deap02,,)<br />
** if no NIS, edit /etc/nsswitch.conf, make the netgrooup line read: "netgroup: files"<br />
* chkconfig nfs on<br />
* chkconfig nfslock on<br />
* service nfs restart<br />
<br />
Then on ladd00 need to do<br />
* ssh to root@ladd00<br />
* edit /etc/auto.daq to add new machine...<br />
* make -C /var/yp<br />
<br />
== Enable NFS V4 SERVER (SL6) ==<br />
<br />
* if used with NIS, same as NFSv3<br />
* if used as standalone, need to edit idmapd.conf - set the "Domain" name to the same value on NFS server and NFS slave (default automagically determined value does not always work). More TBW.<br />
<br />
== Enable AMANDA backups ==<br />
<br />
AMANDA backups are already enabled by TRIUMF kickstart installs. For non-kickstart installation, follow instructions at [[http://amanda/~amanda http://amanda/~amanda]], or look at "/triumfcs/trshare/olchansk/linux/amanda/amanda-enable.perl". As final step, use [[https://helpdesk.triumf.ca https://helpdesk.triumf.ca]] to contact TRIUMF CS to add this new machine to the amanda backup list.<br />
<br />
* yum install triumf-amanda<br />
<br />
== Enable AMANDA backups (CentOS7) ==<br />
<br />
<pre><br />
yum install amanda-client<br />
systemctl list-unit-files | grep -i amanda<br />
#systemctl enable amanda<br />
systemctl enable amanda.socket<br />
systemctl enable amanda-udp.socket<br />
systemctl restart amanda.socket<br />
systemctl restart amanda-udp.socket<br />
firewall-cmd --get-services<br />
firewall-cmd --permanent --add-service=amanda-client<br />
firewall-cmd --reload<br />
firewall-cmd --list-all<br />
echo amanda.triumf.ca amanda amdump >> /var/lib/amanda/.amandahosts<br />
</pre><br />
<br />
On amanda server, add new machine to the disklist, then:<br />
<br />
<pre><br />
amcheck -c daily titan00<br />
</pre><br />
<br />
== Enable DCACHE ==<br />
<br />
DAQ dcache server is mounted as<br />
<br />
/daq/pnfs/triumf.ca/data/<br />
<br />
For Centos-7 machines, you need to adjust the firewall rules in order to be able to communicate with the trdata machines; this is only necessary if you are copying data to trdata. The firewall changes are<br />
<br />
<pre><br />
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="142.90.100.212/32" port protocol="tcp" port="0-65535" accept"<br />
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="142.90.107.156/32" port protocol="tcp" port="0-65535" accept"<br />
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="142.90.100.219/32" port protocol="tcp" port="0-65535" accept"<br />
firewall-cmd --reload<br />
firewall-cmd --list-all<br />
</pre><br />
<br />
This instructions are unnecessary <br />
* # mkdir -p /pnfs<br />
* # edit /etc/rc.local, add to the end of file: "mount -o intr,rw,noac,hard,nfsvers=3 trdata00:/pnfs /pnfs &"<br />
* # . /etc/rc.local<br />
<br />
For more information on, see [[TrdataDcache]] dcache page.<br />
<br />
== Configure Ganglia (Centos7) ==<br />
<br />
CentOS7 Ganglia instructions (EPEL7 ganglia-3.7.2)<br />
<br />
<pre><br />
/bin/rm /etc/gmond.conf<br />
yum -y install "ganglia-gmond*"<br />
/bin/cp -v /dev/null /etc/ganglia/conf.d/multicpu.conf # collects useless data<br />
/bin/cp -v /dev/null /etc/ganglia/conf.d/netstats.pyconf # spews errors into syslog<br />
/bin/cp -v /dev/null /etc/ganglia/conf.d/diskstat.pyconf # collects useless data<br />
/bin/cp -v /dev/null /etc/ganglia/conf.d/procstat.pyconf # do not create /tmp/gmond.conf<br />
/bin/cp ~/git/scripts/etc/gmond.conf /etc/ganglia/gmond.conf<br />
systemctl enable gmond<br />
systemctl restart gmond<br />
systemctl status gmond<br />
</pre><br />
<br />
== Configure Ganglia (Centos8) ==<br />
<br />
CentOS8 Ganglia instructions (EPEL8 ganglia-3.7.2)<br />
<br />
<pre><br />
/bin/rm /etc/gmond.conf<br />
yum -y install "ganglia-gmond*"<br />
/bin/cp ~/git/scripts/etc/gmond.conf /etc/ganglia/gmond.conf<br />
systemctl enable gmond<br />
systemctl restart gmond<br />
systemctl status gmond<br />
cd ~/git/scripts/ganglia<br />
./ganglia-all.perl<br />
make install<br />
</pre><br />
<br />
== Configure TRIUMF DAQ packages ==<br />
<br />
(+CentOS7)<br />
<br />
<pre><br />
cd /etc/yum.repos.d<br />
wget http://daq.triumf.ca/~daqweb/yum/triumf-daq.repo<br />
</pre><br />
<br />
== Install Konstantin's packages ==<br />
<br />
(+CentOS7)<br />
<br />
<pre><br />
yum --disablerepo=\* --enablerepo=triumf-daq --skip-broken install diskscrub emailonreboot monitor_nfs "ganglia-*" triumf_nodeinfo<br />
</pre><br />
<br />
== Install memtest and PXE boot ==<br />
<br />
!!!DO NOT DO THIS!!!<br />
<br />
<pre><br />
cd /boot<br />
wget http://ladd00.triumf.ca/tftpboot/memtest86+-5.01.bin.gz<br />
wget http://ladd00.triumf.ca/tftpboot/memtest86+-4.20.bin.gz<br />
wget http://ladd00.triumf.ca/tftpboot/memtest86+-4.10<br />
wget http://ladd00.triumf.ca/tftpboot/gpxe-1.0.1+-gpxe.lkrn<br />
<br />
emacs -nw /boot/grub/grub.conf<br />
title memtest86+-5.01<br />
root (hd0,0)<br />
kernel /boot/memtest86+-5.01.bin.gz<br />
title memtest86+-4.20<br />
root (hd0,0)<br />
kernel /boot/memtest86+-4.20.bin.gz<br />
title memtest86+-4.10<br />
root (hd0,0)<br />
kernel /boot/memtest86+-4.10<br />
title pxeboot<br />
root (hd0,0)<br />
kernel /boot/gpxe-1.0.1+-gpxe.lkrn<br />
</pre><br />
<br />
== Install node monitoring ==<br />
<br />
(+CentOS7)<br />
<br />
<pre><br />
yum --disablerepo=\* --enablerepo=triumf-daq --skip-broken install triumf_nodeinfo<br />
/usr/sbin/sendnodeinfo.perl --config ladd00.triumf.ca:8600<br />
emacs -nw /etc/nodeinfo<br />
/usr/sbin/sendnodeinfo.perl ladd00.triumf.ca:8600<br />
</pre><br />
<br />
== Install gonodeinfo node monitoring ==<br />
<br />
(+Ubuntu, +CentOS7, +CentOS8)<br />
<br />
go to https://bitbucket.org/dd1/gonodeinfo<br />
follow instructions:<br />
<pre><br />
yum -y install golang<br />
mkdir ~/git<br />
cd ~/git<br />
git clone https://bitbucket.org/dd1/gonodeinfo.git<br />
# or git clone https://daq.triumf.ca/~olchansk/git/gonodeinfo.git<br />
cd gonodeinfo<br />
git pull<br />
make<br />
make install # install gonodeinfo agent<br />
cd ~ # this is important<br />
</pre><br />
<br />
* emacs -nw /etc/gonodeinfo.conf<br />
* change "Description", "Location", "User" and "Administrator" as appropriate (or delete them)<br />
* change "Servers" to read: Servers: ladd00.triumf.ca:8601<br />
* run gonodeinfo -e<br />
* if error is "connection refused". go to the nodeinfo server to add this client to the access control list:<br />
* on the gonodeinfo server: run gonodereceive -a daq13<br />
* try gonodeinfo again, there should be no error<br />
* on the gonodeinfo server: run gonodereport, look at the web pages, the new machine should be listed now<br />
<br />
== Install latest system updates ==<br />
<br />
(+CentOS7)<br />
<br />
<pre><br />
yum update -y<br />
</pre><br />
<br />
== Configure TRIUMF Printers (CentOS7) ==<br />
<br />
<pre><br />
systemctl stop cups<br />
systemctl disable cups<br />
echo "ServerName printers.triumf.ca" > /etc/cups/client.conf<br />
lpstat -a<br />
</pre><br />
<br />
== Disable syslog spam (CentOS7) ==<br />
<br />
Default el7 config is spamming the syslog with useless messages "systemd: Starting Session", etc. Disable this:<br />
<br />
<pre><br />
echo auditctl -e 0 >> /etc/rc.local<br />
echo /usr/bin/systemd-analyze set-log-level notice >> /etc/rc.local<br />
/etc/rc.local<br />
</pre><br />
<br />
== Install basic system packages (CentOS7) ==<br />
<br />
(if starting from minimal system, basic system packages required:)<br />
<br />
<pre><br />
yum install -y which psmisc redhat-lsb-core xorg-x11-xauth xterm emacs-nox rsync tcpdump strace nfs-utils sysstat iftop tcsh<br />
yum install -y gcc gcc-c++ gdb glibc-static libstdc++-static zlib zlib-devel openssl-devel httpd-tools<br />
</pre><br />
<br />
== Install packages needed for QUARTUS, ROOT, EPICS and MIDAS DAQ ==<br />
<br />
(+CentOS7)<br />
<br />
yum install --skip-broken giflib.x86_64 sysstat "libusb-devel*" unixODBC-devel postgresql-devel libxml2-devel libXpm-devel libgfortran git compat-readline43 "graphviz*" dcap "tigervnc*" telnet glibc"*" strace "fftw*" libpng "freetype*" xpdf "xemacs*" tkcvs xterm mutt "*-g77*" joe "libXmu*" dcap-devel gsl-devel pcre-devel h5py gd-devel xorg-x11-fonts"*" minicom xfig"*" perl-BSD-Resource "net-snmp-*" readline-static git-all nasm imake tcl-devel gv xorg-x11-twm expat-devel screen compat-readline5 ImageMagick ImageMagick-devel wget alacarte scipy numpy sympy nedit gnuplot php-cli php-domxml-php4-php5 php-gd php-fpdf php-cli kdebase cmake tcpdump sqlite sqlite-devel kdegraphics gdisk lsof gconf-editor iftop tk-devel mcelog kdm blt itcl lz4 bzip2 pbzip2 apr-devel apr-util-devel net-tools golang"*" --exclude golang-cover"*"hg"*" --exclude golang"*"hg"*" --exclude golang-pkg"*" --exclude golang-github"*" --exclude golang"*"git"*" mesa"*" xerces-c"*" diffuse clang i2c-tools texlive-revtex texlive-revtex4 kile kbibtex xrdp glibc.i686 gimp gimp-data-extras perl-GD"*" perl-Math"*" perl-Statistics-Basic cmake3 cmake3-gui extra-cmake-modules python2-pip x2go"*" mariadb-devel glibc-devel.i686 libzstd<br />
<br />
== Install optional packages ==<br />
<br />
!! DO NOT DO THIS !!<br />
<br />
(do not install boost on 32-bit machines)<br />
<br />
yum install --skip-broken "boost-*" <br />
<br />
(packages for 32-bit software compilation on 64-bit machines. this is optional)<br />
<br />
yum install --skip-broken giflib.i386 giflib.i686 compat-libf2c-34.i386 compat-libf2c-34.i686 mysql-devel.i686 openssl-devel.i686 unixODBC-devel.i686 libstdc++-devel.i386 libstdc++-devel.i686 "zlib-*.i686" "libXext-*.i686" "libXtst-*.i686" glibc-static.i686 freetype.i686 fontconfig.i686 libpng.i686 libXrender.i686 glibc-devel.i686 libX11-devel.i686 libXpm-devel.i686 libXft-devel.i686 mysql-devel.i686 dcap-devel.i686 gsl-devel.i686 pcre-devel.i686 fontconfig-devel.i686 freetype-devel.i686 libpng-devel.i686 libjpeg-devel.i686 libgfortran.i686 libxml2-devel.i686 gd-devel.i686 readline-devel.i686 ncurses-devel.i686 libXdmcp.i686 readline-static.i686 compat-readline5.i686<br />
<br />
yum install boost-devel.i686<br />
<br />
(separately install these packages - they collide with the big bunch above)<br />
<br />
yum install rdesktop<br />
<br />
yum reinstall urw-fonts<br />
<br />
== Install libraries for PHYSICA (CentOS7) ==<br />
<br />
To run physica built on el6 from git sources on el7, do this:<br />
<br />
(building physica on el7 is nort supported at this time)<br />
<br />
(see more http://www.triumf.info/wiki/DAQwiki/index.php/PHYSICA)<br />
<br />
<pre><br />
yum -y install libX11.i686 gd.i686 libpng12.i686 readline.i686 compat-libf2c-34.i686<br />
</pre><br />
<br />
== Install additional desktop environements (CentOS7) ==<br />
<br />
<pre><br />
# LXQT (from EPEL)<br />
# NOT COMPATIBLE WITH el7.7 # yum -y install "lxqt*"<br />
# Cinnamon desktop (from EPEL)<br />
yum -y install cinnamon<br />
# KDE5 not available yet<br />
# MATE (from epel)<br />
yum -y groupinstall "MATE Desktop"<br />
yum -y install mate-common mate-icon-theme-faenza mate-netspeed mate-sensors-applet mate-themes-extras mate-utils<br />
yum -y erase ModemManager abrt abrt-libs abrt-gui-libs<br />
# XFCE4 (from EPEL)<br />
yum -y groupinstall xfce<br />
yum -y install "xfce*plugin" xfce4-about --exclude xfce4-hamster-plugin<br />
yum -y erase bash-completion<br />
</pre><br />
<br />
* make the MATE desktop as default<br />
<br />
<pre><br />
cd ~root/git/scripts/<br />
git pull<br />
/bin/cp -v etc/lightdm_default_mate.conf /etc/lightdm/lightdm.conf.d/<br />
</pre><br />
<br />
* lighdm login manager (from EPEL)<br />
<pre><br />
yum install lightdm lightdm-kde lightdm-qt lightdm-qt5<br />
</pre><br />
<br />
* and switch from gdm to lighdm<br />
<pre><br />
systemctl disable gdm.service<br />
systemctl enable lightdm.service<br />
(systemctl stop gdm; systemctl restart lightdm) &<br />
</pre><br />
<br />
== Install SMART scripts ==<br />
<br />
(+CentOS7)<br />
<br />
<pre><br />
ln -sf ~/git/scripts/smart-status/smart-status.perl ~/<br />
</pre><br />
<br />
== Install NTFS drivers ==<br />
<br />
yum install ntfs-3g ntfsprogs (from EPEL)<br />
<br />
== Install HFS and HFS+ drivers (CentOS7) ==<br />
<br />
yum --disablerepo=\* --enablerepo=elrepo install kmod-hfs kmod-hfsplus<br />
<br />
== Install Google Chrome web browser (64-bit CentOS7) ==<br />
<br />
<pre><br />
/bin/cp ~/git/scripts/etc/google-chrome-64.repo /etc/yum.repos.d/<br />
yum install google-chrome-stable<br />
</pre><br />
<br />
== Enable monitoring of HTTPS certificates ==<br />
<br />
On SL6, CentOS7:<br />
<br />
<pre><br />
yum install crypto-utils<br />
/etc/cron.daily/certwatch<br />
strace -f /etc/cron.daily/certwatch |& grep open | grep crt<br />
</pre><br />
<br />
== Enable 100dpi fonts for EPICS ==<br />
<br />
(+CentOS7)<br />
<br />
<pre><br />
ln -s /usr/share/X11/fonts/100dpi /etc/X11/fontpath.d/<br />
</pre><br />
<br />
== Enable crontab @reboot for MIDAS (CentOS7) ==<br />
<br />
el7 has a bug - cron @reboot entries for normal users can run before autofs is ready, so if the home directory<br />
is on autofs/NFS, it cannot be accessed and the cron job fails. If MIDAS is supposed to be<br />
started by cron @reboot, it will not start (there *will* be an error message in /var/log/cron).<br />
<br />
<pre><br />
mkdir /etc/systemd/system/crond.service.d<br />
echo -e "[Unit]\nAfter=ypbind.service autofs.service\n" > /etc/systemd/system/crond.service.d/local.conf<br />
systemctl daemon-reload<br />
systemctl cat crond.service<br />
</pre><br />
<br />
Explore the systemd dependacy tree using "systemctl list-dependencies" maybe with "--all".<br />
<br />
Visualize the exact boot sequence from previous boot: "systemd-analyze plot > xxx.svg", look at the svg file using a web browser.<br />
<br />
== Enable firewall for MIDAS (CentOS7) ==<br />
<br />
Default el7 configuration prevents all access to servers running on the local machine, including access to MIDAS mhttpd (tcp port 8443) and mserver (all tcp ports).<br />
<br />
To enable access to mhttpd:<br />
<br />
<pre><br />
firewall-cmd --add-port=8443/tcp --permanent<br />
firewall-cmd --reload<br />
firewall-cmd --list-all<br />
</pre><br />
<br />
To enable access to the mserver from a specific host: (replace 142.90.111.175 with the IP address of the permitted host)<br />
<br />
<pre><br />
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="142.90.111.175/32" port protocol="tcp" port="0-65535" accept"<br />
firewall-cmd --reload<br />
firewall-cmd --list-all<br />
</pre><br />
<br />
To enable access from the private network (replace "192.168.1.0" with your private network number):<br />
<br />
<pre><br />
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.1.0/24" port protocol="tcp" port="0-65535" accept"<br />
firewall-cmd --reload<br />
firewall-cmd --list-all<br />
</pre><br />
<br />
== Enable firewall for EPICS (CentOS7) ==<br />
<br />
To enable access to TRIUMF EPICS servers, do this:<br />
<br />
<pre><br />
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="142.90.132.0/23" accept"<br />
firewall-cmd --reload<br />
firewall-cmd --list-all<br />
</pre><br />
<br />
For UCN the controls people seem to have EPICS setup on a different server; this might be true for CMMS as well. In this case the firewall rule change should be<br />
<br />
<pre><br />
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="142.90.139.0/23" accept"<br />
firewall-cmd --reload<br />
firewall-cmd --list-all<br />
</pre><br />
<br />
== Disable gdm and X11 (OPTIONAL) ==<br />
<br />
<pre><br />
initctl stop prefdm<br />
echo "start on never" > /etc/init/prefdm.override<br />
echo "start on never" > /etc/init/splash-manager.override<br />
initctl reload-configuration<br />
</pre><br />
<br />
then enable login on default console:<br />
<pre><br />
echo "plymouth quit" >> /etc/rc.local<br />
echo "X_TTY=xxx/dev/tty1" >> /etc/sysconfig/init<br />
</pre><br />
<br />
== Install JAVAWS (OPTIONAL) ==<br />
<br />
* to run Java "web start" jnlp files (EVO, SEEVOGH, etc): javaws Downloads/spider.jnlp<br />
* install javaws:<br />
* yum install icedtea-web icedtea-web-javadoc<br />
<br />
== Install firefox java plugin (OPTIONAL, DO NOT DO THIS) ==<br />
<br />
This installs the Oracle Java plugin:<br />
<br />
* rpm -vh --install ~deap/jdk-7u15-linux-x64.rpm<br />
* ls -l /usr/lib64/mozilla/plugins/<br />
* ln -s /usr/java/jdk1.7.0_15/jre/lib/amd64/libnpjp2.so /usr/lib64/mozilla/plugins/<br />
* start firefox, go edit->preferences->general->manage add-ons->plugins<br />
* "java plugin 1.7.0_15" should be listed<br />
<br />
<br />
<br />
== Configure USB device permissions ==<br />
<br />
(+CentOS7)<br />
<br />
Configure USB device permissions for user access to USB-serial devices, Altera USB Blaster, etc.<br />
<br />
* create file /etc/udev/rules.d/99-usb-chmod.rules with this contents:<br />
<br />
<pre><br />
emacs -nw /etc/udev/rules.d/99-usb-chmod.rules<br />
ACTION=="add", SUBSYSTEM=="usb_device", RUN+="/bin/chmod a+wr /dev/%c"<br />
ACTION=="add", SUBSYSTEM=="usb_device", RUN+="/bin/chmod a+wr /proc/%c"<br />
ACTION=="add", ENV{DEVTYPE}=="usb_device", RUN+="/bin/chmod a+wr $env{DEVNAME}"<br />
ACTION=="add", ENV{DEVTYPE}=="usb_device", RUN+="/bin/chmod a+wr $env{DEVICE}"<br />
ACTION=="add", ENV{PHYSDEVBUS}=="usb-serial", RUN+="/bin/chmod a+wr $env{DEVNAME}"<br />
ACTION=="add", ENV{DEVPATH}=="/class/tty/ttyS*", RUN+="/bin/chmod a+wr $env{DEVNAME}"<br />
ACTION=="add", SUBSYSTEM=="tty", DEVPATH=="*ttyUSB*", RUN+="/bin/chmod a+rw $env{DEVNAME}"<br />
ACTION=="add", SUBSYSTEM=="tty", DEVPATH=="*ttyS*", RUN+="/bin/chmod a+rw $env{DEVNAME}"<br />
</pre><br />
<br />
* apply new permissions: udevadm trigger --action=add<br />
<br />
== Disable modem-manager ==<br />
<br />
The modem-manager will try to talk to any serial devices attached to USB serial ports. It assumes that those devices are modems and will send out modem-specific commands. if the devices are not modems and do not understand or do not like modem commands, well that's too bad. modem-manager is installed by the ModemManager package required by the NetworkManager package, and there is no configuration setting to turn modem-manager off.<br />
<br />
One way to disable it is: chmod a= /usr/sbin/modem-manager<br />
<br />
Another way to disable it is by forced uninstall: rpm --erase --nodeps ModemManager<br />
<br />
Remember to kill the running copy: killall -KILL modem-manager<br />
<br />
Caveat: it is not clear if modem-manager would not be resurrected by an update to the NetworkManager or ModemManager packages.<br />
<br />
== Configure Altera jtagd ==<br />
<br />
(if needed)<br />
<br />
<pre><br />
mkdir /etc/jtagd<br />
echo 'Password = "123";' > /etc/jtagd/jtagd.conf<br />
cp -pv /daq/daqshare/olchansk/altera/11.0/quartus/linux/pgm_parts.txt /etc/jtagd/jtagd.pgm_parts<br />
</pre><br />
<br />
* start local jtagd: /daq/daqshare/olchansk/altera/11.0/quartus/bin/jtagd<br />
* test local connection: /daq/daqshare/olchansk/altera/11.0/quartus/bin/jtagconfig<br />
* test remote connection (add this machine to your .jtag.conf, run jtagconfig<br />
<br />
For more information, go to [[Quartus]]<br />
<br />
== Install EOS ==<br />
<br />
Instructions from here:<br />
http://eos-docs.web.cern.ch/eos-docs/quickstart/setup_repo.html<br />
<br />
<pre><br />
rpm -vh --install https://dss-ci-repo.web.cern.ch/dss-ci-repo/eos/citrine/tag/el-7/x86_64/eos-repo-el7-generic-1.noarch.rpm<br />
yum-config-manager --disable eos-citrine # disable auto-update because all packages are not signed<br />
yum-config-manager --disable eos-dep # disable auto-update because all packages are not signed.<br />
yum install eos-client eos-fuse --enablerepo=eos-citrine<br />
</pre><br />
<br />
== Install fix for the el7 systemd dbus boot hang ==<br />
<br />
Around early Summer 2018 el7 started showing a boot problem. In the nutshell,<br />
there is a problem with the dbus connection between dbus and systemd that<br />
prevents polkit, firewalld, etc from starting. The system eventually boots<br />
enough that one can ssh into it, but most things do not work. Notably,<br />
polkit is not running, firewalld is not running, ssh login takes about 15-30 second.<br />
<br />
Solution is to add a special systemd service to check that dbus started correctly.<br />
It that runs after dbus is started, but before it is used, and it restarts dbus in a loop<br />
with a delay until dbus starts correctly. In testing, dbus always starts correctly after<br />
the first retry.<br />
<br />
<pre><br />
cd ~root/git/scripts/etc<br />
git pull<br />
/bin/cp -vf systemd-check-dbus.perl /usr/bin/<br />
/bin/cp -vf systemd-check-dbus.service /etc/systemd/system/<br />
systemctl daemon-reload<br />
systemctl enable systemd-check-dbus<br />
systemctl start systemd-check-dbus<br />
systemctl status systemd-check-dbus<br />
</pre><br />
<br />
After linux boots, if everything was okey, the script will report this:<br />
<pre><br />
[root@iris01 ~]# systemctl status systemd-check-dbus<br />
...<br />
Feb 08 17:15:49 iris01.triumf.ca systemd[1]: Starting Check that systemd is registered with dbus...<br />
Feb 08 17:15:49 iris01.triumf.ca sh[4283]: Starting check for systemd dbus connection<br />
Feb 08 17:15:50 iris01.triumf.ca sh[4283]: List: string "org.freedesktop.DBus"<br />
Feb 08 17:15:50 iris01.triumf.ca sh[4283]: List: string "org.freedesktop.systemd1"<br />
Feb 08 17:15:50 iris01.triumf.ca sh[4283]: systemd1 dbus service exists, success!<br />
Feb 08 17:15:50 iris01.triumf.ca sh[4283]: Finished check for systemd dbus connection<br />
Feb 08 17:15:50 iris01.triumf.ca systemd[1]: Started Check that systemd is registered with dbus.<br />
</pre><br />
<br />
If the boot problem happened, the script will report about restarting dbus.<br />
<br />
Note: the systemd service file adjusts the start order of other services, this adjustment seems to reduce the probability of the problem.<br />
<br />
== Configure GRUB boot loader (CentOS7, CentOS8) ==<br />
<br />
* emacs -nw /etc/default/grub, remove "rhgb" and "quiet" from GRUB_CMDLINE_LINUX<br />
* grub2-mkconfig -o /boot/grub2/grub.cfg<br />
* grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg<br />
* grub2-editenv list # show contents of boot environement file<br />
* /bin/rm /boot/grub2/grubenv # remove stale settings, make grub2 boot from first entry in config file<br />
<br />
== Install memtest86+ (CentOS7, CentOS8) ==<br />
<br />
<pre><br />
yum -y install memtest86+<br />
/bin/cp -vf /usr/share/memtest86+/20_memtest86+ /etc/grub.d/<br />
/bin/chmod a+x /etc/grub.d/20_memtest86+ <br />
grub2-mkconfig -o /boot/grub2/grub.cfg<br />
</pre><br />
<br />
== Disable ELREPO ==<br />
<br />
<pre><br />
sed 's/enabled=.*/enabled=0/' -i /etc/yum.repos.d/elrepo_triumf.repo<br />
sed 's/enabled=.*/enabled=0/' -i /etc/yum.repos.d/elrepo.repo<br />
</pre><br />
<br />
== Reduce install size (optional) ==<br />
<br />
This is optional. Only do this if reducing the size of the OS image is very important.<br />
<br />
Do this for VME processors.<br />
<br />
<pre><br />
yum erase "texlive*" "java*" "boost*" libreoffice"*"<br />
#yum erase "xemacs*"<br />
yum erase "libstdc++-docs"<br />
yum erase firefox google-chrome"*"<br />
yum clean all<br />
</pre><br />
<br />
<pre><br />
/bin/rm -rf /usr/share/help<br />
/bin/rm -rf /usr/share/doc<br />
</pre><br />
<br />
== Update from el7.6 to el7.7 ==<br />
<br />
<pre><br />
yum-config-manager --disable zfs<br />
yum-config-manager --disable zfs-kmod<br />
yum-config-manager --disable zfs-testing-kmod<br />
yum versionlock delete zfs<br />
yum versionlock delete kernel<br />
yum -y update "yum*" "rpm*"<br />
yum -y erase libqtxdg lxqt-qtplugin ### LXQT is not compatible<br />
yum update<br />
after rebooting into el7.7, follow instructions for updating ZFS from version 0.7 to 0.8.<br />
</pre><br />
<br />
== Finish installation ==<br />
<br />
reboot<br />
<br />
== Special hardware settings ==<br />
<br />
=== ASUS Crosshair mobo ===<br />
<br />
* use BIOS version 1207 or newer<br />
* (before CentOS7) sensors need these drivers from ELREPO: yum install --noplugins kmod-it87 kmod-k10temp; sensors-detect; service lm_sensors restart; sensors<br />
* CentOS7: installs correct drivers automatically<br />
<br />
=== ASUS Crosshair-II mobo ===<br />
<br />
* use BIOS version 2607 or newer<br />
* for the onboard IDE to work, add "all-generic-ide" to kernel boot options in grub.conf<br />
* sensors need these drivers from ELREPO: yum install --noplugins kmod-it87 kmod-k10temp; sensors-detect; service lm_sensors restart; sensors<br />
<br />
=== ASUS P7P55D EVO mobo ===<br />
<br />
* use BIOS version 2004 or newer<br />
* SL6 - install special driver for on board PCIe GigE network port and disable on board PCI GigE network port:<br />
** yum --enablerepo elrepo install kmod-r8168 kmod-r8169<br />
** # do not do this: sed 's/^blacklist/#blacklist/' -i /etc/modprobe.d/blacklist-r8169.conf<br />
** reboot<br />
** verify that correct drivers are loaded: ethtool -i eth0; ethtool -i eth1<br />
** note: there will be no eth1 - r8169 driver is disabled.<br />
<br />
=== ASUS P6X58-E-WS mobo ===<br />
<br />
* BIOS settings<br />
** F1 or DEL to enter BIOS setup, F8 boot menu<br />
** go to POWER->HW mon, confirm CPU temperature is around 30C. (heatsink is installed correctly. Bad heatsink temperature quickly goes up to 50-70C).<br />
** Main menu: Storage config - SATA change IDE->AHCI<br />
** System information: confirm BIOS version 301, CPU type, memory size<br />
** AI Tweak: set DRAM frequency - AUTO->DDR3-1333<br />
** Advanced->Onboard devices: LAN BOOT: enabled<br />
** Power->HW monitor: CPU Q-FAN: enabled<br />
** Boot->Settings: Quick boot: enabled; Full screen logo: disabled; Wait for F1: disabled<br />
** Save and exit<br />
<br />
=== ASUS E35M1-M PRO mobo ===<br />
<br />
* http://www.asus.com/Motherboards/E35M1M_PRO/#specifications<br />
* use BIOS version 1002 or newer<br />
* for CPU temperature: install kmod-k10temp from ELREPO (kmod-k10temp-0.0-4.el6.elrepo.x86_64.rpm)<br />
* for Sensors: yum --enablerepo elrepo install kmod-w83627ehf; modprobe w83627ehf; sensors<br />
* for Graphics: yum --enablerepo elrepo install kmod-fglrx fglrx-x11-drv<br />
* to enable booting from USB3, edit /etc/dracut.conf, change line "add_drivers" to read: add_drivers+="xhci-hcd"<br />
* to use multiple monitors, run "aticonfig --initial --heads=2 --adapter=1 --xinerama=on", to change screen layout, edit /etc/X11/xorg.conf. Only dual monitors DVI+HDMI seem to work. Tripple monitors does not seem to work.<br />
<br />
Sensors instructions below are obolete (use driver from ELREPO)<br />
* for Sensors, install driver for NCT6776F chip from https://github.com/groeck/w83627ehf/archives/master (in the Makefile, change the line "KERNEL_BUILD=" to read: "KERNEL_BUILD:=/usr/src/kernels/$(TARGET)"):<br />
<pre><br />
cd ~root<br />
wget http://ladd00.triumf.ca/~olchansk/linux/groeck-w83627ehf-dd3e543/w83627ehf.ko<br />
echo "modprobe hwmon; modprobe hwmon-vid; modprobe k10temp; rmmod w83627ehf; insmod /root/w83627ehf.ko" >> /etc/rc.local<br />
</pre><br />
<br />
=== ASUS E45M1-M PRO mobo ===<br />
<br />
* https://www.asus.com/Motherboards/E45M1M_PRO/#specifications<br />
* use BIOS 1202 or newer<br />
* follow the E35M1-M PRO instructions above<br />
<br />
=== ASUS P9X79 WS ===<br />
<br />
* http://www.asus.com/Motherboard/P9X79_WS/<br />
* use BIOS version 4802. Older versions seem to be ok: 3101, 3401, 4701 or newer. If BIOS is 1305 or older, install P9X79-WS-CAP-Converter.ROM (BIOS 2902/3101), then the new BIOS.<br />
* (not needed for CentOS7) for CPU temperature, install coretemp<br />
* (not needed for CentOS7) for sensors, install driver for NCT6776F chip same as E35M1-M above.<br />
* BIOS Settings:<br />
** enter "Advanced mode"<br />
** Ai Tweaker -> Ai Overclock Tuner -> Set to "XMP" - this enables DDR3-1600 RAM speed vs DDR3-1333 by default<br />
** ### NOT THIS: Monitor -> CPU fan speed low limit -> Set to "200 RPM" - we are using high efficiency slow turning CPU coolers and the default 600 RPM is right on the edge of firing false warnings<br />
** Monitor -> disable Q-fan on for all fans - let all fans always run at maximum RPMs<br />
** Boot -> Full screen logo -> Set to "disabled"<br />
** Wait for F1 -> Set to "disabled"<br />
<br />
=== ASUS P8B-M ===<br />
<br />
* use BIOS version 6103 or newer<br />
* for CPU temperature, install coretemp<br />
* for sensors, install driver for NCT6776F chip same as E35M1-M above.<br />
<br />
=== SUPERMICRO X9SCL ===<br />
<br />
* yum install kmod-w83627ehf.x86_64 coretemp<br />
* xemacs -nw /etc/rc.local, add:<br />
<pre><br />
modprobe coretemp<br />
modprobe w83627ehf<br />
</pre><br />
<br />
=== ASUS Z87-WS ===<br />
<br />
<pre><br />
cd ~root<br />
wget http://ladd00.triumf.ca/~olchansk/linux/nct6775.ko<br />
echo modprobe hwmon-vid >> /etc/rc.local<br />
echo insmod /root/nct6775.ko >> /etc/rc.local<br />
/etc/rc.local<br />
sensors<br />
</pre><br />
<br />
=== ASUS Z97-WS ===<br />
<br />
the nct6775 driver does not work because of conflict with ACPI.<br />
<br />
=== ASUS AM1M-A ===<br />
<br />
* use BIOS 602 or later<br />
* SL6.5 installer cannot use USB2 ports and the network. Use USB3 ports (blue colour) to boot USB installer (memtest, rescue, etc)<br />
* SL6.5 kernels require boot option "iommu=soft" or USB2 and network do not work. (USB3 - blue ports - seems okey)<br />
* install ATI/AMD video drivers from ELREPO (see below)<br />
* sensors chip is ITE IT8623E, for SL6, use standalone driver from lm_sensors. (2 fans rpm, 2 temperatures):<br />
<pre><br />
cd ~root<br />
wget http://ladd00.triumf.ca/~olchansk/linux/it87.ko<br />
echo modprobe hwmon_vid >> /etc/rc.local<br />
echo insmod /root/it87.ko >> /etc/rc.local<br />
. /etc/rc.local<br />
</pre><br />
* for el7 use it87.ko driver:<br />
<pre><br />
cd ~root<br />
wget https://daqshare.triumf.ca/~olchansk/linux/CentOS7/it87.ko<br />
echo modprobe hwmon_vid >> /etc/rc.local<br />
echo insmod /root/it87.ko >> /etc/rc.local<br />
. /etc/rc.local<br />
</pre><br />
* sensors output:<br />
<pre><br />
[root@midemma02 ~]# sensors<br />
radeon-pci-0008<br />
Adapter: PCI adapter<br />
temp1: +22.0°C (crit = +120.0°C, hyst = +90.0°C)<br />
<br />
fam15h_power-pci-00c4<br />
Adapter: PCI adapter<br />
power1: N/A (crit = 25.00 W)<br />
<br />
k10temp-pci-00c3<br />
Adapter: PCI adapter<br />
temp1: +22.2°C (high = +70.0°C)<br />
(crit = +70.0°C, hyst = +69.0°C)<br />
<br />
it8603-isa-0290<br />
Adapter: ISA adapter<br />
in0: +0.96 V (min = +2.50 V, max = +2.95 V) ALARM<br />
in1: +2.23 V (min = +0.94 V, max = +1.22 V) ALARM<br />
in2: +2.03 V (min = +0.74 V, max = +0.77 V) ALARM<br />
in3: +2.00 V (min = +1.26 V, max = +0.13 V) ALARM<br />
in4: +2.23 V (min = +2.95 V, max = +2.15 V) ALARM<br />
3VSB: +3.36 V (min = +6.00 V, max = +2.50 V) ALARM<br />
Vbat: +3.22 V <br />
+3.3V: +3.36 V <br />
fan1: 611 RPM (min = 200 RPM)<br />
fan2: 707 RPM (min = 600 RPM) ALARM<br />
temp1: +38.0°C (low = +122.0°C, high = +122.0°C) sensor = thermistor<br />
temp2: +22.0°C (low = +119.0°C, high = -35.0°C) ALARM sensor = thermistor<br />
temp3: -128.0°C (low = +16.0°C, high = +93.0°C) sensor = thermistor<br />
intrusion0: ALARM<br />
<br />
[root@midemma02 ~]# <br />
</pre><br />
* AMD "Athlon(tm) 5350 APU" graphics supports 2 monitors maximum (mobo has 3 video outputs, only 2 can be used together)<br />
<br />
=== Intel SE7230NH1 ===<br />
<br />
* front panel header connector pinout is like this:<br />
<pre><br />
PWR LED | 1 2|<br />
| 3 4|<br />
PWR LED | 5 6|<br />
HDD LED | 7 8|<br />
HDD LED | 9 10|<br />
PWR SW |11 12| NIC1 LED<br />
PWR SW |13 14| NIC1 LED<br />
RST SW |15 16|<br />
RST SW |17 18|<br />
|19 20|<br />
NMI SW |21 22| NIC2 LED<br />
NMI SW |23 24| NIC2 LED<br />
... |... |<br />
|33 34|<br />
</pre><br />
<br />
=== ASUS H110M-A/M.2 ===<br />
<br />
* use BIOS 2003 or later<br />
* dmidecode | grep -i nct reports: Nuvoton NCT5539D<br />
* sensors chip is "NCT6793D or compatible chip", for el7, use this driver:<br />
<pre><br />
cd ~root<br />
wget http://ladd00.triumf.ca/~olchansk/linux/nct6775.ko<br />
echo modprobe hwmon-vid >> /etc/rc.local<br />
echo insmod /root/nct6775.ko >> /etc/rc.local<br />
/etc/rc.local<br />
sensors<br />
</pre><br />
<br />
* sensors output:<br />
<pre><br />
[root@daq03 ~]# sensors<br />
acpitz-virtual-0<br />
Adapter: Virtual device<br />
temp1: +27.8°C (crit = +119.0°C)<br />
temp2: +29.8°C (crit = +119.0°C)<br />
<br />
nct6793-isa-0290<br />
Adapter: ISA adapter<br />
in0: +0.34 V (min = +0.00 V, max = +1.74 V)<br />
in1: +1.02 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in2: +3.39 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in3: +3.39 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in4: +1.02 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in5: +0.15 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in6: +0.97 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in7: +3.38 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in8: +3.12 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in9: +1.00 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in10: +0.14 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in11: +0.12 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in12: +0.14 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in13: +0.12 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in14: +0.13 V (min = +0.00 V, max = +0.00 V) ALARM<br />
fan1: 1041 RPM (min = 0 RPM)<br />
fan2: 1020 RPM (min = 0 RPM)<br />
fan5: 0 RPM (min = 0 RPM)<br />
fan6: 0 RPM<br />
SYSTIN: +119.0°C (high = +98.0°C, hyst = +95.0°C) sensor = thermistor<br />
CPUTIN: +26.5°C (high = +80.0°C, hyst = +75.0°C) sensor = thermistor<br />
AUXTIN0: +27.5°C sensor = thermistor<br />
AUXTIN1: +112.0°C sensor = thermistor<br />
AUXTIN2: +111.0°C sensor = thermistor<br />
AUXTIN3: +111.0°C sensor = thermistor<br />
PECI Agent 0: +28.0°C (high = +98.0°C, hyst = +95.0°C)<br />
(crit = +100.0°C)<br />
PECI Agent 0 Calibration: +25.5°C <br />
PCH_CHIP_CPU_MAX_TEMP: +0.0°C <br />
PCH_CHIP_TEMP: +0.0°C <br />
intrusion0: ALARM<br />
intrusion1: ALARM<br />
beep_enable: disabled<br />
<br />
coretemp-isa-0000<br />
Adapter: ISA adapter<br />
Physical id 0: +31.0°C (high = +80.0°C, crit = +100.0°C)<br />
Core 0: +31.0°C (high = +80.0°C, crit = +100.0°C)<br />
Core 1: +28.0°C (high = +80.0°C, crit = +100.0°C)<br />
<br />
[root@daq03 ~]# <br />
</pre><br />
<br />
=== Supermicro X11SSH-F ===<br />
<br />
* blacklist the mei and mei_me drivers per http://www.supermicro.com/support/faqs/faq.cfm?faq=14537<br />
<pre><br />
[root@alpha00 ~]# more /etc/modprobe.d/blacklist.conf<br />
blacklist mei<br />
blacklist mei_me<br />
[root@alpha00 ~]# <br />
</pre><br />
* mobo requires M.2 PCIe SSD (M.2 SATA SSD would not work. SATA SATA SSD ok)<br />
* boot from M.2 PCIe SSD requires UEFI boot (from an MSDOS partition on the SSD)<br />
<br />
=== ASUS TUF Z390M-PRO GAMING (WI-FI) ===<br />
<br />
* BIOS 2417 is okey, upgrade to this if older<br />
* do not set XMP memory mode<br />
* in the BIOS, enable the boot compatibility support module mode: BIOS (press DEL) -> Advanced mode -> BOOT -> CSM Module -> Enable CSM "yes".<br />
* for SL6, install e1000e driver from ELREPO:<br />
<pre><br />
yum install --enablerepo=elrepo kmod-e1000e<br />
</pre><br />
* sensors chip appears to be "Nuvoton NCT6798D" not clear what driver to use<br />
* dmidecode | grep -i nct reports: Nuvoton NCT6798D<br />
* kmod-nct6775-0.0-5.el7_7.elrepo.x86_64.rpm from ELrepo finds the chip but bombs because of conflict with ACPI<br />
<br />
=== ASUS PRIME X399-A ===<br />
<br />
* BIOS 1002<br />
* for reading temperatures and fan rotations, install driver: https://github.com/electrified/asus-wmi-sensors/issues/29<br />
<br />
== Configure X11 graphics ==<br />
<br />
=== Special settings for DAQ ===<br />
<br />
* add the following at the end of /etc/X11/xorg.conf. The enables Ctrl-Alt-KP-/ and Ctrl-Alt-KP-* to unlock the keyboard after Altera Quartus crash:<br />
<pre>Section "ServerFlags"<br />
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Option "AllowDeactivateGrabs" "true"<br />
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Option "AllowClosedownGrabs" "true"<br />
EndSection</pre><br />
<br />
=== Install NVIDIA drivers ===<br />
<br />
* yum --enablerepo=elrepo install nvidia-detect<br />
* run: nvidia-detect<br />
* as instructed by nvidia-detect, install correct driver:<br />
** yum --enablerepo=elrepo install kmod-nvidia<br />
** yum --enablerepo=elrepo install kmod-nvidia-304xx<br />
** yum --enablerepo=elrepo install kmod-nvidia-173xx<br />
* (before SL6.x: if it fails due to conflict with module-init-tools, run "yum --disablerepo \* --enablerepo elrepo update module-init-tools")<br />
* yum erase xorg-x11-glamor ### see http://elrepo.org/tiki/kmod-nvidia (search for glamor)<br />
* mv /etc/X11/xorg.conf /etc/X11/xorg.conf-xxx<br />
* nvidia-xconfig<br />
* (SL6) reboot<br />
* (SL5) /dev/MAKEDEV nvidia<br />
* (SL5) restart the X11 server (Ctrl-Alt-Backspace or "killall Xorg gdm-binary")<br />
* observe that X11 server restarts using the NVIDIA driver (big NVIDIA logo on startup)<br />
* if needed, login as root and run "nvidia-settings" to setup dual-screen configuration, etc<br />
<br />
=== Install legacy NVIDIA drivers ===<br />
<br />
For old NVIDIA cards:<br />
* GeForce FX 5500<br />
<br />
<pre><br />
wget http://us.download.nvidia.com/XFree86/Linux-x86/173.14.31/NVIDIA-Linux-x86-173.14.31-pkg1.run<br />
sh ./NVIDIA-Linux-x86-173.14.31-pkg1.run<br />
</pre><br />
<br />
* GeForce 6200 - NVIDIA Corporation NV44A [GeForce 6200]<br />
<pre><br />
yum install nvidia-x11-drv-304xx-304.121 --enablerepo=elrepo<br />
nvidia-xconfig<br />
rmmod nvidia<br />
killall gdm-binary<br />
login as root<br />
nvidia-settings to setup multiple displays<br />
</pre><br />
<br />
=== Install ATI/AMD drivers ===<br />
<br />
* yum --enablerepo elrepo install kmod-fglrx fglrx-x11-drv<br />
* check that /etc/X11/xorg.conf section "Device" entry "Driver" says "fglrx"<br />
* run "aticonfig --initial" to create xorg.conf if existing one is not good<br />
* run "amdcccle" as root to configure dual-screens, etc<br />
Note: 'amdcccle' is a GUI, so you must run this command from within a running X session<br />
* killall Xorg<br />
<br />
=== Install ATI/AMD drivers (CentOS7) ===<br />
<br />
* wget http://elrepo.org/linux/testing/el7/x86_64/RPMS/fglrx-x11-drv-15.12-3.el7.elrepo.x86_64.rpm<br />
* wget http://elrepo.org/linux/testing/el7/x86_64/RPMS/kmod-fglrx-15.12-3.el7.elrepo.x86_64.rpm<br />
* yum install acpid<br />
* rpm -vh --install kmod-fglrx-15.12-3.el7.elrepo.x86_64.rpm fglrx-x11-drv-15.12-3.el7.elrepo.x86_64.rpm<br />
* amdconfig -f --initial<br />
* grub2-mkconfig -o /boot/grub2/grub.cfg<br />
* reboot<br />
* login as root<br />
* amdcccle<br />
<br />
NOTE: if both drivers - radeon and fglrx are loaded, boot will hang. the radeon driver is supposed to be blacklisted through grub rdblacklist=radeon entry which is installed by running grub2-mkconfig.<br />
<br />
=== Install Intel drivers for HD4600/Z87 ===<br />
<br />
SL6.5 has the required drivers for the socket 1150 machines with Intel HD4600 graphics and Z87 chipset.<br />
<br />
ASUS Z87 WS motherboard has these video connections with corresponding Intel video port assignements, as reported by "xrandr":<br />
* DisplayPort - DP1/HDMI1<br />
* MiniDisplayPort - DP2/HDMI2<br />
* HDMI - HDMI3<br />
<br />
Due to hardware limitations, 3 HDMI monitors using 2 passive DP-HDMI adapters (and 1 straight HDMI) cannot be used.<br />
<br />
To use 3 monitors do this:<br />
* 1st monitor: DisplayPort - DP-to-HDMI-passive-adapter - HDMI monitor (not tried: DP-to-DP-cable - DisplayPort monitor).<br />
* 2nd monitor: MiniDisplayPort - MiniDP-to-DP-cable - DisplayPort monitor<br />
* 3rd monitor: HDMI - HDMI-cable - HDMI monitor<br />
<br />
With the monitors I have (Dell 1920x1200 VGA-HDMI-DP), the software thinks that there are 4 monitors: somehow both DP2 and HDMI2 see 1 minitor each, but the hardware cannot drive 4 monitors, so everything goes blank. To fix, disable HDMI2 (xrandr -display :0 --output HDMI2 --off) and enable DP2 (xrandr -display :0 --output DP2 --auto).<br />
<br />
How to make this configuration permanent and how to assign monitor locations (left-right, etc), you figure it out.<br />
<br />
=== Manual selection of monitor, video mode and resolution ===<br />
<br />
Automatic selection of monitor and video mode usually works. When it does not, configure it manualls:<br />
<br />
* physically go to the computer<br />
* login as root<br />
* run "nvidia-settings" on machines using the NVIDIA driver<br />
* run "aticonfig" on machines with the ATI/AMD driver (use "aticonfig --initial" for initial setup, and good luck with anything more complicated)<br />
* run "system-config-display".<br />
** In the "hardware" tab, select monitor type: "generic LCD 1280x1024" or "generic LCD 1600x1200".<br />
** In the "settings" tab, select "1280x1024" or "1600x1200" and "Thousands of colors".<br />
** Press "ok", the display settings application should close.<br />
* Logout, the new login window should use the new settings.<br />
<br />
=== Disable screen saver ===<br />
<br />
If machine is booted without any monitor connected, current video cards to not enable any video outputs. If a monitor is connected later, there is no video image and there is no easy way to get a video image.<br />
<br />
This can be solved by configuring X11 to always enable some video output. Because the monitor type is not known when X11 starts, one has to select some standard video mode (i.e. VESA 1280x1024) on some video output (VGA, DVI or HDMI).<br />
<br />
Only NVIDIA cards with the NVIDIA driver (from EPEL) is supported by these instructions.<br />
<br />
* create default xorg.conf: nvidia-xconfig<br />
* edit /etc/X11/xorg.conf<br />
* add monitor section for the fake monitor:<br />
<pre><br />
Section "Monitor"<br />
Identifier "Monitor0"<br />
VendorName "Unknown"<br />
ModelName "Unknown"<br />
HorizSync 31.0 - 83.0<br />
VertRefresh 59.0 - 61.0<br />
Option "DPMS" "off"<br />
ModeLine "1280x1024" 108.00 1280 1328 1440 1688 1024 1025 1028 1066 +hsync +vsync<br />
EndSection<br />
</pre><br />
* add output selection in the "Device" section:<br />
<pre><br />
Section "Device"<br />
Identifier "Device0"<br />
Driver "nvidia"<br />
VendorName "NVIDIA Corporation"<br />
BoardName "GeForce 210"<br />
#Option "ConnectedMonitor" "DFP"<br />
#Option "ConnectedMonitor" "CRT"<br />
Option "ConnectedMonitor" "CRT-1"<br />
Option "UseEDID" "no"<br />
EndSection<br />
</pre><br />
* add fake video mode to the "Screen" section:<br />
<pre><br />
Section "Screen"<br />
Identifier "Screen0"<br />
Device "Device0"<br />
Monitor "Monitor0"<br />
DefaultDepth 24<br />
SubSection "Display"<br />
Depth 24<br />
Modes "1280x1024"<br />
EndSubSection<br />
EndSection<br />
</pre><br />
* disable screen saver and DPMS power off in the "ServerLayout" or "ServerFlags" section:<br />
<pre><br />
Section "ServerLayout"<br />
Identifier "Layout0"<br />
Screen 0 "Screen0" 0 0<br />
InputDevice "Keyboard0" "CoreKeyboard"<br />
InputDevice "Mouse0" "CorePointer"<br />
Option "Xinerama" "0"<br />
Option "BlankTime" "0"<br />
Option "StandbyTime" "0"<br />
Option "SuspendTime" "0"<br />
Option "OffTime" "0"<br />
EndSection<br />
<br />
Section "ServerFlags" <br />
Option "BlankTime" "0" <br />
Option "StandbyTime" "0" <br />
Option "SuspendTime" "0" <br />
Option "OffTime" "0" <br />
EndSection <br />
</pre><br />
<br />
== Finish installation ==<br />
<br />
* logout and reboot the computer to have all the changes to take effect<br />
<br />
== Configure HTTPS server (CentOS7) ==<br />
<br />
This will configure the HTTPS/SSL certificate using "certbot" and "letsencrypt" and configure an HTTPS web server using apache httpd.<br />
<br />
First, configure apache httpd:<br />
<br />
* execute these commands:<br />
<pre><br />
yum install -y mod_ssl certwatch crypto-utils<br />
cd /etc/httpd/conf.d/<br />
mv ssl.conf ssl.conf-not-used ### remove the stock ssl.conf which refers to the localhost certificate that will expire in 1 year<br />
touch ssl.conf ### create a blank file to prevent automatic updates from installing a stock ssl.conf file<br />
# this is done later: rm /etc/pki/tls/certs/localhost.crt<br />
</pre><br />
* create new file ssl-daq12.conf # use actual hostname instead of daq12<br />
<pre><br />
Listen 443 https<br />
#SSLPassPhraseDialog exec:/usr/libexec/httpd-ssl-pass-dialog<br />
SSLSessionCache shmcb:/run/httpd/sslcache(512000)<br />
SSLSessionCacheTimeout 300<br />
SSLRandomSeed startup file:/dev/urandom 256<br />
SSLRandomSeed connect builtin<br />
SSLCryptoDevice builtin<br />
<br />
<VirtualHost *:443><br />
ServerName daq12.triumf.ca<br />
DocumentRoot /var/www/html<br />
ErrorLog /var/log/httpd/daq12.log<br />
SSLEngine on<br />
# note SSLProtocol, SSLCipherSuite and some other settings are overwritten by /etc/letsencrypt/options-ssl-apache.conf<br />
# new SSL settings: K.O. Jan 2020, SSLlabs rating "A+"<br />
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1<br />
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!SEED:!IDEA:!RC4:!RSA<br />
SSLHonorCipherOrder on<br />
# pervious SSL settings:<br />
#SSLProtocol all -SSLv2 -SSLv3<br />
#SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!SEED:!IDEA:!RC4<br />
SSLCertificateFile /etc/pki/tls/certs/localhost.crt<br />
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key<br />
#SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt<br />
#ProxyPass /elog/ http://localhost:8082/ retry=1<br />
#ProxyPass / http://localhost:8080/ retry=1<br />
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"<br />
<Location /><br />
SSLRequireSSL<br />
AuthType Basic<br />
AuthName "DAQ password protected site"<br />
Require valid-user<br />
# create password file: touch /etc/httpd/htpasswd<br />
# to add new user or change password: htpasswd /etc/httpd/htpasswd username<br />
AuthUserFile /etc/httpd/htpasswd<br />
</Location><br />
</VirtualHost><br />
</pre><br />
* stop httpd from listening on port 80: edit /etc/httpd/conf/httpd.conf, comment-out the line "Listen 80"<br />
* enable and start httpd:<br />
<pre><br />
systemctl enable httpd<br />
systemctl restart httpd<br />
systemctl status httpd<br />
</pre><br />
* try to access https://daq12.triumf.ca<br />
** you should see a complaint about self-signed certificate<br />
** you should see a request for password (do not login yet)<br />
** if you get "connection refused", HTTPS port 443 may need to be enabled in the local firewall, then try again:<br />
<pre><br />
firewall-cmd --add-port=443/tcp --permanent<br />
firewall-cmd --reload<br />
firewall-cmd --list-all<br />
</pre><br />
<br />
Second, configure certbot:<br />
<br />
(Note: as of 2018-01-18 certbot requires use of http port 80 to get the initial https certificate,<br />
renewal can continue to use the https port 443)<br />
<br />
(Note: as of 2019-01-?? certbot requires use of port 80 for renewals)<br />
<br />
* check that port 80 is not used by anything:<br />
* netstat -an | grep LISTEN | grep ^tcp | grep 80<br />
* lsof -P | grep -i tcp | grep LISTEN | grep 80<br />
* if lsof reports that httpd is listening on port 80, follow the httpd instructions above (remove "listen 80" from httpd.conf<br />
<br />
* install certbot and open tcp port 80 in the firewall:<br />
<pre><br />
yum install -y certbot python2-certbot-apache # (from EPEL)<br />
firewall-cmd --add-port=80/tcp --permanent<br />
firewall-cmd --reload<br />
firewall-cmd --list-all<br />
</pre><br />
* certbot certonly --standalone --installer apache # then answer questions:<br />
* "activate HTTPS for daq12.triumf.ca" - say ok<br />
* "enter email address" - enter your own email address<br />
* "please read terms..." - read the terms and say "agree"<br />
* it will take a few moments...<br />
* "please choose..." - say "easy" (http access is disabled (a) by firewall, (b) by local configuration<br />
* "congratulations..." - say ok.<br />
* certbot install --apache --cert-name daq12.triumf.ca # then answer questions:<br />
* "choose redirect..." - say "1" (no redirect)<br />
* look inside ssl-daq12.conf to see that SSLCertificateFile & co point to certbot certificates in /etc/letsencrypt/live/daq12.triumf.ca/<br />
* remove self-signed localhost certificate, it will expire in 1 year and cause warnings and complaints: rm /etc/pki/tls/certs/localhost.crt<br />
* enable automatic renewal<br />
<pre><br />
systemctl enable certbot-renew.timer<br />
systemctl start certbot-renew.timer<br />
systemctl list-timers --all<br />
</pre><br />
<br />
* to check corrent renewal and to update the certbot config file in /etc/letsencrypt/renewal, run this:<br />
<pre><br />
certbot renew --standalone --installer apache --force-renewal<br />
</pre><br />
<br />
NOTE: this certificate will expire in 3 months, automatic renewal should work starting with certbot-0.12.0-4.el7.noarch.<br />
Certificate expiration should be automatically detected by "certwatch" and email<br />
will be sent to local root user, to be forwarded to an actual person by ~root/.forward.<br />
<br />
Third, activate password protection:<br />
<br />
* as shown in the config file above, create password file and initial user: (replace "midas" with specific username)<br />
<pre><br />
touch /etc/httpd/htpasswd<br />
htpasswd /etc/httpd/htpasswd midas<br />
</pre><br />
<br />
Final test:<br />
* access https://daq12.triumf.ca - https status should be "green"<br />
* login with password should work<br />
* the apache httpd test page should load<br />
* check site security using the SSLlabs https tester. (I get grade "A-"): https://www.ssllabs.com/ssltest/<br />
<br />
From here:<br />
* Configure selinux to allow proxying<br />
<pre><br />
setsebool -P httpd_can_network_connect 1<br />
systemctl restart httpd<br />
</pre><br />
* enable proxy for MIDAS mhttpd - uncomment redirect in the config file above<br />
* enable proxy for ELOG - ditto<br />
<br />
NOTE: if certbot fails with errors about 'module' object has no attribute 'pyopenssl',<br />
try this: pip install requests==2.6.0<br />
<br />
== Configure large RAID6 arrays ==<br />
<br />
* connect the disks<br />
* check the disks health<br />
** run smart-status.perl<br />
* partition the disks<br />
** yum install gdisk<br />
** gdisk /dev/sdX<br />
** delete all partitions: o<br />
** create new partition: n, enter, enter, enter, fd00 (default sizes, partition type fd00)<br />
** write and exit: w<br />
* check presence of all partitions:<br />
** /bin/ls -l /dev/sd*1<br />
* prepare to use an external bitmap file<br />
** touch /md6bitmap<br />
** edit /etc/fstab, change entry for root filesystem from: "defaults 1 1" to "defaults 0 0"<br />
** edit /boot/grub/grub.conf, change entry "kernel ... ro ..." to "kernel ... rw ..."<br />
* create raid array:<br />
** mdadm --create /dev/md6 --level=6 --bitmap=/md6bitmap --raid-devices=10 /dev/sd[b-k]1<br />
** mdadm -Ds >> /etc/mdadm.conf<br />
** cleanup /etc/mdadm.conf<br />
** echo "echo 16384 > /sys/block/md6/md/stripe_cache_size" >> /etc/rc.local<br />
** echo "echo 1 > /sys/block/md6/md/sync_speed_min" >> /etc/rc.local<br />
** source /etc/rc.local<br />
* observe raid array rebuild:<br />
** watch -d -n1 "cat /proc/mdstat"<br />
<br />
== Configure ZFS ==<br />
<br />
=== Install ZFS ===<br />
<br />
(from here: https://github.com/zfsonlinux/zfs/wiki/RHEL-%26-CentOS)<br />
<br />
Follow the instructions for "kABI-tracking kmod" - dkms modules seem to always mess up the system when upgrading to next release of zfs.<br />
<br />
<pre><br />
#rpm -vh --install http://archive.zfsonlinux.org/epel/zfs-release.el7.noarch.rpm<br />
#yum install http://download.zfsonlinux.org/epel/zfs-release.el7.noarch.rpm<br />
#yum install http://download.zfsonlinux.org/epel/zfs-release.el7_3.noarch.rpm<br />
#yum install http://download.zfsonlinux.org/epel/zfs-release.el7_4.noarch.rpm<br />
#yum install http://download.zfsonlinux.org/epel/zfs-release.el7_5.noarch.rpm<br />
#yum install http://download.zfsonlinux.org/epel/zfs-release.el7_6.noarch.rpm<br />
#yum install http://download.zfsonlinux.org/epel/zfs-release.el7_7.noarch.rpm<br />
yum install http://download.zfsonlinux.org/epel/zfs-release.el7_9.noarch.rpm<br />
yum-config-manager --disable zfs<br />
yum-config-manager --disable zfs-kmod<br />
yum --enablerepo=zfs-kmod clean all<br />
yum --enablerepo=zfs-kmod install zfs<br />
#sed 's/^SELINUX=.*/SELINUX=disabled/' -i /etc/selinux/config<br />
echo USE_DISK_BY_ID=\'yes\' >> /etc/default/zfs<br />
#systemctl enable zfs-import-cache<br />
#systemctl enable zfs-mount<br />
#systemctl enable zfs-share<br />
#systemctl enable zfs-zed<br />
#shutdown -r now # required to load the zfs kernel modules and to disable selinux<br />
modprobe zfs # should work<br />
zpool status # should report no pools available<br />
</pre><br />
<br />
#Note: zfs and selinux and not compatible: with selinux enabled, files on zfs cannot be deleted (files are gone, but "df" does not go down, zfs-0.6.5.7-1.el7.centos.x86_64), see #https://github.com/zfsonlinux/zfs/issues/4845<br />
<br />
* http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/zfs-quickstart.html)<br />
* http://www.freebsd.org/cgi/man.cgi?query=zpool&sektion=8<br />
<br />
If ZFS kernel module does not load automatically at boot time, add this to load it manually:<br />
<pre><br />
ls -l /etc/sysconfig/modules/<br />
cat > /etc/sysconfig/modules/zfs.modules <<EOF<br />
if [ ! -e /sys/module/zfs ] ; then<br />
modprobe zfs;<br />
fi<br />
EOF<br />
chmod +x /etc/sysconfig/modules/zfs.modules<br />
</pre><br />
<br />
=== Update ZFS (CentOS-7.9) ===<br />
<br />
* update CentOS-7.x to latest point release<br />
* reboot to latest kernel<br />
* check that currently installed ZFS is 0.8.x (not 0.7 or older)<br />
* then update ZFS:<br />
<pre><br />
[root@daq16 ~]# zfs version<br />
zfs-0.8.4-1<br />
zfs-kmod-0.8.4-1<br />
[root@daq16 ~]# yum --enablerepo=kmod-zfs update<br />
...<br />
[root@daq16 ~]# zfs version ### observe mismatched version numbers: 0.8.5 userspace vs 0.8.4 kernel module<br />
zfs-0.8.5-1<br />
zfs-kmod-0.8.4-1<br />
</pre><br />
* reboot to activate the updated kernel module<br />
* zfs version again<br />
<pre><br />
[root@daq16 ~]# zpool version<br />
zfs-0.8.5-1<br />
zfs-kmod-0.8.5-1<br />
</pre><br />
* zpool status in case some ZFS volume needs to be updated<br />
<pre><br />
[root@daq16 ~]# zpool status<br />
pool: z12tb<br />
state: ONLINE<br />
...<br />
</pre><br />
<br />
=== Update ZFS 0.7 to 0.8 ===<br />
<br />
How to identify zfs 0.7: "zfs version" does not work, also "rpm -q zfs"<br />
<br />
zfs 0.7 is obsolete.<br />
<br />
To opdate to zfs 0.8 or newer, remove 0.7, then install<br />
new version per instructions above.<br />
<br />
* remove zfs 0.7<br />
<pre><br />
yum versionlock delete zfs ### versionlock not needed anymore<br />
yum versionlock delete kernel ### versionlock not needed anymore<br />
rm /etc/yum.repos.d/zfs.repo* ### delete old repo files<br />
yum erase zfs spl<br />
</pre><br />
* reboot<br />
* install new zfs per instructions above<br />
* zpool import -as<br />
* zpool status ### check if any pool needs to be upgraded<br />
* zpool upgrade zssd ### upgrade zfs pool features<br />
<br />
=== Lock kernel and zfs packages ===<br />
<br />
!!! THIS IS NOT NEEDED ANYMORE !!!<br />
<br />
<pre><br />
yum versionlock kernel<br />
yum versionlock zfs<br />
yum-config-manager --disable zfs<br />
yum-config-manager --disable zfs-kmod<br />
</pre><br />
<br />
=== Follow generic ZFS instructions ===<br />
<br />
Here: [[ZFS]]<br />
<br />
== performance notes ==<br />
<br />
Go here: [[disk_benchmarks]]<br />
<br />
== Configure UEFI boot ==<br />
<br />
Some mobo can boot from NVME (PCIe) SSDs only via UEFI boot. Do this:<br />
<br />
* partition the NVME SSD using gdisk (must be GPT partition table, must have MSDOS EFI partition size 512MiB)<br />
<pre><br />
[root@alpha00 ~]# gdisk -l /dev/nvme0n1<br />
GPT fdisk (gdisk) version 0.8.6 ...<br />
Found valid GPT with protective MBR; using GPT.<br />
Disk /dev/nvme0n1: 500118192 sectors, 238.5 GiB<br />
Logical sector size: 512 bytes<br />
Disk identifier (GUID): 1A82CC87-2757-44ED-980F-C78E3681D9D3<br />
Partition table holds up to 128 entries<br />
First usable sector is 34, last usable sector is 500118158<br />
Partitions will be aligned on 2048-sector boundaries<br />
Total free space is 2014 sectors (1007.0 KiB)<br />
<br />
Number Start (sector) End (sector) Size Code Name<br />
1 2048 1050623 512.0 MiB EF00 EFI System<br />
2 1050624 500118158 238.0 GiB 8300 Linux filesystem<br />
[root@alpha00 ~]# <br />
</pre><br />
* create filesystems<br />
<pre><br />
mkfs.msdos /dev/nvme0n1p1<br />
mkfs.xfs /dev/nvme0n1p2<br />
</pre><br />
* prepare EFI partition<br />
<pre><br />
mkdir /mnt/efi<br />
mount /dev/nvme0n1p1 /mnt/efi<br />
mkdir -p /mnt/efi/efi/boot<br />
cd /mnt/efi/efi/boot<br />
# with Ubuntu LTS 20.04<br />
cp /boot/vmlinuz vmlinuz # copy the desired linux kernel<br />
#cp /boot/initramfs initramfs.img # copy the matching initramfs file<br />
cp /boot/initrd.img initrd.img # copy the matching initrd file<br />
#from /home/olchansk/sysadm/syslinux/syslinux-6.03 copy<br />
cp /home/olchansk/sysadm/syslinux/syslinux-6.03/efi64/efi/syslinux.efi .<br />
cp /home/olchansk/sysadm/syslinux/syslinux-6.03/efi64/com32/elflink/ldlinux/ldlinux.e64 .<br />
cp syslinux.efi bootx64.efi<br />
</pre><br />
* create syslinux config file: syslinux.cfg<br />
<pre><br />
default linux<br />
label linux<br />
kernel vmlinuz<br />
append ro root=/dev/nvme0n1p2 nomodeset initrd=initrd.img<br />
</pre><br />
* prepare system partition<br />
<pre><br />
mkdir /mnt/tmp<br />
mount /dev/nvme0n1p2 /mnt/tmp<br />
rsync -avx / /mnt/tmp<br />
cd /mnt/tmp<br />
#edit etc/fstab<br />
#edit etc/syslinux/selinux # set selinux to permissive mode because rsync did not copy the selinux labels<br />
</pre><br />
* unmount and reboot<br />
* restore selinux labels after first boot<br />
<pre><br />
#login as root<br />
cd /<br />
restorecon -R / # can also add "-v" to see progress, but runs much slower<br />
#edit /etc/sysconfig/selinux # enable selinux<br />
#shutdown -r now # reboot with selinux enabled<br />
</pre><br />
<br />
= Configure UEFI secure boot =<br />
<br />
The above instructions do not quite work if "secure boot" is enabled.<br />
<br />
These modifications are needed:<br />
<br />
* ls -l /boot/efi/EFI/bootko/<br />
<pre><br />
total 140116<br />
-rwxr-xr-x 1 root root 108 Feb 24 15:47 BOOTX64.CSV<br />
-rwxr-xr-x 1 root root 1334816 Feb 24 16:16 bootx64.efi<br />
-rwxr-xr-x 1 root root 217495 Feb 24 16:16 config-4.15.0-74-generic<br />
-rwxr-xr-x 1 root root 105 Feb 24 15:47 grub.cfg<br />
-rwxr-xr-x 1 root root 199952 Feb 24 16:16 grubx64.efi<br />
-rwxr-xr-x 1 root root 58986147 Feb 24 16:16 initramfs.img<br />
-rwxr-xr-x 1 root root 58986147 Feb 24 16:16 initrd.img-4.15.0-74-generic<br />
-rwxr-xr-x 1 root root 139968 Feb 24 16:16 ldlinux.e64<br />
-rwxr-xr-x 1 root root 1269496 Feb 24 15:47 mmx64.efi<br />
-rwxr-xr-x 1 root root 1334816 Feb 24 16:16 shimx64.efi<br />
-rwxr-xr-x 1 root root 171 Feb 24 16:16 syslinux.cfg<br />
-rwxr-xr-x 1 root root 102 Feb 24 16:16 syslinux.cfg~<br />
-rwxr-xr-x 1 root root 199952 Feb 24 16:16 syslinux.efi<br />
-rwxr-xr-x 1 root root 4068355 Feb 24 16:16 System.map-4.15.0-74-generic<br />
-rwxr-xr-x 1 root root 8367768 Feb 24 16:16 vmlinuz<br />
-rwxr-xr-x 1 root root 8367768 Feb 24 16:16 vmlinuz-4.15.0-74-generic<br />
</pre><br />
** shmix64.efi is a copy from /boot/efi/EFI/ubuntu<br />
** bootx64.efi is a copy of shimx64.efi (maybe not needed?)<br />
** grubx64.efi is a copy of syslinux.efi<br />
* efibootmgr -c -d /dev/nvme0n1 -p 2 -w -L bootko -l '\EFI\bootko\shimx64.efi'<br />
* efibootmgr -v<br />
<pre><br />
root@daqubuntu:~# efibootmgr -v<br />
BootCurrent: 0000<br />
Timeout: 1 seconds<br />
BootOrder: 0000,0001,0002<br />
Boot0000* bootko HD(2,GPT,5d1cac95-29dd-4d8a-a56e-a8f414dd4047,0x800,0x100000)/File(\EFI\BOOTKO\SHIMX64.EFI)<br />
Boot0001* Hard Drive BBS(HD,,0x0)..GO..NO........y.I.N.T.E.L. .S.S.D.P.E.K.K.W.1.2.8.G.7....................A.......................................<..Gd-.;.A..MQ..L.I.N.T.E.L. .S.S.D.P.E.K.K.W.1.2.8.G.7........BO<br />
Boot0002* ubuntu HD(2,GPT,5d1cac95-29dd-4d8a-a56e-a8f414dd4047,0x800,0x100000)/File(\EFI\UBUNTU\SHIMX64.EFI)..BO<br />
root@daqubuntu:~# <br />
</pre><br />
* NOTE: if, after running "efibootmgr -c", the UUID is zero, then it probably did not take and the entry will vanish after reboot. In my case the mistake was to use "-p 1" instead of "-p 2".<br />
<br />
Boot sequence is this:<br />
* shmix64.efi - Microsoft-signed boot loader is accepted by secure boot, loads and runs<br />
* shimx64.efi loads and runs grubx64.efi, this file name is hardwired into the signed shim, cannot be changed<br />
* grubx64.efi is syslinux.efi (could be anything)<br />
* syslinux.efi runs, loads syslinux.cfg, loads the linux kernel, loads the initrd, runs the linux kernel with specified flags (ro root=...).<br />
<br />
= UEFI syslinux kernel update =<br />
<br />
To update the linux kernel booted by UEFI syslinux, use this script:<br />
* ~root/git/scripts/etc/update_efi.perl</div>
Lindner
https://daq00.triumf.ca/DaqWiki/index.php?title=SLinstall&diff=3028
SLinstall
2020-09-12T18:49:28Z
<p>Lindner: /* Configure Altera jtagd */</p>
<hr />
<div>== Notes ==<br />
<br />
* these instructions are periodically updated to include items needed for older/newer versions of Linux. They are marked like this: (SL4.2+) means Scientific Linux 4.2 and newer; (SL4 is equivalent to FC3). (FC5 only) means Fedora Core 5; etc.<br />
* obsolete items are marked by the "#" sign at the beginning of the line and sometimes have a comment about the reason for removal.<br />
* typically, we do not "upgrade" machines using the Red Hat "upgrade" function. Instead, we save critical files from the old installation and do a "fresh install" from scratch<br />
* starting with RHEL7, the recommended OS is CentOS7 (instead of SL7).<br />
<br />
== Disk configurations ==<br />
<br />
The year is 2019 and SSDs are used exclusively, except for bulk data storage, where one used 6-8-10-12 TB HDDs<br />
<br />
For reliability, home directories and data disks must use redundant storage - mdadm raid1 or ZFS raid1/raid6.<br />
<br />
For non-critical machines, a single SSD seems to be reliable enough to use as a boot and OS disk. But since any<br />
storage device can fail at any time without warning, home directories and data disks should use redundant storage.<br />
<br />
Note: for data disks bigger than 4-6TB, mdadm raid1/raid6 is no longer recommended because raid rebuild,<br />
verification and repair time has become unreasonably long. Instead, use ZFS raid1/raid6 which implements online verification,<br />
repair and disk replacement without requiring machine shutdown or OS down time.<br />
<br />
* single SSD - 120GB min - single partition for "/", no swap partition (create a swap file if swap is needed) - for non-critical machine with no local data storage (OS only)<br />
* dual SSD - 2x240GB min - all partitions mirrored (RAID1), 30GB "/", rest for /home1 - for daq station with local user home directories and no bulk data storage<br />
* single SSD + 2x6-8-10-12TB HDD - SSD partition: all "/", HDD partition as ZFS raid1 (mirrored) - for daq station with small local bulk data storage<br />
* single SSD + 6-8x6-8-10-12TB HDD - for small storage server machines - for daq station with local home directories and large bulk data storage.<br />
<br />
For VME processors:<br />
<br />
* network boot - [[VME-CPU#Network_boot]] - only option for V7648/V7750, do not use for V7805 (no netboot from GigE), optional for V7865/XVB-602<br />
* USB boot - 8GB USB for V7805, 16GB USB for V7865/XVB-602<br />
<br />
== Preparation ==<br />
<br />
* save /etc, /var, /root, /opt, (if needed: /usr/local, /tftpboot) by rsync to some data disk (/ladd/data0/root)<br />
* check that "/" partition (it will be overwritten) is different from /home1 and /data partitions<br />
* note the MAC addresses of all network interfaces, add them to ladd00 dhcpd.conf to enable PXE boot into the SL "network installer"<br />
* shutdown<br />
<br />
== Running installer (CentOS7) ==<br />
<br />
CentOS7 can be installed from vanilla CentOS7 installation media or from<br />
a custom USB key build per there instructions:<br />
https://daqshare.triumf.ca/~olchansk/linux/CentOS7/<br />
<br />
The custom installer makes it easy to use a custom kickstart file (ks.cfg).<br />
<br />
Instructions for using the usb-installer:<br />
<br />
* disconnect machine from network<br />
* plug the usb-installer into a usb3 port (blue colour)<br />
* reboot machine, select booting from usb (press F8 on ASUS motherboards)<br />
* usb-installer boot menu offers to install CentOS7, go there<br />
* CentOS7 should boot (many messages scroll on screen)<br />
* into graphical mode<br />
* into installer main menu<br />
* all installer options should "happy" except for the "installation destination"<br />
* go to the "installation destination" menu<br />
** unselect all disks except for the SSD where the OS will be installed<br />
** (MOST IMPORTANT: unselect the USB installer disk!)<br />
** select "I will configure..."<br />
** say "done"<br />
** the "manual partitionning" menu will open<br />
*** use the "-" button to delete all existing partitions<br />
*** select "standard partition"<br />
*** click on the "+" button<br />
*** in the "Add new partition" dialog, set mount point "/", capacity blank, click "add mount point"<br />
*** check capacity (should be full size of SSD), check filesystem type (should be XFS)<br />
*** say "done", there will be a warning about absent swap partition, say "done" again.<br />
*** in the big useless dialog, say "accept changes"<br />
*** should be back to the "installation summary" screen, "installation destination" should be happy now<br />
* after everything is happy, say "begin installation"<br />
* as the installation proceeds, set the password for the root user<br />
* after installation is complete, reboot the machine<br />
* unplug the usb-installer, CentOS7 should boot from SSD into the login screen<br />
* click on "not listed?", login as root<br />
* setup network connection:<br />
** open a terminal<br />
** start "nm-connection-editor"<br />
** click on "+" to create a new connection profile<br />
** select "wired ethernet"<br />
** select "add profile..."<br />
** in "Identity", set "name" to "static"<br />
** in "Identity", check that "Connect automatically" and "Make available..." is enabled<br />
** in "IPv4", set "Addresses" to "manual" instead of "dhcp"<br />
** enter IP address, netmask 255.255.224.0, gateway 142.90.100.18, dns 142.90.100.19, search triumf.ca<br />
** say "Add", then close/quit the network settings<br />
* connect network cable<br />
* network should be up, ping ladd00 should work<br />
* run: yum update -y<br />
* check new kernel is installed: ls -l /boot<br />
* logout and restart (good luck finding these buttons in the gui!)<br />
* confirm correct linux kernel is selected during boot (-229.20, not the original installer kernel)<br />
* login as root, confirm network is up, proceed with the rest of these instructions<br />
<br />
== Configure SSH ==<br />
<br />
(+CentOS7)<br />
<br />
* Login from the console<br />
* restore the SSH keys from backup (/etc/ssh/*key*)<br />
* service sshd restart<br />
* ssh into the new machine as root<br />
* ssh root@localhost, ctrl-C<br />
* ### this is done later from Konstantin's git repository - scp root@ladd00:/root/authorized_keys ~root/.ssh/<br />
* (not needed for SL5.5 kickstart) check that /etc/ssh/ssh_config contains "ForwardX11 yes" and "ForwardX11Trusted yes":<br />
<pre><br />
echo " ForwardX11 yes" >> /etc/ssh/ssh_config<br />
echo " ForwardX11Trusted yes" >> /etc/ssh/ssh_config<br />
</pre><br />
<br />
== Post installation CentOS7 ==<br />
<br />
Set hostname: (use full name, i.e. daq11.triumf.ca)<br />
<pre><br />
emacs -nw /etc/hostname<br />
</pre><br />
<br />
<pre><br />
echo "olchansk@triumf.ca amaudruz@triumf.ca lindner@triumf.ca bsmith@triumf.ca" >> ~root/.forward<br />
chmod a+r /var/log/messages<br />
chmod a+r /var/log/yum.log<br />
</pre><br />
<br />
Activate rc.local:<br />
<pre><br />
chmod a+x /etc/rc.local<br />
chmod a+x /etc/rc.d/rc.local # TL edit<br />
systemctl start rc-local<br />
systemctl status rc-local<br />
</pre><br />
<br />
== Disable "persistent network names" (DO NOT DO THIS) ==<br />
<br />
<pre><br />
/bin/touch /etc/udev/rules.d/75-persistent-net-generator.rules<br />
/bin/rm /etc/udev/rules.d/70-persistent-net.rules<br />
#shutdown -r now<br />
</pre><br />
<br />
== Configure NIS client (CentOS7) ==<br />
<br />
<pre><br />
yum -y install ypbind authconfig<br />
echo "NISTIMEOUT=5" >> /etc/sysconfig/network<br />
echo "NETWORKWAIT=yes" >> /etc/sysconfig/network<br />
authconfig --enablenis --enablepreferdns --nisdomain LADD-NIS --nisserver ladd00.triumf.ca --update<br />
ypwhich<br />
ypcat -k passwd<br />
systemctl restart autofs<br />
</pre><br />
* On the master NIS node (ladd00), add this new node to /etc/netgroup, and update NIS maps (cd /var/yp; make)<br />
* Use "system-config-users" to add local user accounts<br />
* enable selinux ssh key login to nfs mounted home directories:<br />
<pre><br />
setsebool -P use_nfs_home_dirs 1<br />
</pre><br />
<br />
== Configure NIS client (CentOS8) ==<br />
<br />
* all the same as for CentOS7<br />
* ensure correct boot order for ypbind (in CentOS 8.1 ypbind is started before network is ready, service file uses "Wants" instead of "After")<br />
<pre><br />
mkdir /etc/systemd/system/ypbind.service.d<br />
echo -e "[Unit]\nAfter=network-online.target\n" > /etc/systemd/system/ypbind.service.d/local.conf<br />
systemctl daemon-reload<br />
systemctl cat ypbind.service<br />
</pre><br />
<br />
== Configure NIS secondary server (CentOS7) ==<br />
<br />
Enable local NIS server, make local machine use it:<br />
<br />
<pre><br />
yum -y install ypserv<br />
/usr/lib64/yp/ypinit -s ladd00 ### (/usr/lib/yp/ypinit on 32-bit machines)<br />
### ypinit will give lots of errors about "rpc.ypxfrd failed: RPC: Can't decode result"; can be ignored<br />
systemctl enable rpcbind ypserv ypxfrd yppasswdd<br />
systemctl start rpcbind ypserv ypxfrd yppasswdd<br />
emacs -nw /etc/yp.conf # change "domain XXX server YYY.triumf.ca" to read "domain XXX server localhost"<br />
systemctl restart ypbind<br />
ypwhich # should say "localhost"<br />
ypcat -k auto.master # should work<br />
</pre><br />
<br />
Punch hole in the firewall: (or "make" on NIS master will complain)<br />
<br />
<pre><br />
echo YPSERV_ARGS=\"-p 800\" >> /etc/sysconfig/network<br />
systemctl restart ypserv<br />
firewall-cmd --get-services<br />
firewall-cmd --add-service rpc-bind --permanent<br />
firewall-cmd --add-port=800/tcp --add-port=800/udp --permanent<br />
firewall-cmd --reload<br />
firewall-cmd --list-all<br />
</pre><br />
<br />
* on the NIS master:<br />
** add the new machine to /var/yp/ypservers, run "make -C /var/yp" and also "cd /var/yp; yppush -h newmachine ypservers"<br />
*** TL (2020-09): we not doing this anymore? I guess it doesn't work anyway...<br />
** if using /var/yp/securenets, copy it from NIS master to new NIS secondary server<br />
<br />
Enable hourly NIS update cron job (DO THIS AFTER git pull scripts, see below)<br />
<br />
<pre><br />
cd ~/git/scripts<br />
git pull<br />
cd etc<br />
cd ~/git/scripts/etc; ln -s $PWD/ypxfr-cron-hourly /etc/cron.hourly<br />
</pre><br />
<br />
== Configure AUTOFS (CentOS7) ==<br />
<br />
<pre><br />
yum -y install autofs<br />
systemctl enable autofs<br />
systemctl start autofs<br />
ls -l /daq/daqshare<br />
</pre><br />
<br />
<br />
<br />
== Label Selinux labels ==<br />
<br />
When upgrading non-selinux machines (el6) to el7 (selinux enforcing) the existing<br />
user home directories will not have the correct selinux labels and many things<br />
will not work, including ssh logins (sshd cannot access ~user/.ssh files).<br />
<br />
<pre><br />
semanage fcontext -a -e /home /home1 ### selinux has special rules for /home, assign them to /home1<br />
restorecon -R -v /home1 ### apply the new rules to files in /home1<br />
ls -Zd /home1/alpha/.ssh<br />
# should say: drwx------. alpha users system_u:object_r:ssh_home_t:s0 /home1/alpha/.ssh<br />
</pre><br />
<br />
== Configure time (CentOS7) ==<br />
<br />
Time server ntpd was replaced by chronyd.<br />
<br />
<pre><br />
yum -y install chrony<br />
echo server time1 iburst >> /etc/chrony.conf<br />
echo server time2 iburst >> /etc/chrony.conf<br />
echo server time3 iburst >> /etc/chrony.conf<br />
systemctl enable chronyd<br />
systemctl restart chronyd<br />
chronyc sources<br />
chronyc tracking<br />
</pre><br />
<br />
* if desired, edit /etc/chrony.conf, remove non-triumf time servers<br />
<br />
== Enable automatic system updates (CentOS7) ==<br />
<br />
Disable yum-cron:<br />
<br />
<pre><br />
rpm --erase yum-cron<br />
/bin/rm -v /var/lock/subsys/yum-cron<br />
/bin/rm -v /etc/cron.daily/0yum-daily.cron<br />
/bin/rm -v /etc/cron.hourly/0yum-hourly.cron<br />
</pre><br />
<br />
Enable yum-autoupdate:<br />
<br />
<pre><br />
yum install -y epel-release<br />
yum install -y yum-changelog yum-protectbase yum-tsflags yum-versionlock<br />
rpm -vh --install http://linuxsoft.cern.ch/cern/centos/7.2/cern/x86_64/Packages/yum-kernel-module-1-5.el7.cern.noarch.rpm<br />
rpm -vh --install http://linuxsoft.cern.ch/cern/centos/7.2/cern/x86_64/Packages/yum-autoupdate-4.4.2-1.el7.cern.noarch.rpm<br />
#rpm -vh --install https://daqshare.triumf.ca/~olchansk/linux/yum-autoupdate-4.4.2-1.el7.cern.noarch.rpm https://daqshare.triumf.ca/~olchansk/linux/yum-kernel-module-1-5.el7.cern.noarch.rpm<br />
systemctl enable yum-autoupdate<br />
systemctl start yum-autoupdate<br />
systemctl status yum-autoupdate<br />
</pre><br />
<br />
== Disable automatic system updates (CentOS7) ==<br />
<br />
<pre><br />
yum -y erase yum-autoupdate<br />
/bin/rm -f /etc/sysconfig/yum-autoupdate.rpmsave<br />
/bin/rm -f /var/lock/subsys/yum-autoupdate<br />
</pre><br />
<br />
== Enable automatic system updates (CentOS8) ==<br />
<br />
<pre><br />
yum -y install dnf-automatic<br />
systemctl enable --now dnf-automatic.timer<br />
systemctl list-timers *dnf-*<br />
</pre><br />
<br />
edit /etc/dnf/automatic.conf<br />
<pre><br />
apply_updates = yes<br />
</pre><br />
<br />
== Configure system services (CentOS7) ==<br />
<br />
* systemctl list-unit-files | grep enabled | sort ### (to see enabled services)<br />
* disable unwanted services:<br />
<pre><br />
systemctl disable bluetooth<br />
systemctl disable dm-event<br />
systemctl disable dmraid-activation<br />
systemctl disable iscsid<br />
systemctl disable iscsi<br />
systemctl disable iscsiuio<br />
systemctl disable libvirtd<br />
systemctl disable lvm2-lmetad<br />
systemctl disable lvm2-monitor<br />
systemctl disable ModemManager<br />
systemctl disable multipathd<br />
systemctl disable netcf-transaction<br />
systemctl disable lvm2-lvmetad.socket<br />
systemctl disable lvm2-lvmpolld.socket<br />
systemctl disable iscsid.socket<br />
systemctl disable iscsiuio.socket<br />
#systemctl disable <br />
</pre><br />
<br />
== Erase unwanted packages (CentOS7) ==<br />
<br />
* PackageKit # bugs users about security updates, hogs yum lock<br />
* perl-homedir # creates unwanted $HOME/perl5<br />
* ModemManager # thinks that all USB-attached devices are modems<br />
* pcp # sends error email to itself, does not work<br />
* abrt # sends email to root about useless crashes, i.e. crash of X when machine is rebooted<br />
* rear # some kind of backup and recovery tool, not clear what it does, but it sends email complaining how it is broken<br />
* bash-completion # "echo $HOME/<TAB>" becomes "echo \$HOME" (notice "\" added before "$") preventing tab-completion from doing anything useful.<br />
<br />
<pre><br />
yum -y erase PackageKit perl-homedir ModemManager pcp abrt abrt-libs abrt-gui-libs rear bash-completion<br />
</pre><br />
<br />
== Disable unwanted package "tracker" ==<br />
<br />
The "tracker" package is part of the GNOME desktop, it scans the content of all files<br />
into a database for quick searching.<br />
<br />
When it malfunctions, bad things happen, i.e. read through<br />
https://bugzilla.redhat.com/show_bug.cgi?id=747689<br />
<br />
Specific problem I see is that it floods the system log with error messages. Also <br />
consumes network and filesystem bandwidth for NFS mounted home directories.<br />
<br />
This package cannot be removed by "yum erase tracker" dues to dependencies<br />
from core GNOME desktop.<br />
<br />
Instead, do this to deactivate it:<br />
<br />
<pre><br />
chmod -x /usr/libexec/tracker-*<br />
chmod -x /usr/bin/tracker<br />
chattr +i /usr/bin/tracker<br />
chattr +i /usr/libexec/tracker-*<br />
</pre><br />
<br />
== Configure external package repositories (CentOS7) ==<br />
<br />
EPEL: (addtional packages)<br />
<pre><br />
yum install epel-release<br />
</pre><br />
<br />
ELREPO: (kernel modules and drivers) (CentOS8)<br />
<pre><br />
yum install elrepo-release<br />
</pre><br />
<br />
ELREPO: (kernel drivers)<br />
<pre><br />
rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org<br />
rpm -Uvh https://www.elrepo.org/elrepo-release-7.0-2.el7.elrepo.noarch.rpm<br />
yum -y install yum-plugin-fastestmirror<br />
</pre><br />
<br />
== Install packages needed to continue with installation ==<br />
<br />
(+CentOS7)<br />
<br />
(these packages are sometimes missing, they are needed to follow following instructions instructions)<br />
<br />
(SL6.5: libotf is a dependancy of emacs - SL6.5 installer fails to install it)<br />
<br />
<pre><br />
yum install ed patch wget git libotf gdisk emacs perl<br />
</pre><br />
<br />
== Configure Konstantin's scripts ==<br />
<br />
(+Centos7)<br />
<br />
<pre><br />
mkdir ~root/git<br />
cd ~root/git<br />
git clone http://ladd00.triumf.ca/~olchansk/git/scripts.git<br />
cd scripts<br />
git pull<br />
</pre><br />
<br />
Go back to the NIS slave server and install the hourly NIS update cron job.<br />
<br />
== Enable yum version lock ==<br />
<br />
<pre><br />
yum install yum-plugin-versionlock<br />
#yum versionlock packagename # yum versionlock rpcbind<br />
#yum versionlock list # list locked packages<br />
#yum versionlock delete packagename # unlock given package<br />
#yum versionlock clear # delete all locks<br />
</pre><br />
<br />
== Configure trusted ssh keys ==<br />
<br />
(+CentOS7)<br />
<br />
<pre><br />
ssh localhost<br />
interrupt by Ctrl-C<br />
/bin/cp ~/git/scripts/etc/authorized_keys ~/.ssh/<br />
</pre><br />
<br />
== Configure hardware sensors ==<br />
<br />
* yum -y install lm_sensors<br />
* sensors-detect (accept default answer to all questions - press ENTER)<br />
* systemctl restart lm_sensors<br />
* sensors (to see available sensors)<br />
<br />
If no sensors are detected by standard drivers, follow motherboard-specific instructions at the bottom of this page.<br />
<br />
== Configure IPMI sensors ==<br />
<br />
Some machines support the IPMI interface for monitoring the hardware: fan speeds, temperatures, voltages.<br />
<br />
* find out if IPMI is supported. Try this:<br />
<pre><br />
dmidecode | grep -i ipmi<br />
</pre><br />
if output is not blank, IPMI is maybe supported.<br />
* install and enable IPMI software:<br />
<pre><br />
yum install "OpenIPMI*" ipmitool<br />
service ipmi start<br />
ipmitool sensor ### to confirm IPMI is present. If output is blank, do not go further.<br />
chkconfig ipmi on<br />
chkconfig ipmievd on<br />
service ipmi restart<br />
service ipmievd restart<br />
tail -100 /var/log/messages ### look at messages logged by ipmievd<br />
</pre><br />
* (CentOS7) install and enable IPMI software:<br />
<pre><br />
yum install "OpenIPMI*" ipmitool<br />
systemctl start ipmi<br />
ipmitool sensor ### to confirm IPMI is present. If output is blank, do not go further.<br />
systemctl list-unit-files | grep -i ipmi<br />
systemctl enable ipmi<br />
systemctl restart ipmi<br />
systemctl status ipmi<br />
systemctl enable ipmievd<br />
systemctl restart ipmievd<br />
systemctl status ipmievd<br />
tail -100 /var/log/messages ### look at messages logged by ipmievd<br />
</pre><br />
<br />
* if ipmievd complains about SEL buffer overflow, clear it manually:<br />
<pre><br />
ipmitool sel list ### show ipmi messages in raw format<br />
ipmitool sel elist ### show ipmi messages in useful format<br />
ipmitool sel elist > file ### save ipmi messages into a file<br />
ipmitool sel clear ### clear all accumulated ipmi messages<br />
</pre><br />
<br />
* useful ipmi commands:<br />
** ipmitool sensor -- read hardware sensors<br />
** ipmitool sel elist -- report all accumulated messages<br />
<br />
== Configure ECC memory ==<br />
<br />
* check that machine has ECC memory: dmidecode --type memory | grep -i ecc<br />
<br />
Configure mcelog (machine check exception)<br />
<br />
* yum install mcelog<br />
* check that mcelog is running: ps -efw | grep mcelog<br />
* (el6) chkconfig mcelogd on; service mcelogd restart<br />
* (el7) systemctl status mcelog.service; systemctl enable mcelog.service; systemctl restart mcelog.service<br />
<br />
Check for MCE (machine check exception) messages:<br />
<br />
* mcelog --client<br />
* grep -i mce /var/log/messages*<br />
* grep -i ecc /var/log/messages*<br />
<br />
Configure EDAC<br />
<br />
<pre><br />
yum install edac-utils<br />
edac-ctl --mainboard<br />
edac-ctl --status<br />
lsmod | grep edac<br />
modprobe ie31200_edac ### driver for Intel E3-1200 series ECC memory<br />
<br />
[root@grsmid00 ~]# ls -l /sys/devices/system/edac/mc/<br />
... empty<br />
<br />
[root@alpha00 ~]# ls -l /sys/devices/system/edac/mc/<br />
drwxr-xr-x. 15 root root 0 Oct 25 16:40 mc0<br />
...<br />
[root@alpha00 ~]# ls -l /sys/devices/system/edac/mc/mc0<br />
total 0<br />
-r--r--r--. 1 root root 4096 Oct 25 16:40 ce_count<br />
-r--r--r--. 1 root root 4096 Oct 25 16:40 ce_noinfo_count<br />
drwxr-xr-x. 3 root root 0 Oct 25 16:40 csrow0<br />
drwxr-xr-x. 3 root root 0 Oct 25 16:40 csrow1<br />
drwxr-xr-x. 3 root root 0 Oct 25 16:40 csrow2<br />
drwxr-xr-x. 3 root root 0 Oct 25 16:40 csrow3<br />
-r--r--r--. 1 root root 4096 Oct 25 16:40 max_location<br />
-r--r--r--. 1 root root 4096 Oct 25 16:40 mc_name<br />
drwxr-xr-x. 2 root root 0 Oct 25 16:40 power<br />
drwxr-xr-x. 3 root root 0 Oct 25 16:40 rank0<br />
drwxr-xr-x. 3 root root 0 Oct 25 16:40 rank1<br />
drwxr-xr-x. 3 root root 0 Oct 25 16:40 rank2<br />
drwxr-xr-x. 3 root root 0 Oct 25 16:40 rank3<br />
drwxr-xr-x. 3 root root 0 Oct 25 16:40 rank4<br />
drwxr-xr-x. 3 root root 0 Oct 25 16:40 rank5<br />
drwxr-xr-x. 3 root root 0 Oct 25 16:40 rank6<br />
drwxr-xr-x. 3 root root 0 Oct 25 16:40 rank7<br />
--w-------. 1 root root 4096 Oct 25 16:40 reset_counters<br />
-r--r--r--. 1 root root 4096 Oct 25 16:40 seconds_since_reset<br />
-r--r--r--. 1 root root 4096 Oct 25 16:40 size_mb<br />
lrwxrwxrwx. 1 root root 0 Oct 2 12:02 subsystem -> ../../../../../bus/mc0<br />
-r--r--r--. 1 root root 4096 Oct 25 16:40 ue_count<br />
-r--r--r--. 1 root root 4096 Oct 25 16:40 ue_noinfo_count<br />
-rw-r--r--. 1 root root 4096 Oct 25 16:40 uevent<br />
[root@alpha00 ~]# <br />
<br />
[root@alpha00 ~]# edac-ctl --status<br />
edac-ctl: drivers are loaded.<br />
<br />
[root@alpha00 ~]# edac-util <br />
edac-util: No errors to report.<br />
<br />
[root@alpha00 ~]# edac-util -s<br />
edac-util: EDAC drivers are loaded. 1 MC detected<br />
</pre><br />
<br />
== Configure SMARTD (CentOS7) ==<br />
<br />
Default el7 smartd config files send deficient email notices about disk failures. Overwrite.<br />
<br />
<pre><br />
/bin/cp ~/git/scripts/etc/smartd.conf /etc/smartmontools/<br />
/bin/cp ~/git/scripts/etc/smartd_warning.sh /etc/smartmontools/<br />
systemctl enable smartd<br />
systemctl restart smartd<br />
systemctl status smartd<br />
</pre><br />
<br />
== Enable User Disk Quotas (OPTIONAL) ==<br />
<br />
(+CentOS7)<br />
<br />
* read http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Storage_Administration_Guide/ch-disk-quotas.html<br />
* emacs -nw /etc/fstab, add "grpquota,usrquota" to filesystem options, e.g.:<br />
<pre><br />
[root@isdaq00 home1]# grep quota /etc/fstab<br />
UUID=5a2aefbd-45db-475e-841e-12ec89220fbd /home1 ext4 defaults,grpquota,usrquota 1 2<br />
</pre><br />
* cd /; umount /home1; mount /home1<br />
* quotacheck -cug /home1<br />
* quotacheck -avug<br />
* quotaon -av<br />
* quota system is now active<br />
* increase the soft quota time limit from default 7days to 30 or 60 days: edquota -t<br />
* set quotas for all users (see below)<br />
* setup warnquota:<br />
** create warnquota config file: emacs -nw /etc/warnquota.conf<br />
<pre><br />
# values can be quoted:<br />
MAIL_CMD = "/usr/sbin/sendmail -t"<br />
FROM = root<br />
SUBJECT = User %i@%h exceeded allocated disk quota<br />
CC_TO = "root"<br />
# If you set this variable CC will be used only when user has less than<br />
# specified grace time left (examples of possible times: 5 seconds, 1 minute,<br />
# 12 hours, 5 days)<br />
# CC_BEFORE = 2 days<br />
SUPPORT = "root"<br />
# Text in the beginning of the mail (if not specified, default text is used)<br />
# This way text can be split to more lines<br />
# Line breaks are done by '|' character<br />
# The expressions %i, %h, %d, and %% are substituted for user/group name,<br />
# host name, domain name, and '%' respectively. For backward compatibility<br />
# %s behaves as %i but is deprecated.<br />
MESSAGE = User "%i" on "%h" has exceeded the allocated disk quota.||Please delete any unnecessary files on following filesystems or|contact the system administrato<br />
r to increase your quota allocation:|<br />
SIGNATURE = --|automated email from warnquota<br />
</pre><br />
** note that %i@%h in the SUBJECT line do not seem to work<br />
** create cron job: emacs -nw /etc/cron.daily/warnquota<br />
<pre><br />
#!/bin/sh<br />
warnquota<br />
#end<br />
</pre><br />
** chmod a+x /etc/cron.daily/warnquota<br />
** touch /etc/crontab<br />
<br />
Useful commands for managing quotas:<br />
* repquota -a | sort -n -k3 ### show quota of all users sorted by disk usage<br />
* edquota -u username ### open "vi" editor to change user quotas<br />
* repquote -a | grep username ### report quota for given user<br />
* setquota -u username 0 0 0 0 /home1 ### disable quotas for given user<br />
* setquota -u username 50000000 100000000 0 0 /home1 ### set quotas for 50GB soft and 100GB hard<br />
* edquota -t ### change user quota time limits<br />
* edquote -tg ### change group quota time limits<br />
<br />
== Enable NFS V4 server (CentOS7) ==<br />
<br />
* create /etc/exports. example: (fsid numbers should be unique and increase 1,2,3,...)<br />
<pre><br />
/home1 @home_export(rw,no_root_squash,async,fsid=1)<br />
/data1 @data_export(rw,no_root_squash,async,fsid=2)<br />
</pre><br />
* check the netgroup file<br />
** if using NIS: check NIS netgroup: ypcat -k netgroup<br />
** if no NIS, create /etc/netgroup: @daqmachines (deap00,,) (deap01,,) (deap02,,)<br />
** if no NIS, edit /etc/nsswitch.conf, make the netgrooup line read: "netgroup: files"<br />
* enable things, start them:<br />
<pre><br />
firewall-cmd --get-services<br />
firewall-cmd --permanent --add-service=nfs<br />
firewall-cmd --reload<br />
firewall-cmd --list-all<br />
systemctl enable nfs-server<br />
systemctl start nfs-server<br />
systemctl status nfs<br />
</pre><br />
<br />
== Enable NFS V3 server (CentOS7) ==<br />
<br />
<pre><br />
ps -efw | grep rpc.mountd # should be running!<br />
firewall-cmd --get-services<br />
firewall-cmd --permanent --add-service=mountd<br />
firewall-cmd --permanent --add-service=rpc-bind<br />
firewall-cmd --reload<br />
firewall-cmd --list-all<br />
</pre><br />
<br />
== Enable NFS V3 server ==<br />
<br />
* edit /etc/hosts.allow, add or uncomment "mountd: 142.90.0.0/255.255.0.0"<br />
* create /etc/exports. example:<br />
<pre><br />
/home1 @home_export(rw,no_root_squash,async)<br />
/data1 @data_export(rw,no_root_squash,async)<br />
</pre><br />
* check the netgroup file<br />
** if using NIS: check NIS netgroup: ypcat -k netgroup<br />
** if no NIS, create /etc/netgroup: @daqmachines (deap00,,) (deap01,,) (deap02,,)<br />
** if no NIS, edit /etc/nsswitch.conf, make the netgrooup line read: "netgroup: files"<br />
* chkconfig nfs on<br />
* chkconfig nfslock on<br />
* service nfs restart<br />
<br />
Then on ladd00 need to do<br />
* ssh to root@ladd00<br />
* edit /etc/auto.daq to add new machine...<br />
* make -C /var/yp<br />
<br />
== Enable NFS V4 SERVER (SL6) ==<br />
<br />
* if used with NIS, same as NFSv3<br />
* if used as standalone, need to edit idmapd.conf - set the "Domain" name to the same value on NFS server and NFS slave (default automagically determined value does not always work). More TBW.<br />
<br />
== Enable AMANDA backups ==<br />
<br />
AMANDA backups are already enabled by TRIUMF kickstart installs. For non-kickstart installation, follow instructions at [[http://amanda/~amanda http://amanda/~amanda]], or look at "/triumfcs/trshare/olchansk/linux/amanda/amanda-enable.perl". As final step, use [[https://helpdesk.triumf.ca https://helpdesk.triumf.ca]] to contact TRIUMF CS to add this new machine to the amanda backup list.<br />
<br />
* yum install triumf-amanda<br />
<br />
== Enable AMANDA backups (CentOS7) ==<br />
<br />
<pre><br />
yum install amanda-client<br />
systemctl list-unit-files | grep -i amanda<br />
#systemctl enable amanda<br />
systemctl enable amanda.socket<br />
systemctl enable amanda-udp.socket<br />
systemctl restart amanda.socket<br />
systemctl restart amanda-udp.socket<br />
firewall-cmd --get-services<br />
firewall-cmd --permanent --add-service=amanda-client<br />
firewall-cmd --reload<br />
firewall-cmd --list-all<br />
echo amanda.triumf.ca amanda amdump >> /var/lib/amanda/.amandahosts<br />
</pre><br />
<br />
On amanda server, add new machine to the disklist, then:<br />
<br />
<pre><br />
amcheck -c daily titan00<br />
</pre><br />
<br />
== Enable DCACHE ==<br />
<br />
DAQ dcache server is mounted as<br />
<br />
/daq/pnfs/triumf.ca/data/<br />
<br />
For Centos-7 machines, you need to adjust the firewall rules in order to be able to communicate with the trdata machines; this is only necessary if you are copying data to trdata. The firewall changes are<br />
<br />
<pre><br />
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="142.90.100.212/32" port protocol="tcp" port="0-65535" accept"<br />
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="142.90.107.156/32" port protocol="tcp" port="0-65535" accept"<br />
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="142.90.100.219/32" port protocol="tcp" port="0-65535" accept"<br />
firewall-cmd --reload<br />
firewall-cmd --list-all<br />
</pre><br />
<br />
This instructions are unnecessary <br />
* # mkdir -p /pnfs<br />
* # edit /etc/rc.local, add to the end of file: "mount -o intr,rw,noac,hard,nfsvers=3 trdata00:/pnfs /pnfs &"<br />
* # . /etc/rc.local<br />
<br />
For more information on, see [[TrdataDcache]] dcache page.<br />
<br />
== Configure Ganglia (Centos7) ==<br />
<br />
CentOS7 Ganglia instructions (EPEL7 ganglia-3.7.2)<br />
<br />
<pre><br />
/bin/rm /etc/gmond.conf<br />
yum -y install "ganglia-gmond*"<br />
/bin/cp -v /dev/null /etc/ganglia/conf.d/multicpu.conf # collects useless data<br />
/bin/cp -v /dev/null /etc/ganglia/conf.d/netstats.pyconf # spews errors into syslog<br />
/bin/cp -v /dev/null /etc/ganglia/conf.d/diskstat.pyconf # collects useless data<br />
/bin/cp -v /dev/null /etc/ganglia/conf.d/procstat.pyconf # do not create /tmp/gmond.conf<br />
/bin/cp ~/git/scripts/etc/gmond.conf /etc/ganglia/gmond.conf<br />
systemctl enable gmond<br />
systemctl restart gmond<br />
systemctl status gmond<br />
</pre><br />
<br />
== Configure TRIUMF DAQ packages ==<br />
<br />
(+CentOS7)<br />
<br />
<pre><br />
cd /etc/yum.repos.d<br />
wget http://daq.triumf.ca/~daqweb/yum/triumf-daq.repo<br />
</pre><br />
<br />
== Install Konstantin's packages ==<br />
<br />
(+CentOS7)<br />
<br />
<pre><br />
yum --disablerepo=\* --enablerepo=triumf-daq --skip-broken install diskscrub emailonreboot monitor_nfs "ganglia-*" triumf_nodeinfo<br />
</pre><br />
<br />
== Install memtest and PXE boot ==<br />
<br />
!!!DO NOT DO THIS!!!<br />
<br />
<pre><br />
cd /boot<br />
wget http://ladd00.triumf.ca/tftpboot/memtest86+-5.01.bin.gz<br />
wget http://ladd00.triumf.ca/tftpboot/memtest86+-4.20.bin.gz<br />
wget http://ladd00.triumf.ca/tftpboot/memtest86+-4.10<br />
wget http://ladd00.triumf.ca/tftpboot/gpxe-1.0.1+-gpxe.lkrn<br />
<br />
emacs -nw /boot/grub/grub.conf<br />
title memtest86+-5.01<br />
root (hd0,0)<br />
kernel /boot/memtest86+-5.01.bin.gz<br />
title memtest86+-4.20<br />
root (hd0,0)<br />
kernel /boot/memtest86+-4.20.bin.gz<br />
title memtest86+-4.10<br />
root (hd0,0)<br />
kernel /boot/memtest86+-4.10<br />
title pxeboot<br />
root (hd0,0)<br />
kernel /boot/gpxe-1.0.1+-gpxe.lkrn<br />
</pre><br />
<br />
== Install node monitoring ==<br />
<br />
(+CentOS7)<br />
<br />
<pre><br />
yum --disablerepo=\* --enablerepo=triumf-daq --skip-broken install triumf_nodeinfo<br />
/usr/sbin/sendnodeinfo.perl --config ladd00.triumf.ca:8600<br />
emacs -nw /etc/nodeinfo<br />
/usr/sbin/sendnodeinfo.perl ladd00.triumf.ca:8600<br />
</pre><br />
<br />
== Install gonodeinfo node monitoring ==<br />
<br />
(+Ubuntu, +CentOS7, +CentOS8)<br />
<br />
go to https://bitbucket.org/dd1/gonodeinfo<br />
follow instructions:<br />
<pre><br />
yum -y install golang<br />
mkdir ~/git<br />
cd ~/git<br />
git clone https://bitbucket.org/dd1/gonodeinfo.git<br />
# or git clone https://daq.triumf.ca/~olchansk/git/gonodeinfo.git<br />
cd gonodeinfo<br />
git pull<br />
make<br />
make install # install gonodeinfo agent<br />
cd ~ # this is important<br />
</pre><br />
<br />
* emacs -nw /etc/gonodeinfo.conf<br />
* change "Description", "Location", "User" and "Administrator" as appropriate (or delete them)<br />
* change "Servers" to read: Servers: ladd00.triumf.ca:8601<br />
* run gonodeinfo -e<br />
* if error is "connection refused". go to the nodeinfo server to add this client to the access control list:<br />
* on the gonodeinfo server: run gonodereceive -a daq13<br />
* try gonodeinfo again, there should be no error<br />
* on the gonodeinfo server: run gonodereport, look at the web pages, the new machine should be listed now<br />
<br />
== Install latest system updates ==<br />
<br />
(+CentOS7)<br />
<br />
<pre><br />
yum update -y<br />
</pre><br />
<br />
== Configure TRIUMF Printers (CentOS7) ==<br />
<br />
<pre><br />
systemctl stop cups<br />
systemctl disable cups<br />
echo "ServerName printers.triumf.ca" > /etc/cups/client.conf<br />
lpstat -a<br />
</pre><br />
<br />
== Disable syslog spam (CentOS7) ==<br />
<br />
Default el7 config is spamming the syslog with useless messages "systemd: Starting Session", etc. Disable this:<br />
<br />
<pre><br />
echo auditctl -e 0 >> /etc/rc.local<br />
echo /usr/bin/systemd-analyze set-log-level notice >> /etc/rc.local<br />
/etc/rc.local<br />
</pre><br />
<br />
== Install basic system packages (CentOS7) ==<br />
<br />
(if starting from minimal system, basic system packages required:)<br />
<br />
<pre><br />
yum install -y which psmisc redhat-lsb-core xorg-x11-xauth xterm emacs-nox rsync tcpdump strace nfs-utils sysstat iftop tcsh<br />
yum install -y gcc gcc-c++ gdb glibc-static libstdc++-static zlib zlib-devel openssl-devel httpd-tools<br />
</pre><br />
<br />
== Install packages needed for QUARTUS, ROOT, EPICS and MIDAS DAQ ==<br />
<br />
(+CentOS7)<br />
<br />
yum install --skip-broken giflib.x86_64 sysstat "libusb-devel*" unixODBC-devel postgresql-devel libxml2-devel libXpm-devel libgfortran git compat-readline43 "graphviz*" dcap "tigervnc*" telnet glibc"*" strace "fftw*" libpng "freetype*" xpdf "xemacs*" tkcvs xterm mutt "*-g77*" joe "libXmu*" dcap-devel gsl-devel pcre-devel h5py gd-devel xorg-x11-fonts"*" minicom xfig"*" perl-BSD-Resource "net-snmp-*" readline-static git-all nasm imake tcl-devel gv xorg-x11-twm expat-devel screen compat-readline5 ImageMagick ImageMagick-devel wget alacarte scipy numpy sympy nedit gnuplot php-cli php-domxml-php4-php5 php-gd php-fpdf php-cli kdebase cmake tcpdump sqlite sqlite-devel kdegraphics gdisk lsof gconf-editor iftop tk-devel mcelog kdm blt itcl lz4 bzip2 pbzip2 apr-devel apr-util-devel net-tools golang"*" --exclude golang-cover"*"hg"*" --exclude golang"*"hg"*" --exclude golang-pkg"*" --exclude golang-github"*" --exclude golang"*"git"*" mesa"*" xerces-c"*" diffuse clang i2c-tools texlive-revtex texlive-revtex4 kile kbibtex xrdp glibc.i686 gimp gimp-data-extras perl-GD"*" perl-Math"*" perl-Statistics-Basic cmake3 cmake3-gui extra-cmake-modules python2-pip x2go"*" mariadb-devel glibc-devel.i686 libzstd<br />
<br />
== Install optional packages ==<br />
<br />
!! DO NOT DO THIS !!<br />
<br />
(do not install boost on 32-bit machines)<br />
<br />
yum install --skip-broken "boost-*" <br />
<br />
(packages for 32-bit software compilation on 64-bit machines. this is optional)<br />
<br />
yum install --skip-broken giflib.i386 giflib.i686 compat-libf2c-34.i386 compat-libf2c-34.i686 mysql-devel.i686 openssl-devel.i686 unixODBC-devel.i686 libstdc++-devel.i386 libstdc++-devel.i686 "zlib-*.i686" "libXext-*.i686" "libXtst-*.i686" glibc-static.i686 freetype.i686 fontconfig.i686 libpng.i686 libXrender.i686 glibc-devel.i686 libX11-devel.i686 libXpm-devel.i686 libXft-devel.i686 mysql-devel.i686 dcap-devel.i686 gsl-devel.i686 pcre-devel.i686 fontconfig-devel.i686 freetype-devel.i686 libpng-devel.i686 libjpeg-devel.i686 libgfortran.i686 libxml2-devel.i686 gd-devel.i686 readline-devel.i686 ncurses-devel.i686 libXdmcp.i686 readline-static.i686 compat-readline5.i686<br />
<br />
yum install boost-devel.i686<br />
<br />
(separately install these packages - they collide with the big bunch above)<br />
<br />
yum install rdesktop<br />
<br />
yum reinstall urw-fonts<br />
<br />
== Install libraries for PHYSICA (CentOS7) ==<br />
<br />
To run physica built on el6 from git sources on el7, do this:<br />
<br />
(building physica on el7 is nort supported at this time)<br />
<br />
(see more http://www.triumf.info/wiki/DAQwiki/index.php/PHYSICA)<br />
<br />
<pre><br />
yum -y install libX11.i686 gd.i686 libpng12.i686 readline.i686 compat-libf2c-34.i686<br />
</pre><br />
<br />
== Install additional desktop environements (CentOS7) ==<br />
<br />
<pre><br />
# LXQT (from EPEL)<br />
# NOT COMPATIBLE WITH el7.7 # yum -y install "lxqt*"<br />
# Cinnamon desktop (from EPEL)<br />
yum -y install cinnamon<br />
# KDE5 not available yet<br />
# MATE (from epel)<br />
yum -y groupinstall "MATE Desktop"<br />
yum -y install mate-common mate-icon-theme-faenza mate-netspeed mate-sensors-applet mate-themes-extras mate-utils<br />
yum -y erase ModemManager abrt abrt-libs abrt-gui-libs<br />
# XFCE4 (from EPEL)<br />
yum -y groupinstall xfce<br />
yum -y install "xfce*plugin" xfce4-about --exclude xfce4-hamster-plugin<br />
yum -y erase bash-completion<br />
</pre><br />
<br />
* make the MATE desktop as default<br />
<br />
<pre><br />
cd ~root/git/scripts/<br />
git pull<br />
/bin/cp -v etc/lightdm_default_mate.conf /etc/lightdm/lightdm.conf.d/<br />
</pre><br />
<br />
* lighdm login manager (from EPEL)<br />
<pre><br />
yum install lightdm lightdm-kde lightdm-qt lightdm-qt5<br />
</pre><br />
<br />
* and switch from gdm to lighdm<br />
<pre><br />
systemctl disable gdm.service<br />
systemctl enable lightdm.service<br />
(systemctl stop gdm; systemctl restart lightdm) &<br />
</pre><br />
<br />
== Install SMART scripts ==<br />
<br />
(+CentOS7)<br />
<br />
<pre><br />
ln -sf ~/git/scripts/smart-status/smart-status.perl ~/<br />
</pre><br />
<br />
== Install NTFS drivers ==<br />
<br />
yum install ntfs-3g ntfsprogs (from EPEL)<br />
<br />
== Install HFS and HFS+ drivers (CentOS7) ==<br />
<br />
yum --disablerepo=\* --enablerepo=elrepo install kmod-hfs kmod-hfsplus<br />
<br />
== Install Google Chrome web browser (64-bit CentOS7) ==<br />
<br />
<pre><br />
/bin/cp ~/git/scripts/etc/google-chrome-64.repo /etc/yum.repos.d/<br />
yum install google-chrome-stable<br />
</pre><br />
<br />
== Enable monitoring of HTTPS certificates ==<br />
<br />
On SL6, CentOS7:<br />
<br />
<pre><br />
yum install crypto-utils<br />
/etc/cron.daily/certwatch<br />
strace -f /etc/cron.daily/certwatch |& grep open | grep crt<br />
</pre><br />
<br />
== Enable 100dpi fonts for EPICS ==<br />
<br />
(+CentOS7)<br />
<br />
<pre><br />
ln -s /usr/share/X11/fonts/100dpi /etc/X11/fontpath.d/<br />
</pre><br />
<br />
== Enable crontab @reboot for MIDAS (CentOS7) ==<br />
<br />
el7 has a bug - cron @reboot entries for normal users can run before autofs is ready, so if the home directory<br />
is on autofs/NFS, it cannot be accessed and the cron job fails. If MIDAS is supposed to be<br />
started by cron @reboot, it will not start (there *will* be an error message in /var/log/cron).<br />
<br />
<pre><br />
mkdir /etc/systemd/system/crond.service.d<br />
echo -e "[Unit]\nAfter=ypbind.service autofs.service\n" > /etc/systemd/system/crond.service.d/local.conf<br />
systemctl daemon-reload<br />
systemctl cat crond.service<br />
</pre><br />
<br />
Explore the systemd dependacy tree using "systemctl list-dependencies" maybe with "--all".<br />
<br />
Visualize the exact boot sequence from previous boot: "systemd-analyze plot > xxx.svg", look at the svg file using a web browser.<br />
<br />
== Enable firewall for MIDAS (CentOS7) ==<br />
<br />
Default el7 configuration prevents all access to servers running on the local machine, including access to MIDAS mhttpd (tcp port 8443) and mserver (all tcp ports).<br />
<br />
To enable access to mhttpd:<br />
<br />
<pre><br />
firewall-cmd --add-port=8443/tcp --permanent<br />
firewall-cmd --reload<br />
firewall-cmd --list-all<br />
</pre><br />
<br />
To enable access to the mserver from a specific host: (replace 142.90.111.175 with the IP address of the permitted host)<br />
<br />
<pre><br />
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="142.90.111.175/32" port protocol="tcp" port="0-65535" accept"<br />
firewall-cmd --reload<br />
firewall-cmd --list-all<br />
</pre><br />
<br />
To enable access from the private network (replace "192.168.1.0" with your private network number):<br />
<br />
<pre><br />
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.1.0/24" port protocol="tcp" port="0-65535" accept"<br />
firewall-cmd --reload<br />
firewall-cmd --list-all<br />
</pre><br />
<br />
== Enable firewall for EPICS (CentOS7) ==<br />
<br />
To enable access to TRIUMF EPICS servers, do this:<br />
<br />
<pre><br />
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="142.90.132.0/23" accept"<br />
firewall-cmd --reload<br />
firewall-cmd --list-all<br />
</pre><br />
<br />
For UCN the controls people seem to have EPICS setup on a different server; this might be true for CMMS as well. In this case the firewall rule change should be<br />
<br />
<pre><br />
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="142.90.139.0/23" accept"<br />
firewall-cmd --reload<br />
firewall-cmd --list-all<br />
</pre><br />
<br />
== Disable gdm and X11 (OPTIONAL) ==<br />
<br />
<pre><br />
initctl stop prefdm<br />
echo "start on never" > /etc/init/prefdm.override<br />
echo "start on never" > /etc/init/splash-manager.override<br />
initctl reload-configuration<br />
</pre><br />
<br />
then enable login on default console:<br />
<pre><br />
echo "plymouth quit" >> /etc/rc.local<br />
echo "X_TTY=xxx/dev/tty1" >> /etc/sysconfig/init<br />
</pre><br />
<br />
== Install JAVAWS (OPTIONAL) ==<br />
<br />
* to run Java "web start" jnlp files (EVO, SEEVOGH, etc): javaws Downloads/spider.jnlp<br />
* install javaws:<br />
* yum install icedtea-web icedtea-web-javadoc<br />
<br />
== Install firefox java plugin (OPTIONAL, DO NOT DO THIS) ==<br />
<br />
This installs the Oracle Java plugin:<br />
<br />
* rpm -vh --install ~deap/jdk-7u15-linux-x64.rpm<br />
* ls -l /usr/lib64/mozilla/plugins/<br />
* ln -s /usr/java/jdk1.7.0_15/jre/lib/amd64/libnpjp2.so /usr/lib64/mozilla/plugins/<br />
* start firefox, go edit->preferences->general->manage add-ons->plugins<br />
* "java plugin 1.7.0_15" should be listed<br />
<br />
<br />
<br />
== Configure USB device permissions ==<br />
<br />
(+CentOS7)<br />
<br />
Configure USB device permissions for user access to USB-serial devices, Altera USB Blaster, etc.<br />
<br />
* create file /etc/udev/rules.d/99-usb-chmod.rules with this contents:<br />
<br />
<pre><br />
emacs -nw /etc/udev/rules.d/99-usb-chmod.rules<br />
ACTION=="add", SUBSYSTEM=="usb_device", RUN+="/bin/chmod a+wr /dev/%c"<br />
ACTION=="add", SUBSYSTEM=="usb_device", RUN+="/bin/chmod a+wr /proc/%c"<br />
ACTION=="add", ENV{DEVTYPE}=="usb_device", RUN+="/bin/chmod a+wr $env{DEVNAME}"<br />
ACTION=="add", ENV{DEVTYPE}=="usb_device", RUN+="/bin/chmod a+wr $env{DEVICE}"<br />
ACTION=="add", ENV{PHYSDEVBUS}=="usb-serial", RUN+="/bin/chmod a+wr $env{DEVNAME}"<br />
ACTION=="add", ENV{DEVPATH}=="/class/tty/ttyS*", RUN+="/bin/chmod a+wr $env{DEVNAME}"<br />
ACTION=="add", SUBSYSTEM=="tty", DEVPATH=="*ttyUSB*", RUN+="/bin/chmod a+rw $env{DEVNAME}"<br />
ACTION=="add", SUBSYSTEM=="tty", DEVPATH=="*ttyS*", RUN+="/bin/chmod a+rw $env{DEVNAME}"<br />
</pre><br />
<br />
* apply new permissions: udevadm trigger --action=add<br />
<br />
== Disable modem-manager ==<br />
<br />
The modem-manager will try to talk to any serial devices attached to USB serial ports. It assumes that those devices are modems and will send out modem-specific commands. if the devices are not modems and do not understand or do not like modem commands, well that's too bad. modem-manager is installed by the ModemManager package required by the NetworkManager package, and there is no configuration setting to turn modem-manager off.<br />
<br />
One way to disable it is: chmod a= /usr/sbin/modem-manager<br />
<br />
Another way to disable it is by forced uninstall: rpm --erase --nodeps ModemManager<br />
<br />
Remember to kill the running copy: killall -KILL modem-manager<br />
<br />
Caveat: it is not clear if modem-manager would not be resurrected by an update to the NetworkManager or ModemManager packages.<br />
<br />
== Configure Altera jtagd ==<br />
<br />
(if needed)<br />
<br />
<pre><br />
mkdir /etc/jtagd<br />
echo 'Password = "123";' > /etc/jtagd/jtagd.conf<br />
cp -pv /daq/daqshare/olchansk/altera/11.0/quartus/linux/pgm_parts.txt /etc/jtagd/jtagd.pgm_parts<br />
</pre><br />
<br />
* start local jtagd: /daq/daqshare/olchansk/altera/11.0/quartus/bin/jtagd<br />
* test local connection: /daq/daqshare/olchansk/altera/11.0/quartus/bin/jtagconfig<br />
* test remote connection (add this machine to your .jtag.conf, run jtagconfig<br />
<br />
For more information, go to [[Quartus]]<br />
<br />
== Install EOS ==<br />
<br />
Instructions from here:<br />
http://eos-docs.web.cern.ch/eos-docs/quickstart/setup_repo.html<br />
<br />
<pre><br />
rpm -vh --install https://dss-ci-repo.web.cern.ch/dss-ci-repo/eos/citrine/tag/el-7/x86_64/eos-repo-el7-generic-1.noarch.rpm<br />
yum-config-manager --disable eos-citrine # disable auto-update because all packages are not signed<br />
yum-config-manager --disable eos-dep # disable auto-update because all packages are not signed.<br />
yum install eos-client eos-fuse --enablerepo=eos-citrine<br />
</pre><br />
<br />
== Install fix for the el7 systemd dbus boot hang ==<br />
<br />
Around early Summer 2018 el7 started showing a boot problem. In the nutshell,<br />
there is a problem with the dbus connection between dbus and systemd that<br />
prevents polkit, firewalld, etc from starting. The system eventually boots<br />
enough that one can ssh into it, but most things do not work. Notably,<br />
polkit is not running, firewalld is not running, ssh login takes about 15-30 second.<br />
<br />
Solution is to add a special systemd service to check that dbus started correctly.<br />
It that runs after dbus is started, but before it is used, and it restarts dbus in a loop<br />
with a delay until dbus starts correctly. In testing, dbus always starts correctly after<br />
the first retry.<br />
<br />
<pre><br />
cd ~root/git/scripts/etc<br />
git pull<br />
/bin/cp -vf systemd-check-dbus.perl /usr/bin/<br />
/bin/cp -vf systemd-check-dbus.service /etc/systemd/system/<br />
systemctl daemon-reload<br />
systemctl enable systemd-check-dbus<br />
systemctl start systemd-check-dbus<br />
systemctl status systemd-check-dbus<br />
</pre><br />
<br />
After linux boots, if everything was okey, the script will report this:<br />
<pre><br />
[root@iris01 ~]# systemctl status systemd-check-dbus<br />
...<br />
Feb 08 17:15:49 iris01.triumf.ca systemd[1]: Starting Check that systemd is registered with dbus...<br />
Feb 08 17:15:49 iris01.triumf.ca sh[4283]: Starting check for systemd dbus connection<br />
Feb 08 17:15:50 iris01.triumf.ca sh[4283]: List: string "org.freedesktop.DBus"<br />
Feb 08 17:15:50 iris01.triumf.ca sh[4283]: List: string "org.freedesktop.systemd1"<br />
Feb 08 17:15:50 iris01.triumf.ca sh[4283]: systemd1 dbus service exists, success!<br />
Feb 08 17:15:50 iris01.triumf.ca sh[4283]: Finished check for systemd dbus connection<br />
Feb 08 17:15:50 iris01.triumf.ca systemd[1]: Started Check that systemd is registered with dbus.<br />
</pre><br />
<br />
If the boot problem happened, the script will report about restarting dbus.<br />
<br />
Note: the systemd service file adjusts the start order of other services, this adjustment seems to reduce the probability of the problem.<br />
<br />
== Configure GRUB boot loader (CentOS7, CentOS8) ==<br />
<br />
* emacs -nw /etc/default/grub, remove "rhgb" and "quiet" from GRUB_CMDLINE_LINUX<br />
* grub2-mkconfig -o /boot/grub2/grub.cfg<br />
* grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg<br />
* grub2-editenv list # show contents of boot environement file<br />
* /bin/rm /boot/grub2/grubenv # remove stale settings, make grub2 boot from first entry in config file<br />
<br />
== Install memtest86+ (CentOS7, CentOS8) ==<br />
<br />
<pre><br />
yum -y install memtest86+<br />
/bin/cp -vf /usr/share/memtest86+/20_memtest86+ /etc/grub.d/<br />
/bin/chmod a+x /etc/grub.d/20_memtest86+ <br />
grub2-mkconfig -o /boot/grub2/grub.cfg<br />
</pre><br />
<br />
== Disable ELREPO ==<br />
<br />
<pre><br />
sed 's/enabled=.*/enabled=0/' -i /etc/yum.repos.d/elrepo_triumf.repo<br />
sed 's/enabled=.*/enabled=0/' -i /etc/yum.repos.d/elrepo.repo<br />
</pre><br />
<br />
== Reduce install size (optional) ==<br />
<br />
This is optional. Only do this if reducing the size of the OS image is very important.<br />
<br />
Do this for VME processors.<br />
<br />
<pre><br />
yum erase "texlive*" "java*" "boost*" libreoffice"*"<br />
#yum erase "xemacs*"<br />
yum erase "libstdc++-docs"<br />
yum erase firefox google-chrome"*"<br />
yum clean all<br />
</pre><br />
<br />
<pre><br />
/bin/rm -rf /usr/share/help<br />
/bin/rm -rf /usr/share/doc<br />
</pre><br />
<br />
== Update from el7.6 to el7.7 ==<br />
<br />
<pre><br />
yum-config-manager --disable zfs<br />
yum-config-manager --disable zfs-kmod<br />
yum-config-manager --disable zfs-testing-kmod<br />
yum versionlock delete zfs<br />
yum versionlock delete kernel<br />
yum -y update "yum*" "rpm*"<br />
yum -y erase libqtxdg lxqt-qtplugin ### LXQT is not compatible<br />
yum update<br />
after rebooting into el7.7, follow instructions for updating ZFS from version 0.7 to 0.8.<br />
</pre><br />
<br />
== Finish installation ==<br />
<br />
reboot<br />
<br />
== Special hardware settings ==<br />
<br />
=== ASUS Crosshair mobo ===<br />
<br />
* use BIOS version 1207 or newer<br />
* (before CentOS7) sensors need these drivers from ELREPO: yum install --noplugins kmod-it87 kmod-k10temp; sensors-detect; service lm_sensors restart; sensors<br />
* CentOS7: installs correct drivers automatically<br />
<br />
=== ASUS Crosshair-II mobo ===<br />
<br />
* use BIOS version 2607 or newer<br />
* for the onboard IDE to work, add "all-generic-ide" to kernel boot options in grub.conf<br />
* sensors need these drivers from ELREPO: yum install --noplugins kmod-it87 kmod-k10temp; sensors-detect; service lm_sensors restart; sensors<br />
<br />
=== ASUS P7P55D EVO mobo ===<br />
<br />
* use BIOS version 2004 or newer<br />
* SL6 - install special driver for on board PCIe GigE network port and disable on board PCI GigE network port:<br />
** yum --enablerepo elrepo install kmod-r8168 kmod-r8169<br />
** # do not do this: sed 's/^blacklist/#blacklist/' -i /etc/modprobe.d/blacklist-r8169.conf<br />
** reboot<br />
** verify that correct drivers are loaded: ethtool -i eth0; ethtool -i eth1<br />
** note: there will be no eth1 - r8169 driver is disabled.<br />
<br />
=== ASUS P6X58-E-WS mobo ===<br />
<br />
* BIOS settings<br />
** F1 or DEL to enter BIOS setup, F8 boot menu<br />
** go to POWER->HW mon, confirm CPU temperature is around 30C. (heatsink is installed correctly. Bad heatsink temperature quickly goes up to 50-70C).<br />
** Main menu: Storage config - SATA change IDE->AHCI<br />
** System information: confirm BIOS version 301, CPU type, memory size<br />
** AI Tweak: set DRAM frequency - AUTO->DDR3-1333<br />
** Advanced->Onboard devices: LAN BOOT: enabled<br />
** Power->HW monitor: CPU Q-FAN: enabled<br />
** Boot->Settings: Quick boot: enabled; Full screen logo: disabled; Wait for F1: disabled<br />
** Save and exit<br />
<br />
=== ASUS E35M1-M PRO mobo ===<br />
<br />
* http://www.asus.com/Motherboards/E35M1M_PRO/#specifications<br />
* use BIOS version 1002 or newer<br />
* for CPU temperature: install kmod-k10temp from ELREPO (kmod-k10temp-0.0-4.el6.elrepo.x86_64.rpm)<br />
* for Sensors: yum --enablerepo elrepo install kmod-w83627ehf; modprobe w83627ehf; sensors<br />
* for Graphics: yum --enablerepo elrepo install kmod-fglrx fglrx-x11-drv<br />
* to enable booting from USB3, edit /etc/dracut.conf, change line "add_drivers" to read: add_drivers+="xhci-hcd"<br />
* to use multiple monitors, run "aticonfig --initial --heads=2 --adapter=1 --xinerama=on", to change screen layout, edit /etc/X11/xorg.conf. Only dual monitors DVI+HDMI seem to work. Tripple monitors does not seem to work.<br />
<br />
Sensors instructions below are obolete (use driver from ELREPO)<br />
* for Sensors, install driver for NCT6776F chip from https://github.com/groeck/w83627ehf/archives/master (in the Makefile, change the line "KERNEL_BUILD=" to read: "KERNEL_BUILD:=/usr/src/kernels/$(TARGET)"):<br />
<pre><br />
cd ~root<br />
wget http://ladd00.triumf.ca/~olchansk/linux/groeck-w83627ehf-dd3e543/w83627ehf.ko<br />
echo "modprobe hwmon; modprobe hwmon-vid; modprobe k10temp; rmmod w83627ehf; insmod /root/w83627ehf.ko" >> /etc/rc.local<br />
</pre><br />
<br />
=== ASUS E45M1-M PRO mobo ===<br />
<br />
* https://www.asus.com/Motherboards/E45M1M_PRO/#specifications<br />
* use BIOS 1202 or newer<br />
* follow the E35M1-M PRO instructions above<br />
<br />
=== ASUS P9X79 WS ===<br />
<br />
* http://www.asus.com/Motherboard/P9X79_WS/<br />
* use BIOS version 3101, 3401, 4701 or newer. If BIOS is 1305 or older, install P9X79-WS-CAP-Converter.ROM (BIOS 2902/3101), then the new BIOS.<br />
* (not needed for CentOS7) for CPU temperature, install coretemp<br />
* (not needed for CentOS7) for sensors, install driver for NCT6776F chip same as E35M1-M above.<br />
* BIOS Settings:<br />
** enter "Advanced mode"<br />
** Ai Tweaker -> Ai Overclock Tuner -> Set to "XMP" - this enables DDR3-1600 RAM speed vs DDR3-1333 by default<br />
** Monitor -> CPU fan speed low limit -> Set to "200 RPM" - we are using high efficiency slow turning CPU coolers and the default 600 RPM is right on the edge of firing false warnings<br />
** Boot -> Full screen logo -> Set to "disabled"<br />
** Wait for F1 -> Set to "disabled"<br />
<br />
=== ASUS P8B-M ===<br />
<br />
* use BIOS version 6103 or newer<br />
* for CPU temperature, install coretemp<br />
* for sensors, install driver for NCT6776F chip same as E35M1-M above.<br />
<br />
=== SUPERMICRO X9SCL ===<br />
<br />
* yum install kmod-w83627ehf.x86_64 coretemp<br />
* xemacs -nw /etc/rc.local, add:<br />
<pre><br />
modprobe coretemp<br />
modprobe w83627ehf<br />
</pre><br />
<br />
=== ASUS Z87-WS ===<br />
<br />
<pre><br />
cd ~root<br />
wget http://ladd00.triumf.ca/~olchansk/linux/nct6775.ko<br />
echo modprobe hwmon-vid >> /etc/rc.local<br />
echo insmod /root/nct6775.ko >> /etc/rc.local<br />
/etc/rc.local<br />
sensors<br />
</pre><br />
<br />
=== ASUS Z97-WS ===<br />
<br />
the nct6775 driver does not work because of conflict with ACPI.<br />
<br />
=== ASUS AM1M-A ===<br />
<br />
* use BIOS 602 or later<br />
* SL6.5 installer cannot use USB2 ports and the network. Use USB3 ports (blue colour) to boot USB installer (memtest, rescue, etc)<br />
* SL6.5 kernels require boot option "iommu=soft" or USB2 and network do not work. (USB3 - blue ports - seems okey)<br />
* install ATI/AMD video drivers from ELREPO (see below)<br />
* sensors chip is ITE IT8623E, for SL6, use standalone driver from lm_sensors. (2 fans rpm, 2 temperatures):<br />
<pre><br />
cd ~root<br />
wget http://ladd00.triumf.ca/~olchansk/linux/it87.ko<br />
echo modprobe hwmon_vid >> /etc/rc.local<br />
echo insmod /root/it87.ko >> /etc/rc.local<br />
. /etc/rc.local<br />
</pre><br />
* for el7 use it87.ko driver:<br />
<pre><br />
cd ~root<br />
wget https://daqshare.triumf.ca/~olchansk/linux/CentOS7/it87.ko<br />
echo modprobe hwmon_vid >> /etc/rc.local<br />
echo insmod /root/it87.ko >> /etc/rc.local<br />
. /etc/rc.local<br />
</pre><br />
* sensors output:<br />
<pre><br />
[root@midemma02 ~]# sensors<br />
radeon-pci-0008<br />
Adapter: PCI adapter<br />
temp1: +22.0°C (crit = +120.0°C, hyst = +90.0°C)<br />
<br />
fam15h_power-pci-00c4<br />
Adapter: PCI adapter<br />
power1: N/A (crit = 25.00 W)<br />
<br />
k10temp-pci-00c3<br />
Adapter: PCI adapter<br />
temp1: +22.2°C (high = +70.0°C)<br />
(crit = +70.0°C, hyst = +69.0°C)<br />
<br />
it8603-isa-0290<br />
Adapter: ISA adapter<br />
in0: +0.96 V (min = +2.50 V, max = +2.95 V) ALARM<br />
in1: +2.23 V (min = +0.94 V, max = +1.22 V) ALARM<br />
in2: +2.03 V (min = +0.74 V, max = +0.77 V) ALARM<br />
in3: +2.00 V (min = +1.26 V, max = +0.13 V) ALARM<br />
in4: +2.23 V (min = +2.95 V, max = +2.15 V) ALARM<br />
3VSB: +3.36 V (min = +6.00 V, max = +2.50 V) ALARM<br />
Vbat: +3.22 V <br />
+3.3V: +3.36 V <br />
fan1: 611 RPM (min = 200 RPM)<br />
fan2: 707 RPM (min = 600 RPM) ALARM<br />
temp1: +38.0°C (low = +122.0°C, high = +122.0°C) sensor = thermistor<br />
temp2: +22.0°C (low = +119.0°C, high = -35.0°C) ALARM sensor = thermistor<br />
temp3: -128.0°C (low = +16.0°C, high = +93.0°C) sensor = thermistor<br />
intrusion0: ALARM<br />
<br />
[root@midemma02 ~]# <br />
</pre><br />
* AMD "Athlon(tm) 5350 APU" graphics supports 2 monitors maximum (mobo has 3 video outputs, only 2 can be used together)<br />
<br />
=== Intel SE7230NH1 ===<br />
<br />
* front panel header connector pinout is like this:<br />
<pre><br />
PWR LED | 1 2|<br />
| 3 4|<br />
PWR LED | 5 6|<br />
HDD LED | 7 8|<br />
HDD LED | 9 10|<br />
PWR SW |11 12| NIC1 LED<br />
PWR SW |13 14| NIC1 LED<br />
RST SW |15 16|<br />
RST SW |17 18|<br />
|19 20|<br />
NMI SW |21 22| NIC2 LED<br />
NMI SW |23 24| NIC2 LED<br />
... |... |<br />
|33 34|<br />
</pre><br />
<br />
=== ASUS H110M-A/M.2 ===<br />
<br />
* use BIOS 2003 or later<br />
* dmidecode | grep -i nct reports: Nuvoton NCT5539D<br />
* sensors chip is "NCT6793D or compatible chip", for el7, use this driver:<br />
<pre><br />
cd ~root<br />
wget http://ladd00.triumf.ca/~olchansk/linux/nct6775.ko<br />
echo modprobe hwmon-vid >> /etc/rc.local<br />
echo insmod /root/nct6775.ko >> /etc/rc.local<br />
/etc/rc.local<br />
sensors<br />
</pre><br />
<br />
* sensors output:<br />
<pre><br />
[root@daq03 ~]# sensors<br />
acpitz-virtual-0<br />
Adapter: Virtual device<br />
temp1: +27.8°C (crit = +119.0°C)<br />
temp2: +29.8°C (crit = +119.0°C)<br />
<br />
nct6793-isa-0290<br />
Adapter: ISA adapter<br />
in0: +0.34 V (min = +0.00 V, max = +1.74 V)<br />
in1: +1.02 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in2: +3.39 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in3: +3.39 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in4: +1.02 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in5: +0.15 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in6: +0.97 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in7: +3.38 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in8: +3.12 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in9: +1.00 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in10: +0.14 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in11: +0.12 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in12: +0.14 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in13: +0.12 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in14: +0.13 V (min = +0.00 V, max = +0.00 V) ALARM<br />
fan1: 1041 RPM (min = 0 RPM)<br />
fan2: 1020 RPM (min = 0 RPM)<br />
fan5: 0 RPM (min = 0 RPM)<br />
fan6: 0 RPM<br />
SYSTIN: +119.0°C (high = +98.0°C, hyst = +95.0°C) sensor = thermistor<br />
CPUTIN: +26.5°C (high = +80.0°C, hyst = +75.0°C) sensor = thermistor<br />
AUXTIN0: +27.5°C sensor = thermistor<br />
AUXTIN1: +112.0°C sensor = thermistor<br />
AUXTIN2: +111.0°C sensor = thermistor<br />
AUXTIN3: +111.0°C sensor = thermistor<br />
PECI Agent 0: +28.0°C (high = +98.0°C, hyst = +95.0°C)<br />
(crit = +100.0°C)<br />
PECI Agent 0 Calibration: +25.5°C <br />
PCH_CHIP_CPU_MAX_TEMP: +0.0°C <br />
PCH_CHIP_TEMP: +0.0°C <br />
intrusion0: ALARM<br />
intrusion1: ALARM<br />
beep_enable: disabled<br />
<br />
coretemp-isa-0000<br />
Adapter: ISA adapter<br />
Physical id 0: +31.0°C (high = +80.0°C, crit = +100.0°C)<br />
Core 0: +31.0°C (high = +80.0°C, crit = +100.0°C)<br />
Core 1: +28.0°C (high = +80.0°C, crit = +100.0°C)<br />
<br />
[root@daq03 ~]# <br />
</pre><br />
<br />
=== Supermicro X11SSH-F ===<br />
<br />
* blacklist the mei and mei_me drivers per http://www.supermicro.com/support/faqs/faq.cfm?faq=14537<br />
<pre><br />
[root@alpha00 ~]# more /etc/modprobe.d/blacklist.conf<br />
blacklist mei<br />
blacklist mei_me<br />
[root@alpha00 ~]# <br />
</pre><br />
* mobo requires M.2 PCIe SSD (M.2 SATA SSD would not work. SATA SATA SSD ok)<br />
* boot from M.2 PCIe SSD requires UEFI boot (from an MSDOS partition on the SSD)<br />
<br />
=== ASUS TUF Z390M-PRO GAMING (WI-FI) ===<br />
<br />
* BIOS 2417 is okey, upgrade to this if older<br />
* do not set XMP memory mode<br />
* in the BIOS, enable the boot compatibility support module mode: BIOS (press DEL) -> Advanced mode -> BOOT -> CSM Module -> Enable CSM "yes".<br />
* for SL6, install e1000e driver from ELREPO:<br />
<pre><br />
yum install --enablerepo=elrepo kmod-e1000e<br />
</pre><br />
* sensors chip appears to be "Nuvoton NCT6798D" not clear what driver to use<br />
* dmidecode | grep -i nct reports: Nuvoton NCT6798D<br />
* kmod-nct6775-0.0-5.el7_7.elrepo.x86_64.rpm from ELrepo finds the chip but bombs because of conflict with ACPI<br />
<br />
=== ASUS PRIME X399-A ===<br />
<br />
* BIOS 1002<br />
* for reading temperatures and fan rotations, install driver: https://github.com/electrified/asus-wmi-sensors/issues/29<br />
<br />
== Configure X11 graphics ==<br />
<br />
=== Special settings for DAQ ===<br />
<br />
* add the following at the end of /etc/X11/xorg.conf. The enables Ctrl-Alt-KP-/ and Ctrl-Alt-KP-* to unlock the keyboard after Altera Quartus crash:<br />
<pre>Section "ServerFlags"<br />
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Option "AllowDeactivateGrabs" "true"<br />
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Option "AllowClosedownGrabs" "true"<br />
EndSection</pre><br />
<br />
=== Install NVIDIA drivers ===<br />
<br />
* yum --enablerepo=elrepo install nvidia-detect<br />
* run: nvidia-detect<br />
* as instructed by nvidia-detect, install correct driver:<br />
** yum --enablerepo=elrepo install kmod-nvidia<br />
** yum --enablerepo=elrepo install kmod-nvidia-304xx<br />
** yum --enablerepo=elrepo install kmod-nvidia-173xx<br />
* (before SL6.x: if it fails due to conflict with module-init-tools, run "yum --disablerepo \* --enablerepo elrepo update module-init-tools")<br />
* yum erase xorg-x11-glamor ### see http://elrepo.org/tiki/kmod-nvidia (search for glamor)<br />
* mv /etc/X11/xorg.conf /etc/X11/xorg.conf-xxx<br />
* nvidia-xconfig<br />
* (SL6) reboot<br />
* (SL5) /dev/MAKEDEV nvidia<br />
* (SL5) restart the X11 server (Ctrl-Alt-Backspace or "killall Xorg gdm-binary")<br />
* observe that X11 server restarts using the NVIDIA driver (big NVIDIA logo on startup)<br />
* if needed, login as root and run "nvidia-settings" to setup dual-screen configuration, etc<br />
<br />
=== Install legacy NVIDIA drivers ===<br />
<br />
For old NVIDIA cards:<br />
* GeForce FX 5500<br />
<br />
<pre><br />
wget http://us.download.nvidia.com/XFree86/Linux-x86/173.14.31/NVIDIA-Linux-x86-173.14.31-pkg1.run<br />
sh ./NVIDIA-Linux-x86-173.14.31-pkg1.run<br />
</pre><br />
<br />
* GeForce 6200 - NVIDIA Corporation NV44A [GeForce 6200]<br />
<pre><br />
yum install nvidia-x11-drv-304xx-304.121 --enablerepo=elrepo<br />
nvidia-xconfig<br />
rmmod nvidia<br />
killall gdm-binary<br />
login as root<br />
nvidia-settings to setup multiple displays<br />
</pre><br />
<br />
=== Install ATI/AMD drivers ===<br />
<br />
* yum --enablerepo elrepo install kmod-fglrx fglrx-x11-drv<br />
* check that /etc/X11/xorg.conf section "Device" entry "Driver" says "fglrx"<br />
* run "aticonfig --initial" to create xorg.conf if existing one is not good<br />
* run "amdcccle" as root to configure dual-screens, etc<br />
Note: 'amdcccle' is a GUI, so you must run this command from within a running X session<br />
* killall Xorg<br />
<br />
=== Install ATI/AMD drivers (CentOS7) ===<br />
<br />
* wget http://elrepo.org/linux/testing/el7/x86_64/RPMS/fglrx-x11-drv-15.12-3.el7.elrepo.x86_64.rpm<br />
* wget http://elrepo.org/linux/testing/el7/x86_64/RPMS/kmod-fglrx-15.12-3.el7.elrepo.x86_64.rpm<br />
* yum install acpid<br />
* rpm -vh --install kmod-fglrx-15.12-3.el7.elrepo.x86_64.rpm fglrx-x11-drv-15.12-3.el7.elrepo.x86_64.rpm<br />
* amdconfig -f --initial<br />
* grub2-mkconfig -o /boot/grub2/grub.cfg<br />
* reboot<br />
* login as root<br />
* amdcccle<br />
<br />
NOTE: if both drivers - radeon and fglrx are loaded, boot will hang. the radeon driver is supposed to be blacklisted through grub rdblacklist=radeon entry which is installed by running grub2-mkconfig.<br />
<br />
=== Install Intel drivers for HD4600/Z87 ===<br />
<br />
SL6.5 has the required drivers for the socket 1150 machines with Intel HD4600 graphics and Z87 chipset.<br />
<br />
ASUS Z87 WS motherboard has these video connections with corresponding Intel video port assignements, as reported by "xrandr":<br />
* DisplayPort - DP1/HDMI1<br />
* MiniDisplayPort - DP2/HDMI2<br />
* HDMI - HDMI3<br />
<br />
Due to hardware limitations, 3 HDMI monitors using 2 passive DP-HDMI adapters (and 1 straight HDMI) cannot be used.<br />
<br />
To use 3 monitors do this:<br />
* 1st monitor: DisplayPort - DP-to-HDMI-passive-adapter - HDMI monitor (not tried: DP-to-DP-cable - DisplayPort monitor).<br />
* 2nd monitor: MiniDisplayPort - MiniDP-to-DP-cable - DisplayPort monitor<br />
* 3rd monitor: HDMI - HDMI-cable - HDMI monitor<br />
<br />
With the monitors I have (Dell 1920x1200 VGA-HDMI-DP), the software thinks that there are 4 monitors: somehow both DP2 and HDMI2 see 1 minitor each, but the hardware cannot drive 4 monitors, so everything goes blank. To fix, disable HDMI2 (xrandr -display :0 --output HDMI2 --off) and enable DP2 (xrandr -display :0 --output DP2 --auto).<br />
<br />
How to make this configuration permanent and how to assign monitor locations (left-right, etc), you figure it out.<br />
<br />
=== Manual selection of monitor, video mode and resolution ===<br />
<br />
Automatic selection of monitor and video mode usually works. When it does not, configure it manualls:<br />
<br />
* physically go to the computer<br />
* login as root<br />
* run "nvidia-settings" on machines using the NVIDIA driver<br />
* run "aticonfig" on machines with the ATI/AMD driver (use "aticonfig --initial" for initial setup, and good luck with anything more complicated)<br />
* run "system-config-display".<br />
** In the "hardware" tab, select monitor type: "generic LCD 1280x1024" or "generic LCD 1600x1200".<br />
** In the "settings" tab, select "1280x1024" or "1600x1200" and "Thousands of colors".<br />
** Press "ok", the display settings application should close.<br />
* Logout, the new login window should use the new settings.<br />
<br />
=== Disable screen saver ===<br />
<br />
If machine is booted without any monitor connected, current video cards to not enable any video outputs. If a monitor is connected later, there is no video image and there is no easy way to get a video image.<br />
<br />
This can be solved by configuring X11 to always enable some video output. Because the monitor type is not known when X11 starts, one has to select some standard video mode (i.e. VESA 1280x1024) on some video output (VGA, DVI or HDMI).<br />
<br />
Only NVIDIA cards with the NVIDIA driver (from EPEL) is supported by these instructions.<br />
<br />
* create default xorg.conf: nvidia-xconfig<br />
* edit /etc/X11/xorg.conf<br />
* add monitor section for the fake monitor:<br />
<pre><br />
Section "Monitor"<br />
Identifier "Monitor0"<br />
VendorName "Unknown"<br />
ModelName "Unknown"<br />
HorizSync 31.0 - 83.0<br />
VertRefresh 59.0 - 61.0<br />
Option "DPMS" "off"<br />
ModeLine "1280x1024" 108.00 1280 1328 1440 1688 1024 1025 1028 1066 +hsync +vsync<br />
EndSection<br />
</pre><br />
* add output selection in the "Device" section:<br />
<pre><br />
Section "Device"<br />
Identifier "Device0"<br />
Driver "nvidia"<br />
VendorName "NVIDIA Corporation"<br />
BoardName "GeForce 210"<br />
#Option "ConnectedMonitor" "DFP"<br />
#Option "ConnectedMonitor" "CRT"<br />
Option "ConnectedMonitor" "CRT-1"<br />
Option "UseEDID" "no"<br />
EndSection<br />
</pre><br />
* add fake video mode to the "Screen" section:<br />
<pre><br />
Section "Screen"<br />
Identifier "Screen0"<br />
Device "Device0"<br />
Monitor "Monitor0"<br />
DefaultDepth 24<br />
SubSection "Display"<br />
Depth 24<br />
Modes "1280x1024"<br />
EndSubSection<br />
EndSection<br />
</pre><br />
* disable screen saver and DPMS power off in the "ServerLayout" or "ServerFlags" section:<br />
<pre><br />
Section "ServerLayout"<br />
Identifier "Layout0"<br />
Screen 0 "Screen0" 0 0<br />
InputDevice "Keyboard0" "CoreKeyboard"<br />
InputDevice "Mouse0" "CorePointer"<br />
Option "Xinerama" "0"<br />
Option "BlankTime" "0"<br />
Option "StandbyTime" "0"<br />
Option "SuspendTime" "0"<br />
Option "OffTime" "0"<br />
EndSection<br />
<br />
Section "ServerFlags" <br />
Option "BlankTime" "0" <br />
Option "StandbyTime" "0" <br />
Option "SuspendTime" "0" <br />
Option "OffTime" "0" <br />
EndSection <br />
</pre><br />
<br />
== Finish installation ==<br />
<br />
* logout and reboot the computer to have all the changes to take effect<br />
<br />
== Configure HTTPS server (CentOS7) ==<br />
<br />
This will configure the HTTPS/SSL certificate using "certbot" and "letsencrypt" and configure an HTTPS web server using apache httpd.<br />
<br />
First, configure apache httpd:<br />
<br />
* execute these commands:<br />
<pre><br />
yum install -y mod_ssl certwatch crypto-utils<br />
cd /etc/httpd/conf.d/<br />
mv ssl.conf ssl.conf-not-used ### remove the stock ssl.conf which refers to the localhost certificate that will expire in 1 year<br />
touch ssl.conf ### create a blank file to prevent automatic updates from installing a stock ssl.conf file<br />
# this is done later: rm /etc/pki/tls/certs/localhost.crt<br />
</pre><br />
* create new file ssl-daq12.conf # use actual hostname instead of daq12<br />
<pre><br />
Listen 443 https<br />
#SSLPassPhraseDialog exec:/usr/libexec/httpd-ssl-pass-dialog<br />
SSLSessionCache shmcb:/run/httpd/sslcache(512000)<br />
SSLSessionCacheTimeout 300<br />
SSLRandomSeed startup file:/dev/urandom 256<br />
SSLRandomSeed connect builtin<br />
SSLCryptoDevice builtin<br />
<br />
<VirtualHost *:443><br />
ServerName daq12.triumf.ca<br />
DocumentRoot /var/www/html<br />
ErrorLog /var/log/httpd/daq12.log<br />
SSLEngine on<br />
# note SSLProtocol, SSLCipherSuite and some other settings are overwritten by /etc/letsencrypt/options-ssl-apache.conf<br />
# new SSL settings: K.O. Jan 2020, SSLlabs rating "A+"<br />
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1<br />
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!SEED:!IDEA:!RC4:!RSA<br />
SSLHonorCipherOrder on<br />
# pervious SSL settings:<br />
#SSLProtocol all -SSLv2 -SSLv3<br />
#SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!SEED:!IDEA:!RC4<br />
SSLCertificateFile /etc/pki/tls/certs/localhost.crt<br />
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key<br />
#SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt<br />
#ProxyPass /elog/ http://localhost:8082/ retry=1<br />
#ProxyPass / http://localhost:8080/ retry=1<br />
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"<br />
<Location /><br />
SSLRequireSSL<br />
AuthType Basic<br />
AuthName "DAQ password protected site"<br />
Require valid-user<br />
# create password file: touch /etc/httpd/htpasswd<br />
# to add new user or change password: htpasswd /etc/httpd/htpasswd username<br />
AuthUserFile /etc/httpd/htpasswd<br />
</Location><br />
</VirtualHost><br />
</pre><br />
* stop httpd from listening on port 80: edit /etc/httpd/conf/httpd.conf, comment-out the line "Listen 80"<br />
* enable and start httpd:<br />
<pre><br />
systemctl enable httpd<br />
systemctl restart httpd<br />
systemctl status httpd<br />
</pre><br />
* try to access https://daq12.triumf.ca<br />
** you should see a complaint about self-signed certificate<br />
** you should see a request for password (do not login yet)<br />
** if you get "connection refused", HTTPS port 443 may need to be enabled in the local firewall, then try again:<br />
<pre><br />
firewall-cmd --add-port=443/tcp --permanent<br />
firewall-cmd --reload<br />
firewall-cmd --list-all<br />
</pre><br />
<br />
Second, configure certbot:<br />
<br />
(Note: as of 2018-01-18 certbot requires use of http port 80 to get the initial https certificate,<br />
renewal can continue to use the https port 443)<br />
<br />
(Note: as of 2019-01-?? certbot requires use of port 80 for renewals)<br />
<br />
* check that port 80 is not used by anything:<br />
* netstat -an | grep LISTEN | grep ^tcp | grep 80<br />
* lsof -P | grep -i tcp | grep LISTEN | grep 80<br />
* if lsof reports that httpd is listening on port 80, follow the httpd instructions above (remove "listen 80" from httpd.conf<br />
<br />
* install certbot and open tcp port 80 in the firewall:<br />
<pre><br />
yum install -y certbot python2-certbot-apache # (from EPEL)<br />
firewall-cmd --add-port=80/tcp --permanent<br />
firewall-cmd --reload<br />
firewall-cmd --list-all<br />
</pre><br />
* certbot certonly --standalone --installer apache # then answer questions:<br />
* "activate HTTPS for daq12.triumf.ca" - say ok<br />
* "enter email address" - enter your own email address<br />
* "please read terms..." - read the terms and say "agree"<br />
* it will take a few moments...<br />
* "please choose..." - say "easy" (http access is disabled (a) by firewall, (b) by local configuration<br />
* "congratulations..." - say ok.<br />
* certbot install --apache --cert-name daq12.triumf.ca # then answer questions:<br />
* "choose redirect..." - say "1" (no redirect)<br />
* look inside ssl-daq12.conf to see that SSLCertificateFile & co point to certbot certificates in /etc/letsencrypt/live/daq12.triumf.ca/<br />
* remove self-signed localhost certificate, it will expire in 1 year and cause warnings and complaints: rm /etc/pki/tls/certs/localhost.crt<br />
* enable automatic renewal<br />
<pre><br />
systemctl enable certbot-renew.timer<br />
systemctl start certbot-renew.timer<br />
systemctl list-timers --all<br />
</pre><br />
<br />
* to check corrent renewal and to update the certbot config file in /etc/letsencrypt/renewal, run this:<br />
<pre><br />
certbot renew --standalone --installer apache --force-renewal<br />
</pre><br />
<br />
NOTE: this certificate will expire in 3 months, automatic renewal should work starting with certbot-0.12.0-4.el7.noarch.<br />
Certificate expiration should be automatically detected by "certwatch" and email<br />
will be sent to local root user, to be forwarded to an actual person by ~root/.forward.<br />
<br />
Third, activate password protection:<br />
<br />
* as shown in the config file above, create password file and initial user: (replace "midas" with specific username)<br />
<pre><br />
touch /etc/httpd/htpasswd<br />
htpasswd /etc/httpd/htpasswd midas<br />
</pre><br />
<br />
Final test:<br />
* access https://daq12.triumf.ca - https status should be "green"<br />
* login with password should work<br />
* the apache httpd test page should load<br />
* check site security using the SSLlabs https tester. (I get grade "A-"): https://www.ssllabs.com/ssltest/<br />
<br />
From here:<br />
* enable proxy for MIDAS mhttpd - uncomment redirect in the config file above<br />
* enable proxy for ELOG - ditto<br />
* setsebool -P httpd_can_network_connect 1<br />
* systemctl restart httpd<br />
<br />
NOTE: if certbot fails with errors about 'module' object has no attribute 'pyopenssl',<br />
try this: pip install requests==2.6.0<br />
<br />
== Configure large RAID6 arrays ==<br />
<br />
* connect the disks<br />
* check the disks health<br />
** run smart-status.perl<br />
* partition the disks<br />
** yum install gdisk<br />
** gdisk /dev/sdX<br />
** delete all partitions: o<br />
** create new partition: n, enter, enter, enter, fd00 (default sizes, partition type fd00)<br />
** write and exit: w<br />
* check presence of all partitions:<br />
** /bin/ls -l /dev/sd*1<br />
* prepare to use an external bitmap file<br />
** touch /md6bitmap<br />
** edit /etc/fstab, change entry for root filesystem from: "defaults 1 1" to "defaults 0 0"<br />
** edit /boot/grub/grub.conf, change entry "kernel ... ro ..." to "kernel ... rw ..."<br />
* create raid array:<br />
** mdadm --create /dev/md6 --level=6 --bitmap=/md6bitmap --raid-devices=10 /dev/sd[b-k]1<br />
** mdadm -Ds >> /etc/mdadm.conf<br />
** cleanup /etc/mdadm.conf<br />
** echo "echo 16384 > /sys/block/md6/md/stripe_cache_size" >> /etc/rc.local<br />
** echo "echo 1 > /sys/block/md6/md/sync_speed_min" >> /etc/rc.local<br />
** source /etc/rc.local<br />
* observe raid array rebuild:<br />
** watch -d -n1 "cat /proc/mdstat"<br />
<br />
== Configure ZFS ==<br />
<br />
=== Install ZFS ===<br />
<br />
(from here: https://github.com/zfsonlinux/zfs/wiki/RHEL-%26-CentOS)<br />
<br />
Follow the instructions for "kABI-tracking kmod" - dkms modules seem to always mess up the system when upgrading to next release of zfs.<br />
<br />
<pre><br />
#rpm -vh --install http://archive.zfsonlinux.org/epel/zfs-release.el7.noarch.rpm<br />
#yum install http://download.zfsonlinux.org/epel/zfs-release.el7.noarch.rpm<br />
#yum install http://download.zfsonlinux.org/epel/zfs-release.el7_3.noarch.rpm<br />
#yum install http://download.zfsonlinux.org/epel/zfs-release.el7_4.noarch.rpm<br />
#yum install http://download.zfsonlinux.org/epel/zfs-release.el7_5.noarch.rpm<br />
#yum install http://download.zfsonlinux.org/epel/zfs-release.el7_6.noarch.rpm<br />
yum install http://download.zfsonlinux.org/epel/zfs-release.el7_7.noarch.rpm<br />
yum-config-manager --disable zfs<br />
yum-config-manager --disable zfs-kmod<br />
yum --enablerepo=zfs-kmod install zfs<br />
#sed 's/^SELINUX=.*/SELINUX=disabled/' -i /etc/selinux/config<br />
echo USE_DISK_BY_ID=\'yes\' >> /etc/default/zfs<br />
#shutdown -r now # required to load the zfs kernel modules and to disable selinux<br />
modprobe zfs # should work<br />
zpool status # should report no pools available<br />
</pre><br />
<br />
#Note: zfs and selinux and not compatible: with selinux enabled, files on zfs cannot be deleted (files are gone, but "df" does not go down, zfs-0.6.5.7-1.el7.centos.x86_64), see #https://github.com/zfsonlinux/zfs/issues/4845<br />
<br />
* http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/zfs-quickstart.html)<br />
* http://www.freebsd.org/cgi/man.cgi?query=zpool&sektion=8<br />
<br />
If ZFS kernel module does not load automatically at boot time, add this to load it manually:<br />
<pre><br />
ls -l /etc/sysconfig/modules/<br />
cat > /etc/sysconfig/modules/zfs.modules <<EOF<br />
if [ ! -e /sys/module/zfs ] ; then<br />
modprobe zfs;<br />
fi<br />
EOF<br />
chmod +x /etc/sysconfig/modules/zfs.modules<br />
</pre><br />
<br />
=== Update ZFS 0.7 to 0.8 ===<br />
<br />
For CentOS-7.6:<br />
<br />
<pre><br />
yum-config-manager --disable zfs<br />
yum-config-manager --disable zfs-kmod<br />
yum-config-manager --disable zfs-testing-kmod<br />
yum --enablerepo=zfs-testing-kmod --showduplicates list zfs # list all available versions in "zfs-testing-kmod"<br />
yum erase zfs spl<br />
yum --enablerepo=zfs-testing-kmod --showduplicates install zfs # maybe specify specific version<br />
</pre><br />
<br />
For CentOS-7.7:<br />
<br />
<pre><br />
rm /etc/yum.repos.d/zfs.repo* ### delete old repo files<br />
yum upgrade http://download.zfsonlinux.org/epel/zfs-release.el7_7.noarch.rpm<br />
yum-config-manager --disable zfs<br />
yum-config-manager --disable zfs-kmod<br />
yum erase zfs spl<br />
yum --enablerepo=zfs-kmod install zfs<br />
</pre><br />
<br />
Note: if you see yum offering to install "dkms" and "zfs-dkms", the yum config is wrong (we use the kmod-zfs package), check that "zfs" repo is disabled, "zfs-kmod" repo is enabled - see the yum-config-manager commands above.<br />
<br />
=== Lock kernel and zfs packages ===<br />
<br />
<pre><br />
yum versionlock kernel<br />
yum versionlock zfs<br />
yum-config-manager --disable zfs<br />
yum-config-manager --disable zfs-kmod<br />
</pre><br />
<br />
=== Follow generic ZFS instructions ===<br />
<br />
Here: [[ZFS]]<br />
<br />
== performance notes ==<br />
<br />
Go here: [[disk_benchmarks]]<br />
<br />
== Configure UEFI boot ==<br />
<br />
Some mobo can boot from NVME (PCIe) SSDs only via UEFI boot. Do this:<br />
<br />
* partition the NVME SSD using gdisk (must be GPT partition table, must have MSDOS EFI partition size 512MiB)<br />
<pre><br />
[root@alpha00 ~]# gdisk -l /dev/nvme0n1<br />
GPT fdisk (gdisk) version 0.8.6 ...<br />
Found valid GPT with protective MBR; using GPT.<br />
Disk /dev/nvme0n1: 500118192 sectors, 238.5 GiB<br />
Logical sector size: 512 bytes<br />
Disk identifier (GUID): 1A82CC87-2757-44ED-980F-C78E3681D9D3<br />
Partition table holds up to 128 entries<br />
First usable sector is 34, last usable sector is 500118158<br />
Partitions will be aligned on 2048-sector boundaries<br />
Total free space is 2014 sectors (1007.0 KiB)<br />
<br />
Number Start (sector) End (sector) Size Code Name<br />
1 2048 1050623 512.0 MiB EF00 EFI System<br />
2 1050624 500118158 238.0 GiB 8300 Linux filesystem<br />
[root@alpha00 ~]# <br />
</pre><br />
* create filesystems<br />
<pre><br />
mkfs.msdos /dev/nvme0n1p1<br />
mkfs.xfs /dev/nvme0n1p2<br />
</pre><br />
* prepare EFI partition<br />
<pre><br />
mkdir /mnt/efi<br />
mount /dev/nvme0n1p1 /mnt/efi<br />
mkdir -p /mnt/efi/efi/boot<br />
cp /boot/vmlinuz... vmlinuz # copy the desired linux kernel<br />
cp /boot/initramfs... initramfs.img # copy the matching initramfs file<br />
#from /home/olchansk/sysadm/syslinux/syslinux-6.03 copy<br />
cp .../efi64/efi/syslinux.efi .<br />
cp .../efi64/com32/elflink/ldlinux/ldlinux.e64 .<br />
cp syslinux.efi bootx64.efi<br />
</pre><br />
* create syslinux config file: syslinux.cfg<br />
<pre><br />
default linux<br />
label linux<br />
kernel vmlinuz<br />
append ro root=/dev/nvme0n1p2 nomodeset initrd=initramfs.img<br />
</pre><br />
* prepare system partition<br />
<pre><br />
mkdir /mnt/tmp<br />
mount /dev/nvme0n1p2 /mnt/tmp<br />
rsync -avx / /mnt/tmp<br />
cd /mnt/tmp<br />
#edit etc/fstab<br />
#edit etc/syslinux/selinux # set selinux to permissive mode because rsync did not copy the selinux labels<br />
</pre><br />
* unmount and reboot<br />
* restore selinux labels after first boot<br />
<pre><br />
#login as root<br />
cd /<br />
restorecon -R / # can also add "-v" to see progress, but runs much slower<br />
#edit /etc/sysconfig/selinux # enable selinux<br />
#shutdown -r now # reboot with selinux enabled<br />
</pre><br />
<br />
= Configure UEFI secure boot =<br />
<br />
The above instructions do not quite work if "secure boot" is enabled.<br />
<br />
These modifications are needed:<br />
<br />
* ls -l /boot/efi/EFI/bootko/<br />
<pre><br />
total 140116<br />
-rwxr-xr-x 1 root root 108 Feb 24 15:47 BOOTX64.CSV<br />
-rwxr-xr-x 1 root root 1334816 Feb 24 16:16 bootx64.efi<br />
-rwxr-xr-x 1 root root 217495 Feb 24 16:16 config-4.15.0-74-generic<br />
-rwxr-xr-x 1 root root 105 Feb 24 15:47 grub.cfg<br />
-rwxr-xr-x 1 root root 199952 Feb 24 16:16 grubx64.efi<br />
-rwxr-xr-x 1 root root 58986147 Feb 24 16:16 initramfs.img<br />
-rwxr-xr-x 1 root root 58986147 Feb 24 16:16 initrd.img-4.15.0-74-generic<br />
-rwxr-xr-x 1 root root 139968 Feb 24 16:16 ldlinux.e64<br />
-rwxr-xr-x 1 root root 1269496 Feb 24 15:47 mmx64.efi<br />
-rwxr-xr-x 1 root root 1334816 Feb 24 16:16 shimx64.efi<br />
-rwxr-xr-x 1 root root 171 Feb 24 16:16 syslinux.cfg<br />
-rwxr-xr-x 1 root root 102 Feb 24 16:16 syslinux.cfg~<br />
-rwxr-xr-x 1 root root 199952 Feb 24 16:16 syslinux.efi<br />
-rwxr-xr-x 1 root root 4068355 Feb 24 16:16 System.map-4.15.0-74-generic<br />
-rwxr-xr-x 1 root root 8367768 Feb 24 16:16 vmlinuz<br />
-rwxr-xr-x 1 root root 8367768 Feb 24 16:16 vmlinuz-4.15.0-74-generic<br />
</pre><br />
** shmix64.efi is a copy from /boot/efi/EFI/ubuntu<br />
** bootx64.efi is a copy of shimx64.efi (maybe not needed?)<br />
** grubx64.efi is a copy of syslinux.efi<br />
* efibootmgr -c -d /dev/nvme0n1 -p 2 -w -L bootko -l '\EFI\bootko\shimx64.efi'<br />
* efibootmgr -v<br />
<pre><br />
root@daqubuntu:~# efibootmgr -v<br />
BootCurrent: 0000<br />
Timeout: 1 seconds<br />
BootOrder: 0000,0001,0002<br />
Boot0000* bootko HD(2,GPT,5d1cac95-29dd-4d8a-a56e-a8f414dd4047,0x800,0x100000)/File(\EFI\BOOTKO\SHIMX64.EFI)<br />
Boot0001* Hard Drive BBS(HD,,0x0)..GO..NO........y.I.N.T.E.L. .S.S.D.P.E.K.K.W.1.2.8.G.7....................A.......................................<..Gd-.;.A..MQ..L.I.N.T.E.L. .S.S.D.P.E.K.K.W.1.2.8.G.7........BO<br />
Boot0002* ubuntu HD(2,GPT,5d1cac95-29dd-4d8a-a56e-a8f414dd4047,0x800,0x100000)/File(\EFI\UBUNTU\SHIMX64.EFI)..BO<br />
root@daqubuntu:~# <br />
</pre><br />
* NOTE: if, after running "efibootmgr -c", the UUID is zero, then it probably did not take and the entry will vanish after reboot. In my case the mistake was to use "-p 1" instead of "-p 2".<br />
<br />
Boot sequence is this:<br />
* shmix64.efi - Microsoft-signed boot loader is accepted by secure boot, loads and runs<br />
* shimx64.efi loads and runs grubx64.efi, this file name is hardwired into the signed shim, cannot be changed<br />
* grubx64.efi is syslinux.efi (could be anything)<br />
* syslinux.efi runs, loads syslinux.cfg, loads the linux kernel, loads the initrd, runs the linux kernel with specified flags (ro root=...).<br />
<br />
= UEFI syslinux kernel update =<br />
<br />
To update the linux kernel booted by UEFI syslinux, use this script:<br />
* ~root/git/scripts/etc/update_efi.perl</div>
Lindner
https://daq00.triumf.ca/DaqWiki/index.php?title=SLinstall&diff=3027
SLinstall
2020-09-12T18:48:42Z
<p>Lindner: /* Configure Altera jtagd */</p>
<hr />
<div>== Notes ==<br />
<br />
* these instructions are periodically updated to include items needed for older/newer versions of Linux. They are marked like this: (SL4.2+) means Scientific Linux 4.2 and newer; (SL4 is equivalent to FC3). (FC5 only) means Fedora Core 5; etc.<br />
* obsolete items are marked by the "#" sign at the beginning of the line and sometimes have a comment about the reason for removal.<br />
* typically, we do not "upgrade" machines using the Red Hat "upgrade" function. Instead, we save critical files from the old installation and do a "fresh install" from scratch<br />
* starting with RHEL7, the recommended OS is CentOS7 (instead of SL7).<br />
<br />
== Disk configurations ==<br />
<br />
The year is 2019 and SSDs are used exclusively, except for bulk data storage, where one used 6-8-10-12 TB HDDs<br />
<br />
For reliability, home directories and data disks must use redundant storage - mdadm raid1 or ZFS raid1/raid6.<br />
<br />
For non-critical machines, a single SSD seems to be reliable enough to use as a boot and OS disk. But since any<br />
storage device can fail at any time without warning, home directories and data disks should use redundant storage.<br />
<br />
Note: for data disks bigger than 4-6TB, mdadm raid1/raid6 is no longer recommended because raid rebuild,<br />
verification and repair time has become unreasonably long. Instead, use ZFS raid1/raid6 which implements online verification,<br />
repair and disk replacement without requiring machine shutdown or OS down time.<br />
<br />
* single SSD - 120GB min - single partition for "/", no swap partition (create a swap file if swap is needed) - for non-critical machine with no local data storage (OS only)<br />
* dual SSD - 2x240GB min - all partitions mirrored (RAID1), 30GB "/", rest for /home1 - for daq station with local user home directories and no bulk data storage<br />
* single SSD + 2x6-8-10-12TB HDD - SSD partition: all "/", HDD partition as ZFS raid1 (mirrored) - for daq station with small local bulk data storage<br />
* single SSD + 6-8x6-8-10-12TB HDD - for small storage server machines - for daq station with local home directories and large bulk data storage.<br />
<br />
For VME processors:<br />
<br />
* network boot - [[VME-CPU#Network_boot]] - only option for V7648/V7750, do not use for V7805 (no netboot from GigE), optional for V7865/XVB-602<br />
* USB boot - 8GB USB for V7805, 16GB USB for V7865/XVB-602<br />
<br />
== Preparation ==<br />
<br />
* save /etc, /var, /root, /opt, (if needed: /usr/local, /tftpboot) by rsync to some data disk (/ladd/data0/root)<br />
* check that "/" partition (it will be overwritten) is different from /home1 and /data partitions<br />
* note the MAC addresses of all network interfaces, add them to ladd00 dhcpd.conf to enable PXE boot into the SL "network installer"<br />
* shutdown<br />
<br />
== Running installer (CentOS7) ==<br />
<br />
CentOS7 can be installed from vanilla CentOS7 installation media or from<br />
a custom USB key build per there instructions:<br />
https://daqshare.triumf.ca/~olchansk/linux/CentOS7/<br />
<br />
The custom installer makes it easy to use a custom kickstart file (ks.cfg).<br />
<br />
Instructions for using the usb-installer:<br />
<br />
* disconnect machine from network<br />
* plug the usb-installer into a usb3 port (blue colour)<br />
* reboot machine, select booting from usb (press F8 on ASUS motherboards)<br />
* usb-installer boot menu offers to install CentOS7, go there<br />
* CentOS7 should boot (many messages scroll on screen)<br />
* into graphical mode<br />
* into installer main menu<br />
* all installer options should "happy" except for the "installation destination"<br />
* go to the "installation destination" menu<br />
** unselect all disks except for the SSD where the OS will be installed<br />
** (MOST IMPORTANT: unselect the USB installer disk!)<br />
** select "I will configure..."<br />
** say "done"<br />
** the "manual partitionning" menu will open<br />
*** use the "-" button to delete all existing partitions<br />
*** select "standard partition"<br />
*** click on the "+" button<br />
*** in the "Add new partition" dialog, set mount point "/", capacity blank, click "add mount point"<br />
*** check capacity (should be full size of SSD), check filesystem type (should be XFS)<br />
*** say "done", there will be a warning about absent swap partition, say "done" again.<br />
*** in the big useless dialog, say "accept changes"<br />
*** should be back to the "installation summary" screen, "installation destination" should be happy now<br />
* after everything is happy, say "begin installation"<br />
* as the installation proceeds, set the password for the root user<br />
* after installation is complete, reboot the machine<br />
* unplug the usb-installer, CentOS7 should boot from SSD into the login screen<br />
* click on "not listed?", login as root<br />
* setup network connection:<br />
** open a terminal<br />
** start "nm-connection-editor"<br />
** click on "+" to create a new connection profile<br />
** select "wired ethernet"<br />
** select "add profile..."<br />
** in "Identity", set "name" to "static"<br />
** in "Identity", check that "Connect automatically" and "Make available..." is enabled<br />
** in "IPv4", set "Addresses" to "manual" instead of "dhcp"<br />
** enter IP address, netmask 255.255.224.0, gateway 142.90.100.18, dns 142.90.100.19, search triumf.ca<br />
** say "Add", then close/quit the network settings<br />
* connect network cable<br />
* network should be up, ping ladd00 should work<br />
* run: yum update -y<br />
* check new kernel is installed: ls -l /boot<br />
* logout and restart (good luck finding these buttons in the gui!)<br />
* confirm correct linux kernel is selected during boot (-229.20, not the original installer kernel)<br />
* login as root, confirm network is up, proceed with the rest of these instructions<br />
<br />
== Configure SSH ==<br />
<br />
(+CentOS7)<br />
<br />
* Login from the console<br />
* restore the SSH keys from backup (/etc/ssh/*key*)<br />
* service sshd restart<br />
* ssh into the new machine as root<br />
* ssh root@localhost, ctrl-C<br />
* ### this is done later from Konstantin's git repository - scp root@ladd00:/root/authorized_keys ~root/.ssh/<br />
* (not needed for SL5.5 kickstart) check that /etc/ssh/ssh_config contains "ForwardX11 yes" and "ForwardX11Trusted yes":<br />
<pre><br />
echo " ForwardX11 yes" >> /etc/ssh/ssh_config<br />
echo " ForwardX11Trusted yes" >> /etc/ssh/ssh_config<br />
</pre><br />
<br />
== Post installation CentOS7 ==<br />
<br />
Set hostname: (use full name, i.e. daq11.triumf.ca)<br />
<pre><br />
emacs -nw /etc/hostname<br />
</pre><br />
<br />
<pre><br />
echo "olchansk@triumf.ca amaudruz@triumf.ca lindner@triumf.ca bsmith@triumf.ca" >> ~root/.forward<br />
chmod a+r /var/log/messages<br />
chmod a+r /var/log/yum.log<br />
</pre><br />
<br />
Activate rc.local:<br />
<pre><br />
chmod a+x /etc/rc.local<br />
chmod a+x /etc/rc.d/rc.local # TL edit<br />
systemctl start rc-local<br />
systemctl status rc-local<br />
</pre><br />
<br />
== Disable "persistent network names" (DO NOT DO THIS) ==<br />
<br />
<pre><br />
/bin/touch /etc/udev/rules.d/75-persistent-net-generator.rules<br />
/bin/rm /etc/udev/rules.d/70-persistent-net.rules<br />
#shutdown -r now<br />
</pre><br />
<br />
== Configure NIS client (CentOS7) ==<br />
<br />
<pre><br />
yum -y install ypbind authconfig<br />
echo "NISTIMEOUT=5" >> /etc/sysconfig/network<br />
echo "NETWORKWAIT=yes" >> /etc/sysconfig/network<br />
authconfig --enablenis --enablepreferdns --nisdomain LADD-NIS --nisserver ladd00.triumf.ca --update<br />
ypwhich<br />
ypcat -k passwd<br />
systemctl restart autofs<br />
</pre><br />
* On the master NIS node (ladd00), add this new node to /etc/netgroup, and update NIS maps (cd /var/yp; make)<br />
* Use "system-config-users" to add local user accounts<br />
* enable selinux ssh key login to nfs mounted home directories:<br />
<pre><br />
setsebool -P use_nfs_home_dirs 1<br />
</pre><br />
<br />
== Configure NIS client (CentOS8) ==<br />
<br />
* all the same as for CentOS7<br />
* ensure correct boot order for ypbind (in CentOS 8.1 ypbind is started before network is ready, service file uses "Wants" instead of "After")<br />
<pre><br />
mkdir /etc/systemd/system/ypbind.service.d<br />
echo -e "[Unit]\nAfter=network-online.target\n" > /etc/systemd/system/ypbind.service.d/local.conf<br />
systemctl daemon-reload<br />
systemctl cat ypbind.service<br />
</pre><br />
<br />
== Configure NIS secondary server (CentOS7) ==<br />
<br />
Enable local NIS server, make local machine use it:<br />
<br />
<pre><br />
yum -y install ypserv<br />
/usr/lib64/yp/ypinit -s ladd00 ### (/usr/lib/yp/ypinit on 32-bit machines)<br />
### ypinit will give lots of errors about "rpc.ypxfrd failed: RPC: Can't decode result"; can be ignored<br />
systemctl enable rpcbind ypserv ypxfrd yppasswdd<br />
systemctl start rpcbind ypserv ypxfrd yppasswdd<br />
emacs -nw /etc/yp.conf # change "domain XXX server YYY.triumf.ca" to read "domain XXX server localhost"<br />
systemctl restart ypbind<br />
ypwhich # should say "localhost"<br />
ypcat -k auto.master # should work<br />
</pre><br />
<br />
Punch hole in the firewall: (or "make" on NIS master will complain)<br />
<br />
<pre><br />
echo YPSERV_ARGS=\"-p 800\" >> /etc/sysconfig/network<br />
systemctl restart ypserv<br />
firewall-cmd --get-services<br />
firewall-cmd --add-service rpc-bind --permanent<br />
firewall-cmd --add-port=800/tcp --add-port=800/udp --permanent<br />
firewall-cmd --reload<br />
firewall-cmd --list-all<br />
</pre><br />
<br />
* on the NIS master:<br />
** add the new machine to /var/yp/ypservers, run "make -C /var/yp" and also "cd /var/yp; yppush -h newmachine ypservers"<br />
*** TL (2020-09): we not doing this anymore? I guess it doesn't work anyway...<br />
** if using /var/yp/securenets, copy it from NIS master to new NIS secondary server<br />
<br />
Enable hourly NIS update cron job (DO THIS AFTER git pull scripts, see below)<br />
<br />
<pre><br />
cd ~/git/scripts<br />
git pull<br />
cd etc<br />
cd ~/git/scripts/etc; ln -s $PWD/ypxfr-cron-hourly /etc/cron.hourly<br />
</pre><br />
<br />
== Configure AUTOFS (CentOS7) ==<br />
<br />
<pre><br />
yum -y install autofs<br />
systemctl enable autofs<br />
systemctl start autofs<br />
ls -l /daq/daqshare<br />
</pre><br />
<br />
<br />
<br />
== Label Selinux labels ==<br />
<br />
When upgrading non-selinux machines (el6) to el7 (selinux enforcing) the existing<br />
user home directories will not have the correct selinux labels and many things<br />
will not work, including ssh logins (sshd cannot access ~user/.ssh files).<br />
<br />
<pre><br />
semanage fcontext -a -e /home /home1 ### selinux has special rules for /home, assign them to /home1<br />
restorecon -R -v /home1 ### apply the new rules to files in /home1<br />
ls -Zd /home1/alpha/.ssh<br />
# should say: drwx------. alpha users system_u:object_r:ssh_home_t:s0 /home1/alpha/.ssh<br />
</pre><br />
<br />
== Configure time (CentOS7) ==<br />
<br />
Time server ntpd was replaced by chronyd.<br />
<br />
<pre><br />
yum -y install chrony<br />
echo server time1 iburst >> /etc/chrony.conf<br />
echo server time2 iburst >> /etc/chrony.conf<br />
echo server time3 iburst >> /etc/chrony.conf<br />
systemctl enable chronyd<br />
systemctl restart chronyd<br />
chronyc sources<br />
chronyc tracking<br />
</pre><br />
<br />
* if desired, edit /etc/chrony.conf, remove non-triumf time servers<br />
<br />
== Enable automatic system updates (CentOS7) ==<br />
<br />
Disable yum-cron:<br />
<br />
<pre><br />
rpm --erase yum-cron<br />
/bin/rm -v /var/lock/subsys/yum-cron<br />
/bin/rm -v /etc/cron.daily/0yum-daily.cron<br />
/bin/rm -v /etc/cron.hourly/0yum-hourly.cron<br />
</pre><br />
<br />
Enable yum-autoupdate:<br />
<br />
<pre><br />
yum install -y epel-release<br />
yum install -y yum-changelog yum-protectbase yum-tsflags yum-versionlock<br />
rpm -vh --install http://linuxsoft.cern.ch/cern/centos/7.2/cern/x86_64/Packages/yum-kernel-module-1-5.el7.cern.noarch.rpm<br />
rpm -vh --install http://linuxsoft.cern.ch/cern/centos/7.2/cern/x86_64/Packages/yum-autoupdate-4.4.2-1.el7.cern.noarch.rpm<br />
#rpm -vh --install https://daqshare.triumf.ca/~olchansk/linux/yum-autoupdate-4.4.2-1.el7.cern.noarch.rpm https://daqshare.triumf.ca/~olchansk/linux/yum-kernel-module-1-5.el7.cern.noarch.rpm<br />
systemctl enable yum-autoupdate<br />
systemctl start yum-autoupdate<br />
systemctl status yum-autoupdate<br />
</pre><br />
<br />
== Disable automatic system updates (CentOS7) ==<br />
<br />
<pre><br />
yum -y erase yum-autoupdate<br />
/bin/rm -f /etc/sysconfig/yum-autoupdate.rpmsave<br />
/bin/rm -f /var/lock/subsys/yum-autoupdate<br />
</pre><br />
<br />
== Enable automatic system updates (CentOS8) ==<br />
<br />
<pre><br />
yum -y install dnf-automatic<br />
systemctl enable --now dnf-automatic.timer<br />
systemctl list-timers *dnf-*<br />
</pre><br />
<br />
edit /etc/dnf/automatic.conf<br />
<pre><br />
apply_updates = yes<br />
</pre><br />
<br />
== Configure system services (CentOS7) ==<br />
<br />
* systemctl list-unit-files | grep enabled | sort ### (to see enabled services)<br />
* disable unwanted services:<br />
<pre><br />
systemctl disable bluetooth<br />
systemctl disable dm-event<br />
systemctl disable dmraid-activation<br />
systemctl disable iscsid<br />
systemctl disable iscsi<br />
systemctl disable iscsiuio<br />
systemctl disable libvirtd<br />
systemctl disable lvm2-lmetad<br />
systemctl disable lvm2-monitor<br />
systemctl disable ModemManager<br />
systemctl disable multipathd<br />
systemctl disable netcf-transaction<br />
systemctl disable lvm2-lvmetad.socket<br />
systemctl disable lvm2-lvmpolld.socket<br />
systemctl disable iscsid.socket<br />
systemctl disable iscsiuio.socket<br />
#systemctl disable <br />
</pre><br />
<br />
== Erase unwanted packages (CentOS7) ==<br />
<br />
* PackageKit # bugs users about security updates, hogs yum lock<br />
* perl-homedir # creates unwanted $HOME/perl5<br />
* ModemManager # thinks that all USB-attached devices are modems<br />
* pcp # sends error email to itself, does not work<br />
* abrt # sends email to root about useless crashes, i.e. crash of X when machine is rebooted<br />
* rear # some kind of backup and recovery tool, not clear what it does, but it sends email complaining how it is broken<br />
* bash-completion # "echo $HOME/<TAB>" becomes "echo \$HOME" (notice "\" added before "$") preventing tab-completion from doing anything useful.<br />
<br />
<pre><br />
yum -y erase PackageKit perl-homedir ModemManager pcp abrt abrt-libs abrt-gui-libs rear bash-completion<br />
</pre><br />
<br />
== Disable unwanted package "tracker" ==<br />
<br />
The "tracker" package is part of the GNOME desktop, it scans the content of all files<br />
into a database for quick searching.<br />
<br />
When it malfunctions, bad things happen, i.e. read through<br />
https://bugzilla.redhat.com/show_bug.cgi?id=747689<br />
<br />
Specific problem I see is that it floods the system log with error messages. Also <br />
consumes network and filesystem bandwidth for NFS mounted home directories.<br />
<br />
This package cannot be removed by "yum erase tracker" dues to dependencies<br />
from core GNOME desktop.<br />
<br />
Instead, do this to deactivate it:<br />
<br />
<pre><br />
chmod -x /usr/libexec/tracker-*<br />
chmod -x /usr/bin/tracker<br />
chattr +i /usr/bin/tracker<br />
chattr +i /usr/libexec/tracker-*<br />
</pre><br />
<br />
== Configure external package repositories (CentOS7) ==<br />
<br />
EPEL: (addtional packages)<br />
<pre><br />
yum install epel-release<br />
</pre><br />
<br />
ELREPO: (kernel modules and drivers) (CentOS8)<br />
<pre><br />
yum install elrepo-release<br />
</pre><br />
<br />
ELREPO: (kernel drivers)<br />
<pre><br />
rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org<br />
rpm -Uvh https://www.elrepo.org/elrepo-release-7.0-2.el7.elrepo.noarch.rpm<br />
yum -y install yum-plugin-fastestmirror<br />
</pre><br />
<br />
== Install packages needed to continue with installation ==<br />
<br />
(+CentOS7)<br />
<br />
(these packages are sometimes missing, they are needed to follow following instructions instructions)<br />
<br />
(SL6.5: libotf is a dependancy of emacs - SL6.5 installer fails to install it)<br />
<br />
<pre><br />
yum install ed patch wget git libotf gdisk emacs perl<br />
</pre><br />
<br />
== Configure Konstantin's scripts ==<br />
<br />
(+Centos7)<br />
<br />
<pre><br />
mkdir ~root/git<br />
cd ~root/git<br />
git clone http://ladd00.triumf.ca/~olchansk/git/scripts.git<br />
cd scripts<br />
git pull<br />
</pre><br />
<br />
Go back to the NIS slave server and install the hourly NIS update cron job.<br />
<br />
== Enable yum version lock ==<br />
<br />
<pre><br />
yum install yum-plugin-versionlock<br />
#yum versionlock packagename # yum versionlock rpcbind<br />
#yum versionlock list # list locked packages<br />
#yum versionlock delete packagename # unlock given package<br />
#yum versionlock clear # delete all locks<br />
</pre><br />
<br />
== Configure trusted ssh keys ==<br />
<br />
(+CentOS7)<br />
<br />
<pre><br />
ssh localhost<br />
interrupt by Ctrl-C<br />
/bin/cp ~/git/scripts/etc/authorized_keys ~/.ssh/<br />
</pre><br />
<br />
== Configure hardware sensors ==<br />
<br />
* yum -y install lm_sensors<br />
* sensors-detect (accept default answer to all questions - press ENTER)<br />
* systemctl restart lm_sensors<br />
* sensors (to see available sensors)<br />
<br />
If no sensors are detected by standard drivers, follow motherboard-specific instructions at the bottom of this page.<br />
<br />
== Configure IPMI sensors ==<br />
<br />
Some machines support the IPMI interface for monitoring the hardware: fan speeds, temperatures, voltages.<br />
<br />
* find out if IPMI is supported. Try this:<br />
<pre><br />
dmidecode | grep -i ipmi<br />
</pre><br />
if output is not blank, IPMI is maybe supported.<br />
* install and enable IPMI software:<br />
<pre><br />
yum install "OpenIPMI*" ipmitool<br />
service ipmi start<br />
ipmitool sensor ### to confirm IPMI is present. If output is blank, do not go further.<br />
chkconfig ipmi on<br />
chkconfig ipmievd on<br />
service ipmi restart<br />
service ipmievd restart<br />
tail -100 /var/log/messages ### look at messages logged by ipmievd<br />
</pre><br />
* (CentOS7) install and enable IPMI software:<br />
<pre><br />
yum install "OpenIPMI*" ipmitool<br />
systemctl start ipmi<br />
ipmitool sensor ### to confirm IPMI is present. If output is blank, do not go further.<br />
systemctl list-unit-files | grep -i ipmi<br />
systemctl enable ipmi<br />
systemctl restart ipmi<br />
systemctl status ipmi<br />
systemctl enable ipmievd<br />
systemctl restart ipmievd<br />
systemctl status ipmievd<br />
tail -100 /var/log/messages ### look at messages logged by ipmievd<br />
</pre><br />
<br />
* if ipmievd complains about SEL buffer overflow, clear it manually:<br />
<pre><br />
ipmitool sel list ### show ipmi messages in raw format<br />
ipmitool sel elist ### show ipmi messages in useful format<br />
ipmitool sel elist > file ### save ipmi messages into a file<br />
ipmitool sel clear ### clear all accumulated ipmi messages<br />
</pre><br />
<br />
* useful ipmi commands:<br />
** ipmitool sensor -- read hardware sensors<br />
** ipmitool sel elist -- report all accumulated messages<br />
<br />
== Configure ECC memory ==<br />
<br />
* check that machine has ECC memory: dmidecode --type memory | grep -i ecc<br />
<br />
Configure mcelog (machine check exception)<br />
<br />
* yum install mcelog<br />
* check that mcelog is running: ps -efw | grep mcelog<br />
* (el6) chkconfig mcelogd on; service mcelogd restart<br />
* (el7) systemctl status mcelog.service; systemctl enable mcelog.service; systemctl restart mcelog.service<br />
<br />
Check for MCE (machine check exception) messages:<br />
<br />
* mcelog --client<br />
* grep -i mce /var/log/messages*<br />
* grep -i ecc /var/log/messages*<br />
<br />
Configure EDAC<br />
<br />
<pre><br />
yum install edac-utils<br />
edac-ctl --mainboard<br />
edac-ctl --status<br />
lsmod | grep edac<br />
modprobe ie31200_edac ### driver for Intel E3-1200 series ECC memory<br />
<br />
[root@grsmid00 ~]# ls -l /sys/devices/system/edac/mc/<br />
... empty<br />
<br />
[root@alpha00 ~]# ls -l /sys/devices/system/edac/mc/<br />
drwxr-xr-x. 15 root root 0 Oct 25 16:40 mc0<br />
...<br />
[root@alpha00 ~]# ls -l /sys/devices/system/edac/mc/mc0<br />
total 0<br />
-r--r--r--. 1 root root 4096 Oct 25 16:40 ce_count<br />
-r--r--r--. 1 root root 4096 Oct 25 16:40 ce_noinfo_count<br />
drwxr-xr-x. 3 root root 0 Oct 25 16:40 csrow0<br />
drwxr-xr-x. 3 root root 0 Oct 25 16:40 csrow1<br />
drwxr-xr-x. 3 root root 0 Oct 25 16:40 csrow2<br />
drwxr-xr-x. 3 root root 0 Oct 25 16:40 csrow3<br />
-r--r--r--. 1 root root 4096 Oct 25 16:40 max_location<br />
-r--r--r--. 1 root root 4096 Oct 25 16:40 mc_name<br />
drwxr-xr-x. 2 root root 0 Oct 25 16:40 power<br />
drwxr-xr-x. 3 root root 0 Oct 25 16:40 rank0<br />
drwxr-xr-x. 3 root root 0 Oct 25 16:40 rank1<br />
drwxr-xr-x. 3 root root 0 Oct 25 16:40 rank2<br />
drwxr-xr-x. 3 root root 0 Oct 25 16:40 rank3<br />
drwxr-xr-x. 3 root root 0 Oct 25 16:40 rank4<br />
drwxr-xr-x. 3 root root 0 Oct 25 16:40 rank5<br />
drwxr-xr-x. 3 root root 0 Oct 25 16:40 rank6<br />
drwxr-xr-x. 3 root root 0 Oct 25 16:40 rank7<br />
--w-------. 1 root root 4096 Oct 25 16:40 reset_counters<br />
-r--r--r--. 1 root root 4096 Oct 25 16:40 seconds_since_reset<br />
-r--r--r--. 1 root root 4096 Oct 25 16:40 size_mb<br />
lrwxrwxrwx. 1 root root 0 Oct 2 12:02 subsystem -> ../../../../../bus/mc0<br />
-r--r--r--. 1 root root 4096 Oct 25 16:40 ue_count<br />
-r--r--r--. 1 root root 4096 Oct 25 16:40 ue_noinfo_count<br />
-rw-r--r--. 1 root root 4096 Oct 25 16:40 uevent<br />
[root@alpha00 ~]# <br />
<br />
[root@alpha00 ~]# edac-ctl --status<br />
edac-ctl: drivers are loaded.<br />
<br />
[root@alpha00 ~]# edac-util <br />
edac-util: No errors to report.<br />
<br />
[root@alpha00 ~]# edac-util -s<br />
edac-util: EDAC drivers are loaded. 1 MC detected<br />
</pre><br />
<br />
== Configure SMARTD (CentOS7) ==<br />
<br />
Default el7 smartd config files send deficient email notices about disk failures. Overwrite.<br />
<br />
<pre><br />
/bin/cp ~/git/scripts/etc/smartd.conf /etc/smartmontools/<br />
/bin/cp ~/git/scripts/etc/smartd_warning.sh /etc/smartmontools/<br />
systemctl enable smartd<br />
systemctl restart smartd<br />
systemctl status smartd<br />
</pre><br />
<br />
== Enable User Disk Quotas (OPTIONAL) ==<br />
<br />
(+CentOS7)<br />
<br />
* read http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Storage_Administration_Guide/ch-disk-quotas.html<br />
* emacs -nw /etc/fstab, add "grpquota,usrquota" to filesystem options, e.g.:<br />
<pre><br />
[root@isdaq00 home1]# grep quota /etc/fstab<br />
UUID=5a2aefbd-45db-475e-841e-12ec89220fbd /home1 ext4 defaults,grpquota,usrquota 1 2<br />
</pre><br />
* cd /; umount /home1; mount /home1<br />
* quotacheck -cug /home1<br />
* quotacheck -avug<br />
* quotaon -av<br />
* quota system is now active<br />
* increase the soft quota time limit from default 7days to 30 or 60 days: edquota -t<br />
* set quotas for all users (see below)<br />
* setup warnquota:<br />
** create warnquota config file: emacs -nw /etc/warnquota.conf<br />
<pre><br />
# values can be quoted:<br />
MAIL_CMD = "/usr/sbin/sendmail -t"<br />
FROM = root<br />
SUBJECT = User %i@%h exceeded allocated disk quota<br />
CC_TO = "root"<br />
# If you set this variable CC will be used only when user has less than<br />
# specified grace time left (examples of possible times: 5 seconds, 1 minute,<br />
# 12 hours, 5 days)<br />
# CC_BEFORE = 2 days<br />
SUPPORT = "root"<br />
# Text in the beginning of the mail (if not specified, default text is used)<br />
# This way text can be split to more lines<br />
# Line breaks are done by '|' character<br />
# The expressions %i, %h, %d, and %% are substituted for user/group name,<br />
# host name, domain name, and '%' respectively. For backward compatibility<br />
# %s behaves as %i but is deprecated.<br />
MESSAGE = User "%i" on "%h" has exceeded the allocated disk quota.||Please delete any unnecessary files on following filesystems or|contact the system administrato<br />
r to increase your quota allocation:|<br />
SIGNATURE = --|automated email from warnquota<br />
</pre><br />
** note that %i@%h in the SUBJECT line do not seem to work<br />
** create cron job: emacs -nw /etc/cron.daily/warnquota<br />
<pre><br />
#!/bin/sh<br />
warnquota<br />
#end<br />
</pre><br />
** chmod a+x /etc/cron.daily/warnquota<br />
** touch /etc/crontab<br />
<br />
Useful commands for managing quotas:<br />
* repquota -a | sort -n -k3 ### show quota of all users sorted by disk usage<br />
* edquota -u username ### open "vi" editor to change user quotas<br />
* repquote -a | grep username ### report quota for given user<br />
* setquota -u username 0 0 0 0 /home1 ### disable quotas for given user<br />
* setquota -u username 50000000 100000000 0 0 /home1 ### set quotas for 50GB soft and 100GB hard<br />
* edquota -t ### change user quota time limits<br />
* edquote -tg ### change group quota time limits<br />
<br />
== Enable NFS V4 server (CentOS7) ==<br />
<br />
* create /etc/exports. example: (fsid numbers should be unique and increase 1,2,3,...)<br />
<pre><br />
/home1 @home_export(rw,no_root_squash,async,fsid=1)<br />
/data1 @data_export(rw,no_root_squash,async,fsid=2)<br />
</pre><br />
* check the netgroup file<br />
** if using NIS: check NIS netgroup: ypcat -k netgroup<br />
** if no NIS, create /etc/netgroup: @daqmachines (deap00,,) (deap01,,) (deap02,,)<br />
** if no NIS, edit /etc/nsswitch.conf, make the netgrooup line read: "netgroup: files"<br />
* enable things, start them:<br />
<pre><br />
firewall-cmd --get-services<br />
firewall-cmd --permanent --add-service=nfs<br />
firewall-cmd --reload<br />
firewall-cmd --list-all<br />
systemctl enable nfs-server<br />
systemctl start nfs-server<br />
systemctl status nfs<br />
</pre><br />
<br />
== Enable NFS V3 server (CentOS7) ==<br />
<br />
<pre><br />
ps -efw | grep rpc.mountd # should be running!<br />
firewall-cmd --get-services<br />
firewall-cmd --permanent --add-service=mountd<br />
firewall-cmd --permanent --add-service=rpc-bind<br />
firewall-cmd --reload<br />
firewall-cmd --list-all<br />
</pre><br />
<br />
== Enable NFS V3 server ==<br />
<br />
* edit /etc/hosts.allow, add or uncomment "mountd: 142.90.0.0/255.255.0.0"<br />
* create /etc/exports. example:<br />
<pre><br />
/home1 @home_export(rw,no_root_squash,async)<br />
/data1 @data_export(rw,no_root_squash,async)<br />
</pre><br />
* check the netgroup file<br />
** if using NIS: check NIS netgroup: ypcat -k netgroup<br />
** if no NIS, create /etc/netgroup: @daqmachines (deap00,,) (deap01,,) (deap02,,)<br />
** if no NIS, edit /etc/nsswitch.conf, make the netgrooup line read: "netgroup: files"<br />
* chkconfig nfs on<br />
* chkconfig nfslock on<br />
* service nfs restart<br />
<br />
Then on ladd00 need to do<br />
* ssh to root@ladd00<br />
* edit /etc/auto.daq to add new machine...<br />
* make -C /var/yp<br />
<br />
== Enable NFS V4 SERVER (SL6) ==<br />
<br />
* if used with NIS, same as NFSv3<br />
* if used as standalone, need to edit idmapd.conf - set the "Domain" name to the same value on NFS server and NFS slave (default automagically determined value does not always work). More TBW.<br />
<br />
== Enable AMANDA backups ==<br />
<br />
AMANDA backups are already enabled by TRIUMF kickstart installs. For non-kickstart installation, follow instructions at [[http://amanda/~amanda http://amanda/~amanda]], or look at "/triumfcs/trshare/olchansk/linux/amanda/amanda-enable.perl". As final step, use [[https://helpdesk.triumf.ca https://helpdesk.triumf.ca]] to contact TRIUMF CS to add this new machine to the amanda backup list.<br />
<br />
* yum install triumf-amanda<br />
<br />
== Enable AMANDA backups (CentOS7) ==<br />
<br />
<pre><br />
yum install amanda-client<br />
systemctl list-unit-files | grep -i amanda<br />
#systemctl enable amanda<br />
systemctl enable amanda.socket<br />
systemctl enable amanda-udp.socket<br />
systemctl restart amanda.socket<br />
systemctl restart amanda-udp.socket<br />
firewall-cmd --get-services<br />
firewall-cmd --permanent --add-service=amanda-client<br />
firewall-cmd --reload<br />
firewall-cmd --list-all<br />
echo amanda.triumf.ca amanda amdump >> /var/lib/amanda/.amandahosts<br />
</pre><br />
<br />
On amanda server, add new machine to the disklist, then:<br />
<br />
<pre><br />
amcheck -c daily titan00<br />
</pre><br />
<br />
== Enable DCACHE ==<br />
<br />
DAQ dcache server is mounted as<br />
<br />
/daq/pnfs/triumf.ca/data/<br />
<br />
For Centos-7 machines, you need to adjust the firewall rules in order to be able to communicate with the trdata machines; this is only necessary if you are copying data to trdata. The firewall changes are<br />
<br />
<pre><br />
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="142.90.100.212/32" port protocol="tcp" port="0-65535" accept"<br />
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="142.90.107.156/32" port protocol="tcp" port="0-65535" accept"<br />
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="142.90.100.219/32" port protocol="tcp" port="0-65535" accept"<br />
firewall-cmd --reload<br />
firewall-cmd --list-all<br />
</pre><br />
<br />
This instructions are unnecessary <br />
* # mkdir -p /pnfs<br />
* # edit /etc/rc.local, add to the end of file: "mount -o intr,rw,noac,hard,nfsvers=3 trdata00:/pnfs /pnfs &"<br />
* # . /etc/rc.local<br />
<br />
For more information on, see [[TrdataDcache]] dcache page.<br />
<br />
== Configure Ganglia (Centos7) ==<br />
<br />
CentOS7 Ganglia instructions (EPEL7 ganglia-3.7.2)<br />
<br />
<pre><br />
/bin/rm /etc/gmond.conf<br />
yum -y install "ganglia-gmond*"<br />
/bin/cp -v /dev/null /etc/ganglia/conf.d/multicpu.conf # collects useless data<br />
/bin/cp -v /dev/null /etc/ganglia/conf.d/netstats.pyconf # spews errors into syslog<br />
/bin/cp -v /dev/null /etc/ganglia/conf.d/diskstat.pyconf # collects useless data<br />
/bin/cp -v /dev/null /etc/ganglia/conf.d/procstat.pyconf # do not create /tmp/gmond.conf<br />
/bin/cp ~/git/scripts/etc/gmond.conf /etc/ganglia/gmond.conf<br />
systemctl enable gmond<br />
systemctl restart gmond<br />
systemctl status gmond<br />
</pre><br />
<br />
== Configure TRIUMF DAQ packages ==<br />
<br />
(+CentOS7)<br />
<br />
<pre><br />
cd /etc/yum.repos.d<br />
wget http://daq.triumf.ca/~daqweb/yum/triumf-daq.repo<br />
</pre><br />
<br />
== Install Konstantin's packages ==<br />
<br />
(+CentOS7)<br />
<br />
<pre><br />
yum --disablerepo=\* --enablerepo=triumf-daq --skip-broken install diskscrub emailonreboot monitor_nfs "ganglia-*" triumf_nodeinfo<br />
</pre><br />
<br />
== Install memtest and PXE boot ==<br />
<br />
!!!DO NOT DO THIS!!!<br />
<br />
<pre><br />
cd /boot<br />
wget http://ladd00.triumf.ca/tftpboot/memtest86+-5.01.bin.gz<br />
wget http://ladd00.triumf.ca/tftpboot/memtest86+-4.20.bin.gz<br />
wget http://ladd00.triumf.ca/tftpboot/memtest86+-4.10<br />
wget http://ladd00.triumf.ca/tftpboot/gpxe-1.0.1+-gpxe.lkrn<br />
<br />
emacs -nw /boot/grub/grub.conf<br />
title memtest86+-5.01<br />
root (hd0,0)<br />
kernel /boot/memtest86+-5.01.bin.gz<br />
title memtest86+-4.20<br />
root (hd0,0)<br />
kernel /boot/memtest86+-4.20.bin.gz<br />
title memtest86+-4.10<br />
root (hd0,0)<br />
kernel /boot/memtest86+-4.10<br />
title pxeboot<br />
root (hd0,0)<br />
kernel /boot/gpxe-1.0.1+-gpxe.lkrn<br />
</pre><br />
<br />
== Install node monitoring ==<br />
<br />
(+CentOS7)<br />
<br />
<pre><br />
yum --disablerepo=\* --enablerepo=triumf-daq --skip-broken install triumf_nodeinfo<br />
/usr/sbin/sendnodeinfo.perl --config ladd00.triumf.ca:8600<br />
emacs -nw /etc/nodeinfo<br />
/usr/sbin/sendnodeinfo.perl ladd00.triumf.ca:8600<br />
</pre><br />
<br />
== Install gonodeinfo node monitoring ==<br />
<br />
(+Ubuntu, +CentOS7, +CentOS8)<br />
<br />
go to https://bitbucket.org/dd1/gonodeinfo<br />
follow instructions:<br />
<pre><br />
yum -y install golang<br />
mkdir ~/git<br />
cd ~/git<br />
git clone https://bitbucket.org/dd1/gonodeinfo.git<br />
# or git clone https://daq.triumf.ca/~olchansk/git/gonodeinfo.git<br />
cd gonodeinfo<br />
git pull<br />
make<br />
make install # install gonodeinfo agent<br />
cd ~ # this is important<br />
</pre><br />
<br />
* emacs -nw /etc/gonodeinfo.conf<br />
* change "Description", "Location", "User" and "Administrator" as appropriate (or delete them)<br />
* change "Servers" to read: Servers: ladd00.triumf.ca:8601<br />
* run gonodeinfo -e<br />
* if error is "connection refused". go to the nodeinfo server to add this client to the access control list:<br />
* on the gonodeinfo server: run gonodereceive -a daq13<br />
* try gonodeinfo again, there should be no error<br />
* on the gonodeinfo server: run gonodereport, look at the web pages, the new machine should be listed now<br />
<br />
== Install latest system updates ==<br />
<br />
(+CentOS7)<br />
<br />
<pre><br />
yum update -y<br />
</pre><br />
<br />
== Configure TRIUMF Printers (CentOS7) ==<br />
<br />
<pre><br />
systemctl stop cups<br />
systemctl disable cups<br />
echo "ServerName printers.triumf.ca" > /etc/cups/client.conf<br />
lpstat -a<br />
</pre><br />
<br />
== Disable syslog spam (CentOS7) ==<br />
<br />
Default el7 config is spamming the syslog with useless messages "systemd: Starting Session", etc. Disable this:<br />
<br />
<pre><br />
echo auditctl -e 0 >> /etc/rc.local<br />
echo /usr/bin/systemd-analyze set-log-level notice >> /etc/rc.local<br />
/etc/rc.local<br />
</pre><br />
<br />
== Install basic system packages (CentOS7) ==<br />
<br />
(if starting from minimal system, basic system packages required:)<br />
<br />
<pre><br />
yum install -y which psmisc redhat-lsb-core xorg-x11-xauth xterm emacs-nox rsync tcpdump strace nfs-utils sysstat iftop tcsh<br />
yum install -y gcc gcc-c++ gdb glibc-static libstdc++-static zlib zlib-devel openssl-devel httpd-tools<br />
</pre><br />
<br />
== Install packages needed for QUARTUS, ROOT, EPICS and MIDAS DAQ ==<br />
<br />
(+CentOS7)<br />
<br />
yum install --skip-broken giflib.x86_64 sysstat "libusb-devel*" unixODBC-devel postgresql-devel libxml2-devel libXpm-devel libgfortran git compat-readline43 "graphviz*" dcap "tigervnc*" telnet glibc"*" strace "fftw*" libpng "freetype*" xpdf "xemacs*" tkcvs xterm mutt "*-g77*" joe "libXmu*" dcap-devel gsl-devel pcre-devel h5py gd-devel xorg-x11-fonts"*" minicom xfig"*" perl-BSD-Resource "net-snmp-*" readline-static git-all nasm imake tcl-devel gv xorg-x11-twm expat-devel screen compat-readline5 ImageMagick ImageMagick-devel wget alacarte scipy numpy sympy nedit gnuplot php-cli php-domxml-php4-php5 php-gd php-fpdf php-cli kdebase cmake tcpdump sqlite sqlite-devel kdegraphics gdisk lsof gconf-editor iftop tk-devel mcelog kdm blt itcl lz4 bzip2 pbzip2 apr-devel apr-util-devel net-tools golang"*" --exclude golang-cover"*"hg"*" --exclude golang"*"hg"*" --exclude golang-pkg"*" --exclude golang-github"*" --exclude golang"*"git"*" mesa"*" xerces-c"*" diffuse clang i2c-tools texlive-revtex texlive-revtex4 kile kbibtex xrdp glibc.i686 gimp gimp-data-extras perl-GD"*" perl-Math"*" perl-Statistics-Basic cmake3 cmake3-gui extra-cmake-modules python2-pip x2go"*" mariadb-devel glibc-devel.i686 libzstd<br />
<br />
== Install optional packages ==<br />
<br />
!! DO NOT DO THIS !!<br />
<br />
(do not install boost on 32-bit machines)<br />
<br />
yum install --skip-broken "boost-*" <br />
<br />
(packages for 32-bit software compilation on 64-bit machines. this is optional)<br />
<br />
yum install --skip-broken giflib.i386 giflib.i686 compat-libf2c-34.i386 compat-libf2c-34.i686 mysql-devel.i686 openssl-devel.i686 unixODBC-devel.i686 libstdc++-devel.i386 libstdc++-devel.i686 "zlib-*.i686" "libXext-*.i686" "libXtst-*.i686" glibc-static.i686 freetype.i686 fontconfig.i686 libpng.i686 libXrender.i686 glibc-devel.i686 libX11-devel.i686 libXpm-devel.i686 libXft-devel.i686 mysql-devel.i686 dcap-devel.i686 gsl-devel.i686 pcre-devel.i686 fontconfig-devel.i686 freetype-devel.i686 libpng-devel.i686 libjpeg-devel.i686 libgfortran.i686 libxml2-devel.i686 gd-devel.i686 readline-devel.i686 ncurses-devel.i686 libXdmcp.i686 readline-static.i686 compat-readline5.i686<br />
<br />
yum install boost-devel.i686<br />
<br />
(separately install these packages - they collide with the big bunch above)<br />
<br />
yum install rdesktop<br />
<br />
yum reinstall urw-fonts<br />
<br />
== Install libraries for PHYSICA (CentOS7) ==<br />
<br />
To run physica built on el6 from git sources on el7, do this:<br />
<br />
(building physica on el7 is nort supported at this time)<br />
<br />
(see more http://www.triumf.info/wiki/DAQwiki/index.php/PHYSICA)<br />
<br />
<pre><br />
yum -y install libX11.i686 gd.i686 libpng12.i686 readline.i686 compat-libf2c-34.i686<br />
</pre><br />
<br />
== Install additional desktop environements (CentOS7) ==<br />
<br />
<pre><br />
# LXQT (from EPEL)<br />
# NOT COMPATIBLE WITH el7.7 # yum -y install "lxqt*"<br />
# Cinnamon desktop (from EPEL)<br />
yum -y install cinnamon<br />
# KDE5 not available yet<br />
# MATE (from epel)<br />
yum -y groupinstall "MATE Desktop"<br />
yum -y install mate-common mate-icon-theme-faenza mate-netspeed mate-sensors-applet mate-themes-extras mate-utils<br />
yum -y erase ModemManager abrt abrt-libs abrt-gui-libs<br />
# XFCE4 (from EPEL)<br />
yum -y groupinstall xfce<br />
yum -y install "xfce*plugin" xfce4-about --exclude xfce4-hamster-plugin<br />
yum -y erase bash-completion<br />
</pre><br />
<br />
* make the MATE desktop as default<br />
<br />
<pre><br />
cd ~root/git/scripts/<br />
git pull<br />
/bin/cp -v etc/lightdm_default_mate.conf /etc/lightdm/lightdm.conf.d/<br />
</pre><br />
<br />
* lighdm login manager (from EPEL)<br />
<pre><br />
yum install lightdm lightdm-kde lightdm-qt lightdm-qt5<br />
</pre><br />
<br />
* and switch from gdm to lighdm<br />
<pre><br />
systemctl disable gdm.service<br />
systemctl enable lightdm.service<br />
(systemctl stop gdm; systemctl restart lightdm) &<br />
</pre><br />
<br />
== Install SMART scripts ==<br />
<br />
(+CentOS7)<br />
<br />
<pre><br />
ln -sf ~/git/scripts/smart-status/smart-status.perl ~/<br />
</pre><br />
<br />
== Install NTFS drivers ==<br />
<br />
yum install ntfs-3g ntfsprogs (from EPEL)<br />
<br />
== Install HFS and HFS+ drivers (CentOS7) ==<br />
<br />
yum --disablerepo=\* --enablerepo=elrepo install kmod-hfs kmod-hfsplus<br />
<br />
== Install Google Chrome web browser (64-bit CentOS7) ==<br />
<br />
<pre><br />
/bin/cp ~/git/scripts/etc/google-chrome-64.repo /etc/yum.repos.d/<br />
yum install google-chrome-stable<br />
</pre><br />
<br />
== Enable monitoring of HTTPS certificates ==<br />
<br />
On SL6, CentOS7:<br />
<br />
<pre><br />
yum install crypto-utils<br />
/etc/cron.daily/certwatch<br />
strace -f /etc/cron.daily/certwatch |& grep open | grep crt<br />
</pre><br />
<br />
== Enable 100dpi fonts for EPICS ==<br />
<br />
(+CentOS7)<br />
<br />
<pre><br />
ln -s /usr/share/X11/fonts/100dpi /etc/X11/fontpath.d/<br />
</pre><br />
<br />
== Enable crontab @reboot for MIDAS (CentOS7) ==<br />
<br />
el7 has a bug - cron @reboot entries for normal users can run before autofs is ready, so if the home directory<br />
is on autofs/NFS, it cannot be accessed and the cron job fails. If MIDAS is supposed to be<br />
started by cron @reboot, it will not start (there *will* be an error message in /var/log/cron).<br />
<br />
<pre><br />
mkdir /etc/systemd/system/crond.service.d<br />
echo -e "[Unit]\nAfter=ypbind.service autofs.service\n" > /etc/systemd/system/crond.service.d/local.conf<br />
systemctl daemon-reload<br />
systemctl cat crond.service<br />
</pre><br />
<br />
Explore the systemd dependacy tree using "systemctl list-dependencies" maybe with "--all".<br />
<br />
Visualize the exact boot sequence from previous boot: "systemd-analyze plot > xxx.svg", look at the svg file using a web browser.<br />
<br />
== Enable firewall for MIDAS (CentOS7) ==<br />
<br />
Default el7 configuration prevents all access to servers running on the local machine, including access to MIDAS mhttpd (tcp port 8443) and mserver (all tcp ports).<br />
<br />
To enable access to mhttpd:<br />
<br />
<pre><br />
firewall-cmd --add-port=8443/tcp --permanent<br />
firewall-cmd --reload<br />
firewall-cmd --list-all<br />
</pre><br />
<br />
To enable access to the mserver from a specific host: (replace 142.90.111.175 with the IP address of the permitted host)<br />
<br />
<pre><br />
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="142.90.111.175/32" port protocol="tcp" port="0-65535" accept"<br />
firewall-cmd --reload<br />
firewall-cmd --list-all<br />
</pre><br />
<br />
To enable access from the private network (replace "192.168.1.0" with your private network number):<br />
<br />
<pre><br />
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.1.0/24" port protocol="tcp" port="0-65535" accept"<br />
firewall-cmd --reload<br />
firewall-cmd --list-all<br />
</pre><br />
<br />
== Enable firewall for EPICS (CentOS7) ==<br />
<br />
To enable access to TRIUMF EPICS servers, do this:<br />
<br />
<pre><br />
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="142.90.132.0/23" accept"<br />
firewall-cmd --reload<br />
firewall-cmd --list-all<br />
</pre><br />
<br />
For UCN the controls people seem to have EPICS setup on a different server; this might be true for CMMS as well. In this case the firewall rule change should be<br />
<br />
<pre><br />
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="142.90.139.0/23" accept"<br />
firewall-cmd --reload<br />
firewall-cmd --list-all<br />
</pre><br />
<br />
== Disable gdm and X11 (OPTIONAL) ==<br />
<br />
<pre><br />
initctl stop prefdm<br />
echo "start on never" > /etc/init/prefdm.override<br />
echo "start on never" > /etc/init/splash-manager.override<br />
initctl reload-configuration<br />
</pre><br />
<br />
then enable login on default console:<br />
<pre><br />
echo "plymouth quit" >> /etc/rc.local<br />
echo "X_TTY=xxx/dev/tty1" >> /etc/sysconfig/init<br />
</pre><br />
<br />
== Install JAVAWS (OPTIONAL) ==<br />
<br />
* to run Java "web start" jnlp files (EVO, SEEVOGH, etc): javaws Downloads/spider.jnlp<br />
* install javaws:<br />
* yum install icedtea-web icedtea-web-javadoc<br />
<br />
== Install firefox java plugin (OPTIONAL, DO NOT DO THIS) ==<br />
<br />
This installs the Oracle Java plugin:<br />
<br />
* rpm -vh --install ~deap/jdk-7u15-linux-x64.rpm<br />
* ls -l /usr/lib64/mozilla/plugins/<br />
* ln -s /usr/java/jdk1.7.0_15/jre/lib/amd64/libnpjp2.so /usr/lib64/mozilla/plugins/<br />
* start firefox, go edit->preferences->general->manage add-ons->plugins<br />
* "java plugin 1.7.0_15" should be listed<br />
<br />
<br />
<br />
== Configure USB device permissions ==<br />
<br />
(+CentOS7)<br />
<br />
Configure USB device permissions for user access to USB-serial devices, Altera USB Blaster, etc.<br />
<br />
* create file /etc/udev/rules.d/99-usb-chmod.rules with this contents:<br />
<br />
<pre><br />
emacs -nw /etc/udev/rules.d/99-usb-chmod.rules<br />
ACTION=="add", SUBSYSTEM=="usb_device", RUN+="/bin/chmod a+wr /dev/%c"<br />
ACTION=="add", SUBSYSTEM=="usb_device", RUN+="/bin/chmod a+wr /proc/%c"<br />
ACTION=="add", ENV{DEVTYPE}=="usb_device", RUN+="/bin/chmod a+wr $env{DEVNAME}"<br />
ACTION=="add", ENV{DEVTYPE}=="usb_device", RUN+="/bin/chmod a+wr $env{DEVICE}"<br />
ACTION=="add", ENV{PHYSDEVBUS}=="usb-serial", RUN+="/bin/chmod a+wr $env{DEVNAME}"<br />
ACTION=="add", ENV{DEVPATH}=="/class/tty/ttyS*", RUN+="/bin/chmod a+wr $env{DEVNAME}"<br />
ACTION=="add", SUBSYSTEM=="tty", DEVPATH=="*ttyUSB*", RUN+="/bin/chmod a+rw $env{DEVNAME}"<br />
ACTION=="add", SUBSYSTEM=="tty", DEVPATH=="*ttyS*", RUN+="/bin/chmod a+rw $env{DEVNAME}"<br />
</pre><br />
<br />
* apply new permissions: udevadm trigger --action=add<br />
<br />
== Disable modem-manager ==<br />
<br />
The modem-manager will try to talk to any serial devices attached to USB serial ports. It assumes that those devices are modems and will send out modem-specific commands. if the devices are not modems and do not understand or do not like modem commands, well that's too bad. modem-manager is installed by the ModemManager package required by the NetworkManager package, and there is no configuration setting to turn modem-manager off.<br />
<br />
One way to disable it is: chmod a= /usr/sbin/modem-manager<br />
<br />
Another way to disable it is by forced uninstall: rpm --erase --nodeps ModemManager<br />
<br />
Remember to kill the running copy: killall -KILL modem-manager<br />
<br />
Caveat: it is not clear if modem-manager would not be resurrected by an update to the NetworkManager or ModemManager packages.<br />
<br />
== Configure Altera jtagd ==<br />
<br />
(if needed)<br />
<br />
<pre><br />
mkdir /etc/jtagd<br />
echo 'Password = "123";' > /etc/jtagd/jtagd.conf<br />
cp -pv /daq/daqshare/olchansk/altera/11.0/quartus/linux/pgm_parts.txt /etc/jtagd/jtagd.pgm_parts<br />
</pre><br />
<br />
* start local jtagd: /triumfcs/trshare/olchansk/altera/11.0/quartus/bin/jtagd<br />
* test local connection: /triumfcs/trshare/olchansk/altera/11.0/quartus/bin/jtagconfig<br />
* test remote connection (add this machine to your .jtag.conf, run jtagconfig<br />
<br />
For more information, go to [[Quartus]]<br />
<br />
== Install EOS ==<br />
<br />
Instructions from here:<br />
http://eos-docs.web.cern.ch/eos-docs/quickstart/setup_repo.html<br />
<br />
<pre><br />
rpm -vh --install https://dss-ci-repo.web.cern.ch/dss-ci-repo/eos/citrine/tag/el-7/x86_64/eos-repo-el7-generic-1.noarch.rpm<br />
yum-config-manager --disable eos-citrine # disable auto-update because all packages are not signed<br />
yum-config-manager --disable eos-dep # disable auto-update because all packages are not signed.<br />
yum install eos-client eos-fuse --enablerepo=eos-citrine<br />
</pre><br />
<br />
== Install fix for the el7 systemd dbus boot hang ==<br />
<br />
Around early Summer 2018 el7 started showing a boot problem. In the nutshell,<br />
there is a problem with the dbus connection between dbus and systemd that<br />
prevents polkit, firewalld, etc from starting. The system eventually boots<br />
enough that one can ssh into it, but most things do not work. Notably,<br />
polkit is not running, firewalld is not running, ssh login takes about 15-30 second.<br />
<br />
Solution is to add a special systemd service to check that dbus started correctly.<br />
It that runs after dbus is started, but before it is used, and it restarts dbus in a loop<br />
with a delay until dbus starts correctly. In testing, dbus always starts correctly after<br />
the first retry.<br />
<br />
<pre><br />
cd ~root/git/scripts/etc<br />
git pull<br />
/bin/cp -vf systemd-check-dbus.perl /usr/bin/<br />
/bin/cp -vf systemd-check-dbus.service /etc/systemd/system/<br />
systemctl daemon-reload<br />
systemctl enable systemd-check-dbus<br />
systemctl start systemd-check-dbus<br />
systemctl status systemd-check-dbus<br />
</pre><br />
<br />
After linux boots, if everything was okey, the script will report this:<br />
<pre><br />
[root@iris01 ~]# systemctl status systemd-check-dbus<br />
...<br />
Feb 08 17:15:49 iris01.triumf.ca systemd[1]: Starting Check that systemd is registered with dbus...<br />
Feb 08 17:15:49 iris01.triumf.ca sh[4283]: Starting check for systemd dbus connection<br />
Feb 08 17:15:50 iris01.triumf.ca sh[4283]: List: string "org.freedesktop.DBus"<br />
Feb 08 17:15:50 iris01.triumf.ca sh[4283]: List: string "org.freedesktop.systemd1"<br />
Feb 08 17:15:50 iris01.triumf.ca sh[4283]: systemd1 dbus service exists, success!<br />
Feb 08 17:15:50 iris01.triumf.ca sh[4283]: Finished check for systemd dbus connection<br />
Feb 08 17:15:50 iris01.triumf.ca systemd[1]: Started Check that systemd is registered with dbus.<br />
</pre><br />
<br />
If the boot problem happened, the script will report about restarting dbus.<br />
<br />
Note: the systemd service file adjusts the start order of other services, this adjustment seems to reduce the probability of the problem.<br />
<br />
== Configure GRUB boot loader (CentOS7, CentOS8) ==<br />
<br />
* emacs -nw /etc/default/grub, remove "rhgb" and "quiet" from GRUB_CMDLINE_LINUX<br />
* grub2-mkconfig -o /boot/grub2/grub.cfg<br />
* grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg<br />
* grub2-editenv list # show contents of boot environement file<br />
* /bin/rm /boot/grub2/grubenv # remove stale settings, make grub2 boot from first entry in config file<br />
<br />
== Install memtest86+ (CentOS7, CentOS8) ==<br />
<br />
<pre><br />
yum -y install memtest86+<br />
/bin/cp -vf /usr/share/memtest86+/20_memtest86+ /etc/grub.d/<br />
/bin/chmod a+x /etc/grub.d/20_memtest86+ <br />
grub2-mkconfig -o /boot/grub2/grub.cfg<br />
</pre><br />
<br />
== Disable ELREPO ==<br />
<br />
<pre><br />
sed 's/enabled=.*/enabled=0/' -i /etc/yum.repos.d/elrepo_triumf.repo<br />
sed 's/enabled=.*/enabled=0/' -i /etc/yum.repos.d/elrepo.repo<br />
</pre><br />
<br />
== Reduce install size (optional) ==<br />
<br />
This is optional. Only do this if reducing the size of the OS image is very important.<br />
<br />
Do this for VME processors.<br />
<br />
<pre><br />
yum erase "texlive*" "java*" "boost*" libreoffice"*"<br />
#yum erase "xemacs*"<br />
yum erase "libstdc++-docs"<br />
yum erase firefox google-chrome"*"<br />
yum clean all<br />
</pre><br />
<br />
<pre><br />
/bin/rm -rf /usr/share/help<br />
/bin/rm -rf /usr/share/doc<br />
</pre><br />
<br />
== Update from el7.6 to el7.7 ==<br />
<br />
<pre><br />
yum-config-manager --disable zfs<br />
yum-config-manager --disable zfs-kmod<br />
yum-config-manager --disable zfs-testing-kmod<br />
yum versionlock delete zfs<br />
yum versionlock delete kernel<br />
yum -y update "yum*" "rpm*"<br />
yum -y erase libqtxdg lxqt-qtplugin ### LXQT is not compatible<br />
yum update<br />
after rebooting into el7.7, follow instructions for updating ZFS from version 0.7 to 0.8.<br />
</pre><br />
<br />
== Finish installation ==<br />
<br />
reboot<br />
<br />
== Special hardware settings ==<br />
<br />
=== ASUS Crosshair mobo ===<br />
<br />
* use BIOS version 1207 or newer<br />
* (before CentOS7) sensors need these drivers from ELREPO: yum install --noplugins kmod-it87 kmod-k10temp; sensors-detect; service lm_sensors restart; sensors<br />
* CentOS7: installs correct drivers automatically<br />
<br />
=== ASUS Crosshair-II mobo ===<br />
<br />
* use BIOS version 2607 or newer<br />
* for the onboard IDE to work, add "all-generic-ide" to kernel boot options in grub.conf<br />
* sensors need these drivers from ELREPO: yum install --noplugins kmod-it87 kmod-k10temp; sensors-detect; service lm_sensors restart; sensors<br />
<br />
=== ASUS P7P55D EVO mobo ===<br />
<br />
* use BIOS version 2004 or newer<br />
* SL6 - install special driver for on board PCIe GigE network port and disable on board PCI GigE network port:<br />
** yum --enablerepo elrepo install kmod-r8168 kmod-r8169<br />
** # do not do this: sed 's/^blacklist/#blacklist/' -i /etc/modprobe.d/blacklist-r8169.conf<br />
** reboot<br />
** verify that correct drivers are loaded: ethtool -i eth0; ethtool -i eth1<br />
** note: there will be no eth1 - r8169 driver is disabled.<br />
<br />
=== ASUS P6X58-E-WS mobo ===<br />
<br />
* BIOS settings<br />
** F1 or DEL to enter BIOS setup, F8 boot menu<br />
** go to POWER->HW mon, confirm CPU temperature is around 30C. (heatsink is installed correctly. Bad heatsink temperature quickly goes up to 50-70C).<br />
** Main menu: Storage config - SATA change IDE->AHCI<br />
** System information: confirm BIOS version 301, CPU type, memory size<br />
** AI Tweak: set DRAM frequency - AUTO->DDR3-1333<br />
** Advanced->Onboard devices: LAN BOOT: enabled<br />
** Power->HW monitor: CPU Q-FAN: enabled<br />
** Boot->Settings: Quick boot: enabled; Full screen logo: disabled; Wait for F1: disabled<br />
** Save and exit<br />
<br />
=== ASUS E35M1-M PRO mobo ===<br />
<br />
* http://www.asus.com/Motherboards/E35M1M_PRO/#specifications<br />
* use BIOS version 1002 or newer<br />
* for CPU temperature: install kmod-k10temp from ELREPO (kmod-k10temp-0.0-4.el6.elrepo.x86_64.rpm)<br />
* for Sensors: yum --enablerepo elrepo install kmod-w83627ehf; modprobe w83627ehf; sensors<br />
* for Graphics: yum --enablerepo elrepo install kmod-fglrx fglrx-x11-drv<br />
* to enable booting from USB3, edit /etc/dracut.conf, change line "add_drivers" to read: add_drivers+="xhci-hcd"<br />
* to use multiple monitors, run "aticonfig --initial --heads=2 --adapter=1 --xinerama=on", to change screen layout, edit /etc/X11/xorg.conf. Only dual monitors DVI+HDMI seem to work. Tripple monitors does not seem to work.<br />
<br />
Sensors instructions below are obolete (use driver from ELREPO)<br />
* for Sensors, install driver for NCT6776F chip from https://github.com/groeck/w83627ehf/archives/master (in the Makefile, change the line "KERNEL_BUILD=" to read: "KERNEL_BUILD:=/usr/src/kernels/$(TARGET)"):<br />
<pre><br />
cd ~root<br />
wget http://ladd00.triumf.ca/~olchansk/linux/groeck-w83627ehf-dd3e543/w83627ehf.ko<br />
echo "modprobe hwmon; modprobe hwmon-vid; modprobe k10temp; rmmod w83627ehf; insmod /root/w83627ehf.ko" >> /etc/rc.local<br />
</pre><br />
<br />
=== ASUS E45M1-M PRO mobo ===<br />
<br />
* https://www.asus.com/Motherboards/E45M1M_PRO/#specifications<br />
* use BIOS 1202 or newer<br />
* follow the E35M1-M PRO instructions above<br />
<br />
=== ASUS P9X79 WS ===<br />
<br />
* http://www.asus.com/Motherboard/P9X79_WS/<br />
* use BIOS version 3101, 3401, 4701 or newer. If BIOS is 1305 or older, install P9X79-WS-CAP-Converter.ROM (BIOS 2902/3101), then the new BIOS.<br />
* (not needed for CentOS7) for CPU temperature, install coretemp<br />
* (not needed for CentOS7) for sensors, install driver for NCT6776F chip same as E35M1-M above.<br />
* BIOS Settings:<br />
** enter "Advanced mode"<br />
** Ai Tweaker -> Ai Overclock Tuner -> Set to "XMP" - this enables DDR3-1600 RAM speed vs DDR3-1333 by default<br />
** Monitor -> CPU fan speed low limit -> Set to "200 RPM" - we are using high efficiency slow turning CPU coolers and the default 600 RPM is right on the edge of firing false warnings<br />
** Boot -> Full screen logo -> Set to "disabled"<br />
** Wait for F1 -> Set to "disabled"<br />
<br />
=== ASUS P8B-M ===<br />
<br />
* use BIOS version 6103 or newer<br />
* for CPU temperature, install coretemp<br />
* for sensors, install driver for NCT6776F chip same as E35M1-M above.<br />
<br />
=== SUPERMICRO X9SCL ===<br />
<br />
* yum install kmod-w83627ehf.x86_64 coretemp<br />
* xemacs -nw /etc/rc.local, add:<br />
<pre><br />
modprobe coretemp<br />
modprobe w83627ehf<br />
</pre><br />
<br />
=== ASUS Z87-WS ===<br />
<br />
<pre><br />
cd ~root<br />
wget http://ladd00.triumf.ca/~olchansk/linux/nct6775.ko<br />
echo modprobe hwmon-vid >> /etc/rc.local<br />
echo insmod /root/nct6775.ko >> /etc/rc.local<br />
/etc/rc.local<br />
sensors<br />
</pre><br />
<br />
=== ASUS Z97-WS ===<br />
<br />
the nct6775 driver does not work because of conflict with ACPI.<br />
<br />
=== ASUS AM1M-A ===<br />
<br />
* use BIOS 602 or later<br />
* SL6.5 installer cannot use USB2 ports and the network. Use USB3 ports (blue colour) to boot USB installer (memtest, rescue, etc)<br />
* SL6.5 kernels require boot option "iommu=soft" or USB2 and network do not work. (USB3 - blue ports - seems okey)<br />
* install ATI/AMD video drivers from ELREPO (see below)<br />
* sensors chip is ITE IT8623E, for SL6, use standalone driver from lm_sensors. (2 fans rpm, 2 temperatures):<br />
<pre><br />
cd ~root<br />
wget http://ladd00.triumf.ca/~olchansk/linux/it87.ko<br />
echo modprobe hwmon_vid >> /etc/rc.local<br />
echo insmod /root/it87.ko >> /etc/rc.local<br />
. /etc/rc.local<br />
</pre><br />
* for el7 use it87.ko driver:<br />
<pre><br />
cd ~root<br />
wget https://daqshare.triumf.ca/~olchansk/linux/CentOS7/it87.ko<br />
echo modprobe hwmon_vid >> /etc/rc.local<br />
echo insmod /root/it87.ko >> /etc/rc.local<br />
. /etc/rc.local<br />
</pre><br />
* sensors output:<br />
<pre><br />
[root@midemma02 ~]# sensors<br />
radeon-pci-0008<br />
Adapter: PCI adapter<br />
temp1: +22.0°C (crit = +120.0°C, hyst = +90.0°C)<br />
<br />
fam15h_power-pci-00c4<br />
Adapter: PCI adapter<br />
power1: N/A (crit = 25.00 W)<br />
<br />
k10temp-pci-00c3<br />
Adapter: PCI adapter<br />
temp1: +22.2°C (high = +70.0°C)<br />
(crit = +70.0°C, hyst = +69.0°C)<br />
<br />
it8603-isa-0290<br />
Adapter: ISA adapter<br />
in0: +0.96 V (min = +2.50 V, max = +2.95 V) ALARM<br />
in1: +2.23 V (min = +0.94 V, max = +1.22 V) ALARM<br />
in2: +2.03 V (min = +0.74 V, max = +0.77 V) ALARM<br />
in3: +2.00 V (min = +1.26 V, max = +0.13 V) ALARM<br />
in4: +2.23 V (min = +2.95 V, max = +2.15 V) ALARM<br />
3VSB: +3.36 V (min = +6.00 V, max = +2.50 V) ALARM<br />
Vbat: +3.22 V <br />
+3.3V: +3.36 V <br />
fan1: 611 RPM (min = 200 RPM)<br />
fan2: 707 RPM (min = 600 RPM) ALARM<br />
temp1: +38.0°C (low = +122.0°C, high = +122.0°C) sensor = thermistor<br />
temp2: +22.0°C (low = +119.0°C, high = -35.0°C) ALARM sensor = thermistor<br />
temp3: -128.0°C (low = +16.0°C, high = +93.0°C) sensor = thermistor<br />
intrusion0: ALARM<br />
<br />
[root@midemma02 ~]# <br />
</pre><br />
* AMD "Athlon(tm) 5350 APU" graphics supports 2 monitors maximum (mobo has 3 video outputs, only 2 can be used together)<br />
<br />
=== Intel SE7230NH1 ===<br />
<br />
* front panel header connector pinout is like this:<br />
<pre><br />
PWR LED | 1 2|<br />
| 3 4|<br />
PWR LED | 5 6|<br />
HDD LED | 7 8|<br />
HDD LED | 9 10|<br />
PWR SW |11 12| NIC1 LED<br />
PWR SW |13 14| NIC1 LED<br />
RST SW |15 16|<br />
RST SW |17 18|<br />
|19 20|<br />
NMI SW |21 22| NIC2 LED<br />
NMI SW |23 24| NIC2 LED<br />
... |... |<br />
|33 34|<br />
</pre><br />
<br />
=== ASUS H110M-A/M.2 ===<br />
<br />
* use BIOS 2003 or later<br />
* dmidecode | grep -i nct reports: Nuvoton NCT5539D<br />
* sensors chip is "NCT6793D or compatible chip", for el7, use this driver:<br />
<pre><br />
cd ~root<br />
wget http://ladd00.triumf.ca/~olchansk/linux/nct6775.ko<br />
echo modprobe hwmon-vid >> /etc/rc.local<br />
echo insmod /root/nct6775.ko >> /etc/rc.local<br />
/etc/rc.local<br />
sensors<br />
</pre><br />
<br />
* sensors output:<br />
<pre><br />
[root@daq03 ~]# sensors<br />
acpitz-virtual-0<br />
Adapter: Virtual device<br />
temp1: +27.8°C (crit = +119.0°C)<br />
temp2: +29.8°C (crit = +119.0°C)<br />
<br />
nct6793-isa-0290<br />
Adapter: ISA adapter<br />
in0: +0.34 V (min = +0.00 V, max = +1.74 V)<br />
in1: +1.02 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in2: +3.39 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in3: +3.39 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in4: +1.02 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in5: +0.15 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in6: +0.97 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in7: +3.38 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in8: +3.12 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in9: +1.00 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in10: +0.14 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in11: +0.12 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in12: +0.14 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in13: +0.12 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in14: +0.13 V (min = +0.00 V, max = +0.00 V) ALARM<br />
fan1: 1041 RPM (min = 0 RPM)<br />
fan2: 1020 RPM (min = 0 RPM)<br />
fan5: 0 RPM (min = 0 RPM)<br />
fan6: 0 RPM<br />
SYSTIN: +119.0°C (high = +98.0°C, hyst = +95.0°C) sensor = thermistor<br />
CPUTIN: +26.5°C (high = +80.0°C, hyst = +75.0°C) sensor = thermistor<br />
AUXTIN0: +27.5°C sensor = thermistor<br />
AUXTIN1: +112.0°C sensor = thermistor<br />
AUXTIN2: +111.0°C sensor = thermistor<br />
AUXTIN3: +111.0°C sensor = thermistor<br />
PECI Agent 0: +28.0°C (high = +98.0°C, hyst = +95.0°C)<br />
(crit = +100.0°C)<br />
PECI Agent 0 Calibration: +25.5°C <br />
PCH_CHIP_CPU_MAX_TEMP: +0.0°C <br />
PCH_CHIP_TEMP: +0.0°C <br />
intrusion0: ALARM<br />
intrusion1: ALARM<br />
beep_enable: disabled<br />
<br />
coretemp-isa-0000<br />
Adapter: ISA adapter<br />
Physical id 0: +31.0°C (high = +80.0°C, crit = +100.0°C)<br />
Core 0: +31.0°C (high = +80.0°C, crit = +100.0°C)<br />
Core 1: +28.0°C (high = +80.0°C, crit = +100.0°C)<br />
<br />
[root@daq03 ~]# <br />
</pre><br />
<br />
=== Supermicro X11SSH-F ===<br />
<br />
* blacklist the mei and mei_me drivers per http://www.supermicro.com/support/faqs/faq.cfm?faq=14537<br />
<pre><br />
[root@alpha00 ~]# more /etc/modprobe.d/blacklist.conf<br />
blacklist mei<br />
blacklist mei_me<br />
[root@alpha00 ~]# <br />
</pre><br />
* mobo requires M.2 PCIe SSD (M.2 SATA SSD would not work. SATA SATA SSD ok)<br />
* boot from M.2 PCIe SSD requires UEFI boot (from an MSDOS partition on the SSD)<br />
<br />
=== ASUS TUF Z390M-PRO GAMING (WI-FI) ===<br />
<br />
* BIOS 2417 is okey, upgrade to this if older<br />
* do not set XMP memory mode<br />
* in the BIOS, enable the boot compatibility support module mode: BIOS (press DEL) -> Advanced mode -> BOOT -> CSM Module -> Enable CSM "yes".<br />
* for SL6, install e1000e driver from ELREPO:<br />
<pre><br />
yum install --enablerepo=elrepo kmod-e1000e<br />
</pre><br />
* sensors chip appears to be "Nuvoton NCT6798D" not clear what driver to use<br />
* dmidecode | grep -i nct reports: Nuvoton NCT6798D<br />
* kmod-nct6775-0.0-5.el7_7.elrepo.x86_64.rpm from ELrepo finds the chip but bombs because of conflict with ACPI<br />
<br />
=== ASUS PRIME X399-A ===<br />
<br />
* BIOS 1002<br />
* for reading temperatures and fan rotations, install driver: https://github.com/electrified/asus-wmi-sensors/issues/29<br />
<br />
== Configure X11 graphics ==<br />
<br />
=== Special settings for DAQ ===<br />
<br />
* add the following at the end of /etc/X11/xorg.conf. The enables Ctrl-Alt-KP-/ and Ctrl-Alt-KP-* to unlock the keyboard after Altera Quartus crash:<br />
<pre>Section "ServerFlags"<br />
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Option "AllowDeactivateGrabs" "true"<br />
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Option "AllowClosedownGrabs" "true"<br />
EndSection</pre><br />
<br />
=== Install NVIDIA drivers ===<br />
<br />
* yum --enablerepo=elrepo install nvidia-detect<br />
* run: nvidia-detect<br />
* as instructed by nvidia-detect, install correct driver:<br />
** yum --enablerepo=elrepo install kmod-nvidia<br />
** yum --enablerepo=elrepo install kmod-nvidia-304xx<br />
** yum --enablerepo=elrepo install kmod-nvidia-173xx<br />
* (before SL6.x: if it fails due to conflict with module-init-tools, run "yum --disablerepo \* --enablerepo elrepo update module-init-tools")<br />
* yum erase xorg-x11-glamor ### see http://elrepo.org/tiki/kmod-nvidia (search for glamor)<br />
* mv /etc/X11/xorg.conf /etc/X11/xorg.conf-xxx<br />
* nvidia-xconfig<br />
* (SL6) reboot<br />
* (SL5) /dev/MAKEDEV nvidia<br />
* (SL5) restart the X11 server (Ctrl-Alt-Backspace or "killall Xorg gdm-binary")<br />
* observe that X11 server restarts using the NVIDIA driver (big NVIDIA logo on startup)<br />
* if needed, login as root and run "nvidia-settings" to setup dual-screen configuration, etc<br />
<br />
=== Install legacy NVIDIA drivers ===<br />
<br />
For old NVIDIA cards:<br />
* GeForce FX 5500<br />
<br />
<pre><br />
wget http://us.download.nvidia.com/XFree86/Linux-x86/173.14.31/NVIDIA-Linux-x86-173.14.31-pkg1.run<br />
sh ./NVIDIA-Linux-x86-173.14.31-pkg1.run<br />
</pre><br />
<br />
* GeForce 6200 - NVIDIA Corporation NV44A [GeForce 6200]<br />
<pre><br />
yum install nvidia-x11-drv-304xx-304.121 --enablerepo=elrepo<br />
nvidia-xconfig<br />
rmmod nvidia<br />
killall gdm-binary<br />
login as root<br />
nvidia-settings to setup multiple displays<br />
</pre><br />
<br />
=== Install ATI/AMD drivers ===<br />
<br />
* yum --enablerepo elrepo install kmod-fglrx fglrx-x11-drv<br />
* check that /etc/X11/xorg.conf section "Device" entry "Driver" says "fglrx"<br />
* run "aticonfig --initial" to create xorg.conf if existing one is not good<br />
* run "amdcccle" as root to configure dual-screens, etc<br />
Note: 'amdcccle' is a GUI, so you must run this command from within a running X session<br />
* killall Xorg<br />
<br />
=== Install ATI/AMD drivers (CentOS7) ===<br />
<br />
* wget http://elrepo.org/linux/testing/el7/x86_64/RPMS/fglrx-x11-drv-15.12-3.el7.elrepo.x86_64.rpm<br />
* wget http://elrepo.org/linux/testing/el7/x86_64/RPMS/kmod-fglrx-15.12-3.el7.elrepo.x86_64.rpm<br />
* yum install acpid<br />
* rpm -vh --install kmod-fglrx-15.12-3.el7.elrepo.x86_64.rpm fglrx-x11-drv-15.12-3.el7.elrepo.x86_64.rpm<br />
* amdconfig -f --initial<br />
* grub2-mkconfig -o /boot/grub2/grub.cfg<br />
* reboot<br />
* login as root<br />
* amdcccle<br />
<br />
NOTE: if both drivers - radeon and fglrx are loaded, boot will hang. the radeon driver is supposed to be blacklisted through grub rdblacklist=radeon entry which is installed by running grub2-mkconfig.<br />
<br />
=== Install Intel drivers for HD4600/Z87 ===<br />
<br />
SL6.5 has the required drivers for the socket 1150 machines with Intel HD4600 graphics and Z87 chipset.<br />
<br />
ASUS Z87 WS motherboard has these video connections with corresponding Intel video port assignements, as reported by "xrandr":<br />
* DisplayPort - DP1/HDMI1<br />
* MiniDisplayPort - DP2/HDMI2<br />
* HDMI - HDMI3<br />
<br />
Due to hardware limitations, 3 HDMI monitors using 2 passive DP-HDMI adapters (and 1 straight HDMI) cannot be used.<br />
<br />
To use 3 monitors do this:<br />
* 1st monitor: DisplayPort - DP-to-HDMI-passive-adapter - HDMI monitor (not tried: DP-to-DP-cable - DisplayPort monitor).<br />
* 2nd monitor: MiniDisplayPort - MiniDP-to-DP-cable - DisplayPort monitor<br />
* 3rd monitor: HDMI - HDMI-cable - HDMI monitor<br />
<br />
With the monitors I have (Dell 1920x1200 VGA-HDMI-DP), the software thinks that there are 4 monitors: somehow both DP2 and HDMI2 see 1 minitor each, but the hardware cannot drive 4 monitors, so everything goes blank. To fix, disable HDMI2 (xrandr -display :0 --output HDMI2 --off) and enable DP2 (xrandr -display :0 --output DP2 --auto).<br />
<br />
How to make this configuration permanent and how to assign monitor locations (left-right, etc), you figure it out.<br />
<br />
=== Manual selection of monitor, video mode and resolution ===<br />
<br />
Automatic selection of monitor and video mode usually works. When it does not, configure it manualls:<br />
<br />
* physically go to the computer<br />
* login as root<br />
* run "nvidia-settings" on machines using the NVIDIA driver<br />
* run "aticonfig" on machines with the ATI/AMD driver (use "aticonfig --initial" for initial setup, and good luck with anything more complicated)<br />
* run "system-config-display".<br />
** In the "hardware" tab, select monitor type: "generic LCD 1280x1024" or "generic LCD 1600x1200".<br />
** In the "settings" tab, select "1280x1024" or "1600x1200" and "Thousands of colors".<br />
** Press "ok", the display settings application should close.<br />
* Logout, the new login window should use the new settings.<br />
<br />
=== Disable screen saver ===<br />
<br />
If machine is booted without any monitor connected, current video cards to not enable any video outputs. If a monitor is connected later, there is no video image and there is no easy way to get a video image.<br />
<br />
This can be solved by configuring X11 to always enable some video output. Because the monitor type is not known when X11 starts, one has to select some standard video mode (i.e. VESA 1280x1024) on some video output (VGA, DVI or HDMI).<br />
<br />
Only NVIDIA cards with the NVIDIA driver (from EPEL) is supported by these instructions.<br />
<br />
* create default xorg.conf: nvidia-xconfig<br />
* edit /etc/X11/xorg.conf<br />
* add monitor section for the fake monitor:<br />
<pre><br />
Section "Monitor"<br />
Identifier "Monitor0"<br />
VendorName "Unknown"<br />
ModelName "Unknown"<br />
HorizSync 31.0 - 83.0<br />
VertRefresh 59.0 - 61.0<br />
Option "DPMS" "off"<br />
ModeLine "1280x1024" 108.00 1280 1328 1440 1688 1024 1025 1028 1066 +hsync +vsync<br />
EndSection<br />
</pre><br />
* add output selection in the "Device" section:<br />
<pre><br />
Section "Device"<br />
Identifier "Device0"<br />
Driver "nvidia"<br />
VendorName "NVIDIA Corporation"<br />
BoardName "GeForce 210"<br />
#Option "ConnectedMonitor" "DFP"<br />
#Option "ConnectedMonitor" "CRT"<br />
Option "ConnectedMonitor" "CRT-1"<br />
Option "UseEDID" "no"<br />
EndSection<br />
</pre><br />
* add fake video mode to the "Screen" section:<br />
<pre><br />
Section "Screen"<br />
Identifier "Screen0"<br />
Device "Device0"<br />
Monitor "Monitor0"<br />
DefaultDepth 24<br />
SubSection "Display"<br />
Depth 24<br />
Modes "1280x1024"<br />
EndSubSection<br />
EndSection<br />
</pre><br />
* disable screen saver and DPMS power off in the "ServerLayout" or "ServerFlags" section:<br />
<pre><br />
Section "ServerLayout"<br />
Identifier "Layout0"<br />
Screen 0 "Screen0" 0 0<br />
InputDevice "Keyboard0" "CoreKeyboard"<br />
InputDevice "Mouse0" "CorePointer"<br />
Option "Xinerama" "0"<br />
Option "BlankTime" "0"<br />
Option "StandbyTime" "0"<br />
Option "SuspendTime" "0"<br />
Option "OffTime" "0"<br />
EndSection<br />
<br />
Section "ServerFlags" <br />
Option "BlankTime" "0" <br />
Option "StandbyTime" "0" <br />
Option "SuspendTime" "0" <br />
Option "OffTime" "0" <br />
EndSection <br />
</pre><br />
<br />
== Finish installation ==<br />
<br />
* logout and reboot the computer to have all the changes to take effect<br />
<br />
== Configure HTTPS server (CentOS7) ==<br />
<br />
This will configure the HTTPS/SSL certificate using "certbot" and "letsencrypt" and configure an HTTPS web server using apache httpd.<br />
<br />
First, configure apache httpd:<br />
<br />
* execute these commands:<br />
<pre><br />
yum install -y mod_ssl certwatch crypto-utils<br />
cd /etc/httpd/conf.d/<br />
mv ssl.conf ssl.conf-not-used ### remove the stock ssl.conf which refers to the localhost certificate that will expire in 1 year<br />
touch ssl.conf ### create a blank file to prevent automatic updates from installing a stock ssl.conf file<br />
# this is done later: rm /etc/pki/tls/certs/localhost.crt<br />
</pre><br />
* create new file ssl-daq12.conf # use actual hostname instead of daq12<br />
<pre><br />
Listen 443 https<br />
#SSLPassPhraseDialog exec:/usr/libexec/httpd-ssl-pass-dialog<br />
SSLSessionCache shmcb:/run/httpd/sslcache(512000)<br />
SSLSessionCacheTimeout 300<br />
SSLRandomSeed startup file:/dev/urandom 256<br />
SSLRandomSeed connect builtin<br />
SSLCryptoDevice builtin<br />
<br />
<VirtualHost *:443><br />
ServerName daq12.triumf.ca<br />
DocumentRoot /var/www/html<br />
ErrorLog /var/log/httpd/daq12.log<br />
SSLEngine on<br />
# note SSLProtocol, SSLCipherSuite and some other settings are overwritten by /etc/letsencrypt/options-ssl-apache.conf<br />
# new SSL settings: K.O. Jan 2020, SSLlabs rating "A+"<br />
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1<br />
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!SEED:!IDEA:!RC4:!RSA<br />
SSLHonorCipherOrder on<br />
# pervious SSL settings:<br />
#SSLProtocol all -SSLv2 -SSLv3<br />
#SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!SEED:!IDEA:!RC4<br />
SSLCertificateFile /etc/pki/tls/certs/localhost.crt<br />
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key<br />
#SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt<br />
#ProxyPass /elog/ http://localhost:8082/ retry=1<br />
#ProxyPass / http://localhost:8080/ retry=1<br />
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"<br />
<Location /><br />
SSLRequireSSL<br />
AuthType Basic<br />
AuthName "DAQ password protected site"<br />
Require valid-user<br />
# create password file: touch /etc/httpd/htpasswd<br />
# to add new user or change password: htpasswd /etc/httpd/htpasswd username<br />
AuthUserFile /etc/httpd/htpasswd<br />
</Location><br />
</VirtualHost><br />
</pre><br />
* stop httpd from listening on port 80: edit /etc/httpd/conf/httpd.conf, comment-out the line "Listen 80"<br />
* enable and start httpd:<br />
<pre><br />
systemctl enable httpd<br />
systemctl restart httpd<br />
systemctl status httpd<br />
</pre><br />
* try to access https://daq12.triumf.ca<br />
** you should see a complaint about self-signed certificate<br />
** you should see a request for password (do not login yet)<br />
** if you get "connection refused", HTTPS port 443 may need to be enabled in the local firewall, then try again:<br />
<pre><br />
firewall-cmd --add-port=443/tcp --permanent<br />
firewall-cmd --reload<br />
firewall-cmd --list-all<br />
</pre><br />
<br />
Second, configure certbot:<br />
<br />
(Note: as of 2018-01-18 certbot requires use of http port 80 to get the initial https certificate,<br />
renewal can continue to use the https port 443)<br />
<br />
(Note: as of 2019-01-?? certbot requires use of port 80 for renewals)<br />
<br />
* check that port 80 is not used by anything:<br />
* netstat -an | grep LISTEN | grep ^tcp | grep 80<br />
* lsof -P | grep -i tcp | grep LISTEN | grep 80<br />
* if lsof reports that httpd is listening on port 80, follow the httpd instructions above (remove "listen 80" from httpd.conf<br />
<br />
* install certbot and open tcp port 80 in the firewall:<br />
<pre><br />
yum install -y certbot python2-certbot-apache # (from EPEL)<br />
firewall-cmd --add-port=80/tcp --permanent<br />
firewall-cmd --reload<br />
firewall-cmd --list-all<br />
</pre><br />
* certbot certonly --standalone --installer apache # then answer questions:<br />
* "activate HTTPS for daq12.triumf.ca" - say ok<br />
* "enter email address" - enter your own email address<br />
* "please read terms..." - read the terms and say "agree"<br />
* it will take a few moments...<br />
* "please choose..." - say "easy" (http access is disabled (a) by firewall, (b) by local configuration<br />
* "congratulations..." - say ok.<br />
* certbot install --apache --cert-name daq12.triumf.ca # then answer questions:<br />
* "choose redirect..." - say "1" (no redirect)<br />
* look inside ssl-daq12.conf to see that SSLCertificateFile & co point to certbot certificates in /etc/letsencrypt/live/daq12.triumf.ca/<br />
* remove self-signed localhost certificate, it will expire in 1 year and cause warnings and complaints: rm /etc/pki/tls/certs/localhost.crt<br />
* enable automatic renewal<br />
<pre><br />
systemctl enable certbot-renew.timer<br />
systemctl start certbot-renew.timer<br />
systemctl list-timers --all<br />
</pre><br />
<br />
* to check corrent renewal and to update the certbot config file in /etc/letsencrypt/renewal, run this:<br />
<pre><br />
certbot renew --standalone --installer apache --force-renewal<br />
</pre><br />
<br />
NOTE: this certificate will expire in 3 months, automatic renewal should work starting with certbot-0.12.0-4.el7.noarch.<br />
Certificate expiration should be automatically detected by "certwatch" and email<br />
will be sent to local root user, to be forwarded to an actual person by ~root/.forward.<br />
<br />
Third, activate password protection:<br />
<br />
* as shown in the config file above, create password file and initial user: (replace "midas" with specific username)<br />
<pre><br />
touch /etc/httpd/htpasswd<br />
htpasswd /etc/httpd/htpasswd midas<br />
</pre><br />
<br />
Final test:<br />
* access https://daq12.triumf.ca - https status should be "green"<br />
* login with password should work<br />
* the apache httpd test page should load<br />
* check site security using the SSLlabs https tester. (I get grade "A-"): https://www.ssllabs.com/ssltest/<br />
<br />
From here:<br />
* enable proxy for MIDAS mhttpd - uncomment redirect in the config file above<br />
* enable proxy for ELOG - ditto<br />
* setsebool -P httpd_can_network_connect 1<br />
* systemctl restart httpd<br />
<br />
NOTE: if certbot fails with errors about 'module' object has no attribute 'pyopenssl',<br />
try this: pip install requests==2.6.0<br />
<br />
== Configure large RAID6 arrays ==<br />
<br />
* connect the disks<br />
* check the disks health<br />
** run smart-status.perl<br />
* partition the disks<br />
** yum install gdisk<br />
** gdisk /dev/sdX<br />
** delete all partitions: o<br />
** create new partition: n, enter, enter, enter, fd00 (default sizes, partition type fd00)<br />
** write and exit: w<br />
* check presence of all partitions:<br />
** /bin/ls -l /dev/sd*1<br />
* prepare to use an external bitmap file<br />
** touch /md6bitmap<br />
** edit /etc/fstab, change entry for root filesystem from: "defaults 1 1" to "defaults 0 0"<br />
** edit /boot/grub/grub.conf, change entry "kernel ... ro ..." to "kernel ... rw ..."<br />
* create raid array:<br />
** mdadm --create /dev/md6 --level=6 --bitmap=/md6bitmap --raid-devices=10 /dev/sd[b-k]1<br />
** mdadm -Ds >> /etc/mdadm.conf<br />
** cleanup /etc/mdadm.conf<br />
** echo "echo 16384 > /sys/block/md6/md/stripe_cache_size" >> /etc/rc.local<br />
** echo "echo 1 > /sys/block/md6/md/sync_speed_min" >> /etc/rc.local<br />
** source /etc/rc.local<br />
* observe raid array rebuild:<br />
** watch -d -n1 "cat /proc/mdstat"<br />
<br />
== Configure ZFS ==<br />
<br />
=== Install ZFS ===<br />
<br />
(from here: https://github.com/zfsonlinux/zfs/wiki/RHEL-%26-CentOS)<br />
<br />
Follow the instructions for "kABI-tracking kmod" - dkms modules seem to always mess up the system when upgrading to next release of zfs.<br />
<br />
<pre><br />
#rpm -vh --install http://archive.zfsonlinux.org/epel/zfs-release.el7.noarch.rpm<br />
#yum install http://download.zfsonlinux.org/epel/zfs-release.el7.noarch.rpm<br />
#yum install http://download.zfsonlinux.org/epel/zfs-release.el7_3.noarch.rpm<br />
#yum install http://download.zfsonlinux.org/epel/zfs-release.el7_4.noarch.rpm<br />
#yum install http://download.zfsonlinux.org/epel/zfs-release.el7_5.noarch.rpm<br />
#yum install http://download.zfsonlinux.org/epel/zfs-release.el7_6.noarch.rpm<br />
yum install http://download.zfsonlinux.org/epel/zfs-release.el7_7.noarch.rpm<br />
yum-config-manager --disable zfs<br />
yum-config-manager --disable zfs-kmod<br />
yum --enablerepo=zfs-kmod install zfs<br />
#sed 's/^SELINUX=.*/SELINUX=disabled/' -i /etc/selinux/config<br />
echo USE_DISK_BY_ID=\'yes\' >> /etc/default/zfs<br />
#shutdown -r now # required to load the zfs kernel modules and to disable selinux<br />
modprobe zfs # should work<br />
zpool status # should report no pools available<br />
</pre><br />
<br />
#Note: zfs and selinux and not compatible: with selinux enabled, files on zfs cannot be deleted (files are gone, but "df" does not go down, zfs-0.6.5.7-1.el7.centos.x86_64), see #https://github.com/zfsonlinux/zfs/issues/4845<br />
<br />
* http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/zfs-quickstart.html)<br />
* http://www.freebsd.org/cgi/man.cgi?query=zpool&sektion=8<br />
<br />
If ZFS kernel module does not load automatically at boot time, add this to load it manually:<br />
<pre><br />
ls -l /etc/sysconfig/modules/<br />
cat > /etc/sysconfig/modules/zfs.modules <<EOF<br />
if [ ! -e /sys/module/zfs ] ; then<br />
modprobe zfs;<br />
fi<br />
EOF<br />
chmod +x /etc/sysconfig/modules/zfs.modules<br />
</pre><br />
<br />
=== Update ZFS 0.7 to 0.8 ===<br />
<br />
For CentOS-7.6:<br />
<br />
<pre><br />
yum-config-manager --disable zfs<br />
yum-config-manager --disable zfs-kmod<br />
yum-config-manager --disable zfs-testing-kmod<br />
yum --enablerepo=zfs-testing-kmod --showduplicates list zfs # list all available versions in "zfs-testing-kmod"<br />
yum erase zfs spl<br />
yum --enablerepo=zfs-testing-kmod --showduplicates install zfs # maybe specify specific version<br />
</pre><br />
<br />
For CentOS-7.7:<br />
<br />
<pre><br />
rm /etc/yum.repos.d/zfs.repo* ### delete old repo files<br />
yum upgrade http://download.zfsonlinux.org/epel/zfs-release.el7_7.noarch.rpm<br />
yum-config-manager --disable zfs<br />
yum-config-manager --disable zfs-kmod<br />
yum erase zfs spl<br />
yum --enablerepo=zfs-kmod install zfs<br />
</pre><br />
<br />
Note: if you see yum offering to install "dkms" and "zfs-dkms", the yum config is wrong (we use the kmod-zfs package), check that "zfs" repo is disabled, "zfs-kmod" repo is enabled - see the yum-config-manager commands above.<br />
<br />
=== Lock kernel and zfs packages ===<br />
<br />
<pre><br />
yum versionlock kernel<br />
yum versionlock zfs<br />
yum-config-manager --disable zfs<br />
yum-config-manager --disable zfs-kmod<br />
</pre><br />
<br />
=== Follow generic ZFS instructions ===<br />
<br />
Here: [[ZFS]]<br />
<br />
== performance notes ==<br />
<br />
Go here: [[disk_benchmarks]]<br />
<br />
== Configure UEFI boot ==<br />
<br />
Some mobo can boot from NVME (PCIe) SSDs only via UEFI boot. Do this:<br />
<br />
* partition the NVME SSD using gdisk (must be GPT partition table, must have MSDOS EFI partition size 512MiB)<br />
<pre><br />
[root@alpha00 ~]# gdisk -l /dev/nvme0n1<br />
GPT fdisk (gdisk) version 0.8.6 ...<br />
Found valid GPT with protective MBR; using GPT.<br />
Disk /dev/nvme0n1: 500118192 sectors, 238.5 GiB<br />
Logical sector size: 512 bytes<br />
Disk identifier (GUID): 1A82CC87-2757-44ED-980F-C78E3681D9D3<br />
Partition table holds up to 128 entries<br />
First usable sector is 34, last usable sector is 500118158<br />
Partitions will be aligned on 2048-sector boundaries<br />
Total free space is 2014 sectors (1007.0 KiB)<br />
<br />
Number Start (sector) End (sector) Size Code Name<br />
1 2048 1050623 512.0 MiB EF00 EFI System<br />
2 1050624 500118158 238.0 GiB 8300 Linux filesystem<br />
[root@alpha00 ~]# <br />
</pre><br />
* create filesystems<br />
<pre><br />
mkfs.msdos /dev/nvme0n1p1<br />
mkfs.xfs /dev/nvme0n1p2<br />
</pre><br />
* prepare EFI partition<br />
<pre><br />
mkdir /mnt/efi<br />
mount /dev/nvme0n1p1 /mnt/efi<br />
mkdir -p /mnt/efi/efi/boot<br />
cp /boot/vmlinuz... vmlinuz # copy the desired linux kernel<br />
cp /boot/initramfs... initramfs.img # copy the matching initramfs file<br />
#from /home/olchansk/sysadm/syslinux/syslinux-6.03 copy<br />
cp .../efi64/efi/syslinux.efi .<br />
cp .../efi64/com32/elflink/ldlinux/ldlinux.e64 .<br />
cp syslinux.efi bootx64.efi<br />
</pre><br />
* create syslinux config file: syslinux.cfg<br />
<pre><br />
default linux<br />
label linux<br />
kernel vmlinuz<br />
append ro root=/dev/nvme0n1p2 nomodeset initrd=initramfs.img<br />
</pre><br />
* prepare system partition<br />
<pre><br />
mkdir /mnt/tmp<br />
mount /dev/nvme0n1p2 /mnt/tmp<br />
rsync -avx / /mnt/tmp<br />
cd /mnt/tmp<br />
#edit etc/fstab<br />
#edit etc/syslinux/selinux # set selinux to permissive mode because rsync did not copy the selinux labels<br />
</pre><br />
* unmount and reboot<br />
* restore selinux labels after first boot<br />
<pre><br />
#login as root<br />
cd /<br />
restorecon -R / # can also add "-v" to see progress, but runs much slower<br />
#edit /etc/sysconfig/selinux # enable selinux<br />
#shutdown -r now # reboot with selinux enabled<br />
</pre><br />
<br />
= Configure UEFI secure boot =<br />
<br />
The above instructions do not quite work if "secure boot" is enabled.<br />
<br />
These modifications are needed:<br />
<br />
* ls -l /boot/efi/EFI/bootko/<br />
<pre><br />
total 140116<br />
-rwxr-xr-x 1 root root 108 Feb 24 15:47 BOOTX64.CSV<br />
-rwxr-xr-x 1 root root 1334816 Feb 24 16:16 bootx64.efi<br />
-rwxr-xr-x 1 root root 217495 Feb 24 16:16 config-4.15.0-74-generic<br />
-rwxr-xr-x 1 root root 105 Feb 24 15:47 grub.cfg<br />
-rwxr-xr-x 1 root root 199952 Feb 24 16:16 grubx64.efi<br />
-rwxr-xr-x 1 root root 58986147 Feb 24 16:16 initramfs.img<br />
-rwxr-xr-x 1 root root 58986147 Feb 24 16:16 initrd.img-4.15.0-74-generic<br />
-rwxr-xr-x 1 root root 139968 Feb 24 16:16 ldlinux.e64<br />
-rwxr-xr-x 1 root root 1269496 Feb 24 15:47 mmx64.efi<br />
-rwxr-xr-x 1 root root 1334816 Feb 24 16:16 shimx64.efi<br />
-rwxr-xr-x 1 root root 171 Feb 24 16:16 syslinux.cfg<br />
-rwxr-xr-x 1 root root 102 Feb 24 16:16 syslinux.cfg~<br />
-rwxr-xr-x 1 root root 199952 Feb 24 16:16 syslinux.efi<br />
-rwxr-xr-x 1 root root 4068355 Feb 24 16:16 System.map-4.15.0-74-generic<br />
-rwxr-xr-x 1 root root 8367768 Feb 24 16:16 vmlinuz<br />
-rwxr-xr-x 1 root root 8367768 Feb 24 16:16 vmlinuz-4.15.0-74-generic<br />
</pre><br />
** shmix64.efi is a copy from /boot/efi/EFI/ubuntu<br />
** bootx64.efi is a copy of shimx64.efi (maybe not needed?)<br />
** grubx64.efi is a copy of syslinux.efi<br />
* efibootmgr -c -d /dev/nvme0n1 -p 2 -w -L bootko -l '\EFI\bootko\shimx64.efi'<br />
* efibootmgr -v<br />
<pre><br />
root@daqubuntu:~# efibootmgr -v<br />
BootCurrent: 0000<br />
Timeout: 1 seconds<br />
BootOrder: 0000,0001,0002<br />
Boot0000* bootko HD(2,GPT,5d1cac95-29dd-4d8a-a56e-a8f414dd4047,0x800,0x100000)/File(\EFI\BOOTKO\SHIMX64.EFI)<br />
Boot0001* Hard Drive BBS(HD,,0x0)..GO..NO........y.I.N.T.E.L. .S.S.D.P.E.K.K.W.1.2.8.G.7....................A.......................................<..Gd-.;.A..MQ..L.I.N.T.E.L. .S.S.D.P.E.K.K.W.1.2.8.G.7........BO<br />
Boot0002* ubuntu HD(2,GPT,5d1cac95-29dd-4d8a-a56e-a8f414dd4047,0x800,0x100000)/File(\EFI\UBUNTU\SHIMX64.EFI)..BO<br />
root@daqubuntu:~# <br />
</pre><br />
* NOTE: if, after running "efibootmgr -c", the UUID is zero, then it probably did not take and the entry will vanish after reboot. In my case the mistake was to use "-p 1" instead of "-p 2".<br />
<br />
Boot sequence is this:<br />
* shmix64.efi - Microsoft-signed boot loader is accepted by secure boot, loads and runs<br />
* shimx64.efi loads and runs grubx64.efi, this file name is hardwired into the signed shim, cannot be changed<br />
* grubx64.efi is syslinux.efi (could be anything)<br />
* syslinux.efi runs, loads syslinux.cfg, loads the linux kernel, loads the initrd, runs the linux kernel with specified flags (ro root=...).<br />
<br />
= UEFI syslinux kernel update =<br />
<br />
To update the linux kernel booted by UEFI syslinux, use this script:<br />
* ~root/git/scripts/etc/update_efi.perl</div>
Lindner
https://daq00.triumf.ca/DaqWiki/index.php?title=SLinstall&diff=3026
SLinstall
2020-09-12T14:31:44Z
<p>Lindner: /* Configure NIS secondary server (CentOS7) */</p>
<hr />
<div>== Notes ==<br />
<br />
* these instructions are periodically updated to include items needed for older/newer versions of Linux. They are marked like this: (SL4.2+) means Scientific Linux 4.2 and newer; (SL4 is equivalent to FC3). (FC5 only) means Fedora Core 5; etc.<br />
* obsolete items are marked by the "#" sign at the beginning of the line and sometimes have a comment about the reason for removal.<br />
* typically, we do not "upgrade" machines using the Red Hat "upgrade" function. Instead, we save critical files from the old installation and do a "fresh install" from scratch<br />
* starting with RHEL7, the recommended OS is CentOS7 (instead of SL7).<br />
<br />
== Disk configurations ==<br />
<br />
The year is 2019 and SSDs are used exclusively, except for bulk data storage, where one used 6-8-10-12 TB HDDs<br />
<br />
For reliability, home directories and data disks must use redundant storage - mdadm raid1 or ZFS raid1/raid6.<br />
<br />
For non-critical machines, a single SSD seems to be reliable enough to use as a boot and OS disk. But since any<br />
storage device can fail at any time without warning, home directories and data disks should use redundant storage.<br />
<br />
Note: for data disks bigger than 4-6TB, mdadm raid1/raid6 is no longer recommended because raid rebuild,<br />
verification and repair time has become unreasonably long. Instead, use ZFS raid1/raid6 which implements online verification,<br />
repair and disk replacement without requiring machine shutdown or OS down time.<br />
<br />
* single SSD - 120GB min - single partition for "/", no swap partition (create a swap file if swap is needed) - for non-critical machine with no local data storage (OS only)<br />
* dual SSD - 2x240GB min - all partitions mirrored (RAID1), 30GB "/", rest for /home1 - for daq station with local user home directories and no bulk data storage<br />
* single SSD + 2x6-8-10-12TB HDD - SSD partition: all "/", HDD partition as ZFS raid1 (mirrored) - for daq station with small local bulk data storage<br />
* single SSD + 6-8x6-8-10-12TB HDD - for small storage server machines - for daq station with local home directories and large bulk data storage.<br />
<br />
For VME processors:<br />
<br />
* network boot - [[VME-CPU#Network_boot]] - only option for V7648/V7750, do not use for V7805 (no netboot from GigE), optional for V7865/XVB-602<br />
* USB boot - 8GB USB for V7805, 16GB USB for V7865/XVB-602<br />
<br />
== Preparation ==<br />
<br />
* save /etc, /var, /root, /opt, (if needed: /usr/local, /tftpboot) by rsync to some data disk (/ladd/data0/root)<br />
* check that "/" partition (it will be overwritten) is different from /home1 and /data partitions<br />
* note the MAC addresses of all network interfaces, add them to ladd00 dhcpd.conf to enable PXE boot into the SL "network installer"<br />
* shutdown<br />
<br />
== Running installer (CentOS7) ==<br />
<br />
CentOS7 can be installed from vanilla CentOS7 installation media or from<br />
a custom USB key build per there instructions:<br />
https://daqshare.triumf.ca/~olchansk/linux/CentOS7/<br />
<br />
The custom installer makes it easy to use a custom kickstart file (ks.cfg).<br />
<br />
Instructions for using the usb-installer:<br />
<br />
* disconnect machine from network<br />
* plug the usb-installer into a usb3 port (blue colour)<br />
* reboot machine, select booting from usb (press F8 on ASUS motherboards)<br />
* usb-installer boot menu offers to install CentOS7, go there<br />
* CentOS7 should boot (many messages scroll on screen)<br />
* into graphical mode<br />
* into installer main menu<br />
* all installer options should "happy" except for the "installation destination"<br />
* go to the "installation destination" menu<br />
** unselect all disks except for the SSD where the OS will be installed<br />
** (MOST IMPORTANT: unselect the USB installer disk!)<br />
** select "I will configure..."<br />
** say "done"<br />
** the "manual partitionning" menu will open<br />
*** use the "-" button to delete all existing partitions<br />
*** select "standard partition"<br />
*** click on the "+" button<br />
*** in the "Add new partition" dialog, set mount point "/", capacity blank, click "add mount point"<br />
*** check capacity (should be full size of SSD), check filesystem type (should be XFS)<br />
*** say "done", there will be a warning about absent swap partition, say "done" again.<br />
*** in the big useless dialog, say "accept changes"<br />
*** should be back to the "installation summary" screen, "installation destination" should be happy now<br />
* after everything is happy, say "begin installation"<br />
* as the installation proceeds, set the password for the root user<br />
* after installation is complete, reboot the machine<br />
* unplug the usb-installer, CentOS7 should boot from SSD into the login screen<br />
* click on "not listed?", login as root<br />
* setup network connection:<br />
** open a terminal<br />
** start "nm-connection-editor"<br />
** click on "+" to create a new connection profile<br />
** select "wired ethernet"<br />
** select "add profile..."<br />
** in "Identity", set "name" to "static"<br />
** in "Identity", check that "Connect automatically" and "Make available..." is enabled<br />
** in "IPv4", set "Addresses" to "manual" instead of "dhcp"<br />
** enter IP address, netmask 255.255.224.0, gateway 142.90.100.18, dns 142.90.100.19, search triumf.ca<br />
** say "Add", then close/quit the network settings<br />
* connect network cable<br />
* network should be up, ping ladd00 should work<br />
* run: yum update -y<br />
* check new kernel is installed: ls -l /boot<br />
* logout and restart (good luck finding these buttons in the gui!)<br />
* confirm correct linux kernel is selected during boot (-229.20, not the original installer kernel)<br />
* login as root, confirm network is up, proceed with the rest of these instructions<br />
<br />
== Configure SSH ==<br />
<br />
(+CentOS7)<br />
<br />
* Login from the console<br />
* restore the SSH keys from backup (/etc/ssh/*key*)<br />
* service sshd restart<br />
* ssh into the new machine as root<br />
* ssh root@localhost, ctrl-C<br />
* ### this is done later from Konstantin's git repository - scp root@ladd00:/root/authorized_keys ~root/.ssh/<br />
* (not needed for SL5.5 kickstart) check that /etc/ssh/ssh_config contains "ForwardX11 yes" and "ForwardX11Trusted yes":<br />
<pre><br />
echo " ForwardX11 yes" >> /etc/ssh/ssh_config<br />
echo " ForwardX11Trusted yes" >> /etc/ssh/ssh_config<br />
</pre><br />
<br />
== Post installation CentOS7 ==<br />
<br />
Set hostname: (use full name, i.e. daq11.triumf.ca)<br />
<pre><br />
emacs -nw /etc/hostname<br />
</pre><br />
<br />
<pre><br />
echo "olchansk@triumf.ca amaudruz@triumf.ca lindner@triumf.ca bsmith@triumf.ca" >> ~root/.forward<br />
chmod a+r /var/log/messages<br />
chmod a+r /var/log/yum.log<br />
</pre><br />
<br />
Activate rc.local:<br />
<pre><br />
chmod a+x /etc/rc.local<br />
chmod a+x /etc/rc.d/rc.local # TL edit<br />
systemctl start rc-local<br />
systemctl status rc-local<br />
</pre><br />
<br />
== Disable "persistent network names" (DO NOT DO THIS) ==<br />
<br />
<pre><br />
/bin/touch /etc/udev/rules.d/75-persistent-net-generator.rules<br />
/bin/rm /etc/udev/rules.d/70-persistent-net.rules<br />
#shutdown -r now<br />
</pre><br />
<br />
== Configure NIS client (CentOS7) ==<br />
<br />
<pre><br />
yum -y install ypbind authconfig<br />
echo "NISTIMEOUT=5" >> /etc/sysconfig/network<br />
echo "NETWORKWAIT=yes" >> /etc/sysconfig/network<br />
authconfig --enablenis --enablepreferdns --nisdomain LADD-NIS --nisserver ladd00.triumf.ca --update<br />
ypwhich<br />
ypcat -k passwd<br />
systemctl restart autofs<br />
</pre><br />
* On the master NIS node (ladd00), add this new node to /etc/netgroup, and update NIS maps (cd /var/yp; make)<br />
* Use "system-config-users" to add local user accounts<br />
* enable selinux ssh key login to nfs mounted home directories:<br />
<pre><br />
setsebool -P use_nfs_home_dirs 1<br />
</pre><br />
<br />
== Configure NIS client (CentOS8) ==<br />
<br />
* all the same as for CentOS7<br />
* ensure correct boot order for ypbind (in CentOS 8.1 ypbind is started before network is ready, service file uses "Wants" instead of "After")<br />
<pre><br />
mkdir /etc/systemd/system/ypbind.service.d<br />
echo -e "[Unit]\nAfter=network-online.target\n" > /etc/systemd/system/ypbind.service.d/local.conf<br />
systemctl daemon-reload<br />
systemctl cat ypbind.service<br />
</pre><br />
<br />
== Configure NIS secondary server (CentOS7) ==<br />
<br />
Enable local NIS server, make local machine use it:<br />
<br />
<pre><br />
yum -y install ypserv<br />
/usr/lib64/yp/ypinit -s ladd00 ### (/usr/lib/yp/ypinit on 32-bit machines)<br />
### ypinit will give lots of errors about "rpc.ypxfrd failed: RPC: Can't decode result"; can be ignored<br />
systemctl enable rpcbind ypserv ypxfrd yppasswdd<br />
systemctl start rpcbind ypserv ypxfrd yppasswdd<br />
emacs -nw /etc/yp.conf # change "domain XXX server YYY.triumf.ca" to read "domain XXX server localhost"<br />
systemctl restart ypbind<br />
ypwhich # should say "localhost"<br />
ypcat -k auto.master # should work<br />
</pre><br />
<br />
Punch hole in the firewall: (or "make" on NIS master will complain)<br />
<br />
<pre><br />
echo YPSERV_ARGS=\"-p 800\" >> /etc/sysconfig/network<br />
systemctl restart ypserv<br />
firewall-cmd --get-services<br />
firewall-cmd --add-service rpc-bind --permanent<br />
firewall-cmd --add-port=800/tcp --add-port=800/udp --permanent<br />
firewall-cmd --reload<br />
firewall-cmd --list-all<br />
</pre><br />
<br />
* on the NIS master:<br />
** add the new machine to /var/yp/ypservers, run "make -C /var/yp" and also "cd /var/yp; yppush -h newmachine ypservers"<br />
*** TL (2020-09): we not doing this anymore? I guess it doesn't work anyway...<br />
** if using /var/yp/securenets, copy it from NIS master to new NIS secondary server<br />
<br />
Enable hourly NIS update cron job (DO THIS AFTER git pull scripts, see below)<br />
<br />
<pre><br />
cd ~/git/scripts<br />
git pull<br />
cd etc<br />
cd ~/git/scripts/etc; ln -s $PWD/ypxfr-cron-hourly /etc/cron.hourly<br />
</pre><br />
<br />
== Configure AUTOFS (CentOS7) ==<br />
<br />
<pre><br />
yum -y install autofs<br />
systemctl enable autofs<br />
systemctl start autofs<br />
ls -l /daq/daqshare<br />
</pre><br />
<br />
<br />
<br />
== Label Selinux labels ==<br />
<br />
When upgrading non-selinux machines (el6) to el7 (selinux enforcing) the existing<br />
user home directories will not have the correct selinux labels and many things<br />
will not work, including ssh logins (sshd cannot access ~user/.ssh files).<br />
<br />
<pre><br />
semanage fcontext -a -e /home /home1 ### selinux has special rules for /home, assign them to /home1<br />
restorecon -R -v /home1 ### apply the new rules to files in /home1<br />
ls -Zd /home1/alpha/.ssh<br />
# should say: drwx------. alpha users system_u:object_r:ssh_home_t:s0 /home1/alpha/.ssh<br />
</pre><br />
<br />
== Configure time (CentOS7) ==<br />
<br />
Time server ntpd was replaced by chronyd.<br />
<br />
<pre><br />
yum -y install chrony<br />
echo server time1 iburst >> /etc/chrony.conf<br />
echo server time2 iburst >> /etc/chrony.conf<br />
echo server time3 iburst >> /etc/chrony.conf<br />
systemctl enable chronyd<br />
systemctl restart chronyd<br />
chronyc sources<br />
chronyc tracking<br />
</pre><br />
<br />
* if desired, edit /etc/chrony.conf, remove non-triumf time servers<br />
<br />
== Enable automatic system updates (CentOS7) ==<br />
<br />
Disable yum-cron:<br />
<br />
<pre><br />
rpm --erase yum-cron<br />
/bin/rm -v /var/lock/subsys/yum-cron<br />
/bin/rm -v /etc/cron.daily/0yum-daily.cron<br />
/bin/rm -v /etc/cron.hourly/0yum-hourly.cron<br />
</pre><br />
<br />
Enable yum-autoupdate:<br />
<br />
<pre><br />
yum install -y epel-release<br />
yum install -y yum-changelog yum-protectbase yum-tsflags yum-versionlock<br />
rpm -vh --install http://linuxsoft.cern.ch/cern/centos/7.2/cern/x86_64/Packages/yum-kernel-module-1-5.el7.cern.noarch.rpm<br />
rpm -vh --install http://linuxsoft.cern.ch/cern/centos/7.2/cern/x86_64/Packages/yum-autoupdate-4.4.2-1.el7.cern.noarch.rpm<br />
#rpm -vh --install https://daqshare.triumf.ca/~olchansk/linux/yum-autoupdate-4.4.2-1.el7.cern.noarch.rpm https://daqshare.triumf.ca/~olchansk/linux/yum-kernel-module-1-5.el7.cern.noarch.rpm<br />
systemctl enable yum-autoupdate<br />
systemctl start yum-autoupdate<br />
systemctl status yum-autoupdate<br />
</pre><br />
<br />
== Disable automatic system updates (CentOS7) ==<br />
<br />
<pre><br />
yum -y erase yum-autoupdate<br />
/bin/rm -f /etc/sysconfig/yum-autoupdate.rpmsave<br />
/bin/rm -f /var/lock/subsys/yum-autoupdate<br />
</pre><br />
<br />
== Enable automatic system updates (CentOS8) ==<br />
<br />
<pre><br />
yum -y install dnf-automatic<br />
systemctl enable --now dnf-automatic.timer<br />
systemctl list-timers *dnf-*<br />
</pre><br />
<br />
edit /etc/dnf/automatic.conf<br />
<pre><br />
apply_updates = yes<br />
</pre><br />
<br />
== Configure system services (CentOS7) ==<br />
<br />
* systemctl list-unit-files | grep enabled | sort ### (to see enabled services)<br />
* disable unwanted services:<br />
<pre><br />
systemctl disable bluetooth<br />
systemctl disable dm-event<br />
systemctl disable dmraid-activation<br />
systemctl disable iscsid<br />
systemctl disable iscsi<br />
systemctl disable iscsiuio<br />
systemctl disable libvirtd<br />
systemctl disable lvm2-lmetad<br />
systemctl disable lvm2-monitor<br />
systemctl disable ModemManager<br />
systemctl disable multipathd<br />
systemctl disable netcf-transaction<br />
systemctl disable lvm2-lvmetad.socket<br />
systemctl disable lvm2-lvmpolld.socket<br />
systemctl disable iscsid.socket<br />
systemctl disable iscsiuio.socket<br />
#systemctl disable <br />
</pre><br />
<br />
== Erase unwanted packages (CentOS7) ==<br />
<br />
* PackageKit # bugs users about security updates, hogs yum lock<br />
* perl-homedir # creates unwanted $HOME/perl5<br />
* ModemManager # thinks that all USB-attached devices are modems<br />
* pcp # sends error email to itself, does not work<br />
* abrt # sends email to root about useless crashes, i.e. crash of X when machine is rebooted<br />
* rear # some kind of backup and recovery tool, not clear what it does, but it sends email complaining how it is broken<br />
* bash-completion # "echo $HOME/<TAB>" becomes "echo \$HOME" (notice "\" added before "$") preventing tab-completion from doing anything useful.<br />
<br />
<pre><br />
yum -y erase PackageKit perl-homedir ModemManager pcp abrt abrt-libs abrt-gui-libs rear bash-completion<br />
</pre><br />
<br />
== Disable unwanted package "tracker" ==<br />
<br />
The "tracker" package is part of the GNOME desktop, it scans the content of all files<br />
into a database for quick searching.<br />
<br />
When it malfunctions, bad things happen, i.e. read through<br />
https://bugzilla.redhat.com/show_bug.cgi?id=747689<br />
<br />
Specific problem I see is that it floods the system log with error messages. Also <br />
consumes network and filesystem bandwidth for NFS mounted home directories.<br />
<br />
This package cannot be removed by "yum erase tracker" dues to dependencies<br />
from core GNOME desktop.<br />
<br />
Instead, do this to deactivate it:<br />
<br />
<pre><br />
chmod -x /usr/libexec/tracker-*<br />
chmod -x /usr/bin/tracker<br />
chattr +i /usr/bin/tracker<br />
chattr +i /usr/libexec/tracker-*<br />
</pre><br />
<br />
== Configure external package repositories (CentOS7) ==<br />
<br />
EPEL: (addtional packages)<br />
<pre><br />
yum install epel-release<br />
</pre><br />
<br />
ELREPO: (kernel modules and drivers) (CentOS8)<br />
<pre><br />
yum install elrepo-release<br />
</pre><br />
<br />
ELREPO: (kernel drivers)<br />
<pre><br />
rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org<br />
rpm -Uvh https://www.elrepo.org/elrepo-release-7.0-2.el7.elrepo.noarch.rpm<br />
yum -y install yum-plugin-fastestmirror<br />
</pre><br />
<br />
== Install packages needed to continue with installation ==<br />
<br />
(+CentOS7)<br />
<br />
(these packages are sometimes missing, they are needed to follow following instructions instructions)<br />
<br />
(SL6.5: libotf is a dependancy of emacs - SL6.5 installer fails to install it)<br />
<br />
<pre><br />
yum install ed patch wget git libotf gdisk emacs perl<br />
</pre><br />
<br />
== Configure Konstantin's scripts ==<br />
<br />
(+Centos7)<br />
<br />
<pre><br />
mkdir ~root/git<br />
cd ~root/git<br />
git clone http://ladd00.triumf.ca/~olchansk/git/scripts.git<br />
cd scripts<br />
git pull<br />
</pre><br />
<br />
Go back to the NIS slave server and install the hourly NIS update cron job.<br />
<br />
== Enable yum version lock ==<br />
<br />
<pre><br />
yum install yum-plugin-versionlock<br />
#yum versionlock packagename # yum versionlock rpcbind<br />
#yum versionlock list # list locked packages<br />
#yum versionlock delete packagename # unlock given package<br />
#yum versionlock clear # delete all locks<br />
</pre><br />
<br />
== Configure trusted ssh keys ==<br />
<br />
(+CentOS7)<br />
<br />
<pre><br />
ssh localhost<br />
interrupt by Ctrl-C<br />
/bin/cp ~/git/scripts/etc/authorized_keys ~/.ssh/<br />
</pre><br />
<br />
== Configure hardware sensors ==<br />
<br />
* yum -y install lm_sensors<br />
* sensors-detect (accept default answer to all questions - press ENTER)<br />
* systemctl restart lm_sensors<br />
* sensors (to see available sensors)<br />
<br />
If no sensors are detected by standard drivers, follow motherboard-specific instructions at the bottom of this page.<br />
<br />
== Configure IPMI sensors ==<br />
<br />
Some machines support the IPMI interface for monitoring the hardware: fan speeds, temperatures, voltages.<br />
<br />
* find out if IPMI is supported. Try this:<br />
<pre><br />
dmidecode | grep -i ipmi<br />
</pre><br />
if output is not blank, IPMI is maybe supported.<br />
* install and enable IPMI software:<br />
<pre><br />
yum install "OpenIPMI*" ipmitool<br />
service ipmi start<br />
ipmitool sensor ### to confirm IPMI is present. If output is blank, do not go further.<br />
chkconfig ipmi on<br />
chkconfig ipmievd on<br />
service ipmi restart<br />
service ipmievd restart<br />
tail -100 /var/log/messages ### look at messages logged by ipmievd<br />
</pre><br />
* (CentOS7) install and enable IPMI software:<br />
<pre><br />
yum install "OpenIPMI*" ipmitool<br />
systemctl start ipmi<br />
ipmitool sensor ### to confirm IPMI is present. If output is blank, do not go further.<br />
systemctl list-unit-files | grep -i ipmi<br />
systemctl enable ipmi<br />
systemctl restart ipmi<br />
systemctl status ipmi<br />
systemctl enable ipmievd<br />
systemctl restart ipmievd<br />
systemctl status ipmievd<br />
tail -100 /var/log/messages ### look at messages logged by ipmievd<br />
</pre><br />
<br />
* if ipmievd complains about SEL buffer overflow, clear it manually:<br />
<pre><br />
ipmitool sel list ### show ipmi messages in raw format<br />
ipmitool sel elist ### show ipmi messages in useful format<br />
ipmitool sel elist > file ### save ipmi messages into a file<br />
ipmitool sel clear ### clear all accumulated ipmi messages<br />
</pre><br />
<br />
* useful ipmi commands:<br />
** ipmitool sensor -- read hardware sensors<br />
** ipmitool sel elist -- report all accumulated messages<br />
<br />
== Configure ECC memory ==<br />
<br />
* check that machine has ECC memory: dmidecode --type memory | grep -i ecc<br />
<br />
Configure mcelog (machine check exception)<br />
<br />
* yum install mcelog<br />
* check that mcelog is running: ps -efw | grep mcelog<br />
* (el6) chkconfig mcelogd on; service mcelogd restart<br />
* (el7) systemctl status mcelog.service; systemctl enable mcelog.service; systemctl restart mcelog.service<br />
<br />
Check for MCE (machine check exception) messages:<br />
<br />
* mcelog --client<br />
* grep -i mce /var/log/messages*<br />
* grep -i ecc /var/log/messages*<br />
<br />
Configure EDAC<br />
<br />
<pre><br />
yum install edac-utils<br />
edac-ctl --mainboard<br />
edac-ctl --status<br />
lsmod | grep edac<br />
modprobe ie31200_edac ### driver for Intel E3-1200 series ECC memory<br />
<br />
[root@grsmid00 ~]# ls -l /sys/devices/system/edac/mc/<br />
... empty<br />
<br />
[root@alpha00 ~]# ls -l /sys/devices/system/edac/mc/<br />
drwxr-xr-x. 15 root root 0 Oct 25 16:40 mc0<br />
...<br />
[root@alpha00 ~]# ls -l /sys/devices/system/edac/mc/mc0<br />
total 0<br />
-r--r--r--. 1 root root 4096 Oct 25 16:40 ce_count<br />
-r--r--r--. 1 root root 4096 Oct 25 16:40 ce_noinfo_count<br />
drwxr-xr-x. 3 root root 0 Oct 25 16:40 csrow0<br />
drwxr-xr-x. 3 root root 0 Oct 25 16:40 csrow1<br />
drwxr-xr-x. 3 root root 0 Oct 25 16:40 csrow2<br />
drwxr-xr-x. 3 root root 0 Oct 25 16:40 csrow3<br />
-r--r--r--. 1 root root 4096 Oct 25 16:40 max_location<br />
-r--r--r--. 1 root root 4096 Oct 25 16:40 mc_name<br />
drwxr-xr-x. 2 root root 0 Oct 25 16:40 power<br />
drwxr-xr-x. 3 root root 0 Oct 25 16:40 rank0<br />
drwxr-xr-x. 3 root root 0 Oct 25 16:40 rank1<br />
drwxr-xr-x. 3 root root 0 Oct 25 16:40 rank2<br />
drwxr-xr-x. 3 root root 0 Oct 25 16:40 rank3<br />
drwxr-xr-x. 3 root root 0 Oct 25 16:40 rank4<br />
drwxr-xr-x. 3 root root 0 Oct 25 16:40 rank5<br />
drwxr-xr-x. 3 root root 0 Oct 25 16:40 rank6<br />
drwxr-xr-x. 3 root root 0 Oct 25 16:40 rank7<br />
--w-------. 1 root root 4096 Oct 25 16:40 reset_counters<br />
-r--r--r--. 1 root root 4096 Oct 25 16:40 seconds_since_reset<br />
-r--r--r--. 1 root root 4096 Oct 25 16:40 size_mb<br />
lrwxrwxrwx. 1 root root 0 Oct 2 12:02 subsystem -> ../../../../../bus/mc0<br />
-r--r--r--. 1 root root 4096 Oct 25 16:40 ue_count<br />
-r--r--r--. 1 root root 4096 Oct 25 16:40 ue_noinfo_count<br />
-rw-r--r--. 1 root root 4096 Oct 25 16:40 uevent<br />
[root@alpha00 ~]# <br />
<br />
[root@alpha00 ~]# edac-ctl --status<br />
edac-ctl: drivers are loaded.<br />
<br />
[root@alpha00 ~]# edac-util <br />
edac-util: No errors to report.<br />
<br />
[root@alpha00 ~]# edac-util -s<br />
edac-util: EDAC drivers are loaded. 1 MC detected<br />
</pre><br />
<br />
== Configure SMARTD (CentOS7) ==<br />
<br />
Default el7 smartd config files send deficient email notices about disk failures. Overwrite.<br />
<br />
<pre><br />
/bin/cp ~/git/scripts/etc/smartd.conf /etc/smartmontools/<br />
/bin/cp ~/git/scripts/etc/smartd_warning.sh /etc/smartmontools/<br />
systemctl enable smartd<br />
systemctl restart smartd<br />
systemctl status smartd<br />
</pre><br />
<br />
== Enable User Disk Quotas (OPTIONAL) ==<br />
<br />
(+CentOS7)<br />
<br />
* read http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Storage_Administration_Guide/ch-disk-quotas.html<br />
* emacs -nw /etc/fstab, add "grpquota,usrquota" to filesystem options, e.g.:<br />
<pre><br />
[root@isdaq00 home1]# grep quota /etc/fstab<br />
UUID=5a2aefbd-45db-475e-841e-12ec89220fbd /home1 ext4 defaults,grpquota,usrquota 1 2<br />
</pre><br />
* cd /; umount /home1; mount /home1<br />
* quotacheck -cug /home1<br />
* quotacheck -avug<br />
* quotaon -av<br />
* quota system is now active<br />
* increase the soft quota time limit from default 7days to 30 or 60 days: edquota -t<br />
* set quotas for all users (see below)<br />
* setup warnquota:<br />
** create warnquota config file: emacs -nw /etc/warnquota.conf<br />
<pre><br />
# values can be quoted:<br />
MAIL_CMD = "/usr/sbin/sendmail -t"<br />
FROM = root<br />
SUBJECT = User %i@%h exceeded allocated disk quota<br />
CC_TO = "root"<br />
# If you set this variable CC will be used only when user has less than<br />
# specified grace time left (examples of possible times: 5 seconds, 1 minute,<br />
# 12 hours, 5 days)<br />
# CC_BEFORE = 2 days<br />
SUPPORT = "root"<br />
# Text in the beginning of the mail (if not specified, default text is used)<br />
# This way text can be split to more lines<br />
# Line breaks are done by '|' character<br />
# The expressions %i, %h, %d, and %% are substituted for user/group name,<br />
# host name, domain name, and '%' respectively. For backward compatibility<br />
# %s behaves as %i but is deprecated.<br />
MESSAGE = User "%i" on "%h" has exceeded the allocated disk quota.||Please delete any unnecessary files on following filesystems or|contact the system administrato<br />
r to increase your quota allocation:|<br />
SIGNATURE = --|automated email from warnquota<br />
</pre><br />
** note that %i@%h in the SUBJECT line do not seem to work<br />
** create cron job: emacs -nw /etc/cron.daily/warnquota<br />
<pre><br />
#!/bin/sh<br />
warnquota<br />
#end<br />
</pre><br />
** chmod a+x /etc/cron.daily/warnquota<br />
** touch /etc/crontab<br />
<br />
Useful commands for managing quotas:<br />
* repquota -a | sort -n -k3 ### show quota of all users sorted by disk usage<br />
* edquota -u username ### open "vi" editor to change user quotas<br />
* repquote -a | grep username ### report quota for given user<br />
* setquota -u username 0 0 0 0 /home1 ### disable quotas for given user<br />
* setquota -u username 50000000 100000000 0 0 /home1 ### set quotas for 50GB soft and 100GB hard<br />
* edquota -t ### change user quota time limits<br />
* edquote -tg ### change group quota time limits<br />
<br />
== Enable NFS V4 server (CentOS7) ==<br />
<br />
* create /etc/exports. example: (fsid numbers should be unique and increase 1,2,3,...)<br />
<pre><br />
/home1 @home_export(rw,no_root_squash,async,fsid=1)<br />
/data1 @data_export(rw,no_root_squash,async,fsid=2)<br />
</pre><br />
* check the netgroup file<br />
** if using NIS: check NIS netgroup: ypcat -k netgroup<br />
** if no NIS, create /etc/netgroup: @daqmachines (deap00,,) (deap01,,) (deap02,,)<br />
** if no NIS, edit /etc/nsswitch.conf, make the netgrooup line read: "netgroup: files"<br />
* enable things, start them:<br />
<pre><br />
firewall-cmd --get-services<br />
firewall-cmd --permanent --add-service=nfs<br />
firewall-cmd --reload<br />
firewall-cmd --list-all<br />
systemctl enable nfs-server<br />
systemctl start nfs-server<br />
systemctl status nfs<br />
</pre><br />
<br />
== Enable NFS V3 server (CentOS7) ==<br />
<br />
<pre><br />
ps -efw | grep rpc.mountd # should be running!<br />
firewall-cmd --get-services<br />
firewall-cmd --permanent --add-service=mountd<br />
firewall-cmd --permanent --add-service=rpc-bind<br />
firewall-cmd --reload<br />
firewall-cmd --list-all<br />
</pre><br />
<br />
== Enable NFS V3 server ==<br />
<br />
* edit /etc/hosts.allow, add or uncomment "mountd: 142.90.0.0/255.255.0.0"<br />
* create /etc/exports. example:<br />
<pre><br />
/home1 @home_export(rw,no_root_squash,async)<br />
/data1 @data_export(rw,no_root_squash,async)<br />
</pre><br />
* check the netgroup file<br />
** if using NIS: check NIS netgroup: ypcat -k netgroup<br />
** if no NIS, create /etc/netgroup: @daqmachines (deap00,,) (deap01,,) (deap02,,)<br />
** if no NIS, edit /etc/nsswitch.conf, make the netgrooup line read: "netgroup: files"<br />
* chkconfig nfs on<br />
* chkconfig nfslock on<br />
* service nfs restart<br />
<br />
Then on ladd00 need to do<br />
* ssh to root@ladd00<br />
* edit /etc/auto.daq to add new machine...<br />
* make -C /var/yp<br />
<br />
== Enable NFS V4 SERVER (SL6) ==<br />
<br />
* if used with NIS, same as NFSv3<br />
* if used as standalone, need to edit idmapd.conf - set the "Domain" name to the same value on NFS server and NFS slave (default automagically determined value does not always work). More TBW.<br />
<br />
== Enable AMANDA backups ==<br />
<br />
AMANDA backups are already enabled by TRIUMF kickstart installs. For non-kickstart installation, follow instructions at [[http://amanda/~amanda http://amanda/~amanda]], or look at "/triumfcs/trshare/olchansk/linux/amanda/amanda-enable.perl". As final step, use [[https://helpdesk.triumf.ca https://helpdesk.triumf.ca]] to contact TRIUMF CS to add this new machine to the amanda backup list.<br />
<br />
* yum install triumf-amanda<br />
<br />
== Enable AMANDA backups (CentOS7) ==<br />
<br />
<pre><br />
yum install amanda-client<br />
systemctl list-unit-files | grep -i amanda<br />
#systemctl enable amanda<br />
systemctl enable amanda.socket<br />
systemctl enable amanda-udp.socket<br />
systemctl restart amanda.socket<br />
systemctl restart amanda-udp.socket<br />
firewall-cmd --get-services<br />
firewall-cmd --permanent --add-service=amanda-client<br />
firewall-cmd --reload<br />
firewall-cmd --list-all<br />
echo amanda.triumf.ca amanda amdump >> /var/lib/amanda/.amandahosts<br />
</pre><br />
<br />
On amanda server, add new machine to the disklist, then:<br />
<br />
<pre><br />
amcheck -c daily titan00<br />
</pre><br />
<br />
== Enable DCACHE ==<br />
<br />
DAQ dcache server is mounted as<br />
<br />
/daq/pnfs/triumf.ca/data/<br />
<br />
For Centos-7 machines, you need to adjust the firewall rules in order to be able to communicate with the trdata machines; this is only necessary if you are copying data to trdata. The firewall changes are<br />
<br />
<pre><br />
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="142.90.100.212/32" port protocol="tcp" port="0-65535" accept"<br />
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="142.90.107.156/32" port protocol="tcp" port="0-65535" accept"<br />
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="142.90.100.219/32" port protocol="tcp" port="0-65535" accept"<br />
firewall-cmd --reload<br />
firewall-cmd --list-all<br />
</pre><br />
<br />
This instructions are unnecessary <br />
* # mkdir -p /pnfs<br />
* # edit /etc/rc.local, add to the end of file: "mount -o intr,rw,noac,hard,nfsvers=3 trdata00:/pnfs /pnfs &"<br />
* # . /etc/rc.local<br />
<br />
For more information on, see [[TrdataDcache]] dcache page.<br />
<br />
== Configure Ganglia (Centos7) ==<br />
<br />
CentOS7 Ganglia instructions (EPEL7 ganglia-3.7.2)<br />
<br />
<pre><br />
/bin/rm /etc/gmond.conf<br />
yum -y install "ganglia-gmond*"<br />
/bin/cp -v /dev/null /etc/ganglia/conf.d/multicpu.conf # collects useless data<br />
/bin/cp -v /dev/null /etc/ganglia/conf.d/netstats.pyconf # spews errors into syslog<br />
/bin/cp -v /dev/null /etc/ganglia/conf.d/diskstat.pyconf # collects useless data<br />
/bin/cp -v /dev/null /etc/ganglia/conf.d/procstat.pyconf # do not create /tmp/gmond.conf<br />
/bin/cp ~/git/scripts/etc/gmond.conf /etc/ganglia/gmond.conf<br />
systemctl enable gmond<br />
systemctl restart gmond<br />
systemctl status gmond<br />
</pre><br />
<br />
== Configure TRIUMF DAQ packages ==<br />
<br />
(+CentOS7)<br />
<br />
<pre><br />
cd /etc/yum.repos.d<br />
wget http://daq.triumf.ca/~daqweb/yum/triumf-daq.repo<br />
</pre><br />
<br />
== Install Konstantin's packages ==<br />
<br />
(+CentOS7)<br />
<br />
<pre><br />
yum --disablerepo=\* --enablerepo=triumf-daq --skip-broken install diskscrub emailonreboot monitor_nfs "ganglia-*" triumf_nodeinfo<br />
</pre><br />
<br />
== Install memtest and PXE boot ==<br />
<br />
!!!DO NOT DO THIS!!!<br />
<br />
<pre><br />
cd /boot<br />
wget http://ladd00.triumf.ca/tftpboot/memtest86+-5.01.bin.gz<br />
wget http://ladd00.triumf.ca/tftpboot/memtest86+-4.20.bin.gz<br />
wget http://ladd00.triumf.ca/tftpboot/memtest86+-4.10<br />
wget http://ladd00.triumf.ca/tftpboot/gpxe-1.0.1+-gpxe.lkrn<br />
<br />
emacs -nw /boot/grub/grub.conf<br />
title memtest86+-5.01<br />
root (hd0,0)<br />
kernel /boot/memtest86+-5.01.bin.gz<br />
title memtest86+-4.20<br />
root (hd0,0)<br />
kernel /boot/memtest86+-4.20.bin.gz<br />
title memtest86+-4.10<br />
root (hd0,0)<br />
kernel /boot/memtest86+-4.10<br />
title pxeboot<br />
root (hd0,0)<br />
kernel /boot/gpxe-1.0.1+-gpxe.lkrn<br />
</pre><br />
<br />
== Install node monitoring ==<br />
<br />
(+CentOS7)<br />
<br />
<pre><br />
yum --disablerepo=\* --enablerepo=triumf-daq --skip-broken install triumf_nodeinfo<br />
/usr/sbin/sendnodeinfo.perl --config ladd00.triumf.ca:8600<br />
emacs -nw /etc/nodeinfo<br />
/usr/sbin/sendnodeinfo.perl ladd00.triumf.ca:8600<br />
</pre><br />
<br />
== Install gonodeinfo node monitoring ==<br />
<br />
(+Ubuntu, +CentOS7, +CentOS8)<br />
<br />
go to https://bitbucket.org/dd1/gonodeinfo<br />
follow instructions:<br />
<pre><br />
yum -y install golang<br />
mkdir ~/git<br />
cd ~/git<br />
git clone https://bitbucket.org/dd1/gonodeinfo.git<br />
# or git clone https://daq.triumf.ca/~olchansk/git/gonodeinfo.git<br />
cd gonodeinfo<br />
git pull<br />
make<br />
make install # install gonodeinfo agent<br />
cd ~ # this is important<br />
</pre><br />
<br />
* emacs -nw /etc/gonodeinfo.conf<br />
* change "Description", "Location", "User" and "Administrator" as appropriate (or delete them)<br />
* change "Servers" to read: Servers: ladd00.triumf.ca:8601<br />
* run gonodeinfo -e<br />
* if error is "connection refused". go to the nodeinfo server to add this client to the access control list:<br />
* on the gonodeinfo server: run gonodereceive -a daq13<br />
* try gonodeinfo again, there should be no error<br />
* on the gonodeinfo server: run gonodereport, look at the web pages, the new machine should be listed now<br />
<br />
== Install latest system updates ==<br />
<br />
(+CentOS7)<br />
<br />
<pre><br />
yum update -y<br />
</pre><br />
<br />
== Configure TRIUMF Printers (CentOS7) ==<br />
<br />
<pre><br />
systemctl stop cups<br />
systemctl disable cups<br />
echo "ServerName printers.triumf.ca" > /etc/cups/client.conf<br />
lpstat -a<br />
</pre><br />
<br />
== Disable syslog spam (CentOS7) ==<br />
<br />
Default el7 config is spamming the syslog with useless messages "systemd: Starting Session", etc. Disable this:<br />
<br />
<pre><br />
echo auditctl -e 0 >> /etc/rc.local<br />
echo /usr/bin/systemd-analyze set-log-level notice >> /etc/rc.local<br />
/etc/rc.local<br />
</pre><br />
<br />
== Install basic system packages (CentOS7) ==<br />
<br />
(if starting from minimal system, basic system packages required:)<br />
<br />
<pre><br />
yum install -y which psmisc redhat-lsb-core xorg-x11-xauth xterm emacs-nox rsync tcpdump strace nfs-utils sysstat iftop tcsh<br />
yum install -y gcc gcc-c++ gdb glibc-static libstdc++-static zlib zlib-devel openssl-devel httpd-tools<br />
</pre><br />
<br />
== Install packages needed for QUARTUS, ROOT, EPICS and MIDAS DAQ ==<br />
<br />
(+CentOS7)<br />
<br />
yum install --skip-broken giflib.x86_64 sysstat "libusb-devel*" unixODBC-devel postgresql-devel libxml2-devel libXpm-devel libgfortran git compat-readline43 "graphviz*" dcap "tigervnc*" telnet glibc"*" strace "fftw*" libpng "freetype*" xpdf "xemacs*" tkcvs xterm mutt "*-g77*" joe "libXmu*" dcap-devel gsl-devel pcre-devel h5py gd-devel xorg-x11-fonts"*" minicom xfig"*" perl-BSD-Resource "net-snmp-*" readline-static git-all nasm imake tcl-devel gv xorg-x11-twm expat-devel screen compat-readline5 ImageMagick ImageMagick-devel wget alacarte scipy numpy sympy nedit gnuplot php-cli php-domxml-php4-php5 php-gd php-fpdf php-cli kdebase cmake tcpdump sqlite sqlite-devel kdegraphics gdisk lsof gconf-editor iftop tk-devel mcelog kdm blt itcl lz4 bzip2 pbzip2 apr-devel apr-util-devel net-tools golang"*" --exclude golang-cover"*"hg"*" --exclude golang"*"hg"*" --exclude golang-pkg"*" --exclude golang-github"*" --exclude golang"*"git"*" mesa"*" xerces-c"*" diffuse clang i2c-tools texlive-revtex texlive-revtex4 kile kbibtex xrdp glibc.i686 gimp gimp-data-extras perl-GD"*" perl-Math"*" perl-Statistics-Basic cmake3 cmake3-gui extra-cmake-modules python2-pip x2go"*" mariadb-devel glibc-devel.i686 libzstd<br />
<br />
== Install optional packages ==<br />
<br />
!! DO NOT DO THIS !!<br />
<br />
(do not install boost on 32-bit machines)<br />
<br />
yum install --skip-broken "boost-*" <br />
<br />
(packages for 32-bit software compilation on 64-bit machines. this is optional)<br />
<br />
yum install --skip-broken giflib.i386 giflib.i686 compat-libf2c-34.i386 compat-libf2c-34.i686 mysql-devel.i686 openssl-devel.i686 unixODBC-devel.i686 libstdc++-devel.i386 libstdc++-devel.i686 "zlib-*.i686" "libXext-*.i686" "libXtst-*.i686" glibc-static.i686 freetype.i686 fontconfig.i686 libpng.i686 libXrender.i686 glibc-devel.i686 libX11-devel.i686 libXpm-devel.i686 libXft-devel.i686 mysql-devel.i686 dcap-devel.i686 gsl-devel.i686 pcre-devel.i686 fontconfig-devel.i686 freetype-devel.i686 libpng-devel.i686 libjpeg-devel.i686 libgfortran.i686 libxml2-devel.i686 gd-devel.i686 readline-devel.i686 ncurses-devel.i686 libXdmcp.i686 readline-static.i686 compat-readline5.i686<br />
<br />
yum install boost-devel.i686<br />
<br />
(separately install these packages - they collide with the big bunch above)<br />
<br />
yum install rdesktop<br />
<br />
yum reinstall urw-fonts<br />
<br />
== Install libraries for PHYSICA (CentOS7) ==<br />
<br />
To run physica built on el6 from git sources on el7, do this:<br />
<br />
(building physica on el7 is nort supported at this time)<br />
<br />
(see more http://www.triumf.info/wiki/DAQwiki/index.php/PHYSICA)<br />
<br />
<pre><br />
yum -y install libX11.i686 gd.i686 libpng12.i686 readline.i686 compat-libf2c-34.i686<br />
</pre><br />
<br />
== Install additional desktop environements (CentOS7) ==<br />
<br />
<pre><br />
# LXQT (from EPEL)<br />
# NOT COMPATIBLE WITH el7.7 # yum -y install "lxqt*"<br />
# Cinnamon desktop (from EPEL)<br />
yum -y install cinnamon<br />
# KDE5 not available yet<br />
# MATE (from epel)<br />
yum -y groupinstall "MATE Desktop"<br />
yum -y install mate-common mate-icon-theme-faenza mate-netspeed mate-sensors-applet mate-themes-extras mate-utils<br />
yum -y erase ModemManager abrt abrt-libs abrt-gui-libs<br />
# XFCE4 (from EPEL)<br />
yum -y groupinstall xfce<br />
yum -y install "xfce*plugin" xfce4-about --exclude xfce4-hamster-plugin<br />
yum -y erase bash-completion<br />
</pre><br />
<br />
* make the MATE desktop as default<br />
<br />
<pre><br />
cd ~root/git/scripts/<br />
git pull<br />
/bin/cp -v etc/lightdm_default_mate.conf /etc/lightdm/lightdm.conf.d/<br />
</pre><br />
<br />
* lighdm login manager (from EPEL)<br />
<pre><br />
yum install lightdm lightdm-kde lightdm-qt lightdm-qt5<br />
</pre><br />
<br />
* and switch from gdm to lighdm<br />
<pre><br />
systemctl disable gdm.service<br />
systemctl enable lightdm.service<br />
(systemctl stop gdm; systemctl restart lightdm) &<br />
</pre><br />
<br />
== Install SMART scripts ==<br />
<br />
(+CentOS7)<br />
<br />
<pre><br />
ln -sf ~/git/scripts/smart-status/smart-status.perl ~/<br />
</pre><br />
<br />
== Install NTFS drivers ==<br />
<br />
yum install ntfs-3g ntfsprogs (from EPEL)<br />
<br />
== Install HFS and HFS+ drivers (CentOS7) ==<br />
<br />
yum --disablerepo=\* --enablerepo=elrepo install kmod-hfs kmod-hfsplus<br />
<br />
== Install Google Chrome web browser (64-bit CentOS7) ==<br />
<br />
<pre><br />
/bin/cp ~/git/scripts/etc/google-chrome-64.repo /etc/yum.repos.d/<br />
yum install google-chrome-stable<br />
</pre><br />
<br />
== Enable monitoring of HTTPS certificates ==<br />
<br />
On SL6, CentOS7:<br />
<br />
<pre><br />
yum install crypto-utils<br />
/etc/cron.daily/certwatch<br />
strace -f /etc/cron.daily/certwatch |& grep open | grep crt<br />
</pre><br />
<br />
== Enable 100dpi fonts for EPICS ==<br />
<br />
(+CentOS7)<br />
<br />
<pre><br />
ln -s /usr/share/X11/fonts/100dpi /etc/X11/fontpath.d/<br />
</pre><br />
<br />
== Enable crontab @reboot for MIDAS (CentOS7) ==<br />
<br />
el7 has a bug - cron @reboot entries for normal users can run before autofs is ready, so if the home directory<br />
is on autofs/NFS, it cannot be accessed and the cron job fails. If MIDAS is supposed to be<br />
started by cron @reboot, it will not start (there *will* be an error message in /var/log/cron).<br />
<br />
<pre><br />
mkdir /etc/systemd/system/crond.service.d<br />
echo -e "[Unit]\nAfter=ypbind.service autofs.service\n" > /etc/systemd/system/crond.service.d/local.conf<br />
systemctl daemon-reload<br />
systemctl cat crond.service<br />
</pre><br />
<br />
Explore the systemd dependacy tree using "systemctl list-dependencies" maybe with "--all".<br />
<br />
Visualize the exact boot sequence from previous boot: "systemd-analyze plot > xxx.svg", look at the svg file using a web browser.<br />
<br />
== Enable firewall for MIDAS (CentOS7) ==<br />
<br />
Default el7 configuration prevents all access to servers running on the local machine, including access to MIDAS mhttpd (tcp port 8443) and mserver (all tcp ports).<br />
<br />
To enable access to mhttpd:<br />
<br />
<pre><br />
firewall-cmd --add-port=8443/tcp --permanent<br />
firewall-cmd --reload<br />
firewall-cmd --list-all<br />
</pre><br />
<br />
To enable access to the mserver from a specific host: (replace 142.90.111.175 with the IP address of the permitted host)<br />
<br />
<pre><br />
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="142.90.111.175/32" port protocol="tcp" port="0-65535" accept"<br />
firewall-cmd --reload<br />
firewall-cmd --list-all<br />
</pre><br />
<br />
To enable access from the private network (replace "192.168.1.0" with your private network number):<br />
<br />
<pre><br />
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.1.0/24" port protocol="tcp" port="0-65535" accept"<br />
firewall-cmd --reload<br />
firewall-cmd --list-all<br />
</pre><br />
<br />
== Enable firewall for EPICS (CentOS7) ==<br />
<br />
To enable access to TRIUMF EPICS servers, do this:<br />
<br />
<pre><br />
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="142.90.132.0/23" accept"<br />
firewall-cmd --reload<br />
firewall-cmd --list-all<br />
</pre><br />
<br />
For UCN the controls people seem to have EPICS setup on a different server; this might be true for CMMS as well. In this case the firewall rule change should be<br />
<br />
<pre><br />
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="142.90.139.0/23" accept"<br />
firewall-cmd --reload<br />
firewall-cmd --list-all<br />
</pre><br />
<br />
== Disable gdm and X11 (OPTIONAL) ==<br />
<br />
<pre><br />
initctl stop prefdm<br />
echo "start on never" > /etc/init/prefdm.override<br />
echo "start on never" > /etc/init/splash-manager.override<br />
initctl reload-configuration<br />
</pre><br />
<br />
then enable login on default console:<br />
<pre><br />
echo "plymouth quit" >> /etc/rc.local<br />
echo "X_TTY=xxx/dev/tty1" >> /etc/sysconfig/init<br />
</pre><br />
<br />
== Install JAVAWS (OPTIONAL) ==<br />
<br />
* to run Java "web start" jnlp files (EVO, SEEVOGH, etc): javaws Downloads/spider.jnlp<br />
* install javaws:<br />
* yum install icedtea-web icedtea-web-javadoc<br />
<br />
== Install firefox java plugin (OPTIONAL, DO NOT DO THIS) ==<br />
<br />
This installs the Oracle Java plugin:<br />
<br />
* rpm -vh --install ~deap/jdk-7u15-linux-x64.rpm<br />
* ls -l /usr/lib64/mozilla/plugins/<br />
* ln -s /usr/java/jdk1.7.0_15/jre/lib/amd64/libnpjp2.so /usr/lib64/mozilla/plugins/<br />
* start firefox, go edit->preferences->general->manage add-ons->plugins<br />
* "java plugin 1.7.0_15" should be listed<br />
<br />
<br />
<br />
== Configure USB device permissions ==<br />
<br />
(+CentOS7)<br />
<br />
Configure USB device permissions for user access to USB-serial devices, Altera USB Blaster, etc.<br />
<br />
* create file /etc/udev/rules.d/99-usb-chmod.rules with this contents:<br />
<br />
<pre><br />
emacs -nw /etc/udev/rules.d/99-usb-chmod.rules<br />
ACTION=="add", SUBSYSTEM=="usb_device", RUN+="/bin/chmod a+wr /dev/%c"<br />
ACTION=="add", SUBSYSTEM=="usb_device", RUN+="/bin/chmod a+wr /proc/%c"<br />
ACTION=="add", ENV{DEVTYPE}=="usb_device", RUN+="/bin/chmod a+wr $env{DEVNAME}"<br />
ACTION=="add", ENV{DEVTYPE}=="usb_device", RUN+="/bin/chmod a+wr $env{DEVICE}"<br />
ACTION=="add", ENV{PHYSDEVBUS}=="usb-serial", RUN+="/bin/chmod a+wr $env{DEVNAME}"<br />
ACTION=="add", ENV{DEVPATH}=="/class/tty/ttyS*", RUN+="/bin/chmod a+wr $env{DEVNAME}"<br />
ACTION=="add", SUBSYSTEM=="tty", DEVPATH=="*ttyUSB*", RUN+="/bin/chmod a+rw $env{DEVNAME}"<br />
ACTION=="add", SUBSYSTEM=="tty", DEVPATH=="*ttyS*", RUN+="/bin/chmod a+rw $env{DEVNAME}"<br />
</pre><br />
<br />
* apply new permissions: udevadm trigger --action=add<br />
<br />
== Disable modem-manager ==<br />
<br />
The modem-manager will try to talk to any serial devices attached to USB serial ports. It assumes that those devices are modems and will send out modem-specific commands. if the devices are not modems and do not understand or do not like modem commands, well that's too bad. modem-manager is installed by the ModemManager package required by the NetworkManager package, and there is no configuration setting to turn modem-manager off.<br />
<br />
One way to disable it is: chmod a= /usr/sbin/modem-manager<br />
<br />
Another way to disable it is by forced uninstall: rpm --erase --nodeps ModemManager<br />
<br />
Remember to kill the running copy: killall -KILL modem-manager<br />
<br />
Caveat: it is not clear if modem-manager would not be resurrected by an update to the NetworkManager or ModemManager packages.<br />
<br />
== Configure Altera jtagd ==<br />
<br />
(if needed)<br />
<br />
<pre><br />
mkdir /etc/jtagd<br />
echo 'Password = "123";' > /etc/jtagd/jtagd.conf<br />
cp -pv /triumfcs/trshare/olchansk/altera/11.0/quartus/linux/pgm_parts.txt /etc/jtagd/jtagd.pgm_parts<br />
</pre><br />
<br />
* start local jtagd: /triumfcs/trshare/olchansk/altera/11.0/quartus/bin/jtagd<br />
* test local connection: /triumfcs/trshare/olchansk/altera/11.0/quartus/bin/jtagconfig<br />
* test remote connection (add this machine to your .jtag.conf, run jtagconfig<br />
<br />
For more information, go to [[Quartus]]<br />
<br />
== Install EOS ==<br />
<br />
Instructions from here:<br />
http://eos-docs.web.cern.ch/eos-docs/quickstart/setup_repo.html<br />
<br />
<pre><br />
rpm -vh --install https://dss-ci-repo.web.cern.ch/dss-ci-repo/eos/citrine/tag/el-7/x86_64/eos-repo-el7-generic-1.noarch.rpm<br />
yum-config-manager --disable eos-citrine # disable auto-update because all packages are not signed<br />
yum-config-manager --disable eos-dep # disable auto-update because all packages are not signed.<br />
yum install eos-client eos-fuse --enablerepo=eos-citrine<br />
</pre><br />
<br />
== Install fix for the el7 systemd dbus boot hang ==<br />
<br />
Around early Summer 2018 el7 started showing a boot problem. In the nutshell,<br />
there is a problem with the dbus connection between dbus and systemd that<br />
prevents polkit, firewalld, etc from starting. The system eventually boots<br />
enough that one can ssh into it, but most things do not work. Notably,<br />
polkit is not running, firewalld is not running, ssh login takes about 15-30 second.<br />
<br />
Solution is to add a special systemd service to check that dbus started correctly.<br />
It that runs after dbus is started, but before it is used, and it restarts dbus in a loop<br />
with a delay until dbus starts correctly. In testing, dbus always starts correctly after<br />
the first retry.<br />
<br />
<pre><br />
cd ~root/git/scripts/etc<br />
git pull<br />
/bin/cp -vf systemd-check-dbus.perl /usr/bin/<br />
/bin/cp -vf systemd-check-dbus.service /etc/systemd/system/<br />
systemctl daemon-reload<br />
systemctl enable systemd-check-dbus<br />
systemctl start systemd-check-dbus<br />
systemctl status systemd-check-dbus<br />
</pre><br />
<br />
After linux boots, if everything was okey, the script will report this:<br />
<pre><br />
[root@iris01 ~]# systemctl status systemd-check-dbus<br />
...<br />
Feb 08 17:15:49 iris01.triumf.ca systemd[1]: Starting Check that systemd is registered with dbus...<br />
Feb 08 17:15:49 iris01.triumf.ca sh[4283]: Starting check for systemd dbus connection<br />
Feb 08 17:15:50 iris01.triumf.ca sh[4283]: List: string "org.freedesktop.DBus"<br />
Feb 08 17:15:50 iris01.triumf.ca sh[4283]: List: string "org.freedesktop.systemd1"<br />
Feb 08 17:15:50 iris01.triumf.ca sh[4283]: systemd1 dbus service exists, success!<br />
Feb 08 17:15:50 iris01.triumf.ca sh[4283]: Finished check for systemd dbus connection<br />
Feb 08 17:15:50 iris01.triumf.ca systemd[1]: Started Check that systemd is registered with dbus.<br />
</pre><br />
<br />
If the boot problem happened, the script will report about restarting dbus.<br />
<br />
Note: the systemd service file adjusts the start order of other services, this adjustment seems to reduce the probability of the problem.<br />
<br />
== Configure GRUB boot loader (CentOS7, CentOS8) ==<br />
<br />
* emacs -nw /etc/default/grub, remove "rhgb" and "quiet" from GRUB_CMDLINE_LINUX<br />
* grub2-mkconfig -o /boot/grub2/grub.cfg<br />
* grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg<br />
* grub2-editenv list # show contents of boot environement file<br />
* /bin/rm /boot/grub2/grubenv # remove stale settings, make grub2 boot from first entry in config file<br />
<br />
== Install memtest86+ (CentOS7, CentOS8) ==<br />
<br />
<pre><br />
yum -y install memtest86+<br />
/bin/cp -vf /usr/share/memtest86+/20_memtest86+ /etc/grub.d/<br />
/bin/chmod a+x /etc/grub.d/20_memtest86+ <br />
grub2-mkconfig -o /boot/grub2/grub.cfg<br />
</pre><br />
<br />
== Disable ELREPO ==<br />
<br />
<pre><br />
sed 's/enabled=.*/enabled=0/' -i /etc/yum.repos.d/elrepo_triumf.repo<br />
sed 's/enabled=.*/enabled=0/' -i /etc/yum.repos.d/elrepo.repo<br />
</pre><br />
<br />
== Reduce install size (optional) ==<br />
<br />
This is optional. Only do this if reducing the size of the OS image is very important.<br />
<br />
Do this for VME processors.<br />
<br />
<pre><br />
yum erase "texlive*" "java*" "boost*" libreoffice"*"<br />
#yum erase "xemacs*"<br />
yum erase "libstdc++-docs"<br />
yum erase firefox google-chrome"*"<br />
yum clean all<br />
</pre><br />
<br />
<pre><br />
/bin/rm -rf /usr/share/help<br />
/bin/rm -rf /usr/share/doc<br />
</pre><br />
<br />
== Update from el7.6 to el7.7 ==<br />
<br />
<pre><br />
yum-config-manager --disable zfs<br />
yum-config-manager --disable zfs-kmod<br />
yum-config-manager --disable zfs-testing-kmod<br />
yum versionlock delete zfs<br />
yum versionlock delete kernel<br />
yum -y update "yum*" "rpm*"<br />
yum -y erase libqtxdg lxqt-qtplugin ### LXQT is not compatible<br />
yum update<br />
after rebooting into el7.7, follow instructions for updating ZFS from version 0.7 to 0.8.<br />
</pre><br />
<br />
== Finish installation ==<br />
<br />
reboot<br />
<br />
== Special hardware settings ==<br />
<br />
=== ASUS Crosshair mobo ===<br />
<br />
* use BIOS version 1207 or newer<br />
* (before CentOS7) sensors need these drivers from ELREPO: yum install --noplugins kmod-it87 kmod-k10temp; sensors-detect; service lm_sensors restart; sensors<br />
* CentOS7: installs correct drivers automatically<br />
<br />
=== ASUS Crosshair-II mobo ===<br />
<br />
* use BIOS version 2607 or newer<br />
* for the onboard IDE to work, add "all-generic-ide" to kernel boot options in grub.conf<br />
* sensors need these drivers from ELREPO: yum install --noplugins kmod-it87 kmod-k10temp; sensors-detect; service lm_sensors restart; sensors<br />
<br />
=== ASUS P7P55D EVO mobo ===<br />
<br />
* use BIOS version 2004 or newer<br />
* SL6 - install special driver for on board PCIe GigE network port and disable on board PCI GigE network port:<br />
** yum --enablerepo elrepo install kmod-r8168 kmod-r8169<br />
** # do not do this: sed 's/^blacklist/#blacklist/' -i /etc/modprobe.d/blacklist-r8169.conf<br />
** reboot<br />
** verify that correct drivers are loaded: ethtool -i eth0; ethtool -i eth1<br />
** note: there will be no eth1 - r8169 driver is disabled.<br />
<br />
=== ASUS P6X58-E-WS mobo ===<br />
<br />
* BIOS settings<br />
** F1 or DEL to enter BIOS setup, F8 boot menu<br />
** go to POWER->HW mon, confirm CPU temperature is around 30C. (heatsink is installed correctly. Bad heatsink temperature quickly goes up to 50-70C).<br />
** Main menu: Storage config - SATA change IDE->AHCI<br />
** System information: confirm BIOS version 301, CPU type, memory size<br />
** AI Tweak: set DRAM frequency - AUTO->DDR3-1333<br />
** Advanced->Onboard devices: LAN BOOT: enabled<br />
** Power->HW monitor: CPU Q-FAN: enabled<br />
** Boot->Settings: Quick boot: enabled; Full screen logo: disabled; Wait for F1: disabled<br />
** Save and exit<br />
<br />
=== ASUS E35M1-M PRO mobo ===<br />
<br />
* http://www.asus.com/Motherboards/E35M1M_PRO/#specifications<br />
* use BIOS version 1002 or newer<br />
* for CPU temperature: install kmod-k10temp from ELREPO (kmod-k10temp-0.0-4.el6.elrepo.x86_64.rpm)<br />
* for Sensors: yum --enablerepo elrepo install kmod-w83627ehf; modprobe w83627ehf; sensors<br />
* for Graphics: yum --enablerepo elrepo install kmod-fglrx fglrx-x11-drv<br />
* to enable booting from USB3, edit /etc/dracut.conf, change line "add_drivers" to read: add_drivers+="xhci-hcd"<br />
* to use multiple monitors, run "aticonfig --initial --heads=2 --adapter=1 --xinerama=on", to change screen layout, edit /etc/X11/xorg.conf. Only dual monitors DVI+HDMI seem to work. Tripple monitors does not seem to work.<br />
<br />
Sensors instructions below are obolete (use driver from ELREPO)<br />
* for Sensors, install driver for NCT6776F chip from https://github.com/groeck/w83627ehf/archives/master (in the Makefile, change the line "KERNEL_BUILD=" to read: "KERNEL_BUILD:=/usr/src/kernels/$(TARGET)"):<br />
<pre><br />
cd ~root<br />
wget http://ladd00.triumf.ca/~olchansk/linux/groeck-w83627ehf-dd3e543/w83627ehf.ko<br />
echo "modprobe hwmon; modprobe hwmon-vid; modprobe k10temp; rmmod w83627ehf; insmod /root/w83627ehf.ko" >> /etc/rc.local<br />
</pre><br />
<br />
=== ASUS E45M1-M PRO mobo ===<br />
<br />
* https://www.asus.com/Motherboards/E45M1M_PRO/#specifications<br />
* use BIOS 1202 or newer<br />
* follow the E35M1-M PRO instructions above<br />
<br />
=== ASUS P9X79 WS ===<br />
<br />
* http://www.asus.com/Motherboard/P9X79_WS/<br />
* use BIOS version 3101, 3401, 4701 or newer. If BIOS is 1305 or older, install P9X79-WS-CAP-Converter.ROM (BIOS 2902/3101), then the new BIOS.<br />
* (not needed for CentOS7) for CPU temperature, install coretemp<br />
* (not needed for CentOS7) for sensors, install driver for NCT6776F chip same as E35M1-M above.<br />
* BIOS Settings:<br />
** enter "Advanced mode"<br />
** Ai Tweaker -> Ai Overclock Tuner -> Set to "XMP" - this enables DDR3-1600 RAM speed vs DDR3-1333 by default<br />
** Monitor -> CPU fan speed low limit -> Set to "200 RPM" - we are using high efficiency slow turning CPU coolers and the default 600 RPM is right on the edge of firing false warnings<br />
** Boot -> Full screen logo -> Set to "disabled"<br />
** Wait for F1 -> Set to "disabled"<br />
<br />
=== ASUS P8B-M ===<br />
<br />
* use BIOS version 6103 or newer<br />
* for CPU temperature, install coretemp<br />
* for sensors, install driver for NCT6776F chip same as E35M1-M above.<br />
<br />
=== SUPERMICRO X9SCL ===<br />
<br />
* yum install kmod-w83627ehf.x86_64 coretemp<br />
* xemacs -nw /etc/rc.local, add:<br />
<pre><br />
modprobe coretemp<br />
modprobe w83627ehf<br />
</pre><br />
<br />
=== ASUS Z87-WS ===<br />
<br />
<pre><br />
cd ~root<br />
wget http://ladd00.triumf.ca/~olchansk/linux/nct6775.ko<br />
echo modprobe hwmon-vid >> /etc/rc.local<br />
echo insmod /root/nct6775.ko >> /etc/rc.local<br />
/etc/rc.local<br />
sensors<br />
</pre><br />
<br />
=== ASUS Z97-WS ===<br />
<br />
the nct6775 driver does not work because of conflict with ACPI.<br />
<br />
=== ASUS AM1M-A ===<br />
<br />
* use BIOS 602 or later<br />
* SL6.5 installer cannot use USB2 ports and the network. Use USB3 ports (blue colour) to boot USB installer (memtest, rescue, etc)<br />
* SL6.5 kernels require boot option "iommu=soft" or USB2 and network do not work. (USB3 - blue ports - seems okey)<br />
* install ATI/AMD video drivers from ELREPO (see below)<br />
* sensors chip is ITE IT8623E, for SL6, use standalone driver from lm_sensors. (2 fans rpm, 2 temperatures):<br />
<pre><br />
cd ~root<br />
wget http://ladd00.triumf.ca/~olchansk/linux/it87.ko<br />
echo modprobe hwmon_vid >> /etc/rc.local<br />
echo insmod /root/it87.ko >> /etc/rc.local<br />
. /etc/rc.local<br />
</pre><br />
* for el7 use it87.ko driver:<br />
<pre><br />
cd ~root<br />
wget https://daqshare.triumf.ca/~olchansk/linux/CentOS7/it87.ko<br />
echo modprobe hwmon_vid >> /etc/rc.local<br />
echo insmod /root/it87.ko >> /etc/rc.local<br />
. /etc/rc.local<br />
</pre><br />
* sensors output:<br />
<pre><br />
[root@midemma02 ~]# sensors<br />
radeon-pci-0008<br />
Adapter: PCI adapter<br />
temp1: +22.0°C (crit = +120.0°C, hyst = +90.0°C)<br />
<br />
fam15h_power-pci-00c4<br />
Adapter: PCI adapter<br />
power1: N/A (crit = 25.00 W)<br />
<br />
k10temp-pci-00c3<br />
Adapter: PCI adapter<br />
temp1: +22.2°C (high = +70.0°C)<br />
(crit = +70.0°C, hyst = +69.0°C)<br />
<br />
it8603-isa-0290<br />
Adapter: ISA adapter<br />
in0: +0.96 V (min = +2.50 V, max = +2.95 V) ALARM<br />
in1: +2.23 V (min = +0.94 V, max = +1.22 V) ALARM<br />
in2: +2.03 V (min = +0.74 V, max = +0.77 V) ALARM<br />
in3: +2.00 V (min = +1.26 V, max = +0.13 V) ALARM<br />
in4: +2.23 V (min = +2.95 V, max = +2.15 V) ALARM<br />
3VSB: +3.36 V (min = +6.00 V, max = +2.50 V) ALARM<br />
Vbat: +3.22 V <br />
+3.3V: +3.36 V <br />
fan1: 611 RPM (min = 200 RPM)<br />
fan2: 707 RPM (min = 600 RPM) ALARM<br />
temp1: +38.0°C (low = +122.0°C, high = +122.0°C) sensor = thermistor<br />
temp2: +22.0°C (low = +119.0°C, high = -35.0°C) ALARM sensor = thermistor<br />
temp3: -128.0°C (low = +16.0°C, high = +93.0°C) sensor = thermistor<br />
intrusion0: ALARM<br />
<br />
[root@midemma02 ~]# <br />
</pre><br />
* AMD "Athlon(tm) 5350 APU" graphics supports 2 monitors maximum (mobo has 3 video outputs, only 2 can be used together)<br />
<br />
=== Intel SE7230NH1 ===<br />
<br />
* front panel header connector pinout is like this:<br />
<pre><br />
PWR LED | 1 2|<br />
| 3 4|<br />
PWR LED | 5 6|<br />
HDD LED | 7 8|<br />
HDD LED | 9 10|<br />
PWR SW |11 12| NIC1 LED<br />
PWR SW |13 14| NIC1 LED<br />
RST SW |15 16|<br />
RST SW |17 18|<br />
|19 20|<br />
NMI SW |21 22| NIC2 LED<br />
NMI SW |23 24| NIC2 LED<br />
... |... |<br />
|33 34|<br />
</pre><br />
<br />
=== ASUS H110M-A/M.2 ===<br />
<br />
* use BIOS 2003 or later<br />
* dmidecode | grep -i nct reports: Nuvoton NCT5539D<br />
* sensors chip is "NCT6793D or compatible chip", for el7, use this driver:<br />
<pre><br />
cd ~root<br />
wget http://ladd00.triumf.ca/~olchansk/linux/nct6775.ko<br />
echo modprobe hwmon-vid >> /etc/rc.local<br />
echo insmod /root/nct6775.ko >> /etc/rc.local<br />
/etc/rc.local<br />
sensors<br />
</pre><br />
<br />
* sensors output:<br />
<pre><br />
[root@daq03 ~]# sensors<br />
acpitz-virtual-0<br />
Adapter: Virtual device<br />
temp1: +27.8°C (crit = +119.0°C)<br />
temp2: +29.8°C (crit = +119.0°C)<br />
<br />
nct6793-isa-0290<br />
Adapter: ISA adapter<br />
in0: +0.34 V (min = +0.00 V, max = +1.74 V)<br />
in1: +1.02 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in2: +3.39 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in3: +3.39 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in4: +1.02 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in5: +0.15 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in6: +0.97 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in7: +3.38 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in8: +3.12 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in9: +1.00 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in10: +0.14 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in11: +0.12 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in12: +0.14 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in13: +0.12 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in14: +0.13 V (min = +0.00 V, max = +0.00 V) ALARM<br />
fan1: 1041 RPM (min = 0 RPM)<br />
fan2: 1020 RPM (min = 0 RPM)<br />
fan5: 0 RPM (min = 0 RPM)<br />
fan6: 0 RPM<br />
SYSTIN: +119.0°C (high = +98.0°C, hyst = +95.0°C) sensor = thermistor<br />
CPUTIN: +26.5°C (high = +80.0°C, hyst = +75.0°C) sensor = thermistor<br />
AUXTIN0: +27.5°C sensor = thermistor<br />
AUXTIN1: +112.0°C sensor = thermistor<br />
AUXTIN2: +111.0°C sensor = thermistor<br />
AUXTIN3: +111.0°C sensor = thermistor<br />
PECI Agent 0: +28.0°C (high = +98.0°C, hyst = +95.0°C)<br />
(crit = +100.0°C)<br />
PECI Agent 0 Calibration: +25.5°C <br />
PCH_CHIP_CPU_MAX_TEMP: +0.0°C <br />
PCH_CHIP_TEMP: +0.0°C <br />
intrusion0: ALARM<br />
intrusion1: ALARM<br />
beep_enable: disabled<br />
<br />
coretemp-isa-0000<br />
Adapter: ISA adapter<br />
Physical id 0: +31.0°C (high = +80.0°C, crit = +100.0°C)<br />
Core 0: +31.0°C (high = +80.0°C, crit = +100.0°C)<br />
Core 1: +28.0°C (high = +80.0°C, crit = +100.0°C)<br />
<br />
[root@daq03 ~]# <br />
</pre><br />
<br />
=== Supermicro X11SSH-F ===<br />
<br />
* blacklist the mei and mei_me drivers per http://www.supermicro.com/support/faqs/faq.cfm?faq=14537<br />
<pre><br />
[root@alpha00 ~]# more /etc/modprobe.d/blacklist.conf<br />
blacklist mei<br />
blacklist mei_me<br />
[root@alpha00 ~]# <br />
</pre><br />
* mobo requires M.2 PCIe SSD (M.2 SATA SSD would not work. SATA SATA SSD ok)<br />
* boot from M.2 PCIe SSD requires UEFI boot (from an MSDOS partition on the SSD)<br />
<br />
=== ASUS TUF Z390M-PRO GAMING (WI-FI) ===<br />
<br />
* BIOS 2417 is okey, upgrade to this if older<br />
* do not set XMP memory mode<br />
* in the BIOS, enable the boot compatibility support module mode: BIOS (press DEL) -> Advanced mode -> BOOT -> CSM Module -> Enable CSM "yes".<br />
* for SL6, install e1000e driver from ELREPO:<br />
<pre><br />
yum install --enablerepo=elrepo kmod-e1000e<br />
</pre><br />
* sensors chip appears to be "Nuvoton NCT6798D" not clear what driver to use<br />
* dmidecode | grep -i nct reports: Nuvoton NCT6798D<br />
* kmod-nct6775-0.0-5.el7_7.elrepo.x86_64.rpm from ELrepo finds the chip but bombs because of conflict with ACPI<br />
<br />
=== ASUS PRIME X399-A ===<br />
<br />
* BIOS 1002<br />
* for reading temperatures and fan rotations, install driver: https://github.com/electrified/asus-wmi-sensors/issues/29<br />
<br />
== Configure X11 graphics ==<br />
<br />
=== Special settings for DAQ ===<br />
<br />
* add the following at the end of /etc/X11/xorg.conf. The enables Ctrl-Alt-KP-/ and Ctrl-Alt-KP-* to unlock the keyboard after Altera Quartus crash:<br />
<pre>Section "ServerFlags"<br />
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Option "AllowDeactivateGrabs" "true"<br />
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Option "AllowClosedownGrabs" "true"<br />
EndSection</pre><br />
<br />
=== Install NVIDIA drivers ===<br />
<br />
* yum --enablerepo=elrepo install nvidia-detect<br />
* run: nvidia-detect<br />
* as instructed by nvidia-detect, install correct driver:<br />
** yum --enablerepo=elrepo install kmod-nvidia<br />
** yum --enablerepo=elrepo install kmod-nvidia-304xx<br />
** yum --enablerepo=elrepo install kmod-nvidia-173xx<br />
* (before SL6.x: if it fails due to conflict with module-init-tools, run "yum --disablerepo \* --enablerepo elrepo update module-init-tools")<br />
* yum erase xorg-x11-glamor ### see http://elrepo.org/tiki/kmod-nvidia (search for glamor)<br />
* mv /etc/X11/xorg.conf /etc/X11/xorg.conf-xxx<br />
* nvidia-xconfig<br />
* (SL6) reboot<br />
* (SL5) /dev/MAKEDEV nvidia<br />
* (SL5) restart the X11 server (Ctrl-Alt-Backspace or "killall Xorg gdm-binary")<br />
* observe that X11 server restarts using the NVIDIA driver (big NVIDIA logo on startup)<br />
* if needed, login as root and run "nvidia-settings" to setup dual-screen configuration, etc<br />
<br />
=== Install legacy NVIDIA drivers ===<br />
<br />
For old NVIDIA cards:<br />
* GeForce FX 5500<br />
<br />
<pre><br />
wget http://us.download.nvidia.com/XFree86/Linux-x86/173.14.31/NVIDIA-Linux-x86-173.14.31-pkg1.run<br />
sh ./NVIDIA-Linux-x86-173.14.31-pkg1.run<br />
</pre><br />
<br />
* GeForce 6200 - NVIDIA Corporation NV44A [GeForce 6200]<br />
<pre><br />
yum install nvidia-x11-drv-304xx-304.121 --enablerepo=elrepo<br />
nvidia-xconfig<br />
rmmod nvidia<br />
killall gdm-binary<br />
login as root<br />
nvidia-settings to setup multiple displays<br />
</pre><br />
<br />
=== Install ATI/AMD drivers ===<br />
<br />
* yum --enablerepo elrepo install kmod-fglrx fglrx-x11-drv<br />
* check that /etc/X11/xorg.conf section "Device" entry "Driver" says "fglrx"<br />
* run "aticonfig --initial" to create xorg.conf if existing one is not good<br />
* run "amdcccle" as root to configure dual-screens, etc<br />
Note: 'amdcccle' is a GUI, so you must run this command from within a running X session<br />
* killall Xorg<br />
<br />
=== Install ATI/AMD drivers (CentOS7) ===<br />
<br />
* wget http://elrepo.org/linux/testing/el7/x86_64/RPMS/fglrx-x11-drv-15.12-3.el7.elrepo.x86_64.rpm<br />
* wget http://elrepo.org/linux/testing/el7/x86_64/RPMS/kmod-fglrx-15.12-3.el7.elrepo.x86_64.rpm<br />
* yum install acpid<br />
* rpm -vh --install kmod-fglrx-15.12-3.el7.elrepo.x86_64.rpm fglrx-x11-drv-15.12-3.el7.elrepo.x86_64.rpm<br />
* amdconfig -f --initial<br />
* grub2-mkconfig -o /boot/grub2/grub.cfg<br />
* reboot<br />
* login as root<br />
* amdcccle<br />
<br />
NOTE: if both drivers - radeon and fglrx are loaded, boot will hang. the radeon driver is supposed to be blacklisted through grub rdblacklist=radeon entry which is installed by running grub2-mkconfig.<br />
<br />
=== Install Intel drivers for HD4600/Z87 ===<br />
<br />
SL6.5 has the required drivers for the socket 1150 machines with Intel HD4600 graphics and Z87 chipset.<br />
<br />
ASUS Z87 WS motherboard has these video connections with corresponding Intel video port assignements, as reported by "xrandr":<br />
* DisplayPort - DP1/HDMI1<br />
* MiniDisplayPort - DP2/HDMI2<br />
* HDMI - HDMI3<br />
<br />
Due to hardware limitations, 3 HDMI monitors using 2 passive DP-HDMI adapters (and 1 straight HDMI) cannot be used.<br />
<br />
To use 3 monitors do this:<br />
* 1st monitor: DisplayPort - DP-to-HDMI-passive-adapter - HDMI monitor (not tried: DP-to-DP-cable - DisplayPort monitor).<br />
* 2nd monitor: MiniDisplayPort - MiniDP-to-DP-cable - DisplayPort monitor<br />
* 3rd monitor: HDMI - HDMI-cable - HDMI monitor<br />
<br />
With the monitors I have (Dell 1920x1200 VGA-HDMI-DP), the software thinks that there are 4 monitors: somehow both DP2 and HDMI2 see 1 minitor each, but the hardware cannot drive 4 monitors, so everything goes blank. To fix, disable HDMI2 (xrandr -display :0 --output HDMI2 --off) and enable DP2 (xrandr -display :0 --output DP2 --auto).<br />
<br />
How to make this configuration permanent and how to assign monitor locations (left-right, etc), you figure it out.<br />
<br />
=== Manual selection of monitor, video mode and resolution ===<br />
<br />
Automatic selection of monitor and video mode usually works. When it does not, configure it manualls:<br />
<br />
* physically go to the computer<br />
* login as root<br />
* run "nvidia-settings" on machines using the NVIDIA driver<br />
* run "aticonfig" on machines with the ATI/AMD driver (use "aticonfig --initial" for initial setup, and good luck with anything more complicated)<br />
* run "system-config-display".<br />
** In the "hardware" tab, select monitor type: "generic LCD 1280x1024" or "generic LCD 1600x1200".<br />
** In the "settings" tab, select "1280x1024" or "1600x1200" and "Thousands of colors".<br />
** Press "ok", the display settings application should close.<br />
* Logout, the new login window should use the new settings.<br />
<br />
=== Disable screen saver ===<br />
<br />
If machine is booted without any monitor connected, current video cards to not enable any video outputs. If a monitor is connected later, there is no video image and there is no easy way to get a video image.<br />
<br />
This can be solved by configuring X11 to always enable some video output. Because the monitor type is not known when X11 starts, one has to select some standard video mode (i.e. VESA 1280x1024) on some video output (VGA, DVI or HDMI).<br />
<br />
Only NVIDIA cards with the NVIDIA driver (from EPEL) is supported by these instructions.<br />
<br />
* create default xorg.conf: nvidia-xconfig<br />
* edit /etc/X11/xorg.conf<br />
* add monitor section for the fake monitor:<br />
<pre><br />
Section "Monitor"<br />
Identifier "Monitor0"<br />
VendorName "Unknown"<br />
ModelName "Unknown"<br />
HorizSync 31.0 - 83.0<br />
VertRefresh 59.0 - 61.0<br />
Option "DPMS" "off"<br />
ModeLine "1280x1024" 108.00 1280 1328 1440 1688 1024 1025 1028 1066 +hsync +vsync<br />
EndSection<br />
</pre><br />
* add output selection in the "Device" section:<br />
<pre><br />
Section "Device"<br />
Identifier "Device0"<br />
Driver "nvidia"<br />
VendorName "NVIDIA Corporation"<br />
BoardName "GeForce 210"<br />
#Option "ConnectedMonitor" "DFP"<br />
#Option "ConnectedMonitor" "CRT"<br />
Option "ConnectedMonitor" "CRT-1"<br />
Option "UseEDID" "no"<br />
EndSection<br />
</pre><br />
* add fake video mode to the "Screen" section:<br />
<pre><br />
Section "Screen"<br />
Identifier "Screen0"<br />
Device "Device0"<br />
Monitor "Monitor0"<br />
DefaultDepth 24<br />
SubSection "Display"<br />
Depth 24<br />
Modes "1280x1024"<br />
EndSubSection<br />
EndSection<br />
</pre><br />
* disable screen saver and DPMS power off in the "ServerLayout" or "ServerFlags" section:<br />
<pre><br />
Section "ServerLayout"<br />
Identifier "Layout0"<br />
Screen 0 "Screen0" 0 0<br />
InputDevice "Keyboard0" "CoreKeyboard"<br />
InputDevice "Mouse0" "CorePointer"<br />
Option "Xinerama" "0"<br />
Option "BlankTime" "0"<br />
Option "StandbyTime" "0"<br />
Option "SuspendTime" "0"<br />
Option "OffTime" "0"<br />
EndSection<br />
<br />
Section "ServerFlags" <br />
Option "BlankTime" "0" <br />
Option "StandbyTime" "0" <br />
Option "SuspendTime" "0" <br />
Option "OffTime" "0" <br />
EndSection <br />
</pre><br />
<br />
== Finish installation ==<br />
<br />
* logout and reboot the computer to have all the changes to take effect<br />
<br />
== Configure HTTPS server (CentOS7) ==<br />
<br />
This will configure the HTTPS/SSL certificate using "certbot" and "letsencrypt" and configure an HTTPS web server using apache httpd.<br />
<br />
First, configure apache httpd:<br />
<br />
* execute these commands:<br />
<pre><br />
yum install -y mod_ssl certwatch crypto-utils<br />
cd /etc/httpd/conf.d/<br />
mv ssl.conf ssl.conf-not-used ### remove the stock ssl.conf which refers to the localhost certificate that will expire in 1 year<br />
touch ssl.conf ### create a blank file to prevent automatic updates from installing a stock ssl.conf file<br />
# this is done later: rm /etc/pki/tls/certs/localhost.crt<br />
</pre><br />
* create new file ssl-daq12.conf # use actual hostname instead of daq12<br />
<pre><br />
Listen 443 https<br />
#SSLPassPhraseDialog exec:/usr/libexec/httpd-ssl-pass-dialog<br />
SSLSessionCache shmcb:/run/httpd/sslcache(512000)<br />
SSLSessionCacheTimeout 300<br />
SSLRandomSeed startup file:/dev/urandom 256<br />
SSLRandomSeed connect builtin<br />
SSLCryptoDevice builtin<br />
<br />
<VirtualHost *:443><br />
ServerName daq12.triumf.ca<br />
DocumentRoot /var/www/html<br />
ErrorLog /var/log/httpd/daq12.log<br />
SSLEngine on<br />
# note SSLProtocol, SSLCipherSuite and some other settings are overwritten by /etc/letsencrypt/options-ssl-apache.conf<br />
# new SSL settings: K.O. Jan 2020, SSLlabs rating "A+"<br />
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1<br />
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!SEED:!IDEA:!RC4:!RSA<br />
SSLHonorCipherOrder on<br />
# pervious SSL settings:<br />
#SSLProtocol all -SSLv2 -SSLv3<br />
#SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!SEED:!IDEA:!RC4<br />
SSLCertificateFile /etc/pki/tls/certs/localhost.crt<br />
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key<br />
#SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt<br />
#ProxyPass /elog/ http://localhost:8082/ retry=1<br />
#ProxyPass / http://localhost:8080/ retry=1<br />
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"<br />
<Location /><br />
SSLRequireSSL<br />
AuthType Basic<br />
AuthName "DAQ password protected site"<br />
Require valid-user<br />
# create password file: touch /etc/httpd/htpasswd<br />
# to add new user or change password: htpasswd /etc/httpd/htpasswd username<br />
AuthUserFile /etc/httpd/htpasswd<br />
</Location><br />
</VirtualHost><br />
</pre><br />
* stop httpd from listening on port 80: edit /etc/httpd/conf/httpd.conf, comment-out the line "Listen 80"<br />
* enable and start httpd:<br />
<pre><br />
systemctl enable httpd<br />
systemctl restart httpd<br />
systemctl status httpd<br />
</pre><br />
* try to access https://daq12.triumf.ca<br />
** you should see a complaint about self-signed certificate<br />
** you should see a request for password (do not login yet)<br />
** if you get "connection refused", HTTPS port 443 may need to be enabled in the local firewall, then try again:<br />
<pre><br />
firewall-cmd --add-port=443/tcp --permanent<br />
firewall-cmd --reload<br />
firewall-cmd --list-all<br />
</pre><br />
<br />
Second, configure certbot:<br />
<br />
(Note: as of 2018-01-18 certbot requires use of http port 80 to get the initial https certificate,<br />
renewal can continue to use the https port 443)<br />
<br />
(Note: as of 2019-01-?? certbot requires use of port 80 for renewals)<br />
<br />
* check that port 80 is not used by anything:<br />
* netstat -an | grep LISTEN | grep ^tcp | grep 80<br />
* lsof -P | grep -i tcp | grep LISTEN | grep 80<br />
* if lsof reports that httpd is listening on port 80, follow the httpd instructions above (remove "listen 80" from httpd.conf<br />
<br />
* install certbot and open tcp port 80 in the firewall:<br />
<pre><br />
yum install -y certbot python2-certbot-apache # (from EPEL)<br />
firewall-cmd --add-port=80/tcp --permanent<br />
firewall-cmd --reload<br />
firewall-cmd --list-all<br />
</pre><br />
* certbot certonly --standalone --installer apache # then answer questions:<br />
* "activate HTTPS for daq12.triumf.ca" - say ok<br />
* "enter email address" - enter your own email address<br />
* "please read terms..." - read the terms and say "agree"<br />
* it will take a few moments...<br />
* "please choose..." - say "easy" (http access is disabled (a) by firewall, (b) by local configuration<br />
* "congratulations..." - say ok.<br />
* certbot install --apache --cert-name daq12.triumf.ca # then answer questions:<br />
* "choose redirect..." - say "1" (no redirect)<br />
* look inside ssl-daq12.conf to see that SSLCertificateFile & co point to certbot certificates in /etc/letsencrypt/live/daq12.triumf.ca/<br />
* remove self-signed localhost certificate, it will expire in 1 year and cause warnings and complaints: rm /etc/pki/tls/certs/localhost.crt<br />
* enable automatic renewal<br />
<pre><br />
systemctl enable certbot-renew.timer<br />
systemctl start certbot-renew.timer<br />
systemctl list-timers --all<br />
</pre><br />
<br />
* to check corrent renewal and to update the certbot config file in /etc/letsencrypt/renewal, run this:<br />
<pre><br />
certbot renew --standalone --installer apache --force-renewal<br />
</pre><br />
<br />
NOTE: this certificate will expire in 3 months, automatic renewal should work starting with certbot-0.12.0-4.el7.noarch.<br />
Certificate expiration should be automatically detected by "certwatch" and email<br />
will be sent to local root user, to be forwarded to an actual person by ~root/.forward.<br />
<br />
Third, activate password protection:<br />
<br />
* as shown in the config file above, create password file and initial user: (replace "midas" with specific username)<br />
<pre><br />
touch /etc/httpd/htpasswd<br />
htpasswd /etc/httpd/htpasswd midas<br />
</pre><br />
<br />
Final test:<br />
* access https://daq12.triumf.ca - https status should be "green"<br />
* login with password should work<br />
* the apache httpd test page should load<br />
* check site security using the SSLlabs https tester. (I get grade "A-"): https://www.ssllabs.com/ssltest/<br />
<br />
From here:<br />
* enable proxy for MIDAS mhttpd - uncomment redirect in the config file above<br />
* enable proxy for ELOG - ditto<br />
* setsebool -P httpd_can_network_connect 1<br />
* systemctl restart httpd<br />
<br />
NOTE: if certbot fails with errors about 'module' object has no attribute 'pyopenssl',<br />
try this: pip install requests==2.6.0<br />
<br />
== Configure large RAID6 arrays ==<br />
<br />
* connect the disks<br />
* check the disks health<br />
** run smart-status.perl<br />
* partition the disks<br />
** yum install gdisk<br />
** gdisk /dev/sdX<br />
** delete all partitions: o<br />
** create new partition: n, enter, enter, enter, fd00 (default sizes, partition type fd00)<br />
** write and exit: w<br />
* check presence of all partitions:<br />
** /bin/ls -l /dev/sd*1<br />
* prepare to use an external bitmap file<br />
** touch /md6bitmap<br />
** edit /etc/fstab, change entry for root filesystem from: "defaults 1 1" to "defaults 0 0"<br />
** edit /boot/grub/grub.conf, change entry "kernel ... ro ..." to "kernel ... rw ..."<br />
* create raid array:<br />
** mdadm --create /dev/md6 --level=6 --bitmap=/md6bitmap --raid-devices=10 /dev/sd[b-k]1<br />
** mdadm -Ds >> /etc/mdadm.conf<br />
** cleanup /etc/mdadm.conf<br />
** echo "echo 16384 > /sys/block/md6/md/stripe_cache_size" >> /etc/rc.local<br />
** echo "echo 1 > /sys/block/md6/md/sync_speed_min" >> /etc/rc.local<br />
** source /etc/rc.local<br />
* observe raid array rebuild:<br />
** watch -d -n1 "cat /proc/mdstat"<br />
<br />
== Configure ZFS ==<br />
<br />
=== Install ZFS ===<br />
<br />
(from here: https://github.com/zfsonlinux/zfs/wiki/RHEL-%26-CentOS)<br />
<br />
Follow the instructions for "kABI-tracking kmod" - dkms modules seem to always mess up the system when upgrading to next release of zfs.<br />
<br />
<pre><br />
#rpm -vh --install http://archive.zfsonlinux.org/epel/zfs-release.el7.noarch.rpm<br />
#yum install http://download.zfsonlinux.org/epel/zfs-release.el7.noarch.rpm<br />
#yum install http://download.zfsonlinux.org/epel/zfs-release.el7_3.noarch.rpm<br />
#yum install http://download.zfsonlinux.org/epel/zfs-release.el7_4.noarch.rpm<br />
#yum install http://download.zfsonlinux.org/epel/zfs-release.el7_5.noarch.rpm<br />
#yum install http://download.zfsonlinux.org/epel/zfs-release.el7_6.noarch.rpm<br />
yum install http://download.zfsonlinux.org/epel/zfs-release.el7_7.noarch.rpm<br />
yum-config-manager --disable zfs<br />
yum-config-manager --disable zfs-kmod<br />
yum --enablerepo=zfs-kmod install zfs<br />
#sed 's/^SELINUX=.*/SELINUX=disabled/' -i /etc/selinux/config<br />
echo USE_DISK_BY_ID=\'yes\' >> /etc/default/zfs<br />
#shutdown -r now # required to load the zfs kernel modules and to disable selinux<br />
modprobe zfs # should work<br />
zpool status # should report no pools available<br />
</pre><br />
<br />
#Note: zfs and selinux and not compatible: with selinux enabled, files on zfs cannot be deleted (files are gone, but "df" does not go down, zfs-0.6.5.7-1.el7.centos.x86_64), see #https://github.com/zfsonlinux/zfs/issues/4845<br />
<br />
* http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/zfs-quickstart.html)<br />
* http://www.freebsd.org/cgi/man.cgi?query=zpool&sektion=8<br />
<br />
If ZFS kernel module does not load automatically at boot time, add this to load it manually:<br />
<pre><br />
ls -l /etc/sysconfig/modules/<br />
cat > /etc/sysconfig/modules/zfs.modules <<EOF<br />
if [ ! -e /sys/module/zfs ] ; then<br />
modprobe zfs;<br />
fi<br />
EOF<br />
chmod +x /etc/sysconfig/modules/zfs.modules<br />
</pre><br />
<br />
=== Update ZFS 0.7 to 0.8 ===<br />
<br />
For CentOS-7.6:<br />
<br />
<pre><br />
yum-config-manager --disable zfs<br />
yum-config-manager --disable zfs-kmod<br />
yum-config-manager --disable zfs-testing-kmod<br />
yum --enablerepo=zfs-testing-kmod --showduplicates list zfs # list all available versions in "zfs-testing-kmod"<br />
yum erase zfs spl<br />
yum --enablerepo=zfs-testing-kmod --showduplicates install zfs # maybe specify specific version<br />
</pre><br />
<br />
For CentOS-7.7:<br />
<br />
<pre><br />
rm /etc/yum.repos.d/zfs.repo* ### delete old repo files<br />
yum upgrade http://download.zfsonlinux.org/epel/zfs-release.el7_7.noarch.rpm<br />
yum-config-manager --disable zfs<br />
yum-config-manager --disable zfs-kmod<br />
yum erase zfs spl<br />
yum --enablerepo=zfs-kmod install zfs<br />
</pre><br />
<br />
Note: if you see yum offering to install "dkms" and "zfs-dkms", the yum config is wrong (we use the kmod-zfs package), check that "zfs" repo is disabled, "zfs-kmod" repo is enabled - see the yum-config-manager commands above.<br />
<br />
=== Lock kernel and zfs packages ===<br />
<br />
<pre><br />
yum versionlock kernel<br />
yum versionlock zfs<br />
yum-config-manager --disable zfs<br />
yum-config-manager --disable zfs-kmod<br />
</pre><br />
<br />
=== Follow generic ZFS instructions ===<br />
<br />
Here: [[ZFS]]<br />
<br />
== performance notes ==<br />
<br />
Go here: [[disk_benchmarks]]<br />
<br />
== Configure UEFI boot ==<br />
<br />
Some mobo can boot from NVME (PCIe) SSDs only via UEFI boot. Do this:<br />
<br />
* partition the NVME SSD using gdisk (must be GPT partition table, must have MSDOS EFI partition size 512MiB)<br />
<pre><br />
[root@alpha00 ~]# gdisk -l /dev/nvme0n1<br />
GPT fdisk (gdisk) version 0.8.6 ...<br />
Found valid GPT with protective MBR; using GPT.<br />
Disk /dev/nvme0n1: 500118192 sectors, 238.5 GiB<br />
Logical sector size: 512 bytes<br />
Disk identifier (GUID): 1A82CC87-2757-44ED-980F-C78E3681D9D3<br />
Partition table holds up to 128 entries<br />
First usable sector is 34, last usable sector is 500118158<br />
Partitions will be aligned on 2048-sector boundaries<br />
Total free space is 2014 sectors (1007.0 KiB)<br />
<br />
Number Start (sector) End (sector) Size Code Name<br />
1 2048 1050623 512.0 MiB EF00 EFI System<br />
2 1050624 500118158 238.0 GiB 8300 Linux filesystem<br />
[root@alpha00 ~]# <br />
</pre><br />
* create filesystems<br />
<pre><br />
mkfs.msdos /dev/nvme0n1p1<br />
mkfs.xfs /dev/nvme0n1p2<br />
</pre><br />
* prepare EFI partition<br />
<pre><br />
mkdir /mnt/efi<br />
mount /dev/nvme0n1p1 /mnt/efi<br />
mkdir -p /mnt/efi/efi/boot<br />
cp /boot/vmlinuz... vmlinuz # copy the desired linux kernel<br />
cp /boot/initramfs... initramfs.img # copy the matching initramfs file<br />
#from /home/olchansk/sysadm/syslinux/syslinux-6.03 copy<br />
cp .../efi64/efi/syslinux.efi .<br />
cp .../efi64/com32/elflink/ldlinux/ldlinux.e64 .<br />
cp syslinux.efi bootx64.efi<br />
</pre><br />
* create syslinux config file: syslinux.cfg<br />
<pre><br />
default linux<br />
label linux<br />
kernel vmlinuz<br />
append ro root=/dev/nvme0n1p2 nomodeset initrd=initramfs.img<br />
</pre><br />
* prepare system partition<br />
<pre><br />
mkdir /mnt/tmp<br />
mount /dev/nvme0n1p2 /mnt/tmp<br />
rsync -avx / /mnt/tmp<br />
cd /mnt/tmp<br />
#edit etc/fstab<br />
#edit etc/syslinux/selinux # set selinux to permissive mode because rsync did not copy the selinux labels<br />
</pre><br />
* unmount and reboot<br />
* restore selinux labels after first boot<br />
<pre><br />
#login as root<br />
cd /<br />
restorecon -R / # can also add "-v" to see progress, but runs much slower<br />
#edit /etc/sysconfig/selinux # enable selinux<br />
#shutdown -r now # reboot with selinux enabled<br />
</pre><br />
<br />
= Configure UEFI secure boot =<br />
<br />
The above instructions do not quite work if "secure boot" is enabled.<br />
<br />
These modifications are needed:<br />
<br />
* ls -l /boot/efi/EFI/bootko/<br />
<pre><br />
total 140116<br />
-rwxr-xr-x 1 root root 108 Feb 24 15:47 BOOTX64.CSV<br />
-rwxr-xr-x 1 root root 1334816 Feb 24 16:16 bootx64.efi<br />
-rwxr-xr-x 1 root root 217495 Feb 24 16:16 config-4.15.0-74-generic<br />
-rwxr-xr-x 1 root root 105 Feb 24 15:47 grub.cfg<br />
-rwxr-xr-x 1 root root 199952 Feb 24 16:16 grubx64.efi<br />
-rwxr-xr-x 1 root root 58986147 Feb 24 16:16 initramfs.img<br />
-rwxr-xr-x 1 root root 58986147 Feb 24 16:16 initrd.img-4.15.0-74-generic<br />
-rwxr-xr-x 1 root root 139968 Feb 24 16:16 ldlinux.e64<br />
-rwxr-xr-x 1 root root 1269496 Feb 24 15:47 mmx64.efi<br />
-rwxr-xr-x 1 root root 1334816 Feb 24 16:16 shimx64.efi<br />
-rwxr-xr-x 1 root root 171 Feb 24 16:16 syslinux.cfg<br />
-rwxr-xr-x 1 root root 102 Feb 24 16:16 syslinux.cfg~<br />
-rwxr-xr-x 1 root root 199952 Feb 24 16:16 syslinux.efi<br />
-rwxr-xr-x 1 root root 4068355 Feb 24 16:16 System.map-4.15.0-74-generic<br />
-rwxr-xr-x 1 root root 8367768 Feb 24 16:16 vmlinuz<br />
-rwxr-xr-x 1 root root 8367768 Feb 24 16:16 vmlinuz-4.15.0-74-generic<br />
</pre><br />
** shmix64.efi is a copy from /boot/efi/EFI/ubuntu<br />
** bootx64.efi is a copy of shimx64.efi (maybe not needed?)<br />
** grubx64.efi is a copy of syslinux.efi<br />
* efibootmgr -c -d /dev/nvme0n1 -p 2 -w -L bootko -l '\EFI\bootko\shimx64.efi'<br />
* efibootmgr -v<br />
<pre><br />
root@daqubuntu:~# efibootmgr -v<br />
BootCurrent: 0000<br />
Timeout: 1 seconds<br />
BootOrder: 0000,0001,0002<br />
Boot0000* bootko HD(2,GPT,5d1cac95-29dd-4d8a-a56e-a8f414dd4047,0x800,0x100000)/File(\EFI\BOOTKO\SHIMX64.EFI)<br />
Boot0001* Hard Drive BBS(HD,,0x0)..GO..NO........y.I.N.T.E.L. .S.S.D.P.E.K.K.W.1.2.8.G.7....................A.......................................<..Gd-.;.A..MQ..L.I.N.T.E.L. .S.S.D.P.E.K.K.W.1.2.8.G.7........BO<br />
Boot0002* ubuntu HD(2,GPT,5d1cac95-29dd-4d8a-a56e-a8f414dd4047,0x800,0x100000)/File(\EFI\UBUNTU\SHIMX64.EFI)..BO<br />
root@daqubuntu:~# <br />
</pre><br />
* NOTE: if, after running "efibootmgr -c", the UUID is zero, then it probably did not take and the entry will vanish after reboot. In my case the mistake was to use "-p 1" instead of "-p 2".<br />
<br />
Boot sequence is this:<br />
* shmix64.efi - Microsoft-signed boot loader is accepted by secure boot, loads and runs<br />
* shimx64.efi loads and runs grubx64.efi, this file name is hardwired into the signed shim, cannot be changed<br />
* grubx64.efi is syslinux.efi (could be anything)<br />
* syslinux.efi runs, loads syslinux.cfg, loads the linux kernel, loads the initrd, runs the linux kernel with specified flags (ro root=...).<br />
<br />
= UEFI syslinux kernel update =<br />
<br />
To update the linux kernel booted by UEFI syslinux, use this script:<br />
* ~root/git/scripts/etc/update_efi.perl</div>
Lindner
https://daq00.triumf.ca/DaqWiki/index.php?title=SLinstall&diff=3025
SLinstall
2020-09-12T14:30:00Z
<p>Lindner: /* Configure NIS secondary server (CentOS7) */</p>
<hr />
<div>== Notes ==<br />
<br />
* these instructions are periodically updated to include items needed for older/newer versions of Linux. They are marked like this: (SL4.2+) means Scientific Linux 4.2 and newer; (SL4 is equivalent to FC3). (FC5 only) means Fedora Core 5; etc.<br />
* obsolete items are marked by the "#" sign at the beginning of the line and sometimes have a comment about the reason for removal.<br />
* typically, we do not "upgrade" machines using the Red Hat "upgrade" function. Instead, we save critical files from the old installation and do a "fresh install" from scratch<br />
* starting with RHEL7, the recommended OS is CentOS7 (instead of SL7).<br />
<br />
== Disk configurations ==<br />
<br />
The year is 2019 and SSDs are used exclusively, except for bulk data storage, where one used 6-8-10-12 TB HDDs<br />
<br />
For reliability, home directories and data disks must use redundant storage - mdadm raid1 or ZFS raid1/raid6.<br />
<br />
For non-critical machines, a single SSD seems to be reliable enough to use as a boot and OS disk. But since any<br />
storage device can fail at any time without warning, home directories and data disks should use redundant storage.<br />
<br />
Note: for data disks bigger than 4-6TB, mdadm raid1/raid6 is no longer recommended because raid rebuild,<br />
verification and repair time has become unreasonably long. Instead, use ZFS raid1/raid6 which implements online verification,<br />
repair and disk replacement without requiring machine shutdown or OS down time.<br />
<br />
* single SSD - 120GB min - single partition for "/", no swap partition (create a swap file if swap is needed) - for non-critical machine with no local data storage (OS only)<br />
* dual SSD - 2x240GB min - all partitions mirrored (RAID1), 30GB "/", rest for /home1 - for daq station with local user home directories and no bulk data storage<br />
* single SSD + 2x6-8-10-12TB HDD - SSD partition: all "/", HDD partition as ZFS raid1 (mirrored) - for daq station with small local bulk data storage<br />
* single SSD + 6-8x6-8-10-12TB HDD - for small storage server machines - for daq station with local home directories and large bulk data storage.<br />
<br />
For VME processors:<br />
<br />
* network boot - [[VME-CPU#Network_boot]] - only option for V7648/V7750, do not use for V7805 (no netboot from GigE), optional for V7865/XVB-602<br />
* USB boot - 8GB USB for V7805, 16GB USB for V7865/XVB-602<br />
<br />
== Preparation ==<br />
<br />
* save /etc, /var, /root, /opt, (if needed: /usr/local, /tftpboot) by rsync to some data disk (/ladd/data0/root)<br />
* check that "/" partition (it will be overwritten) is different from /home1 and /data partitions<br />
* note the MAC addresses of all network interfaces, add them to ladd00 dhcpd.conf to enable PXE boot into the SL "network installer"<br />
* shutdown<br />
<br />
== Running installer (CentOS7) ==<br />
<br />
CentOS7 can be installed from vanilla CentOS7 installation media or from<br />
a custom USB key build per there instructions:<br />
https://daqshare.triumf.ca/~olchansk/linux/CentOS7/<br />
<br />
The custom installer makes it easy to use a custom kickstart file (ks.cfg).<br />
<br />
Instructions for using the usb-installer:<br />
<br />
* disconnect machine from network<br />
* plug the usb-installer into a usb3 port (blue colour)<br />
* reboot machine, select booting from usb (press F8 on ASUS motherboards)<br />
* usb-installer boot menu offers to install CentOS7, go there<br />
* CentOS7 should boot (many messages scroll on screen)<br />
* into graphical mode<br />
* into installer main menu<br />
* all installer options should "happy" except for the "installation destination"<br />
* go to the "installation destination" menu<br />
** unselect all disks except for the SSD where the OS will be installed<br />
** (MOST IMPORTANT: unselect the USB installer disk!)<br />
** select "I will configure..."<br />
** say "done"<br />
** the "manual partitionning" menu will open<br />
*** use the "-" button to delete all existing partitions<br />
*** select "standard partition"<br />
*** click on the "+" button<br />
*** in the "Add new partition" dialog, set mount point "/", capacity blank, click "add mount point"<br />
*** check capacity (should be full size of SSD), check filesystem type (should be XFS)<br />
*** say "done", there will be a warning about absent swap partition, say "done" again.<br />
*** in the big useless dialog, say "accept changes"<br />
*** should be back to the "installation summary" screen, "installation destination" should be happy now<br />
* after everything is happy, say "begin installation"<br />
* as the installation proceeds, set the password for the root user<br />
* after installation is complete, reboot the machine<br />
* unplug the usb-installer, CentOS7 should boot from SSD into the login screen<br />
* click on "not listed?", login as root<br />
* setup network connection:<br />
** open a terminal<br />
** start "nm-connection-editor"<br />
** click on "+" to create a new connection profile<br />
** select "wired ethernet"<br />
** select "add profile..."<br />
** in "Identity", set "name" to "static"<br />
** in "Identity", check that "Connect automatically" and "Make available..." is enabled<br />
** in "IPv4", set "Addresses" to "manual" instead of "dhcp"<br />
** enter IP address, netmask 255.255.224.0, gateway 142.90.100.18, dns 142.90.100.19, search triumf.ca<br />
** say "Add", then close/quit the network settings<br />
* connect network cable<br />
* network should be up, ping ladd00 should work<br />
* run: yum update -y<br />
* check new kernel is installed: ls -l /boot<br />
* logout and restart (good luck finding these buttons in the gui!)<br />
* confirm correct linux kernel is selected during boot (-229.20, not the original installer kernel)<br />
* login as root, confirm network is up, proceed with the rest of these instructions<br />
<br />
== Configure SSH ==<br />
<br />
(+CentOS7)<br />
<br />
* Login from the console<br />
* restore the SSH keys from backup (/etc/ssh/*key*)<br />
* service sshd restart<br />
* ssh into the new machine as root<br />
* ssh root@localhost, ctrl-C<br />
* ### this is done later from Konstantin's git repository - scp root@ladd00:/root/authorized_keys ~root/.ssh/<br />
* (not needed for SL5.5 kickstart) check that /etc/ssh/ssh_config contains "ForwardX11 yes" and "ForwardX11Trusted yes":<br />
<pre><br />
echo " ForwardX11 yes" >> /etc/ssh/ssh_config<br />
echo " ForwardX11Trusted yes" >> /etc/ssh/ssh_config<br />
</pre><br />
<br />
== Post installation CentOS7 ==<br />
<br />
Set hostname: (use full name, i.e. daq11.triumf.ca)<br />
<pre><br />
emacs -nw /etc/hostname<br />
</pre><br />
<br />
<pre><br />
echo "olchansk@triumf.ca amaudruz@triumf.ca lindner@triumf.ca bsmith@triumf.ca" >> ~root/.forward<br />
chmod a+r /var/log/messages<br />
chmod a+r /var/log/yum.log<br />
</pre><br />
<br />
Activate rc.local:<br />
<pre><br />
chmod a+x /etc/rc.local<br />
chmod a+x /etc/rc.d/rc.local # TL edit<br />
systemctl start rc-local<br />
systemctl status rc-local<br />
</pre><br />
<br />
== Disable "persistent network names" (DO NOT DO THIS) ==<br />
<br />
<pre><br />
/bin/touch /etc/udev/rules.d/75-persistent-net-generator.rules<br />
/bin/rm /etc/udev/rules.d/70-persistent-net.rules<br />
#shutdown -r now<br />
</pre><br />
<br />
== Configure NIS client (CentOS7) ==<br />
<br />
<pre><br />
yum -y install ypbind authconfig<br />
echo "NISTIMEOUT=5" >> /etc/sysconfig/network<br />
echo "NETWORKWAIT=yes" >> /etc/sysconfig/network<br />
authconfig --enablenis --enablepreferdns --nisdomain LADD-NIS --nisserver ladd00.triumf.ca --update<br />
ypwhich<br />
ypcat -k passwd<br />
systemctl restart autofs<br />
</pre><br />
* On the master NIS node (ladd00), add this new node to /etc/netgroup, and update NIS maps (cd /var/yp; make)<br />
* Use "system-config-users" to add local user accounts<br />
* enable selinux ssh key login to nfs mounted home directories:<br />
<pre><br />
setsebool -P use_nfs_home_dirs 1<br />
</pre><br />
<br />
== Configure NIS client (CentOS8) ==<br />
<br />
* all the same as for CentOS7<br />
* ensure correct boot order for ypbind (in CentOS 8.1 ypbind is started before network is ready, service file uses "Wants" instead of "After")<br />
<pre><br />
mkdir /etc/systemd/system/ypbind.service.d<br />
echo -e "[Unit]\nAfter=network-online.target\n" > /etc/systemd/system/ypbind.service.d/local.conf<br />
systemctl daemon-reload<br />
systemctl cat ypbind.service<br />
</pre><br />
<br />
== Configure NIS secondary server (CentOS7) ==<br />
<br />
Enable local NIS server, make local machine use it:<br />
<br />
<pre><br />
yum -y install ypserv<br />
/usr/lib64/yp/ypinit -s ladd00 ### (/usr/lib/yp/ypinit on 32-bit machines)<br />
### ypinit will give lots of errors about "rpc.ypxfrd failed: RPC: Can't decode result"; can be ignored<br />
systemctl enable rpcbind ypserv ypxfrd yppasswdd<br />
systemctl start rpcbind ypserv ypxfrd yppasswdd<br />
emacs -nw /etc/yp.conf # change "domain XXX server YYY.triumf.ca" to read "domain XXX server localhost"<br />
systemctl restart ypbind<br />
ypwhich # should say "localhost"<br />
ypcat -k auto.master # should work<br />
</pre><br />
<br />
Punch hole in the firewall: (or "make" on NIS master will complain)<br />
<br />
<pre><br />
echo YPSERV_ARGS=\"-p 800\" >> /etc/sysconfig/network<br />
systemctl restart ypserv<br />
firewall-cmd --get-services<br />
firewall-cmd --add-service rpc-bind --permanent<br />
firewall-cmd --add-port=800/tcp --add-port=800/udp --permanent<br />
firewall-cmd --reload<br />
firewall-cmd --list-all<br />
</pre><br />
<br />
* on the NIS master:<br />
** add the new machine to /var/yp/ypservers, run "make -C /var/yp" and also "cd /var/yp; yppush -h newmachine ypservers"<br />
** if using /var/yp/securenets, copy it from NIS master to new NIS secondary server<br />
<br />
Enable hourly NIS update cron job (DO THIS AFTER git pull scripts, see below)<br />
<br />
<pre><br />
cd ~/git/scripts<br />
git pull<br />
cd etc<br />
cd ~/git/scripts/etc; ln -s $PWD/ypxfr-cron-hourly /etc/cron.hourly<br />
</pre><br />
<br />
== Configure AUTOFS (CentOS7) ==<br />
<br />
<pre><br />
yum -y install autofs<br />
systemctl enable autofs<br />
systemctl start autofs<br />
ls -l /daq/daqshare<br />
</pre><br />
<br />
<br />
<br />
== Label Selinux labels ==<br />
<br />
When upgrading non-selinux machines (el6) to el7 (selinux enforcing) the existing<br />
user home directories will not have the correct selinux labels and many things<br />
will not work, including ssh logins (sshd cannot access ~user/.ssh files).<br />
<br />
<pre><br />
semanage fcontext -a -e /home /home1 ### selinux has special rules for /home, assign them to /home1<br />
restorecon -R -v /home1 ### apply the new rules to files in /home1<br />
ls -Zd /home1/alpha/.ssh<br />
# should say: drwx------. alpha users system_u:object_r:ssh_home_t:s0 /home1/alpha/.ssh<br />
</pre><br />
<br />
== Configure time (CentOS7) ==<br />
<br />
Time server ntpd was replaced by chronyd.<br />
<br />
<pre><br />
yum -y install chrony<br />
echo server time1 iburst >> /etc/chrony.conf<br />
echo server time2 iburst >> /etc/chrony.conf<br />
echo server time3 iburst >> /etc/chrony.conf<br />
systemctl enable chronyd<br />
systemctl restart chronyd<br />
chronyc sources<br />
chronyc tracking<br />
</pre><br />
<br />
* if desired, edit /etc/chrony.conf, remove non-triumf time servers<br />
<br />
== Enable automatic system updates (CentOS7) ==<br />
<br />
Disable yum-cron:<br />
<br />
<pre><br />
rpm --erase yum-cron<br />
/bin/rm -v /var/lock/subsys/yum-cron<br />
/bin/rm -v /etc/cron.daily/0yum-daily.cron<br />
/bin/rm -v /etc/cron.hourly/0yum-hourly.cron<br />
</pre><br />
<br />
Enable yum-autoupdate:<br />
<br />
<pre><br />
yum install -y epel-release<br />
yum install -y yum-changelog yum-protectbase yum-tsflags yum-versionlock<br />
rpm -vh --install http://linuxsoft.cern.ch/cern/centos/7.2/cern/x86_64/Packages/yum-kernel-module-1-5.el7.cern.noarch.rpm<br />
rpm -vh --install http://linuxsoft.cern.ch/cern/centos/7.2/cern/x86_64/Packages/yum-autoupdate-4.4.2-1.el7.cern.noarch.rpm<br />
#rpm -vh --install https://daqshare.triumf.ca/~olchansk/linux/yum-autoupdate-4.4.2-1.el7.cern.noarch.rpm https://daqshare.triumf.ca/~olchansk/linux/yum-kernel-module-1-5.el7.cern.noarch.rpm<br />
systemctl enable yum-autoupdate<br />
systemctl start yum-autoupdate<br />
systemctl status yum-autoupdate<br />
</pre><br />
<br />
== Disable automatic system updates (CentOS7) ==<br />
<br />
<pre><br />
yum -y erase yum-autoupdate<br />
/bin/rm -f /etc/sysconfig/yum-autoupdate.rpmsave<br />
/bin/rm -f /var/lock/subsys/yum-autoupdate<br />
</pre><br />
<br />
== Enable automatic system updates (CentOS8) ==<br />
<br />
<pre><br />
yum -y install dnf-automatic<br />
systemctl enable --now dnf-automatic.timer<br />
systemctl list-timers *dnf-*<br />
</pre><br />
<br />
edit /etc/dnf/automatic.conf<br />
<pre><br />
apply_updates = yes<br />
</pre><br />
<br />
== Configure system services (CentOS7) ==<br />
<br />
* systemctl list-unit-files | grep enabled | sort ### (to see enabled services)<br />
* disable unwanted services:<br />
<pre><br />
systemctl disable bluetooth<br />
systemctl disable dm-event<br />
systemctl disable dmraid-activation<br />
systemctl disable iscsid<br />
systemctl disable iscsi<br />
systemctl disable iscsiuio<br />
systemctl disable libvirtd<br />
systemctl disable lvm2-lmetad<br />
systemctl disable lvm2-monitor<br />
systemctl disable ModemManager<br />
systemctl disable multipathd<br />
systemctl disable netcf-transaction<br />
systemctl disable lvm2-lvmetad.socket<br />
systemctl disable lvm2-lvmpolld.socket<br />
systemctl disable iscsid.socket<br />
systemctl disable iscsiuio.socket<br />
#systemctl disable <br />
</pre><br />
<br />
== Erase unwanted packages (CentOS7) ==<br />
<br />
* PackageKit # bugs users about security updates, hogs yum lock<br />
* perl-homedir # creates unwanted $HOME/perl5<br />
* ModemManager # thinks that all USB-attached devices are modems<br />
* pcp # sends error email to itself, does not work<br />
* abrt # sends email to root about useless crashes, i.e. crash of X when machine is rebooted<br />
* rear # some kind of backup and recovery tool, not clear what it does, but it sends email complaining how it is broken<br />
* bash-completion # "echo $HOME/<TAB>" becomes "echo \$HOME" (notice "\" added before "$") preventing tab-completion from doing anything useful.<br />
<br />
<pre><br />
yum -y erase PackageKit perl-homedir ModemManager pcp abrt abrt-libs abrt-gui-libs rear bash-completion<br />
</pre><br />
<br />
== Disable unwanted package "tracker" ==<br />
<br />
The "tracker" package is part of the GNOME desktop, it scans the content of all files<br />
into a database for quick searching.<br />
<br />
When it malfunctions, bad things happen, i.e. read through<br />
https://bugzilla.redhat.com/show_bug.cgi?id=747689<br />
<br />
Specific problem I see is that it floods the system log with error messages. Also <br />
consumes network and filesystem bandwidth for NFS mounted home directories.<br />
<br />
This package cannot be removed by "yum erase tracker" dues to dependencies<br />
from core GNOME desktop.<br />
<br />
Instead, do this to deactivate it:<br />
<br />
<pre><br />
chmod -x /usr/libexec/tracker-*<br />
chmod -x /usr/bin/tracker<br />
chattr +i /usr/bin/tracker<br />
chattr +i /usr/libexec/tracker-*<br />
</pre><br />
<br />
== Configure external package repositories (CentOS7) ==<br />
<br />
EPEL: (addtional packages)<br />
<pre><br />
yum install epel-release<br />
</pre><br />
<br />
ELREPO: (kernel modules and drivers) (CentOS8)<br />
<pre><br />
yum install elrepo-release<br />
</pre><br />
<br />
ELREPO: (kernel drivers)<br />
<pre><br />
rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org<br />
rpm -Uvh https://www.elrepo.org/elrepo-release-7.0-2.el7.elrepo.noarch.rpm<br />
yum -y install yum-plugin-fastestmirror<br />
</pre><br />
<br />
== Install packages needed to continue with installation ==<br />
<br />
(+CentOS7)<br />
<br />
(these packages are sometimes missing, they are needed to follow following instructions instructions)<br />
<br />
(SL6.5: libotf is a dependancy of emacs - SL6.5 installer fails to install it)<br />
<br />
<pre><br />
yum install ed patch wget git libotf gdisk emacs perl<br />
</pre><br />
<br />
== Configure Konstantin's scripts ==<br />
<br />
(+Centos7)<br />
<br />
<pre><br />
mkdir ~root/git<br />
cd ~root/git<br />
git clone http://ladd00.triumf.ca/~olchansk/git/scripts.git<br />
cd scripts<br />
git pull<br />
</pre><br />
<br />
Go back to the NIS slave server and install the hourly NIS update cron job.<br />
<br />
== Enable yum version lock ==<br />
<br />
<pre><br />
yum install yum-plugin-versionlock<br />
#yum versionlock packagename # yum versionlock rpcbind<br />
#yum versionlock list # list locked packages<br />
#yum versionlock delete packagename # unlock given package<br />
#yum versionlock clear # delete all locks<br />
</pre><br />
<br />
== Configure trusted ssh keys ==<br />
<br />
(+CentOS7)<br />
<br />
<pre><br />
ssh localhost<br />
interrupt by Ctrl-C<br />
/bin/cp ~/git/scripts/etc/authorized_keys ~/.ssh/<br />
</pre><br />
<br />
== Configure hardware sensors ==<br />
<br />
* yum -y install lm_sensors<br />
* sensors-detect (accept default answer to all questions - press ENTER)<br />
* systemctl restart lm_sensors<br />
* sensors (to see available sensors)<br />
<br />
If no sensors are detected by standard drivers, follow motherboard-specific instructions at the bottom of this page.<br />
<br />
== Configure IPMI sensors ==<br />
<br />
Some machines support the IPMI interface for monitoring the hardware: fan speeds, temperatures, voltages.<br />
<br />
* find out if IPMI is supported. Try this:<br />
<pre><br />
dmidecode | grep -i ipmi<br />
</pre><br />
if output is not blank, IPMI is maybe supported.<br />
* install and enable IPMI software:<br />
<pre><br />
yum install "OpenIPMI*" ipmitool<br />
service ipmi start<br />
ipmitool sensor ### to confirm IPMI is present. If output is blank, do not go further.<br />
chkconfig ipmi on<br />
chkconfig ipmievd on<br />
service ipmi restart<br />
service ipmievd restart<br />
tail -100 /var/log/messages ### look at messages logged by ipmievd<br />
</pre><br />
* (CentOS7) install and enable IPMI software:<br />
<pre><br />
yum install "OpenIPMI*" ipmitool<br />
systemctl start ipmi<br />
ipmitool sensor ### to confirm IPMI is present. If output is blank, do not go further.<br />
systemctl list-unit-files | grep -i ipmi<br />
systemctl enable ipmi<br />
systemctl restart ipmi<br />
systemctl status ipmi<br />
systemctl enable ipmievd<br />
systemctl restart ipmievd<br />
systemctl status ipmievd<br />
tail -100 /var/log/messages ### look at messages logged by ipmievd<br />
</pre><br />
<br />
* if ipmievd complains about SEL buffer overflow, clear it manually:<br />
<pre><br />
ipmitool sel list ### show ipmi messages in raw format<br />
ipmitool sel elist ### show ipmi messages in useful format<br />
ipmitool sel elist > file ### save ipmi messages into a file<br />
ipmitool sel clear ### clear all accumulated ipmi messages<br />
</pre><br />
<br />
* useful ipmi commands:<br />
** ipmitool sensor -- read hardware sensors<br />
** ipmitool sel elist -- report all accumulated messages<br />
<br />
== Configure ECC memory ==<br />
<br />
* check that machine has ECC memory: dmidecode --type memory | grep -i ecc<br />
<br />
Configure mcelog (machine check exception)<br />
<br />
* yum install mcelog<br />
* check that mcelog is running: ps -efw | grep mcelog<br />
* (el6) chkconfig mcelogd on; service mcelogd restart<br />
* (el7) systemctl status mcelog.service; systemctl enable mcelog.service; systemctl restart mcelog.service<br />
<br />
Check for MCE (machine check exception) messages:<br />
<br />
* mcelog --client<br />
* grep -i mce /var/log/messages*<br />
* grep -i ecc /var/log/messages*<br />
<br />
Configure EDAC<br />
<br />
<pre><br />
yum install edac-utils<br />
edac-ctl --mainboard<br />
edac-ctl --status<br />
lsmod | grep edac<br />
modprobe ie31200_edac ### driver for Intel E3-1200 series ECC memory<br />
<br />
[root@grsmid00 ~]# ls -l /sys/devices/system/edac/mc/<br />
... empty<br />
<br />
[root@alpha00 ~]# ls -l /sys/devices/system/edac/mc/<br />
drwxr-xr-x. 15 root root 0 Oct 25 16:40 mc0<br />
...<br />
[root@alpha00 ~]# ls -l /sys/devices/system/edac/mc/mc0<br />
total 0<br />
-r--r--r--. 1 root root 4096 Oct 25 16:40 ce_count<br />
-r--r--r--. 1 root root 4096 Oct 25 16:40 ce_noinfo_count<br />
drwxr-xr-x. 3 root root 0 Oct 25 16:40 csrow0<br />
drwxr-xr-x. 3 root root 0 Oct 25 16:40 csrow1<br />
drwxr-xr-x. 3 root root 0 Oct 25 16:40 csrow2<br />
drwxr-xr-x. 3 root root 0 Oct 25 16:40 csrow3<br />
-r--r--r--. 1 root root 4096 Oct 25 16:40 max_location<br />
-r--r--r--. 1 root root 4096 Oct 25 16:40 mc_name<br />
drwxr-xr-x. 2 root root 0 Oct 25 16:40 power<br />
drwxr-xr-x. 3 root root 0 Oct 25 16:40 rank0<br />
drwxr-xr-x. 3 root root 0 Oct 25 16:40 rank1<br />
drwxr-xr-x. 3 root root 0 Oct 25 16:40 rank2<br />
drwxr-xr-x. 3 root root 0 Oct 25 16:40 rank3<br />
drwxr-xr-x. 3 root root 0 Oct 25 16:40 rank4<br />
drwxr-xr-x. 3 root root 0 Oct 25 16:40 rank5<br />
drwxr-xr-x. 3 root root 0 Oct 25 16:40 rank6<br />
drwxr-xr-x. 3 root root 0 Oct 25 16:40 rank7<br />
--w-------. 1 root root 4096 Oct 25 16:40 reset_counters<br />
-r--r--r--. 1 root root 4096 Oct 25 16:40 seconds_since_reset<br />
-r--r--r--. 1 root root 4096 Oct 25 16:40 size_mb<br />
lrwxrwxrwx. 1 root root 0 Oct 2 12:02 subsystem -> ../../../../../bus/mc0<br />
-r--r--r--. 1 root root 4096 Oct 25 16:40 ue_count<br />
-r--r--r--. 1 root root 4096 Oct 25 16:40 ue_noinfo_count<br />
-rw-r--r--. 1 root root 4096 Oct 25 16:40 uevent<br />
[root@alpha00 ~]# <br />
<br />
[root@alpha00 ~]# edac-ctl --status<br />
edac-ctl: drivers are loaded.<br />
<br />
[root@alpha00 ~]# edac-util <br />
edac-util: No errors to report.<br />
<br />
[root@alpha00 ~]# edac-util -s<br />
edac-util: EDAC drivers are loaded. 1 MC detected<br />
</pre><br />
<br />
== Configure SMARTD (CentOS7) ==<br />
<br />
Default el7 smartd config files send deficient email notices about disk failures. Overwrite.<br />
<br />
<pre><br />
/bin/cp ~/git/scripts/etc/smartd.conf /etc/smartmontools/<br />
/bin/cp ~/git/scripts/etc/smartd_warning.sh /etc/smartmontools/<br />
systemctl enable smartd<br />
systemctl restart smartd<br />
systemctl status smartd<br />
</pre><br />
<br />
== Enable User Disk Quotas (OPTIONAL) ==<br />
<br />
(+CentOS7)<br />
<br />
* read http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Storage_Administration_Guide/ch-disk-quotas.html<br />
* emacs -nw /etc/fstab, add "grpquota,usrquota" to filesystem options, e.g.:<br />
<pre><br />
[root@isdaq00 home1]# grep quota /etc/fstab<br />
UUID=5a2aefbd-45db-475e-841e-12ec89220fbd /home1 ext4 defaults,grpquota,usrquota 1 2<br />
</pre><br />
* cd /; umount /home1; mount /home1<br />
* quotacheck -cug /home1<br />
* quotacheck -avug<br />
* quotaon -av<br />
* quota system is now active<br />
* increase the soft quota time limit from default 7days to 30 or 60 days: edquota -t<br />
* set quotas for all users (see below)<br />
* setup warnquota:<br />
** create warnquota config file: emacs -nw /etc/warnquota.conf<br />
<pre><br />
# values can be quoted:<br />
MAIL_CMD = "/usr/sbin/sendmail -t"<br />
FROM = root<br />
SUBJECT = User %i@%h exceeded allocated disk quota<br />
CC_TO = "root"<br />
# If you set this variable CC will be used only when user has less than<br />
# specified grace time left (examples of possible times: 5 seconds, 1 minute,<br />
# 12 hours, 5 days)<br />
# CC_BEFORE = 2 days<br />
SUPPORT = "root"<br />
# Text in the beginning of the mail (if not specified, default text is used)<br />
# This way text can be split to more lines<br />
# Line breaks are done by '|' character<br />
# The expressions %i, %h, %d, and %% are substituted for user/group name,<br />
# host name, domain name, and '%' respectively. For backward compatibility<br />
# %s behaves as %i but is deprecated.<br />
MESSAGE = User "%i" on "%h" has exceeded the allocated disk quota.||Please delete any unnecessary files on following filesystems or|contact the system administrato<br />
r to increase your quota allocation:|<br />
SIGNATURE = --|automated email from warnquota<br />
</pre><br />
** note that %i@%h in the SUBJECT line do not seem to work<br />
** create cron job: emacs -nw /etc/cron.daily/warnquota<br />
<pre><br />
#!/bin/sh<br />
warnquota<br />
#end<br />
</pre><br />
** chmod a+x /etc/cron.daily/warnquota<br />
** touch /etc/crontab<br />
<br />
Useful commands for managing quotas:<br />
* repquota -a | sort -n -k3 ### show quota of all users sorted by disk usage<br />
* edquota -u username ### open "vi" editor to change user quotas<br />
* repquote -a | grep username ### report quota for given user<br />
* setquota -u username 0 0 0 0 /home1 ### disable quotas for given user<br />
* setquota -u username 50000000 100000000 0 0 /home1 ### set quotas for 50GB soft and 100GB hard<br />
* edquota -t ### change user quota time limits<br />
* edquote -tg ### change group quota time limits<br />
<br />
== Enable NFS V4 server (CentOS7) ==<br />
<br />
* create /etc/exports. example: (fsid numbers should be unique and increase 1,2,3,...)<br />
<pre><br />
/home1 @home_export(rw,no_root_squash,async,fsid=1)<br />
/data1 @data_export(rw,no_root_squash,async,fsid=2)<br />
</pre><br />
* check the netgroup file<br />
** if using NIS: check NIS netgroup: ypcat -k netgroup<br />
** if no NIS, create /etc/netgroup: @daqmachines (deap00,,) (deap01,,) (deap02,,)<br />
** if no NIS, edit /etc/nsswitch.conf, make the netgrooup line read: "netgroup: files"<br />
* enable things, start them:<br />
<pre><br />
firewall-cmd --get-services<br />
firewall-cmd --permanent --add-service=nfs<br />
firewall-cmd --reload<br />
firewall-cmd --list-all<br />
systemctl enable nfs-server<br />
systemctl start nfs-server<br />
systemctl status nfs<br />
</pre><br />
<br />
== Enable NFS V3 server (CentOS7) ==<br />
<br />
<pre><br />
ps -efw | grep rpc.mountd # should be running!<br />
firewall-cmd --get-services<br />
firewall-cmd --permanent --add-service=mountd<br />
firewall-cmd --permanent --add-service=rpc-bind<br />
firewall-cmd --reload<br />
firewall-cmd --list-all<br />
</pre><br />
<br />
== Enable NFS V3 server ==<br />
<br />
* edit /etc/hosts.allow, add or uncomment "mountd: 142.90.0.0/255.255.0.0"<br />
* create /etc/exports. example:<br />
<pre><br />
/home1 @home_export(rw,no_root_squash,async)<br />
/data1 @data_export(rw,no_root_squash,async)<br />
</pre><br />
* check the netgroup file<br />
** if using NIS: check NIS netgroup: ypcat -k netgroup<br />
** if no NIS, create /etc/netgroup: @daqmachines (deap00,,) (deap01,,) (deap02,,)<br />
** if no NIS, edit /etc/nsswitch.conf, make the netgrooup line read: "netgroup: files"<br />
* chkconfig nfs on<br />
* chkconfig nfslock on<br />
* service nfs restart<br />
<br />
Then on ladd00 need to do<br />
* ssh to root@ladd00<br />
* edit /etc/auto.daq to add new machine...<br />
* make -C /var/yp<br />
<br />
== Enable NFS V4 SERVER (SL6) ==<br />
<br />
* if used with NIS, same as NFSv3<br />
* if used as standalone, need to edit idmapd.conf - set the "Domain" name to the same value on NFS server and NFS slave (default automagically determined value does not always work). More TBW.<br />
<br />
== Enable AMANDA backups ==<br />
<br />
AMANDA backups are already enabled by TRIUMF kickstart installs. For non-kickstart installation, follow instructions at [[http://amanda/~amanda http://amanda/~amanda]], or look at "/triumfcs/trshare/olchansk/linux/amanda/amanda-enable.perl". As final step, use [[https://helpdesk.triumf.ca https://helpdesk.triumf.ca]] to contact TRIUMF CS to add this new machine to the amanda backup list.<br />
<br />
* yum install triumf-amanda<br />
<br />
== Enable AMANDA backups (CentOS7) ==<br />
<br />
<pre><br />
yum install amanda-client<br />
systemctl list-unit-files | grep -i amanda<br />
#systemctl enable amanda<br />
systemctl enable amanda.socket<br />
systemctl enable amanda-udp.socket<br />
systemctl restart amanda.socket<br />
systemctl restart amanda-udp.socket<br />
firewall-cmd --get-services<br />
firewall-cmd --permanent --add-service=amanda-client<br />
firewall-cmd --reload<br />
firewall-cmd --list-all<br />
echo amanda.triumf.ca amanda amdump >> /var/lib/amanda/.amandahosts<br />
</pre><br />
<br />
On amanda server, add new machine to the disklist, then:<br />
<br />
<pre><br />
amcheck -c daily titan00<br />
</pre><br />
<br />
== Enable DCACHE ==<br />
<br />
DAQ dcache server is mounted as<br />
<br />
/daq/pnfs/triumf.ca/data/<br />
<br />
For Centos-7 machines, you need to adjust the firewall rules in order to be able to communicate with the trdata machines; this is only necessary if you are copying data to trdata. The firewall changes are<br />
<br />
<pre><br />
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="142.90.100.212/32" port protocol="tcp" port="0-65535" accept"<br />
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="142.90.107.156/32" port protocol="tcp" port="0-65535" accept"<br />
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="142.90.100.219/32" port protocol="tcp" port="0-65535" accept"<br />
firewall-cmd --reload<br />
firewall-cmd --list-all<br />
</pre><br />
<br />
This instructions are unnecessary <br />
* # mkdir -p /pnfs<br />
* # edit /etc/rc.local, add to the end of file: "mount -o intr,rw,noac,hard,nfsvers=3 trdata00:/pnfs /pnfs &"<br />
* # . /etc/rc.local<br />
<br />
For more information on, see [[TrdataDcache]] dcache page.<br />
<br />
== Configure Ganglia (Centos7) ==<br />
<br />
CentOS7 Ganglia instructions (EPEL7 ganglia-3.7.2)<br />
<br />
<pre><br />
/bin/rm /etc/gmond.conf<br />
yum -y install "ganglia-gmond*"<br />
/bin/cp -v /dev/null /etc/ganglia/conf.d/multicpu.conf # collects useless data<br />
/bin/cp -v /dev/null /etc/ganglia/conf.d/netstats.pyconf # spews errors into syslog<br />
/bin/cp -v /dev/null /etc/ganglia/conf.d/diskstat.pyconf # collects useless data<br />
/bin/cp -v /dev/null /etc/ganglia/conf.d/procstat.pyconf # do not create /tmp/gmond.conf<br />
/bin/cp ~/git/scripts/etc/gmond.conf /etc/ganglia/gmond.conf<br />
systemctl enable gmond<br />
systemctl restart gmond<br />
systemctl status gmond<br />
</pre><br />
<br />
== Configure TRIUMF DAQ packages ==<br />
<br />
(+CentOS7)<br />
<br />
<pre><br />
cd /etc/yum.repos.d<br />
wget http://daq.triumf.ca/~daqweb/yum/triumf-daq.repo<br />
</pre><br />
<br />
== Install Konstantin's packages ==<br />
<br />
(+CentOS7)<br />
<br />
<pre><br />
yum --disablerepo=\* --enablerepo=triumf-daq --skip-broken install diskscrub emailonreboot monitor_nfs "ganglia-*" triumf_nodeinfo<br />
</pre><br />
<br />
== Install memtest and PXE boot ==<br />
<br />
!!!DO NOT DO THIS!!!<br />
<br />
<pre><br />
cd /boot<br />
wget http://ladd00.triumf.ca/tftpboot/memtest86+-5.01.bin.gz<br />
wget http://ladd00.triumf.ca/tftpboot/memtest86+-4.20.bin.gz<br />
wget http://ladd00.triumf.ca/tftpboot/memtest86+-4.10<br />
wget http://ladd00.triumf.ca/tftpboot/gpxe-1.0.1+-gpxe.lkrn<br />
<br />
emacs -nw /boot/grub/grub.conf<br />
title memtest86+-5.01<br />
root (hd0,0)<br />
kernel /boot/memtest86+-5.01.bin.gz<br />
title memtest86+-4.20<br />
root (hd0,0)<br />
kernel /boot/memtest86+-4.20.bin.gz<br />
title memtest86+-4.10<br />
root (hd0,0)<br />
kernel /boot/memtest86+-4.10<br />
title pxeboot<br />
root (hd0,0)<br />
kernel /boot/gpxe-1.0.1+-gpxe.lkrn<br />
</pre><br />
<br />
== Install node monitoring ==<br />
<br />
(+CentOS7)<br />
<br />
<pre><br />
yum --disablerepo=\* --enablerepo=triumf-daq --skip-broken install triumf_nodeinfo<br />
/usr/sbin/sendnodeinfo.perl --config ladd00.triumf.ca:8600<br />
emacs -nw /etc/nodeinfo<br />
/usr/sbin/sendnodeinfo.perl ladd00.triumf.ca:8600<br />
</pre><br />
<br />
== Install gonodeinfo node monitoring ==<br />
<br />
(+Ubuntu, +CentOS7, +CentOS8)<br />
<br />
go to https://bitbucket.org/dd1/gonodeinfo<br />
follow instructions:<br />
<pre><br />
yum -y install golang<br />
mkdir ~/git<br />
cd ~/git<br />
git clone https://bitbucket.org/dd1/gonodeinfo.git<br />
# or git clone https://daq.triumf.ca/~olchansk/git/gonodeinfo.git<br />
cd gonodeinfo<br />
git pull<br />
make<br />
make install # install gonodeinfo agent<br />
cd ~ # this is important<br />
</pre><br />
<br />
* emacs -nw /etc/gonodeinfo.conf<br />
* change "Description", "Location", "User" and "Administrator" as appropriate (or delete them)<br />
* change "Servers" to read: Servers: ladd00.triumf.ca:8601<br />
* run gonodeinfo -e<br />
* if error is "connection refused". go to the nodeinfo server to add this client to the access control list:<br />
* on the gonodeinfo server: run gonodereceive -a daq13<br />
* try gonodeinfo again, there should be no error<br />
* on the gonodeinfo server: run gonodereport, look at the web pages, the new machine should be listed now<br />
<br />
== Install latest system updates ==<br />
<br />
(+CentOS7)<br />
<br />
<pre><br />
yum update -y<br />
</pre><br />
<br />
== Configure TRIUMF Printers (CentOS7) ==<br />
<br />
<pre><br />
systemctl stop cups<br />
systemctl disable cups<br />
echo "ServerName printers.triumf.ca" > /etc/cups/client.conf<br />
lpstat -a<br />
</pre><br />
<br />
== Disable syslog spam (CentOS7) ==<br />
<br />
Default el7 config is spamming the syslog with useless messages "systemd: Starting Session", etc. Disable this:<br />
<br />
<pre><br />
echo auditctl -e 0 >> /etc/rc.local<br />
echo /usr/bin/systemd-analyze set-log-level notice >> /etc/rc.local<br />
/etc/rc.local<br />
</pre><br />
<br />
== Install basic system packages (CentOS7) ==<br />
<br />
(if starting from minimal system, basic system packages required:)<br />
<br />
<pre><br />
yum install -y which psmisc redhat-lsb-core xorg-x11-xauth xterm emacs-nox rsync tcpdump strace nfs-utils sysstat iftop tcsh<br />
yum install -y gcc gcc-c++ gdb glibc-static libstdc++-static zlib zlib-devel openssl-devel httpd-tools<br />
</pre><br />
<br />
== Install packages needed for QUARTUS, ROOT, EPICS and MIDAS DAQ ==<br />
<br />
(+CentOS7)<br />
<br />
yum install --skip-broken giflib.x86_64 sysstat "libusb-devel*" unixODBC-devel postgresql-devel libxml2-devel libXpm-devel libgfortran git compat-readline43 "graphviz*" dcap "tigervnc*" telnet glibc"*" strace "fftw*" libpng "freetype*" xpdf "xemacs*" tkcvs xterm mutt "*-g77*" joe "libXmu*" dcap-devel gsl-devel pcre-devel h5py gd-devel xorg-x11-fonts"*" minicom xfig"*" perl-BSD-Resource "net-snmp-*" readline-static git-all nasm imake tcl-devel gv xorg-x11-twm expat-devel screen compat-readline5 ImageMagick ImageMagick-devel wget alacarte scipy numpy sympy nedit gnuplot php-cli php-domxml-php4-php5 php-gd php-fpdf php-cli kdebase cmake tcpdump sqlite sqlite-devel kdegraphics gdisk lsof gconf-editor iftop tk-devel mcelog kdm blt itcl lz4 bzip2 pbzip2 apr-devel apr-util-devel net-tools golang"*" --exclude golang-cover"*"hg"*" --exclude golang"*"hg"*" --exclude golang-pkg"*" --exclude golang-github"*" --exclude golang"*"git"*" mesa"*" xerces-c"*" diffuse clang i2c-tools texlive-revtex texlive-revtex4 kile kbibtex xrdp glibc.i686 gimp gimp-data-extras perl-GD"*" perl-Math"*" perl-Statistics-Basic cmake3 cmake3-gui extra-cmake-modules python2-pip x2go"*" mariadb-devel glibc-devel.i686 libzstd<br />
<br />
== Install optional packages ==<br />
<br />
!! DO NOT DO THIS !!<br />
<br />
(do not install boost on 32-bit machines)<br />
<br />
yum install --skip-broken "boost-*" <br />
<br />
(packages for 32-bit software compilation on 64-bit machines. this is optional)<br />
<br />
yum install --skip-broken giflib.i386 giflib.i686 compat-libf2c-34.i386 compat-libf2c-34.i686 mysql-devel.i686 openssl-devel.i686 unixODBC-devel.i686 libstdc++-devel.i386 libstdc++-devel.i686 "zlib-*.i686" "libXext-*.i686" "libXtst-*.i686" glibc-static.i686 freetype.i686 fontconfig.i686 libpng.i686 libXrender.i686 glibc-devel.i686 libX11-devel.i686 libXpm-devel.i686 libXft-devel.i686 mysql-devel.i686 dcap-devel.i686 gsl-devel.i686 pcre-devel.i686 fontconfig-devel.i686 freetype-devel.i686 libpng-devel.i686 libjpeg-devel.i686 libgfortran.i686 libxml2-devel.i686 gd-devel.i686 readline-devel.i686 ncurses-devel.i686 libXdmcp.i686 readline-static.i686 compat-readline5.i686<br />
<br />
yum install boost-devel.i686<br />
<br />
(separately install these packages - they collide with the big bunch above)<br />
<br />
yum install rdesktop<br />
<br />
yum reinstall urw-fonts<br />
<br />
== Install libraries for PHYSICA (CentOS7) ==<br />
<br />
To run physica built on el6 from git sources on el7, do this:<br />
<br />
(building physica on el7 is nort supported at this time)<br />
<br />
(see more http://www.triumf.info/wiki/DAQwiki/index.php/PHYSICA)<br />
<br />
<pre><br />
yum -y install libX11.i686 gd.i686 libpng12.i686 readline.i686 compat-libf2c-34.i686<br />
</pre><br />
<br />
== Install additional desktop environements (CentOS7) ==<br />
<br />
<pre><br />
# LXQT (from EPEL)<br />
# NOT COMPATIBLE WITH el7.7 # yum -y install "lxqt*"<br />
# Cinnamon desktop (from EPEL)<br />
yum -y install cinnamon<br />
# KDE5 not available yet<br />
# MATE (from epel)<br />
yum -y groupinstall "MATE Desktop"<br />
yum -y install mate-common mate-icon-theme-faenza mate-netspeed mate-sensors-applet mate-themes-extras mate-utils<br />
yum -y erase ModemManager abrt abrt-libs abrt-gui-libs<br />
# XFCE4 (from EPEL)<br />
yum -y groupinstall xfce<br />
yum -y install "xfce*plugin" xfce4-about --exclude xfce4-hamster-plugin<br />
yum -y erase bash-completion<br />
</pre><br />
<br />
* make the MATE desktop as default<br />
<br />
<pre><br />
cd ~root/git/scripts/<br />
git pull<br />
/bin/cp -v etc/lightdm_default_mate.conf /etc/lightdm/lightdm.conf.d/<br />
</pre><br />
<br />
* lighdm login manager (from EPEL)<br />
<pre><br />
yum install lightdm lightdm-kde lightdm-qt lightdm-qt5<br />
</pre><br />
<br />
* and switch from gdm to lighdm<br />
<pre><br />
systemctl disable gdm.service<br />
systemctl enable lightdm.service<br />
(systemctl stop gdm; systemctl restart lightdm) &<br />
</pre><br />
<br />
== Install SMART scripts ==<br />
<br />
(+CentOS7)<br />
<br />
<pre><br />
ln -sf ~/git/scripts/smart-status/smart-status.perl ~/<br />
</pre><br />
<br />
== Install NTFS drivers ==<br />
<br />
yum install ntfs-3g ntfsprogs (from EPEL)<br />
<br />
== Install HFS and HFS+ drivers (CentOS7) ==<br />
<br />
yum --disablerepo=\* --enablerepo=elrepo install kmod-hfs kmod-hfsplus<br />
<br />
== Install Google Chrome web browser (64-bit CentOS7) ==<br />
<br />
<pre><br />
/bin/cp ~/git/scripts/etc/google-chrome-64.repo /etc/yum.repos.d/<br />
yum install google-chrome-stable<br />
</pre><br />
<br />
== Enable monitoring of HTTPS certificates ==<br />
<br />
On SL6, CentOS7:<br />
<br />
<pre><br />
yum install crypto-utils<br />
/etc/cron.daily/certwatch<br />
strace -f /etc/cron.daily/certwatch |& grep open | grep crt<br />
</pre><br />
<br />
== Enable 100dpi fonts for EPICS ==<br />
<br />
(+CentOS7)<br />
<br />
<pre><br />
ln -s /usr/share/X11/fonts/100dpi /etc/X11/fontpath.d/<br />
</pre><br />
<br />
== Enable crontab @reboot for MIDAS (CentOS7) ==<br />
<br />
el7 has a bug - cron @reboot entries for normal users can run before autofs is ready, so if the home directory<br />
is on autofs/NFS, it cannot be accessed and the cron job fails. If MIDAS is supposed to be<br />
started by cron @reboot, it will not start (there *will* be an error message in /var/log/cron).<br />
<br />
<pre><br />
mkdir /etc/systemd/system/crond.service.d<br />
echo -e "[Unit]\nAfter=ypbind.service autofs.service\n" > /etc/systemd/system/crond.service.d/local.conf<br />
systemctl daemon-reload<br />
systemctl cat crond.service<br />
</pre><br />
<br />
Explore the systemd dependacy tree using "systemctl list-dependencies" maybe with "--all".<br />
<br />
Visualize the exact boot sequence from previous boot: "systemd-analyze plot > xxx.svg", look at the svg file using a web browser.<br />
<br />
== Enable firewall for MIDAS (CentOS7) ==<br />
<br />
Default el7 configuration prevents all access to servers running on the local machine, including access to MIDAS mhttpd (tcp port 8443) and mserver (all tcp ports).<br />
<br />
To enable access to mhttpd:<br />
<br />
<pre><br />
firewall-cmd --add-port=8443/tcp --permanent<br />
firewall-cmd --reload<br />
firewall-cmd --list-all<br />
</pre><br />
<br />
To enable access to the mserver from a specific host: (replace 142.90.111.175 with the IP address of the permitted host)<br />
<br />
<pre><br />
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="142.90.111.175/32" port protocol="tcp" port="0-65535" accept"<br />
firewall-cmd --reload<br />
firewall-cmd --list-all<br />
</pre><br />
<br />
To enable access from the private network (replace "192.168.1.0" with your private network number):<br />
<br />
<pre><br />
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.1.0/24" port protocol="tcp" port="0-65535" accept"<br />
firewall-cmd --reload<br />
firewall-cmd --list-all<br />
</pre><br />
<br />
== Enable firewall for EPICS (CentOS7) ==<br />
<br />
To enable access to TRIUMF EPICS servers, do this:<br />
<br />
<pre><br />
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="142.90.132.0/23" accept"<br />
firewall-cmd --reload<br />
firewall-cmd --list-all<br />
</pre><br />
<br />
For UCN the controls people seem to have EPICS setup on a different server; this might be true for CMMS as well. In this case the firewall rule change should be<br />
<br />
<pre><br />
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="142.90.139.0/23" accept"<br />
firewall-cmd --reload<br />
firewall-cmd --list-all<br />
</pre><br />
<br />
== Disable gdm and X11 (OPTIONAL) ==<br />
<br />
<pre><br />
initctl stop prefdm<br />
echo "start on never" > /etc/init/prefdm.override<br />
echo "start on never" > /etc/init/splash-manager.override<br />
initctl reload-configuration<br />
</pre><br />
<br />
then enable login on default console:<br />
<pre><br />
echo "plymouth quit" >> /etc/rc.local<br />
echo "X_TTY=xxx/dev/tty1" >> /etc/sysconfig/init<br />
</pre><br />
<br />
== Install JAVAWS (OPTIONAL) ==<br />
<br />
* to run Java "web start" jnlp files (EVO, SEEVOGH, etc): javaws Downloads/spider.jnlp<br />
* install javaws:<br />
* yum install icedtea-web icedtea-web-javadoc<br />
<br />
== Install firefox java plugin (OPTIONAL, DO NOT DO THIS) ==<br />
<br />
This installs the Oracle Java plugin:<br />
<br />
* rpm -vh --install ~deap/jdk-7u15-linux-x64.rpm<br />
* ls -l /usr/lib64/mozilla/plugins/<br />
* ln -s /usr/java/jdk1.7.0_15/jre/lib/amd64/libnpjp2.so /usr/lib64/mozilla/plugins/<br />
* start firefox, go edit->preferences->general->manage add-ons->plugins<br />
* "java plugin 1.7.0_15" should be listed<br />
<br />
<br />
<br />
== Configure USB device permissions ==<br />
<br />
(+CentOS7)<br />
<br />
Configure USB device permissions for user access to USB-serial devices, Altera USB Blaster, etc.<br />
<br />
* create file /etc/udev/rules.d/99-usb-chmod.rules with this contents:<br />
<br />
<pre><br />
emacs -nw /etc/udev/rules.d/99-usb-chmod.rules<br />
ACTION=="add", SUBSYSTEM=="usb_device", RUN+="/bin/chmod a+wr /dev/%c"<br />
ACTION=="add", SUBSYSTEM=="usb_device", RUN+="/bin/chmod a+wr /proc/%c"<br />
ACTION=="add", ENV{DEVTYPE}=="usb_device", RUN+="/bin/chmod a+wr $env{DEVNAME}"<br />
ACTION=="add", ENV{DEVTYPE}=="usb_device", RUN+="/bin/chmod a+wr $env{DEVICE}"<br />
ACTION=="add", ENV{PHYSDEVBUS}=="usb-serial", RUN+="/bin/chmod a+wr $env{DEVNAME}"<br />
ACTION=="add", ENV{DEVPATH}=="/class/tty/ttyS*", RUN+="/bin/chmod a+wr $env{DEVNAME}"<br />
ACTION=="add", SUBSYSTEM=="tty", DEVPATH=="*ttyUSB*", RUN+="/bin/chmod a+rw $env{DEVNAME}"<br />
ACTION=="add", SUBSYSTEM=="tty", DEVPATH=="*ttyS*", RUN+="/bin/chmod a+rw $env{DEVNAME}"<br />
</pre><br />
<br />
* apply new permissions: udevadm trigger --action=add<br />
<br />
== Disable modem-manager ==<br />
<br />
The modem-manager will try to talk to any serial devices attached to USB serial ports. It assumes that those devices are modems and will send out modem-specific commands. if the devices are not modems and do not understand or do not like modem commands, well that's too bad. modem-manager is installed by the ModemManager package required by the NetworkManager package, and there is no configuration setting to turn modem-manager off.<br />
<br />
One way to disable it is: chmod a= /usr/sbin/modem-manager<br />
<br />
Another way to disable it is by forced uninstall: rpm --erase --nodeps ModemManager<br />
<br />
Remember to kill the running copy: killall -KILL modem-manager<br />
<br />
Caveat: it is not clear if modem-manager would not be resurrected by an update to the NetworkManager or ModemManager packages.<br />
<br />
== Configure Altera jtagd ==<br />
<br />
(if needed)<br />
<br />
<pre><br />
mkdir /etc/jtagd<br />
echo 'Password = "123";' > /etc/jtagd/jtagd.conf<br />
cp -pv /triumfcs/trshare/olchansk/altera/11.0/quartus/linux/pgm_parts.txt /etc/jtagd/jtagd.pgm_parts<br />
</pre><br />
<br />
* start local jtagd: /triumfcs/trshare/olchansk/altera/11.0/quartus/bin/jtagd<br />
* test local connection: /triumfcs/trshare/olchansk/altera/11.0/quartus/bin/jtagconfig<br />
* test remote connection (add this machine to your .jtag.conf, run jtagconfig<br />
<br />
For more information, go to [[Quartus]]<br />
<br />
== Install EOS ==<br />
<br />
Instructions from here:<br />
http://eos-docs.web.cern.ch/eos-docs/quickstart/setup_repo.html<br />
<br />
<pre><br />
rpm -vh --install https://dss-ci-repo.web.cern.ch/dss-ci-repo/eos/citrine/tag/el-7/x86_64/eos-repo-el7-generic-1.noarch.rpm<br />
yum-config-manager --disable eos-citrine # disable auto-update because all packages are not signed<br />
yum-config-manager --disable eos-dep # disable auto-update because all packages are not signed.<br />
yum install eos-client eos-fuse --enablerepo=eos-citrine<br />
</pre><br />
<br />
== Install fix for the el7 systemd dbus boot hang ==<br />
<br />
Around early Summer 2018 el7 started showing a boot problem. In the nutshell,<br />
there is a problem with the dbus connection between dbus and systemd that<br />
prevents polkit, firewalld, etc from starting. The system eventually boots<br />
enough that one can ssh into it, but most things do not work. Notably,<br />
polkit is not running, firewalld is not running, ssh login takes about 15-30 second.<br />
<br />
Solution is to add a special systemd service to check that dbus started correctly.<br />
It that runs after dbus is started, but before it is used, and it restarts dbus in a loop<br />
with a delay until dbus starts correctly. In testing, dbus always starts correctly after<br />
the first retry.<br />
<br />
<pre><br />
cd ~root/git/scripts/etc<br />
git pull<br />
/bin/cp -vf systemd-check-dbus.perl /usr/bin/<br />
/bin/cp -vf systemd-check-dbus.service /etc/systemd/system/<br />
systemctl daemon-reload<br />
systemctl enable systemd-check-dbus<br />
systemctl start systemd-check-dbus<br />
systemctl status systemd-check-dbus<br />
</pre><br />
<br />
After linux boots, if everything was okey, the script will report this:<br />
<pre><br />
[root@iris01 ~]# systemctl status systemd-check-dbus<br />
...<br />
Feb 08 17:15:49 iris01.triumf.ca systemd[1]: Starting Check that systemd is registered with dbus...<br />
Feb 08 17:15:49 iris01.triumf.ca sh[4283]: Starting check for systemd dbus connection<br />
Feb 08 17:15:50 iris01.triumf.ca sh[4283]: List: string "org.freedesktop.DBus"<br />
Feb 08 17:15:50 iris01.triumf.ca sh[4283]: List: string "org.freedesktop.systemd1"<br />
Feb 08 17:15:50 iris01.triumf.ca sh[4283]: systemd1 dbus service exists, success!<br />
Feb 08 17:15:50 iris01.triumf.ca sh[4283]: Finished check for systemd dbus connection<br />
Feb 08 17:15:50 iris01.triumf.ca systemd[1]: Started Check that systemd is registered with dbus.<br />
</pre><br />
<br />
If the boot problem happened, the script will report about restarting dbus.<br />
<br />
Note: the systemd service file adjusts the start order of other services, this adjustment seems to reduce the probability of the problem.<br />
<br />
== Configure GRUB boot loader (CentOS7, CentOS8) ==<br />
<br />
* emacs -nw /etc/default/grub, remove "rhgb" and "quiet" from GRUB_CMDLINE_LINUX<br />
* grub2-mkconfig -o /boot/grub2/grub.cfg<br />
* grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg<br />
* grub2-editenv list # show contents of boot environement file<br />
* /bin/rm /boot/grub2/grubenv # remove stale settings, make grub2 boot from first entry in config file<br />
<br />
== Install memtest86+ (CentOS7, CentOS8) ==<br />
<br />
<pre><br />
yum -y install memtest86+<br />
/bin/cp -vf /usr/share/memtest86+/20_memtest86+ /etc/grub.d/<br />
/bin/chmod a+x /etc/grub.d/20_memtest86+ <br />
grub2-mkconfig -o /boot/grub2/grub.cfg<br />
</pre><br />
<br />
== Disable ELREPO ==<br />
<br />
<pre><br />
sed 's/enabled=.*/enabled=0/' -i /etc/yum.repos.d/elrepo_triumf.repo<br />
sed 's/enabled=.*/enabled=0/' -i /etc/yum.repos.d/elrepo.repo<br />
</pre><br />
<br />
== Reduce install size (optional) ==<br />
<br />
This is optional. Only do this if reducing the size of the OS image is very important.<br />
<br />
Do this for VME processors.<br />
<br />
<pre><br />
yum erase "texlive*" "java*" "boost*" libreoffice"*"<br />
#yum erase "xemacs*"<br />
yum erase "libstdc++-docs"<br />
yum erase firefox google-chrome"*"<br />
yum clean all<br />
</pre><br />
<br />
<pre><br />
/bin/rm -rf /usr/share/help<br />
/bin/rm -rf /usr/share/doc<br />
</pre><br />
<br />
== Update from el7.6 to el7.7 ==<br />
<br />
<pre><br />
yum-config-manager --disable zfs<br />
yum-config-manager --disable zfs-kmod<br />
yum-config-manager --disable zfs-testing-kmod<br />
yum versionlock delete zfs<br />
yum versionlock delete kernel<br />
yum -y update "yum*" "rpm*"<br />
yum -y erase libqtxdg lxqt-qtplugin ### LXQT is not compatible<br />
yum update<br />
after rebooting into el7.7, follow instructions for updating ZFS from version 0.7 to 0.8.<br />
</pre><br />
<br />
== Finish installation ==<br />
<br />
reboot<br />
<br />
== Special hardware settings ==<br />
<br />
=== ASUS Crosshair mobo ===<br />
<br />
* use BIOS version 1207 or newer<br />
* (before CentOS7) sensors need these drivers from ELREPO: yum install --noplugins kmod-it87 kmod-k10temp; sensors-detect; service lm_sensors restart; sensors<br />
* CentOS7: installs correct drivers automatically<br />
<br />
=== ASUS Crosshair-II mobo ===<br />
<br />
* use BIOS version 2607 or newer<br />
* for the onboard IDE to work, add "all-generic-ide" to kernel boot options in grub.conf<br />
* sensors need these drivers from ELREPO: yum install --noplugins kmod-it87 kmod-k10temp; sensors-detect; service lm_sensors restart; sensors<br />
<br />
=== ASUS P7P55D EVO mobo ===<br />
<br />
* use BIOS version 2004 or newer<br />
* SL6 - install special driver for on board PCIe GigE network port and disable on board PCI GigE network port:<br />
** yum --enablerepo elrepo install kmod-r8168 kmod-r8169<br />
** # do not do this: sed 's/^blacklist/#blacklist/' -i /etc/modprobe.d/blacklist-r8169.conf<br />
** reboot<br />
** verify that correct drivers are loaded: ethtool -i eth0; ethtool -i eth1<br />
** note: there will be no eth1 - r8169 driver is disabled.<br />
<br />
=== ASUS P6X58-E-WS mobo ===<br />
<br />
* BIOS settings<br />
** F1 or DEL to enter BIOS setup, F8 boot menu<br />
** go to POWER->HW mon, confirm CPU temperature is around 30C. (heatsink is installed correctly. Bad heatsink temperature quickly goes up to 50-70C).<br />
** Main menu: Storage config - SATA change IDE->AHCI<br />
** System information: confirm BIOS version 301, CPU type, memory size<br />
** AI Tweak: set DRAM frequency - AUTO->DDR3-1333<br />
** Advanced->Onboard devices: LAN BOOT: enabled<br />
** Power->HW monitor: CPU Q-FAN: enabled<br />
** Boot->Settings: Quick boot: enabled; Full screen logo: disabled; Wait for F1: disabled<br />
** Save and exit<br />
<br />
=== ASUS E35M1-M PRO mobo ===<br />
<br />
* http://www.asus.com/Motherboards/E35M1M_PRO/#specifications<br />
* use BIOS version 1002 or newer<br />
* for CPU temperature: install kmod-k10temp from ELREPO (kmod-k10temp-0.0-4.el6.elrepo.x86_64.rpm)<br />
* for Sensors: yum --enablerepo elrepo install kmod-w83627ehf; modprobe w83627ehf; sensors<br />
* for Graphics: yum --enablerepo elrepo install kmod-fglrx fglrx-x11-drv<br />
* to enable booting from USB3, edit /etc/dracut.conf, change line "add_drivers" to read: add_drivers+="xhci-hcd"<br />
* to use multiple monitors, run "aticonfig --initial --heads=2 --adapter=1 --xinerama=on", to change screen layout, edit /etc/X11/xorg.conf. Only dual monitors DVI+HDMI seem to work. Tripple monitors does not seem to work.<br />
<br />
Sensors instructions below are obolete (use driver from ELREPO)<br />
* for Sensors, install driver for NCT6776F chip from https://github.com/groeck/w83627ehf/archives/master (in the Makefile, change the line "KERNEL_BUILD=" to read: "KERNEL_BUILD:=/usr/src/kernels/$(TARGET)"):<br />
<pre><br />
cd ~root<br />
wget http://ladd00.triumf.ca/~olchansk/linux/groeck-w83627ehf-dd3e543/w83627ehf.ko<br />
echo "modprobe hwmon; modprobe hwmon-vid; modprobe k10temp; rmmod w83627ehf; insmod /root/w83627ehf.ko" >> /etc/rc.local<br />
</pre><br />
<br />
=== ASUS E45M1-M PRO mobo ===<br />
<br />
* https://www.asus.com/Motherboards/E45M1M_PRO/#specifications<br />
* use BIOS 1202 or newer<br />
* follow the E35M1-M PRO instructions above<br />
<br />
=== ASUS P9X79 WS ===<br />
<br />
* http://www.asus.com/Motherboard/P9X79_WS/<br />
* use BIOS version 3101, 3401, 4701 or newer. If BIOS is 1305 or older, install P9X79-WS-CAP-Converter.ROM (BIOS 2902/3101), then the new BIOS.<br />
* (not needed for CentOS7) for CPU temperature, install coretemp<br />
* (not needed for CentOS7) for sensors, install driver for NCT6776F chip same as E35M1-M above.<br />
* BIOS Settings:<br />
** enter "Advanced mode"<br />
** Ai Tweaker -> Ai Overclock Tuner -> Set to "XMP" - this enables DDR3-1600 RAM speed vs DDR3-1333 by default<br />
** Monitor -> CPU fan speed low limit -> Set to "200 RPM" - we are using high efficiency slow turning CPU coolers and the default 600 RPM is right on the edge of firing false warnings<br />
** Boot -> Full screen logo -> Set to "disabled"<br />
** Wait for F1 -> Set to "disabled"<br />
<br />
=== ASUS P8B-M ===<br />
<br />
* use BIOS version 6103 or newer<br />
* for CPU temperature, install coretemp<br />
* for sensors, install driver for NCT6776F chip same as E35M1-M above.<br />
<br />
=== SUPERMICRO X9SCL ===<br />
<br />
* yum install kmod-w83627ehf.x86_64 coretemp<br />
* xemacs -nw /etc/rc.local, add:<br />
<pre><br />
modprobe coretemp<br />
modprobe w83627ehf<br />
</pre><br />
<br />
=== ASUS Z87-WS ===<br />
<br />
<pre><br />
cd ~root<br />
wget http://ladd00.triumf.ca/~olchansk/linux/nct6775.ko<br />
echo modprobe hwmon-vid >> /etc/rc.local<br />
echo insmod /root/nct6775.ko >> /etc/rc.local<br />
/etc/rc.local<br />
sensors<br />
</pre><br />
<br />
=== ASUS Z97-WS ===<br />
<br />
the nct6775 driver does not work because of conflict with ACPI.<br />
<br />
=== ASUS AM1M-A ===<br />
<br />
* use BIOS 602 or later<br />
* SL6.5 installer cannot use USB2 ports and the network. Use USB3 ports (blue colour) to boot USB installer (memtest, rescue, etc)<br />
* SL6.5 kernels require boot option "iommu=soft" or USB2 and network do not work. (USB3 - blue ports - seems okey)<br />
* install ATI/AMD video drivers from ELREPO (see below)<br />
* sensors chip is ITE IT8623E, for SL6, use standalone driver from lm_sensors. (2 fans rpm, 2 temperatures):<br />
<pre><br />
cd ~root<br />
wget http://ladd00.triumf.ca/~olchansk/linux/it87.ko<br />
echo modprobe hwmon_vid >> /etc/rc.local<br />
echo insmod /root/it87.ko >> /etc/rc.local<br />
. /etc/rc.local<br />
</pre><br />
* for el7 use it87.ko driver:<br />
<pre><br />
cd ~root<br />
wget https://daqshare.triumf.ca/~olchansk/linux/CentOS7/it87.ko<br />
echo modprobe hwmon_vid >> /etc/rc.local<br />
echo insmod /root/it87.ko >> /etc/rc.local<br />
. /etc/rc.local<br />
</pre><br />
* sensors output:<br />
<pre><br />
[root@midemma02 ~]# sensors<br />
radeon-pci-0008<br />
Adapter: PCI adapter<br />
temp1: +22.0°C (crit = +120.0°C, hyst = +90.0°C)<br />
<br />
fam15h_power-pci-00c4<br />
Adapter: PCI adapter<br />
power1: N/A (crit = 25.00 W)<br />
<br />
k10temp-pci-00c3<br />
Adapter: PCI adapter<br />
temp1: +22.2°C (high = +70.0°C)<br />
(crit = +70.0°C, hyst = +69.0°C)<br />
<br />
it8603-isa-0290<br />
Adapter: ISA adapter<br />
in0: +0.96 V (min = +2.50 V, max = +2.95 V) ALARM<br />
in1: +2.23 V (min = +0.94 V, max = +1.22 V) ALARM<br />
in2: +2.03 V (min = +0.74 V, max = +0.77 V) ALARM<br />
in3: +2.00 V (min = +1.26 V, max = +0.13 V) ALARM<br />
in4: +2.23 V (min = +2.95 V, max = +2.15 V) ALARM<br />
3VSB: +3.36 V (min = +6.00 V, max = +2.50 V) ALARM<br />
Vbat: +3.22 V <br />
+3.3V: +3.36 V <br />
fan1: 611 RPM (min = 200 RPM)<br />
fan2: 707 RPM (min = 600 RPM) ALARM<br />
temp1: +38.0°C (low = +122.0°C, high = +122.0°C) sensor = thermistor<br />
temp2: +22.0°C (low = +119.0°C, high = -35.0°C) ALARM sensor = thermistor<br />
temp3: -128.0°C (low = +16.0°C, high = +93.0°C) sensor = thermistor<br />
intrusion0: ALARM<br />
<br />
[root@midemma02 ~]# <br />
</pre><br />
* AMD "Athlon(tm) 5350 APU" graphics supports 2 monitors maximum (mobo has 3 video outputs, only 2 can be used together)<br />
<br />
=== Intel SE7230NH1 ===<br />
<br />
* front panel header connector pinout is like this:<br />
<pre><br />
PWR LED | 1 2|<br />
| 3 4|<br />
PWR LED | 5 6|<br />
HDD LED | 7 8|<br />
HDD LED | 9 10|<br />
PWR SW |11 12| NIC1 LED<br />
PWR SW |13 14| NIC1 LED<br />
RST SW |15 16|<br />
RST SW |17 18|<br />
|19 20|<br />
NMI SW |21 22| NIC2 LED<br />
NMI SW |23 24| NIC2 LED<br />
... |... |<br />
|33 34|<br />
</pre><br />
<br />
=== ASUS H110M-A/M.2 ===<br />
<br />
* use BIOS 2003 or later<br />
* dmidecode | grep -i nct reports: Nuvoton NCT5539D<br />
* sensors chip is "NCT6793D or compatible chip", for el7, use this driver:<br />
<pre><br />
cd ~root<br />
wget http://ladd00.triumf.ca/~olchansk/linux/nct6775.ko<br />
echo modprobe hwmon-vid >> /etc/rc.local<br />
echo insmod /root/nct6775.ko >> /etc/rc.local<br />
/etc/rc.local<br />
sensors<br />
</pre><br />
<br />
* sensors output:<br />
<pre><br />
[root@daq03 ~]# sensors<br />
acpitz-virtual-0<br />
Adapter: Virtual device<br />
temp1: +27.8°C (crit = +119.0°C)<br />
temp2: +29.8°C (crit = +119.0°C)<br />
<br />
nct6793-isa-0290<br />
Adapter: ISA adapter<br />
in0: +0.34 V (min = +0.00 V, max = +1.74 V)<br />
in1: +1.02 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in2: +3.39 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in3: +3.39 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in4: +1.02 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in5: +0.15 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in6: +0.97 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in7: +3.38 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in8: +3.12 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in9: +1.00 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in10: +0.14 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in11: +0.12 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in12: +0.14 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in13: +0.12 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in14: +0.13 V (min = +0.00 V, max = +0.00 V) ALARM<br />
fan1: 1041 RPM (min = 0 RPM)<br />
fan2: 1020 RPM (min = 0 RPM)<br />
fan5: 0 RPM (min = 0 RPM)<br />
fan6: 0 RPM<br />
SYSTIN: +119.0°C (high = +98.0°C, hyst = +95.0°C) sensor = thermistor<br />
CPUTIN: +26.5°C (high = +80.0°C, hyst = +75.0°C) sensor = thermistor<br />
AUXTIN0: +27.5°C sensor = thermistor<br />
AUXTIN1: +112.0°C sensor = thermistor<br />
AUXTIN2: +111.0°C sensor = thermistor<br />
AUXTIN3: +111.0°C sensor = thermistor<br />
PECI Agent 0: +28.0°C (high = +98.0°C, hyst = +95.0°C)<br />
(crit = +100.0°C)<br />
PECI Agent 0 Calibration: +25.5°C <br />
PCH_CHIP_CPU_MAX_TEMP: +0.0°C <br />
PCH_CHIP_TEMP: +0.0°C <br />
intrusion0: ALARM<br />
intrusion1: ALARM<br />
beep_enable: disabled<br />
<br />
coretemp-isa-0000<br />
Adapter: ISA adapter<br />
Physical id 0: +31.0°C (high = +80.0°C, crit = +100.0°C)<br />
Core 0: +31.0°C (high = +80.0°C, crit = +100.0°C)<br />
Core 1: +28.0°C (high = +80.0°C, crit = +100.0°C)<br />
<br />
[root@daq03 ~]# <br />
</pre><br />
<br />
=== Supermicro X11SSH-F ===<br />
<br />
* blacklist the mei and mei_me drivers per http://www.supermicro.com/support/faqs/faq.cfm?faq=14537<br />
<pre><br />
[root@alpha00 ~]# more /etc/modprobe.d/blacklist.conf<br />
blacklist mei<br />
blacklist mei_me<br />
[root@alpha00 ~]# <br />
</pre><br />
* mobo requires M.2 PCIe SSD (M.2 SATA SSD would not work. SATA SATA SSD ok)<br />
* boot from M.2 PCIe SSD requires UEFI boot (from an MSDOS partition on the SSD)<br />
<br />
=== ASUS TUF Z390M-PRO GAMING (WI-FI) ===<br />
<br />
* BIOS 2417 is okey, upgrade to this if older<br />
* do not set XMP memory mode<br />
* in the BIOS, enable the boot compatibility support module mode: BIOS (press DEL) -> Advanced mode -> BOOT -> CSM Module -> Enable CSM "yes".<br />
* for SL6, install e1000e driver from ELREPO:<br />
<pre><br />
yum install --enablerepo=elrepo kmod-e1000e<br />
</pre><br />
* sensors chip appears to be "Nuvoton NCT6798D" not clear what driver to use<br />
* dmidecode | grep -i nct reports: Nuvoton NCT6798D<br />
* kmod-nct6775-0.0-5.el7_7.elrepo.x86_64.rpm from ELrepo finds the chip but bombs because of conflict with ACPI<br />
<br />
=== ASUS PRIME X399-A ===<br />
<br />
* BIOS 1002<br />
* for reading temperatures and fan rotations, install driver: https://github.com/electrified/asus-wmi-sensors/issues/29<br />
<br />
== Configure X11 graphics ==<br />
<br />
=== Special settings for DAQ ===<br />
<br />
* add the following at the end of /etc/X11/xorg.conf. The enables Ctrl-Alt-KP-/ and Ctrl-Alt-KP-* to unlock the keyboard after Altera Quartus crash:<br />
<pre>Section "ServerFlags"<br />
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Option "AllowDeactivateGrabs" "true"<br />
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Option "AllowClosedownGrabs" "true"<br />
EndSection</pre><br />
<br />
=== Install NVIDIA drivers ===<br />
<br />
* yum --enablerepo=elrepo install nvidia-detect<br />
* run: nvidia-detect<br />
* as instructed by nvidia-detect, install correct driver:<br />
** yum --enablerepo=elrepo install kmod-nvidia<br />
** yum --enablerepo=elrepo install kmod-nvidia-304xx<br />
** yum --enablerepo=elrepo install kmod-nvidia-173xx<br />
* (before SL6.x: if it fails due to conflict with module-init-tools, run "yum --disablerepo \* --enablerepo elrepo update module-init-tools")<br />
* yum erase xorg-x11-glamor ### see http://elrepo.org/tiki/kmod-nvidia (search for glamor)<br />
* mv /etc/X11/xorg.conf /etc/X11/xorg.conf-xxx<br />
* nvidia-xconfig<br />
* (SL6) reboot<br />
* (SL5) /dev/MAKEDEV nvidia<br />
* (SL5) restart the X11 server (Ctrl-Alt-Backspace or "killall Xorg gdm-binary")<br />
* observe that X11 server restarts using the NVIDIA driver (big NVIDIA logo on startup)<br />
* if needed, login as root and run "nvidia-settings" to setup dual-screen configuration, etc<br />
<br />
=== Install legacy NVIDIA drivers ===<br />
<br />
For old NVIDIA cards:<br />
* GeForce FX 5500<br />
<br />
<pre><br />
wget http://us.download.nvidia.com/XFree86/Linux-x86/173.14.31/NVIDIA-Linux-x86-173.14.31-pkg1.run<br />
sh ./NVIDIA-Linux-x86-173.14.31-pkg1.run<br />
</pre><br />
<br />
* GeForce 6200 - NVIDIA Corporation NV44A [GeForce 6200]<br />
<pre><br />
yum install nvidia-x11-drv-304xx-304.121 --enablerepo=elrepo<br />
nvidia-xconfig<br />
rmmod nvidia<br />
killall gdm-binary<br />
login as root<br />
nvidia-settings to setup multiple displays<br />
</pre><br />
<br />
=== Install ATI/AMD drivers ===<br />
<br />
* yum --enablerepo elrepo install kmod-fglrx fglrx-x11-drv<br />
* check that /etc/X11/xorg.conf section "Device" entry "Driver" says "fglrx"<br />
* run "aticonfig --initial" to create xorg.conf if existing one is not good<br />
* run "amdcccle" as root to configure dual-screens, etc<br />
Note: 'amdcccle' is a GUI, so you must run this command from within a running X session<br />
* killall Xorg<br />
<br />
=== Install ATI/AMD drivers (CentOS7) ===<br />
<br />
* wget http://elrepo.org/linux/testing/el7/x86_64/RPMS/fglrx-x11-drv-15.12-3.el7.elrepo.x86_64.rpm<br />
* wget http://elrepo.org/linux/testing/el7/x86_64/RPMS/kmod-fglrx-15.12-3.el7.elrepo.x86_64.rpm<br />
* yum install acpid<br />
* rpm -vh --install kmod-fglrx-15.12-3.el7.elrepo.x86_64.rpm fglrx-x11-drv-15.12-3.el7.elrepo.x86_64.rpm<br />
* amdconfig -f --initial<br />
* grub2-mkconfig -o /boot/grub2/grub.cfg<br />
* reboot<br />
* login as root<br />
* amdcccle<br />
<br />
NOTE: if both drivers - radeon and fglrx are loaded, boot will hang. the radeon driver is supposed to be blacklisted through grub rdblacklist=radeon entry which is installed by running grub2-mkconfig.<br />
<br />
=== Install Intel drivers for HD4600/Z87 ===<br />
<br />
SL6.5 has the required drivers for the socket 1150 machines with Intel HD4600 graphics and Z87 chipset.<br />
<br />
ASUS Z87 WS motherboard has these video connections with corresponding Intel video port assignements, as reported by "xrandr":<br />
* DisplayPort - DP1/HDMI1<br />
* MiniDisplayPort - DP2/HDMI2<br />
* HDMI - HDMI3<br />
<br />
Due to hardware limitations, 3 HDMI monitors using 2 passive DP-HDMI adapters (and 1 straight HDMI) cannot be used.<br />
<br />
To use 3 monitors do this:<br />
* 1st monitor: DisplayPort - DP-to-HDMI-passive-adapter - HDMI monitor (not tried: DP-to-DP-cable - DisplayPort monitor).<br />
* 2nd monitor: MiniDisplayPort - MiniDP-to-DP-cable - DisplayPort monitor<br />
* 3rd monitor: HDMI - HDMI-cable - HDMI monitor<br />
<br />
With the monitors I have (Dell 1920x1200 VGA-HDMI-DP), the software thinks that there are 4 monitors: somehow both DP2 and HDMI2 see 1 minitor each, but the hardware cannot drive 4 monitors, so everything goes blank. To fix, disable HDMI2 (xrandr -display :0 --output HDMI2 --off) and enable DP2 (xrandr -display :0 --output DP2 --auto).<br />
<br />
How to make this configuration permanent and how to assign monitor locations (left-right, etc), you figure it out.<br />
<br />
=== Manual selection of monitor, video mode and resolution ===<br />
<br />
Automatic selection of monitor and video mode usually works. When it does not, configure it manualls:<br />
<br />
* physically go to the computer<br />
* login as root<br />
* run "nvidia-settings" on machines using the NVIDIA driver<br />
* run "aticonfig" on machines with the ATI/AMD driver (use "aticonfig --initial" for initial setup, and good luck with anything more complicated)<br />
* run "system-config-display".<br />
** In the "hardware" tab, select monitor type: "generic LCD 1280x1024" or "generic LCD 1600x1200".<br />
** In the "settings" tab, select "1280x1024" or "1600x1200" and "Thousands of colors".<br />
** Press "ok", the display settings application should close.<br />
* Logout, the new login window should use the new settings.<br />
<br />
=== Disable screen saver ===<br />
<br />
If machine is booted without any monitor connected, current video cards to not enable any video outputs. If a monitor is connected later, there is no video image and there is no easy way to get a video image.<br />
<br />
This can be solved by configuring X11 to always enable some video output. Because the monitor type is not known when X11 starts, one has to select some standard video mode (i.e. VESA 1280x1024) on some video output (VGA, DVI or HDMI).<br />
<br />
Only NVIDIA cards with the NVIDIA driver (from EPEL) is supported by these instructions.<br />
<br />
* create default xorg.conf: nvidia-xconfig<br />
* edit /etc/X11/xorg.conf<br />
* add monitor section for the fake monitor:<br />
<pre><br />
Section "Monitor"<br />
Identifier "Monitor0"<br />
VendorName "Unknown"<br />
ModelName "Unknown"<br />
HorizSync 31.0 - 83.0<br />
VertRefresh 59.0 - 61.0<br />
Option "DPMS" "off"<br />
ModeLine "1280x1024" 108.00 1280 1328 1440 1688 1024 1025 1028 1066 +hsync +vsync<br />
EndSection<br />
</pre><br />
* add output selection in the "Device" section:<br />
<pre><br />
Section "Device"<br />
Identifier "Device0"<br />
Driver "nvidia"<br />
VendorName "NVIDIA Corporation"<br />
BoardName "GeForce 210"<br />
#Option "ConnectedMonitor" "DFP"<br />
#Option "ConnectedMonitor" "CRT"<br />
Option "ConnectedMonitor" "CRT-1"<br />
Option "UseEDID" "no"<br />
EndSection<br />
</pre><br />
* add fake video mode to the "Screen" section:<br />
<pre><br />
Section "Screen"<br />
Identifier "Screen0"<br />
Device "Device0"<br />
Monitor "Monitor0"<br />
DefaultDepth 24<br />
SubSection "Display"<br />
Depth 24<br />
Modes "1280x1024"<br />
EndSubSection<br />
EndSection<br />
</pre><br />
* disable screen saver and DPMS power off in the "ServerLayout" or "ServerFlags" section:<br />
<pre><br />
Section "ServerLayout"<br />
Identifier "Layout0"<br />
Screen 0 "Screen0" 0 0<br />
InputDevice "Keyboard0" "CoreKeyboard"<br />
InputDevice "Mouse0" "CorePointer"<br />
Option "Xinerama" "0"<br />
Option "BlankTime" "0"<br />
Option "StandbyTime" "0"<br />
Option "SuspendTime" "0"<br />
Option "OffTime" "0"<br />
EndSection<br />
<br />
Section "ServerFlags" <br />
Option "BlankTime" "0" <br />
Option "StandbyTime" "0" <br />
Option "SuspendTime" "0" <br />
Option "OffTime" "0" <br />
EndSection <br />
</pre><br />
<br />
== Finish installation ==<br />
<br />
* logout and reboot the computer to have all the changes to take effect<br />
<br />
== Configure HTTPS server (CentOS7) ==<br />
<br />
This will configure the HTTPS/SSL certificate using "certbot" and "letsencrypt" and configure an HTTPS web server using apache httpd.<br />
<br />
First, configure apache httpd:<br />
<br />
* execute these commands:<br />
<pre><br />
yum install -y mod_ssl certwatch crypto-utils<br />
cd /etc/httpd/conf.d/<br />
mv ssl.conf ssl.conf-not-used ### remove the stock ssl.conf which refers to the localhost certificate that will expire in 1 year<br />
touch ssl.conf ### create a blank file to prevent automatic updates from installing a stock ssl.conf file<br />
# this is done later: rm /etc/pki/tls/certs/localhost.crt<br />
</pre><br />
* create new file ssl-daq12.conf # use actual hostname instead of daq12<br />
<pre><br />
Listen 443 https<br />
#SSLPassPhraseDialog exec:/usr/libexec/httpd-ssl-pass-dialog<br />
SSLSessionCache shmcb:/run/httpd/sslcache(512000)<br />
SSLSessionCacheTimeout 300<br />
SSLRandomSeed startup file:/dev/urandom 256<br />
SSLRandomSeed connect builtin<br />
SSLCryptoDevice builtin<br />
<br />
<VirtualHost *:443><br />
ServerName daq12.triumf.ca<br />
DocumentRoot /var/www/html<br />
ErrorLog /var/log/httpd/daq12.log<br />
SSLEngine on<br />
# note SSLProtocol, SSLCipherSuite and some other settings are overwritten by /etc/letsencrypt/options-ssl-apache.conf<br />
# new SSL settings: K.O. Jan 2020, SSLlabs rating "A+"<br />
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1<br />
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!SEED:!IDEA:!RC4:!RSA<br />
SSLHonorCipherOrder on<br />
# pervious SSL settings:<br />
#SSLProtocol all -SSLv2 -SSLv3<br />
#SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!SEED:!IDEA:!RC4<br />
SSLCertificateFile /etc/pki/tls/certs/localhost.crt<br />
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key<br />
#SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt<br />
#ProxyPass /elog/ http://localhost:8082/ retry=1<br />
#ProxyPass / http://localhost:8080/ retry=1<br />
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"<br />
<Location /><br />
SSLRequireSSL<br />
AuthType Basic<br />
AuthName "DAQ password protected site"<br />
Require valid-user<br />
# create password file: touch /etc/httpd/htpasswd<br />
# to add new user or change password: htpasswd /etc/httpd/htpasswd username<br />
AuthUserFile /etc/httpd/htpasswd<br />
</Location><br />
</VirtualHost><br />
</pre><br />
* stop httpd from listening on port 80: edit /etc/httpd/conf/httpd.conf, comment-out the line "Listen 80"<br />
* enable and start httpd:<br />
<pre><br />
systemctl enable httpd<br />
systemctl restart httpd<br />
systemctl status httpd<br />
</pre><br />
* try to access https://daq12.triumf.ca<br />
** you should see a complaint about self-signed certificate<br />
** you should see a request for password (do not login yet)<br />
** if you get "connection refused", HTTPS port 443 may need to be enabled in the local firewall, then try again:<br />
<pre><br />
firewall-cmd --add-port=443/tcp --permanent<br />
firewall-cmd --reload<br />
firewall-cmd --list-all<br />
</pre><br />
<br />
Second, configure certbot:<br />
<br />
(Note: as of 2018-01-18 certbot requires use of http port 80 to get the initial https certificate,<br />
renewal can continue to use the https port 443)<br />
<br />
(Note: as of 2019-01-?? certbot requires use of port 80 for renewals)<br />
<br />
* check that port 80 is not used by anything:<br />
* netstat -an | grep LISTEN | grep ^tcp | grep 80<br />
* lsof -P | grep -i tcp | grep LISTEN | grep 80<br />
* if lsof reports that httpd is listening on port 80, follow the httpd instructions above (remove "listen 80" from httpd.conf<br />
<br />
* install certbot and open tcp port 80 in the firewall:<br />
<pre><br />
yum install -y certbot python2-certbot-apache # (from EPEL)<br />
firewall-cmd --add-port=80/tcp --permanent<br />
firewall-cmd --reload<br />
firewall-cmd --list-all<br />
</pre><br />
* certbot certonly --standalone --installer apache # then answer questions:<br />
* "activate HTTPS for daq12.triumf.ca" - say ok<br />
* "enter email address" - enter your own email address<br />
* "please read terms..." - read the terms and say "agree"<br />
* it will take a few moments...<br />
* "please choose..." - say "easy" (http access is disabled (a) by firewall, (b) by local configuration<br />
* "congratulations..." - say ok.<br />
* certbot install --apache --cert-name daq12.triumf.ca # then answer questions:<br />
* "choose redirect..." - say "1" (no redirect)<br />
* look inside ssl-daq12.conf to see that SSLCertificateFile & co point to certbot certificates in /etc/letsencrypt/live/daq12.triumf.ca/<br />
* remove self-signed localhost certificate, it will expire in 1 year and cause warnings and complaints: rm /etc/pki/tls/certs/localhost.crt<br />
* enable automatic renewal<br />
<pre><br />
systemctl enable certbot-renew.timer<br />
systemctl start certbot-renew.timer<br />
systemctl list-timers --all<br />
</pre><br />
<br />
* to check corrent renewal and to update the certbot config file in /etc/letsencrypt/renewal, run this:<br />
<pre><br />
certbot renew --standalone --installer apache --force-renewal<br />
</pre><br />
<br />
NOTE: this certificate will expire in 3 months, automatic renewal should work starting with certbot-0.12.0-4.el7.noarch.<br />
Certificate expiration should be automatically detected by "certwatch" and email<br />
will be sent to local root user, to be forwarded to an actual person by ~root/.forward.<br />
<br />
Third, activate password protection:<br />
<br />
* as shown in the config file above, create password file and initial user: (replace "midas" with specific username)<br />
<pre><br />
touch /etc/httpd/htpasswd<br />
htpasswd /etc/httpd/htpasswd midas<br />
</pre><br />
<br />
Final test:<br />
* access https://daq12.triumf.ca - https status should be "green"<br />
* login with password should work<br />
* the apache httpd test page should load<br />
* check site security using the SSLlabs https tester. (I get grade "A-"): https://www.ssllabs.com/ssltest/<br />
<br />
From here:<br />
* enable proxy for MIDAS mhttpd - uncomment redirect in the config file above<br />
* enable proxy for ELOG - ditto<br />
* setsebool -P httpd_can_network_connect 1<br />
* systemctl restart httpd<br />
<br />
NOTE: if certbot fails with errors about 'module' object has no attribute 'pyopenssl',<br />
try this: pip install requests==2.6.0<br />
<br />
== Configure large RAID6 arrays ==<br />
<br />
* connect the disks<br />
* check the disks health<br />
** run smart-status.perl<br />
* partition the disks<br />
** yum install gdisk<br />
** gdisk /dev/sdX<br />
** delete all partitions: o<br />
** create new partition: n, enter, enter, enter, fd00 (default sizes, partition type fd00)<br />
** write and exit: w<br />
* check presence of all partitions:<br />
** /bin/ls -l /dev/sd*1<br />
* prepare to use an external bitmap file<br />
** touch /md6bitmap<br />
** edit /etc/fstab, change entry for root filesystem from: "defaults 1 1" to "defaults 0 0"<br />
** edit /boot/grub/grub.conf, change entry "kernel ... ro ..." to "kernel ... rw ..."<br />
* create raid array:<br />
** mdadm --create /dev/md6 --level=6 --bitmap=/md6bitmap --raid-devices=10 /dev/sd[b-k]1<br />
** mdadm -Ds >> /etc/mdadm.conf<br />
** cleanup /etc/mdadm.conf<br />
** echo "echo 16384 > /sys/block/md6/md/stripe_cache_size" >> /etc/rc.local<br />
** echo "echo 1 > /sys/block/md6/md/sync_speed_min" >> /etc/rc.local<br />
** source /etc/rc.local<br />
* observe raid array rebuild:<br />
** watch -d -n1 "cat /proc/mdstat"<br />
<br />
== Configure ZFS ==<br />
<br />
=== Install ZFS ===<br />
<br />
(from here: https://github.com/zfsonlinux/zfs/wiki/RHEL-%26-CentOS)<br />
<br />
Follow the instructions for "kABI-tracking kmod" - dkms modules seem to always mess up the system when upgrading to next release of zfs.<br />
<br />
<pre><br />
#rpm -vh --install http://archive.zfsonlinux.org/epel/zfs-release.el7.noarch.rpm<br />
#yum install http://download.zfsonlinux.org/epel/zfs-release.el7.noarch.rpm<br />
#yum install http://download.zfsonlinux.org/epel/zfs-release.el7_3.noarch.rpm<br />
#yum install http://download.zfsonlinux.org/epel/zfs-release.el7_4.noarch.rpm<br />
#yum install http://download.zfsonlinux.org/epel/zfs-release.el7_5.noarch.rpm<br />
#yum install http://download.zfsonlinux.org/epel/zfs-release.el7_6.noarch.rpm<br />
yum install http://download.zfsonlinux.org/epel/zfs-release.el7_7.noarch.rpm<br />
yum-config-manager --disable zfs<br />
yum-config-manager --disable zfs-kmod<br />
yum --enablerepo=zfs-kmod install zfs<br />
#sed 's/^SELINUX=.*/SELINUX=disabled/' -i /etc/selinux/config<br />
echo USE_DISK_BY_ID=\'yes\' >> /etc/default/zfs<br />
#shutdown -r now # required to load the zfs kernel modules and to disable selinux<br />
modprobe zfs # should work<br />
zpool status # should report no pools available<br />
</pre><br />
<br />
#Note: zfs and selinux and not compatible: with selinux enabled, files on zfs cannot be deleted (files are gone, but "df" does not go down, zfs-0.6.5.7-1.el7.centos.x86_64), see #https://github.com/zfsonlinux/zfs/issues/4845<br />
<br />
* http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/zfs-quickstart.html)<br />
* http://www.freebsd.org/cgi/man.cgi?query=zpool&sektion=8<br />
<br />
If ZFS kernel module does not load automatically at boot time, add this to load it manually:<br />
<pre><br />
ls -l /etc/sysconfig/modules/<br />
cat > /etc/sysconfig/modules/zfs.modules <<EOF<br />
if [ ! -e /sys/module/zfs ] ; then<br />
modprobe zfs;<br />
fi<br />
EOF<br />
chmod +x /etc/sysconfig/modules/zfs.modules<br />
</pre><br />
<br />
=== Update ZFS 0.7 to 0.8 ===<br />
<br />
For CentOS-7.6:<br />
<br />
<pre><br />
yum-config-manager --disable zfs<br />
yum-config-manager --disable zfs-kmod<br />
yum-config-manager --disable zfs-testing-kmod<br />
yum --enablerepo=zfs-testing-kmod --showduplicates list zfs # list all available versions in "zfs-testing-kmod"<br />
yum erase zfs spl<br />
yum --enablerepo=zfs-testing-kmod --showduplicates install zfs # maybe specify specific version<br />
</pre><br />
<br />
For CentOS-7.7:<br />
<br />
<pre><br />
rm /etc/yum.repos.d/zfs.repo* ### delete old repo files<br />
yum upgrade http://download.zfsonlinux.org/epel/zfs-release.el7_7.noarch.rpm<br />
yum-config-manager --disable zfs<br />
yum-config-manager --disable zfs-kmod<br />
yum erase zfs spl<br />
yum --enablerepo=zfs-kmod install zfs<br />
</pre><br />
<br />
Note: if you see yum offering to install "dkms" and "zfs-dkms", the yum config is wrong (we use the kmod-zfs package), check that "zfs" repo is disabled, "zfs-kmod" repo is enabled - see the yum-config-manager commands above.<br />
<br />
=== Lock kernel and zfs packages ===<br />
<br />
<pre><br />
yum versionlock kernel<br />
yum versionlock zfs<br />
yum-config-manager --disable zfs<br />
yum-config-manager --disable zfs-kmod<br />
</pre><br />
<br />
=== Follow generic ZFS instructions ===<br />
<br />
Here: [[ZFS]]<br />
<br />
== performance notes ==<br />
<br />
Go here: [[disk_benchmarks]]<br />
<br />
== Configure UEFI boot ==<br />
<br />
Some mobo can boot from NVME (PCIe) SSDs only via UEFI boot. Do this:<br />
<br />
* partition the NVME SSD using gdisk (must be GPT partition table, must have MSDOS EFI partition size 512MiB)<br />
<pre><br />
[root@alpha00 ~]# gdisk -l /dev/nvme0n1<br />
GPT fdisk (gdisk) version 0.8.6 ...<br />
Found valid GPT with protective MBR; using GPT.<br />
Disk /dev/nvme0n1: 500118192 sectors, 238.5 GiB<br />
Logical sector size: 512 bytes<br />
Disk identifier (GUID): 1A82CC87-2757-44ED-980F-C78E3681D9D3<br />
Partition table holds up to 128 entries<br />
First usable sector is 34, last usable sector is 500118158<br />
Partitions will be aligned on 2048-sector boundaries<br />
Total free space is 2014 sectors (1007.0 KiB)<br />
<br />
Number Start (sector) End (sector) Size Code Name<br />
1 2048 1050623 512.0 MiB EF00 EFI System<br />
2 1050624 500118158 238.0 GiB 8300 Linux filesystem<br />
[root@alpha00 ~]# <br />
</pre><br />
* create filesystems<br />
<pre><br />
mkfs.msdos /dev/nvme0n1p1<br />
mkfs.xfs /dev/nvme0n1p2<br />
</pre><br />
* prepare EFI partition<br />
<pre><br />
mkdir /mnt/efi<br />
mount /dev/nvme0n1p1 /mnt/efi<br />
mkdir -p /mnt/efi/efi/boot<br />
cp /boot/vmlinuz... vmlinuz # copy the desired linux kernel<br />
cp /boot/initramfs... initramfs.img # copy the matching initramfs file<br />
#from /home/olchansk/sysadm/syslinux/syslinux-6.03 copy<br />
cp .../efi64/efi/syslinux.efi .<br />
cp .../efi64/com32/elflink/ldlinux/ldlinux.e64 .<br />
cp syslinux.efi bootx64.efi<br />
</pre><br />
* create syslinux config file: syslinux.cfg<br />
<pre><br />
default linux<br />
label linux<br />
kernel vmlinuz<br />
append ro root=/dev/nvme0n1p2 nomodeset initrd=initramfs.img<br />
</pre><br />
* prepare system partition<br />
<pre><br />
mkdir /mnt/tmp<br />
mount /dev/nvme0n1p2 /mnt/tmp<br />
rsync -avx / /mnt/tmp<br />
cd /mnt/tmp<br />
#edit etc/fstab<br />
#edit etc/syslinux/selinux # set selinux to permissive mode because rsync did not copy the selinux labels<br />
</pre><br />
* unmount and reboot<br />
* restore selinux labels after first boot<br />
<pre><br />
#login as root<br />
cd /<br />
restorecon -R / # can also add "-v" to see progress, but runs much slower<br />
#edit /etc/sysconfig/selinux # enable selinux<br />
#shutdown -r now # reboot with selinux enabled<br />
</pre><br />
<br />
= Configure UEFI secure boot =<br />
<br />
The above instructions do not quite work if "secure boot" is enabled.<br />
<br />
These modifications are needed:<br />
<br />
* ls -l /boot/efi/EFI/bootko/<br />
<pre><br />
total 140116<br />
-rwxr-xr-x 1 root root 108 Feb 24 15:47 BOOTX64.CSV<br />
-rwxr-xr-x 1 root root 1334816 Feb 24 16:16 bootx64.efi<br />
-rwxr-xr-x 1 root root 217495 Feb 24 16:16 config-4.15.0-74-generic<br />
-rwxr-xr-x 1 root root 105 Feb 24 15:47 grub.cfg<br />
-rwxr-xr-x 1 root root 199952 Feb 24 16:16 grubx64.efi<br />
-rwxr-xr-x 1 root root 58986147 Feb 24 16:16 initramfs.img<br />
-rwxr-xr-x 1 root root 58986147 Feb 24 16:16 initrd.img-4.15.0-74-generic<br />
-rwxr-xr-x 1 root root 139968 Feb 24 16:16 ldlinux.e64<br />
-rwxr-xr-x 1 root root 1269496 Feb 24 15:47 mmx64.efi<br />
-rwxr-xr-x 1 root root 1334816 Feb 24 16:16 shimx64.efi<br />
-rwxr-xr-x 1 root root 171 Feb 24 16:16 syslinux.cfg<br />
-rwxr-xr-x 1 root root 102 Feb 24 16:16 syslinux.cfg~<br />
-rwxr-xr-x 1 root root 199952 Feb 24 16:16 syslinux.efi<br />
-rwxr-xr-x 1 root root 4068355 Feb 24 16:16 System.map-4.15.0-74-generic<br />
-rwxr-xr-x 1 root root 8367768 Feb 24 16:16 vmlinuz<br />
-rwxr-xr-x 1 root root 8367768 Feb 24 16:16 vmlinuz-4.15.0-74-generic<br />
</pre><br />
** shmix64.efi is a copy from /boot/efi/EFI/ubuntu<br />
** bootx64.efi is a copy of shimx64.efi (maybe not needed?)<br />
** grubx64.efi is a copy of syslinux.efi<br />
* efibootmgr -c -d /dev/nvme0n1 -p 2 -w -L bootko -l '\EFI\bootko\shimx64.efi'<br />
* efibootmgr -v<br />
<pre><br />
root@daqubuntu:~# efibootmgr -v<br />
BootCurrent: 0000<br />
Timeout: 1 seconds<br />
BootOrder: 0000,0001,0002<br />
Boot0000* bootko HD(2,GPT,5d1cac95-29dd-4d8a-a56e-a8f414dd4047,0x800,0x100000)/File(\EFI\BOOTKO\SHIMX64.EFI)<br />
Boot0001* Hard Drive BBS(HD,,0x0)..GO..NO........y.I.N.T.E.L. .S.S.D.P.E.K.K.W.1.2.8.G.7....................A.......................................<..Gd-.;.A..MQ..L.I.N.T.E.L. .S.S.D.P.E.K.K.W.1.2.8.G.7........BO<br />
Boot0002* ubuntu HD(2,GPT,5d1cac95-29dd-4d8a-a56e-a8f414dd4047,0x800,0x100000)/File(\EFI\UBUNTU\SHIMX64.EFI)..BO<br />
root@daqubuntu:~# <br />
</pre><br />
* NOTE: if, after running "efibootmgr -c", the UUID is zero, then it probably did not take and the entry will vanish after reboot. In my case the mistake was to use "-p 1" instead of "-p 2".<br />
<br />
Boot sequence is this:<br />
* shmix64.efi - Microsoft-signed boot loader is accepted by secure boot, loads and runs<br />
* shimx64.efi loads and runs grubx64.efi, this file name is hardwired into the signed shim, cannot be changed<br />
* grubx64.efi is syslinux.efi (could be anything)<br />
* syslinux.efi runs, loads syslinux.cfg, loads the linux kernel, loads the initrd, runs the linux kernel with specified flags (ro root=...).<br />
<br />
= UEFI syslinux kernel update =<br />
<br />
To update the linux kernel booted by UEFI syslinux, use this script:<br />
* ~root/git/scripts/etc/update_efi.perl</div>
Lindner
https://daq00.triumf.ca/DaqWiki/index.php?title=Renew_cert&diff=5502
Renew cert
2020-08-12T21:14:10Z
<p>Lindner: </p>
<hr />
<div>= To renew a soon to expire grid certificate: =<br />
Current expiry dates of certificates:<br />
<br />
<br />
Server<br />
Grid certificate expiry date<br />
trdata00 May 19th 2014<br />
trdata01 May 19th 2014<br />
trdata02 May 19th 2014<br />
trdata03 May 19th 2014<br />
<br />
<br />
= Instructions to renew grid certificates = <br />
<br />
* Go to Grid Canada grid certificate website:<br />
https://cert.gridcanada.ca/pki/pub<br />
<br />
You may need a valid grid certificate in your browser in order to access this website.<br />
<br />
* Click on the "Request a certificate" link.<br />
<br />
* Click on "Server Request" link and fill in the request. Couple details<br />
** Set the hostname to trdata00.triumf.ca <br />
** Set the Role to 'User'<br />
** Choose some passphrase for the PIN.<br />
<br />
* A couple days later you will receive emails from grid-canada with a link to your new grid certificates. Following the links will download the new grid certificates for each host into your browser.<br />
<br />
* Next you need to export these certificate from the browser into a PKCS#12 format file (extension .p12 file). Following instructions are for firefox 10.0.3; go to 'preferences' -> 'advanced' -> 'encryption', then click on 'View Certificates'. You should see a list of your certificates, which should show the new certificates for trdata*. For each certificate click on 'backup' and then save the .p12 file somewhere on your local computer with a name like 'trdata00_cert.p12'.<br />
<br />
** Update 2020: new grid canada website is odd... need to go to bottom, under "certificate and keypair", choose PCKS#12 then click Download<br />
<br />
* Next, transform these .p12 files into the hostcert.pem and hostkey.pem files the trdata grid security requires. The instructions for this transformation are given here:<br />
http://gridcanada.ext.nrc.ca/?q=node/7&page=0%2C8<br />
<br />
The critical set of steps is as follows (for trdata00 as example):<br />
<pre><br />
cd <whereever on local computer you have .p12 files><br />
openssl pkcs12 -nocerts -in trdata00_cert.p12 -out trdata00_hostkey.encrypted.pem<br />
openssl pkcs12 -clcerts -nokeys -in trdata00_cert.p12 -out trdata00_hostcert_noText.pem<br />
openssl x509 -in trdata00_hostcert_noText.pem -text > trdata00_hostcert.pem<br />
openssl rsa -in trdata00_hostkey.encrypted.pem -out trdata00_hostkey.pem<br />
chmod 0444 trdata00_hostcert.pem<br />
chmod 0400 trdata00_hostkey.pem<br />
</pre><br />
During this transformation you are asked for other passphrases; I just used the same set of passphrases as for the online application; not sure if this is correct.<br />
<br />
For t2ksrm you also need to do <br />
<br />
<pre><br />
chown dcache /etc/grid-security/hostkey.pem<br />
chown dcache /etc/grid-security/hostcert.pem<br />
</pre><br />
<br />
<br />
* Finally, login to root@trdata00, move the old certificate files to a new folder and copy the new certificates from your local computer:<br />
<br />
<pre><br />
ssh root@trdata00<br />
cd /etc/grid-security/<br />
mkdir 2011; cp -p host* 2011 (if copy does not already exist)<br />
mkdir 2012<br />
scp neut14:<dir>/trdata00_hostcert.pem 2012/hostcert.pem<br />
scp neut14:<dir>/trdata00_hostkey.pem 2012/hostkey.pem<br />
cp -p 2012/host* .<br />
</pre><br />
<br />
* Finally restart dcache server from head node:<br />
<br />
<pre><br />
service dcache restart<br />
</pre><br />
<br />
= test certificates = <br />
<br />
Now go ahead and try to do a grid transfer (globus-url-copy) from trdata. If this succeeds then you have successfully uploaded new certificates. <br />
<br />
<pre><br />
export LFC_HOST=lfc.gridpp.rl.ac.uk; export LCG_GFAL_INFOSYS=lcg-bdii.cern.ch:2170; lcg-cp -v -v srm://t2ksrm.nd280.org/nd280data/t2k.org/nd280/raw/ND280/ND280/00007000_00007999/nd280_00007892_0019.daq.mid.gz file://tmp/nd280_00007892_0019_30643.daq.mid.gz<br />
</pre><br />
<br />
Also try a lcg-ls command:<br />
<br />
<pre><br />
lcg-ls srm://t2ksrm.nd280.org/nd280data/t2k.org/nd280/production005/A/mcp/genie/2010-11-water/magnet/beamb/numc/oa_gn_beam_91210002-0029_io24sikspw4w_numc_000_prod005magnet201011waterb.root<br />
</pre></div>
Lindner
https://daq00.triumf.ca/DaqWiki/index.php?title=DAQ_VMs&diff=5459
DAQ VMs
2020-05-20T22:55:39Z
<p>Lindner: </p>
<hr />
<div>The following is a list of virtual machines provided by the Core Computing group which are used by the DAQ group or by related experimental groups.<br />
Many of them are for elog instances.<br />
<br />
{| border="1" <br />
|+<br />
| VM machine name <br />
|Other names<br />
| Group<br />
| VLAN<br />
| Purpose<br />
| Status<br />
|-<br />
| midastestdaq<br />
|<br />
| DAQ<br />
| 1<br />
| Has example MIDAS installation (part of documentation)<br />
| Currently broken<br />
|-<br />
| trdata05<br />
|<br />
| DAQ<br />
| 1<br />
| Provides ~10TB of storage for the DAQ dcache instance.<br />
|<br />
<br />
|-<br />
| ucmsrv0-vm.triumf.ca<br />
| ucnelog<br />
| UCN<br />
| 1<br />
| Providing UCN elog<br />
|<br />
|-<br />
| ucnbackup.triumf.ca<br />
|<br />
| UCN<br />
| 68<br />
| Provides 2TB of storage for raw data backup<br />
|<br />
|-<br />
| ktmserver.triumf.ca<br />
|<br />
| UCN<br />
| 1<br />
| Provides readout and online display for the 1VM4 notch monitor (beamline 1V)<br />
|<br />
|-<br />
| exoelog.triumf.ca<br />
|<br />
| EXO<br />
| 1<br />
| Provides elog for EXO tests<br />
| not really used<br />
|-<br />
| scdms-srv0.triumf.ca<br />
|<br />
| SuperCDMS<br />
| 1<br />
| Testbed for CDMS development on Centos-7; also provides elog.<br />
|<br />
|-<br />
| mpmtelog.triumf.ca<br />
|<br />
| T2K<br />
| 1<br />
| Provides elog for mPMT development<br />
|<br />
|-<br />
| m11elog.triumf.ca<br />
|<br />
| M11<br />
| 1<br />
| Provides elog for M11 beamline<br />
|<br />
|-<br />
| nd280elog-vm<br />
|<br />
| T2K<br />
| 1<br />
| Provides elog for ND280<br />
|<br />
|-<br />
| nd280webservice-vm<br />
|<br />
| T2K<br />
| 1<br />
| Provides various elog services<br />
|<br />
|-<br />
| neut00-vm.triumf.ca<br />
|<br />
| T2K<br />
| 1<br />
| Provides T2KGSC mirror, web & db server<br />
|<br />
|-<br />
| trbsddb-vm.triumf.ca<br />
|<br />
| T2K<br />
| 1<br />
| Provides BSD MySQL Database server<br />
|<br />
|-<br />
| t2kcaldb.triumf.ca<br />
|<br />
| T2K<br />
| 1<br />
| Provides MySQL database for ND280 calibration<br />
|<br />
|-<br />
| t2kcaldb-backup.triumf.ca <br />
|<br />
| T2K<br />
| 1<br />
| Provides MySQL endpoint for calibration database<br />
|<br />
|-<br />
| nd280gsc-backup.triumf.ca <br />
|<br />
| T2K<br />
| 1<br />
| Provides MySQL endpoint for GSC database<br />
|<br />
|<br />
|-<br />
| t2k-fdg-hwdb.triumf.ca<br />
|<br />
| T2K<br />
| 1<br />
| Hosts the FGD hardware database and webserver<br />
|<br />
|<br />
|-<br />
|}</div>
Lindner
https://daq00.triumf.ca/DaqWiki/index.php?title=DAQ_VMs&diff=5458
DAQ VMs
2020-05-20T22:50:26Z
<p>Lindner: </p>
<hr />
<div>The following is a list of virtual machines provided by the Core Computing group which are used by the DAQ group or by related experimental groups.<br />
Many of them are for elog instances.<br />
<br />
{| border="1" <br />
|+<br />
| VM machine name <br />
|Other names<br />
| Group<br />
| VLAN<br />
| Purpose<br />
| Status<br />
|-<br />
| midastestdaq<br />
|<br />
| DAQ<br />
| 1<br />
| Has example MIDAS installation (part of documentation)<br />
| Currently broken<br />
|-<br />
| trdata05<br />
|<br />
| DAQ<br />
| 1<br />
| Provides ~10TB of storage for the DAQ dcache instance.<br />
|<br />
<br />
|-<br />
| ucmsrv0-vm.triumf.ca<br />
| ucnelog<br />
| UCN<br />
| 1<br />
| Providing UCN elog<br />
|<br />
|-<br />
| ucnbackup.triumf.ca<br />
|<br />
| UCN<br />
| 68<br />
| Provides 2TB of storage for raw data backup<br />
|<br />
|-<br />
| ktmserver.triumf.ca<br />
|<br />
| UCN<br />
| 1<br />
| Provides readout and online display for the 1VM4 notch monitor (beamline 1V)<br />
|<br />
|-<br />
| exoelog.triumf.ca<br />
|<br />
| EXO<br />
| 1<br />
| Provides elog for EXO tests<br />
| not really used<br />
|-<br />
| scdms-srv0.triumf.ca<br />
|<br />
| SuperCDMS<br />
| 1<br />
| Testbed for CDMS development on Centos-7; also provides elog.<br />
|<br />
|-<br />
| mpmtelog.triumf.ca<br />
|<br />
| T2K<br />
| 1<br />
| Provides elog for mPMT development<br />
|<br />
|-<br />
| m11elog.triumf.ca<br />
|<br />
| M11<br />
| 1<br />
| Provides elog for M11 beamline<br />
|<br />
|-<br />
| nd280elog-vm<br />
|<br />
| T2K<br />
| 1<br />
| Provides elog for ND280<br />
|<br />
|-<br />
| nd280webservice-vm<br />
|<br />
| T2K<br />
| 1<br />
| Provides various elog services<br />
|<br />
|-<br />
| neut00-vm.triumf.ca<br />
|<br />
| T2K<br />
| 1<br />
| Provides T2KGSC mirror, web & db server<br />
|<br />
|-<br />
| trbsddb-vm.triumf.ca<br />
|<br />
| T2K<br />
| 1<br />
| Provides BSD MySQL Database server<br />
|<br />
|-<br />
| t2kcaldb.triumf.ca<br />
|<br />
| T2K<br />
| 1<br />
| Provides MySQL database for ND280 calibration<br />
|<br />
|-<br />
| t2kcaldb-backup.triumf.ca <br />
|<br />
| T2K<br />
| 1<br />
| Provides MySQL endpoint for calibration database<br />
|<br />
|-<br />
| nd280gsc-backup.triumf.ca <br />
|<br />
| T2K<br />
| 1<br />
| Provides MySQL endpoint for GSC database<br />
|<br />
|<br />
|-<br />
|}</div>
Lindner
https://daq00.triumf.ca/DaqWiki/index.php?title=DAQ_VMs&diff=5457
DAQ VMs
2020-05-20T22:49:20Z
<p>Lindner: </p>
<hr />
<div>The following is a list of virtual machines provided by the Core Computing group which are used by the DAQ group or by related experimental groups.<br />
Many of them are for elog instances.<br />
<br />
{| border="1" <br />
|+<br />
| VM machine name <br />
|Other names<br />
| Group<br />
| VLAN<br />
| Purpose<br />
| Status<br />
|-<br />
| midastestdaq<br />
|<br />
| DAQ<br />
| 1<br />
| Has example MIDAS installation (part of documentation)<br />
| Currently broken<br />
|-<br />
| trdata05<br />
|<br />
| DAQ<br />
| 1<br />
| Provides ~10TB of storage for the DAQ dcache instance.<br />
|<br />
<br />
|-<br />
| ucmsrv0-vm.triumf.ca<br />
| ucnelog<br />
| UCN<br />
| 1<br />
| Providing UCN elog<br />
|<br />
|-<br />
| ucnbackup.triumf.ca<br />
|<br />
| UCN<br />
| 68<br />
| Provides 2TB of storage for raw data backup<br />
|<br />
|-<br />
| ktmserver.triumf.ca<br />
|<br />
| UCN<br />
| 1<br />
| Provides readout and online display for the 1VM4 notch monitor (beamline 1V)<br />
|<br />
|-<br />
| exoelog.triumf.ca<br />
|<br />
| EXO<br />
| 1<br />
| Provides elog for EXO tests<br />
| not really used<br />
|-<br />
| scdms-srv0.triumf.ca<br />
|<br />
| SuperCDMS<br />
| 1<br />
| Testbed for CDMS development on Centos-7; also provides elog.<br />
|<br />
|-<br />
| mpmtelog.triumf.ca<br />
|<br />
| T2K<br />
| 1<br />
| Provides elog for mPMT development<br />
|<br />
|-<br />
| m11elog.triumf.ca<br />
|<br />
| M11<br />
| 1<br />
| Provides elog for M11 beamline<br />
|<br />
|-<br />
| nd280elog-vm<br />
|<br />
| T2K<br />
| 1<br />
| Provides elog for ND280<br />
|<br />
|-<br />
| nd280webservice-vm<br />
|<br />
| T2K<br />
| 1<br />
| Provides various elog services<br />
|<br />
|-<br />
| neut00-vm.triumf.ca<br />
|<br />
| T2K<br />
| 1<br />
| Provides T2KGSC mirror, web & db server<br />
|<br />
|-<br />
| trbsddb-vm.triumf.ca<br />
|<br />
| T2K<br />
| 1<br />
| Provides BSD MySQL Database server<br />
|<br />
|-<br />
| t2kcaldb.triumf.ca<br />
|<br />
| T2K<br />
| 1<br />
| Provides MySQL database for ND280 calibration<br />
|<br />
|-<br />
| trbsddb-vm.triumf.ca<br />
|<br />
| T2K<br />
| 1<br />
| Provides BSD MySQL Database server<br />
|<br />
|-<br />
| t2kcaldb.triumf.ca<br />
|<br />
| T2K<br />
| 1<br />
| Provides MySQL database for ND280 calibration<br />
|<br />
|-<br />
| trbsddb-vm.triumf.ca<br />
|<br />
| T2K<br />
| 1<br />
| Provides BSD MySQL Database server<br />
|<br />
|-<br />
| t2kcaldb.triumf.ca<br />
|<br />
| T2K<br />
| 1<br />
| Provides MySQL database for ND280 calibration<br />
|<br />
|-<br />
|}</div>
Lindner
https://daq00.triumf.ca/DaqWiki/index.php?title=DAQ_VMs&diff=5456
DAQ VMs
2020-04-08T20:23:52Z
<p>Lindner: </p>
<hr />
<div>The following is a list of virtual machines provided by the Core Computing group which are used by the DAQ group or by related experimental groups.<br />
Many of them are for elog instances.<br />
<br />
{| border="1" <br />
|+<br />
| VM machine name <br />
|Other names<br />
| Group<br />
| VLAN<br />
| Purpose<br />
| Status<br />
|-<br />
| midastestdaq<br />
|<br />
| DAQ<br />
| 1<br />
| Has example MIDAS installation (part of documentation)<br />
| Currently broken<br />
|-<br />
| trdata05<br />
|<br />
| DAQ<br />
| 1<br />
| Provides ~10TB of storage for the DAQ dcache instance.<br />
|<br />
<br />
|-<br />
| ucmsrv0-vm.triumf.ca<br />
| ucnelog<br />
| UCN<br />
| 1<br />
| Providing UCN elog<br />
|<br />
|-<br />
| ucnbackup.triumf.ca<br />
|<br />
| UCN<br />
| 68<br />
| Provides 2TB of storage for raw data backup<br />
|<br />
|-<br />
| ktmserver.triumf.ca<br />
|<br />
| UCN<br />
| 1<br />
| Provides readout and online display for the 1VM4 notch monitor (beamline 1V)<br />
|<br />
|-<br />
| exoelog.triumf.ca<br />
|<br />
| EXO<br />
| 1<br />
| Provides elog for EXO tests<br />
| not really used<br />
|-<br />
| scdms-srv0.triumf.ca<br />
|<br />
| SuperCDMS<br />
| 1<br />
| Testbed for CDMS development on Centos-7; also provides elog.<br />
|<br />
|-<br />
| mpmtelog.triumf.ca<br />
|<br />
| T2K<br />
| 1<br />
| Provides elog for mPMT development<br />
|<br />
|-<br />
| m11elog.triumf.ca<br />
|<br />
| M11<br />
| 1<br />
| Provides elog for M11 beamline<br />
|<br />
|-<br />
| nd280elog-vm<br />
|<br />
| T2K<br />
| 1<br />
| Provides elog for ND280<br />
|<br />
|-<br />
| nd280webservice-vm<br />
|<br />
| T2K<br />
| 1<br />
| Provides various elog services<br />
|<br />
|-<br />
| neut00-vm.triumf.ca<br />
|<br />
| T2K<br />
| 1<br />
| Provides T2KGSC mirror, web & db server<br />
|<br />
|-<br />
| trbsddb-vm.triumf.ca<br />
|<br />
| T2K<br />
| 1<br />
| Provides BSD MySQL Database server<br />
|<br />
|-<br />
| t2kcaldb.triumf.ca<br />
|<br />
| T2K<br />
| 1<br />
| Provides MySQL database for ND280 calibration<br />
|<br />
|-<br />
|}</div>
Lindner
https://daq00.triumf.ca/DaqWiki/index.php?title=DAQ_VMs&diff=5455
DAQ VMs
2020-04-08T19:26:20Z
<p>Lindner: </p>
<hr />
<div>The following is a list of virtual machines provided by the Core Computing group which are used by the DAQ group or by related experimental groups.<br />
Many of them are for elog instances.<br />
<br />
{| border="1" <br />
|+<br />
| VM machine name <br />
|Other names<br />
| Group<br />
| Purpose<br />
| VLAN<br />
| Status<br />
|-<br />
| midastestdaq<br />
|<br />
| DAQ<br />
| 1<br />
| Has example MIDAS installation (part of documentation)<br />
| Currently broken<br />
|-<br />
| trdata05<br />
|<br />
| DAQ<br />
| 1<br />
| Provides ~10TB of storage for the DAQ dcache instance.<br />
|<br />
<br />
|-<br />
| ucmsrv0-vm.triumf.ca<br />
| ucnelog<br />
| UCN<br />
| 1<br />
| Providing UCN elog<br />
|<br />
|-<br />
| ucnbackup.triumf.ca<br />
|<br />
| UCN<br />
| 68<br />
| Provides 2TB of storage for raw data backup<br />
|<br />
|-<br />
| ktmserver.triumf.ca<br />
|<br />
| UCN<br />
| 1<br />
| Provides readout and online display for the 1VM4 notch monitor (beamline 1V)<br />
|<br />
|-<br />
| exoelog.triumf.ca<br />
|<br />
| EXO<br />
| 1<br />
| Provides elog for EXO tests<br />
| not really used<br />
|-<br />
| scdms-srv0.triumf.ca<br />
|<br />
| SuperCDMS<br />
| 1<br />
| Testbed for CDMS development on Centos-7; also provides elog.<br />
|<br />
|-<br />
| mpmtelog.triumf.ca<br />
|<br />
| T2K<br />
| 1<br />
| Provides elog for mPMT development<br />
|<br />
|-<br />
| m11elog.triumf.ca<br />
|<br />
| M11<br />
| 1<br />
| Provides elog for M11 beamline<br />
|<br />
|-<br />
| nd280elog-vm<br />
|<br />
| T2K<br />
| 1<br />
| Provides elog for ND280<br />
|<br />
|-<br />
| nd280webservice-vm<br />
|<br />
| T2K<br />
| 1<br />
| Provides various elog services<br />
|<br />
|-<br />
| neut00-vm.triumf.ca<br />
|<br />
| T2K<br />
| 1<br />
| Provides T2KGSC mirror, web & db server<br />
|<br />
|-<br />
| trbsddb-vm.triumf.ca<br />
|<br />
| T2K<br />
| 1<br />
| Provides BSD MySQL Database server<br />
|<br />
|-<br />
| t2kcaldb.triumf.ca<br />
|<br />
| T2K<br />
| 1<br />
| Provides MySQL database for ND280 calibration<br />
|<br />
|-<br />
|}</div>
Lindner
https://daq00.triumf.ca/DaqWiki/index.php?title=DAQ_VMs&diff=5454
DAQ VMs
2020-04-08T19:26:01Z
<p>Lindner: </p>
<hr />
<div>The following is a list of virtual machines provided by the Core Computing group which are used by the DAQ group or by related experimental groups.<br />
Many of them are for elog instances.<br />
<br />
{| border="1" <br />
|+<br />
| VM machine name <br />
|Other names<br />
| Group<br />
| Purpose<br />
| VLAN<br />
| Status<br />
|-<br />
| midastestdaq<br />
|<br />
| DAQ<br />
| 1<br />
| Has example MIDAS installation (part of documentation)<br />
|<br />
|-<br />
| trdata05<br />
|<br />
| DAQ<br />
| 1<br />
| Provides ~10TB of storage for the DAQ dcache instance.<br />
|<br />
<br />
|-<br />
| ucmsrv0-vm.triumf.ca<br />
| ucnelog<br />
| UCN<br />
| 1<br />
| Providing UCN elog<br />
|<br />
|-<br />
| ucnbackup.triumf.ca<br />
|<br />
| UCN<br />
| 68<br />
| Provides 2TB of storage for raw data backup<br />
|<br />
|-<br />
| ktmserver.triumf.ca<br />
|<br />
| UCN<br />
| 1<br />
| Provides readout and online display for the 1VM4 notch monitor (beamline 1V)<br />
|<br />
|-<br />
| exoelog.triumf.ca<br />
|<br />
| EXO<br />
| 1<br />
| Provides elog for EXO tests<br />
| not really used<br />
|-<br />
| scdms-srv0.triumf.ca<br />
|<br />
| SuperCDMS<br />
| 1<br />
| Testbed for CDMS development on Centos-7; also provides elog.<br />
|<br />
|-<br />
| mpmtelog.triumf.ca<br />
|<br />
| T2K<br />
| 1<br />
| Provides elog for mPMT development<br />
|<br />
|-<br />
| m11elog.triumf.ca<br />
|<br />
| M11<br />
| 1<br />
| Provides elog for M11 beamline<br />
|<br />
|-<br />
| nd280elog-vm<br />
|<br />
| T2K<br />
| 1<br />
| Provides elog for ND280<br />
|<br />
|-<br />
| nd280webservice-vm<br />
|<br />
| T2K<br />
| 1<br />
| Provides various elog services<br />
|<br />
|-<br />
| neut00-vm.triumf.ca<br />
|<br />
| T2K<br />
| 1<br />
| Provides T2KGSC mirror, web & db server<br />
|<br />
|-<br />
| trbsddb-vm.triumf.ca<br />
|<br />
| T2K<br />
| 1<br />
| Provides BSD MySQL Database server<br />
|<br />
|-<br />
| t2kcaldb.triumf.ca<br />
|<br />
| T2K<br />
| 1<br />
| Provides MySQL database for ND280 calibration<br />
|<br />
|-<br />
|}</div>
Lindner
https://daq00.triumf.ca/DaqWiki/index.php?title=DAQ_VMs&diff=5453
DAQ VMs
2020-04-08T19:25:11Z
<p>Lindner: </p>
<hr />
<div>The following is a list of virtual machines provided by the Core Computing group which are used by the DAQ group or by related experimental groups.<br />
Many of them are for elog instances.<br />
<br />
{| border="1" <br />
|+<br />
| VM machine name <br />
|Other names<br />
| Group<br />
| Purpose<br />
| VLAN<br />
| Status<br />
|-<br />
| midastestdaq<br />
|<br />
| DAQ<br />
| 1<br />
| Has example MIDAS installation (part of documentation)<br />
|<br />
|-<br />
| trdata05<br />
|<br />
| DAQ<br />
| 1<br />
| Provides ~10TB of storage for the DAQ dcache instance.<br />
|<br />
<br />
|-<br />
| ucmsrv0-vm.triumf.ca<br />
| ucnelog<br />
| UCN<br />
| 1<br />
| Providing UCN elog<br />
|<br />
|-<br />
| ucnbackup.triumf.ca<br />
|<br />
| UCN<br />
| 68<br />
| Provides 2TB of storage for raw data backup<br />
|<br />
|-<br />
| ktmserver.triumf.ca<br />
|<br />
| UCN<br />
| 1<br />
| Provides readout and online display for the 1VM4 notch monitor (beamline 1V)<br />
|<br />
|-<br />
| exoelog.triumf.ca<br />
|<br />
| EXO<br />
| 1<br />
| Provides elog for EXO tests<br />
| not really used<br />
|-<br />
| scdms-srv0.triumf.ca<br />
|<br />
| SuperCDMS<br />
| 1<br />
| Testbed for CDMS development on Centos-7; also provides elog.<br />
|<br />
|-<br />
| mpmtelog.triumf.ca<br />
|<br />
| T2K<br />
| 1<br />
| Provides elog for mPMT development<br />
|<br />
|-<br />
| m11elog.triumf.ca<br />
|<br />
| M11<br />
| 1<br />
| Provides elog for M11 beamline<br />
|<br />
|-<br />
| nd280elog-vm<br />
|<br />
| T2K<br />
| 1<br />
| Provides elog for ND280<br />
|<br />
|-<br />
| nd280webservice-vm<br />
|<br />
| T2K<br />
| 1<br />
| Provides various elog services<br />
|<br />
|-<br />
| neut00-vm.triumf.ca<br />
|<br />
| T2K<br />
| 1<br />
| Provides T2KGSC mirror, web & db server<br />
|<br />
|-<br />
| trbsddb-vm.triumf.ca<br />
|<br />
| T2K<br />
| 1<br />
| Provides BSD MySQL Database server<br />
|<br />
|-<br />
| m11elog.triumf.ca<br />
|<br />
| M11<br />
| 1<br />
| Provides elog for M11 beamline<br />
|<br />
|-<br />
|}</div>
Lindner
https://daq00.triumf.ca/DaqWiki/index.php?title=DAQ_VMs&diff=5452
DAQ VMs
2020-04-08T19:24:01Z
<p>Lindner: </p>
<hr />
<div>The following is a list of virtual machines provided by the Core Computing group which are used by the DAQ group or by related experimental groups.<br />
Many of them are for elog instances.<br />
<br />
{| border="1" <br />
|+<br />
| VM machine name <br />
|Other names<br />
| Group<br />
| Purpose<br />
| VLAN<br />
| Status<br />
|-<br />
| midastestdaq<br />
|<br />
| DAQ<br />
| 1<br />
| Has example MIDAS installation (part of documentation)<br />
|<br />
|-<br />
| trdata05<br />
|<br />
| DAQ<br />
| 1<br />
| Provides ~10TB of storage for the DAQ dcache instance.<br />
|<br />
<br />
|-<br />
| ucmsrv0-vm.triumf.ca<br />
| ucnelog<br />
| UCN<br />
| 1<br />
| Providing UCN elog<br />
|<br />
|-<br />
| ucnbackup.triumf.ca<br />
|<br />
| UCN<br />
| 68<br />
| Provides 2TB of storage for raw data backup<br />
|<br />
|-<br />
| ktmserver.triumf.ca<br />
|<br />
| UCN<br />
| 1<br />
| Provides readout and online display for the 1VM4 notch monitor (beamline 1V)<br />
|<br />
|-<br />
| exoelog.triumf.ca<br />
|<br />
| EXO<br />
| 1<br />
| Provides elog for EXO tests<br />
| not really used<br />
|-<br />
| scdms-srv0.triumf.ca<br />
|<br />
| SuperCDMS<br />
| 1<br />
| Testbed for CDMS development on Centos-7; also provides elog.<br />
|<br />
|-<br />
| mpmtelog.triumf.ca<br />
|<br />
| T2K<br />
| 1<br />
| Provides elog for mPMT development<br />
|<br />
|-<br />
| m11elog.triumf.ca<br />
|<br />
| M11<br />
| 1<br />
| Provides elog for M11 beamline<br />
|<br />
|-<br />
| nd280elog-vm<br />
|<br />
| T2K<br />
| 1<br />
| Provides elog for ND280<br />
|<br />
|-<br />
| nd280webservice-vm<br />
|<br />
| T2K<br />
| 1<br />
| Provides various elog services<br />
|<br />
|-<br />
| m11elog.triumf.ca<br />
|<br />
| M11<br />
| 1<br />
| Provides elog for M11 beamline<br />
|<br />
|-<br />
| m11elog.triumf.ca<br />
|<br />
| M11<br />
| 1<br />
| Provides elog for M11 beamline<br />
|<br />
|-<br />
| m11elog.triumf.ca<br />
|<br />
| M11<br />
| 1<br />
| Provides elog for M11 beamline<br />
|<br />
|-<br />
|}</div>
Lindner
https://daq00.triumf.ca/DaqWiki/index.php?title=DAQ_VMs&diff=5451
DAQ VMs
2020-04-08T19:21:59Z
<p>Lindner: </p>
<hr />
<div>The following is a list of virtual machines provided by the Core Computing group which are used by the DAQ group or by related experimental groups.<br />
Many of them are for elog instances.<br />
<br />
{| border="1" <br />
|+<br />
| VM machine name <br />
|Other names<br />
| Group<br />
| Purpose<br />
| VLAN<br />
| Status<br />
|-<br />
| midastestdaq<br />
|<br />
| DAQ<br />
| 1<br />
| Has example MIDAS installation (part of documentation)<br />
|<br />
|-<br />
| trdata05<br />
|<br />
| DAQ<br />
| 1<br />
| Provides ~10TB of storage for the DAQ dcache instance.<br />
|<br />
<br />
|-<br />
| ucmsrv0-vm.triumf.ca<br />
| ucnelog<br />
| UCN<br />
| 1<br />
| Providing UCN elog<br />
|<br />
|-<br />
| ucnbackup.triumf.ca<br />
|<br />
| UCN<br />
| 68<br />
| Provides 2TB of storage for raw data backup<br />
|<br />
|-<br />
| ktmserver.triumf.ca<br />
|<br />
| UCN<br />
| 1<br />
| Provides readout and online display for the 1VM4 notch monitor (beamline 1V)<br />
|<br />
|-<br />
| exoelog.triumf.ca<br />
|<br />
| EXO<br />
| 1<br />
| Provides elog for EXO tests<br />
| not really used<br />
|-<br />
| scdms-srv0.triumf.ca<br />
|<br />
| SuperCDMS<br />
| 1<br />
| Testbed for CDMS development on Centos-7; also provides elog.<br />
|<br />
|-<br />
| mpmtelog.triumf.ca<br />
|<br />
| T2K<br />
| 1<br />
| Provides elog for mPMT development<br />
|<br />
|-<br />
| m11elog.triumf.ca<br />
|<br />
| M11<br />
| 1<br />
| Provides elog for M11 beamline<br />
|<br />
|-<br />
| m11elog.triumf.ca<br />
|<br />
| M11<br />
| 1<br />
| Provides elog for M11 beamline<br />
|<br />
|-<br />
| m11elog.triumf.ca<br />
|<br />
| M11<br />
| 1<br />
| Provides elog for M11 beamline<br />
|<br />
|-<br />
| m11elog.triumf.ca<br />
|<br />
| M11<br />
| 1<br />
| Provides elog for M11 beamline<br />
|<br />
|-<br />
| m11elog.triumf.ca<br />
|<br />
| M11<br />
| 1<br />
| Provides elog for M11 beamline<br />
|<br />
|-<br />
| m11elog.triumf.ca<br />
|<br />
| M11<br />
| 1<br />
| Provides elog for M11 beamline<br />
|<br />
|-<br />
|}</div>
Lindner
https://daq00.triumf.ca/DaqWiki/index.php?title=SLinstall&diff=2278
SLinstall
2020-01-22T19:54:41Z
<p>Lindner: /* Configure HTTPS server (CentOS7) */</p>
<hr />
<div>== Notes ==<br />
<br />
* these instructions are periodically updated to include items needed for older/newer versions of Linux. They are marked like this: (SL4.2+) means Scientific Linux 4.2 and newer; (SL4 is equivalent to FC3). (FC5 only) means Fedora Core 5; etc.<br />
* obsolete items are marked by the "#" sign at the beginning of the line and sometimes have a comment about the reason for removal.<br />
* typically, we do not "upgrade" machines using the Red Hat "upgrade" function. Instead, we save critical files from the old installation and do a "fresh install" from scratch<br />
* starting with RHEL7, the recommended OS is CentOS7 (instead of SL7).<br />
<br />
== Disk configurations ==<br />
<br />
The year is 2019 and SSDs are used exclusively, except for bulk data storage, where one used 6-8-10-12 TB HDDs<br />
<br />
For reliability, home directories and data disks must use redundant storage - mdadm raid1 or ZFS raid1/raid6.<br />
<br />
For non-critical machines, a single SSD seems to be reliable enough to use as a boot and OS disk. But since any<br />
storage device can fail at any time without warning, home directories and data disks should use redundant storage.<br />
<br />
Note: for data disks bigger than 4-6TB, mdadm raid1/raid6 is no longer recommended because raid rebuild,<br />
verification and repair time has become unreasonably long. Instead, use ZFS raid1/raid6 which implements online verification,<br />
repair and disk replacement without requiring machine shutdown or OS down time.<br />
<br />
* single SSD - 120GB min - single partition for "/", no swap partition (create a swap file if swap is needed) - for non-critical machine with no local data storage (OS only)<br />
* dual SSD - 2x240GB min - all partitions mirrored (RAID1), 30GB "/", rest for /home1 - for daq station with local user home directories and no bulk data storage<br />
* single SSD + 2x6-8-10-12TB HDD - SSD partition: all "/", HDD partition as ZFS raid1 (mirrored) - for daq station with small local bulk data storage<br />
* single SSD + 6-8x6-8-10-12TB HDD - for small storage server machines - for daq station with local home directories and large bulk data storage.<br />
<br />
For VME processors:<br />
<br />
* network boot - [[VME-CPU#Network_boot]] - only option for V7648/V7750, do not use for V7805 (no netboot from GigE), optional for V7865/XVB-602<br />
* USB boot - 8GB USB for V7805, 16GB USB for V7865/XVB-602<br />
<br />
== Preparation ==<br />
<br />
* save /etc, /var, /root, /opt, (if needed: /usr/local, /tftpboot) by rsync to some data disk (/ladd/data0/root)<br />
* check that "/" partition (it will be overwritten) is different from /home1 and /data partitions<br />
* note the MAC addresses of all network interfaces, add them to ladd00 dhcpd.conf to enable PXE boot into the SL "network installer"<br />
* shutdown<br />
<br />
== Running installer (CentOS7) ==<br />
<br />
CentOS7 can be installed from vanilla CentOS7 installation media or from<br />
a custom USB key build per there instructions:<br />
https://daqshare.triumf.ca/~olchansk/linux/CentOS7/<br />
<br />
The custom installer makes it easy to use a custom kickstart file (ks.cfg).<br />
<br />
Instructions for using the usb-installer:<br />
<br />
* disconnect machine from network<br />
* plug the usb-installer into a usb3 port (blue colour)<br />
* reboot machine, select booting from usb (press F8 on ASUS motherboards)<br />
* usb-installer boot menu offers to install CentOS7, go there<br />
* CentOS7 should boot (many messages scroll on screen)<br />
* into graphical mode<br />
* into installer main menu<br />
* all installer options should "happy" except for the "installation destination"<br />
* go to the "installation destination" menu<br />
** unselect all disks except for the SSD where the OS will be installed<br />
** (MOST IMPORTANT: unselect the USB installer disk!)<br />
** select "I will configure..."<br />
** say "done"<br />
** the "manual partitionning" menu will open<br />
*** use the "-" button to delete all existing partitions<br />
*** select "standard partition"<br />
*** click on the "+" button<br />
*** in the "Add new partition" dialog, set mount point "/", capacity blank, click "add mount point"<br />
*** check capacity (should be full size of SSD), check filesystem type (should be XFS)<br />
*** say "done", there will be a warning about absent swap partition, say "done" again.<br />
*** in the big useless dialog, say "accept changes"<br />
*** should be back to the "installation summary" screen, "installation destination" should be happy now<br />
* after everything is happy, say "begin installation"<br />
* as the installation proceeds, set the password for the root user<br />
* after installation is complete, reboot the machine<br />
* unplug the usb-installer, CentOS7 should boot from SSD into the login screen<br />
* click on "not listed?", login as root<br />
* setup network connection:<br />
** open a terminal<br />
** start "nm-connection-editor"<br />
** click on "+" to create a new connection profile<br />
** select "wired ethernet"<br />
** select "add profile..."<br />
** in "Identity", set "name" to "static"<br />
** in "Identity", check that "Connect automatically" and "Make available..." is enabled<br />
** in "IPv4", set "Addresses" to "manual" instead of "dhcp"<br />
** enter IP address, netmask 255.255.224.0, gateway 142.90.100.18, dns 142.90.100.19, search triumf.ca<br />
** say "Add", then close/quit the network settings<br />
* connect network cable<br />
* network should be up, ping ladd00 should work<br />
* run: yum update -y<br />
* check new kernel is installed: ls -l /boot<br />
* logout and restart (good luck finding these buttons in the gui!)<br />
* confirm correct linux kernel is selected during boot (-229.20, not the original installer kernel)<br />
* login as root, confirm network is up, proceed with the rest of these instructions<br />
<br />
== Configure SSH ==<br />
<br />
(+CentOS7)<br />
<br />
* Login from the console<br />
* restore the SSH keys from backup (/etc/ssh/*key*)<br />
* service sshd restart<br />
* ssh into the new machine as root<br />
* ssh root@localhost, ctrl-C<br />
* ### this is done later from Konstantin's git repository - scp root@ladd00:/root/authorized_keys ~root/.ssh/<br />
* (not needed for SL5.5 kickstart) check that /etc/ssh/ssh_config contains "ForwardX11 yes" and "ForwardX11Trusted yes":<br />
<pre><br />
echo " ForwardX11 yes" >> /etc/ssh/ssh_config<br />
echo " ForwardX11Trusted yes" >> /etc/ssh/ssh_config<br />
</pre><br />
<br />
== Post installation CentOS7 ==<br />
<br />
Set hostname: (use full name, i.e. daq11.triumf.ca)<br />
<pre><br />
emacs -nw /etc/hostname<br />
</pre><br />
<br />
<pre><br />
echo "olchansk@triumf.ca amaudruz@triumf.ca lindner@triumf.ca bsmith@triumf.ca" >> ~root/.forward<br />
chmod a+r /var/log/messages<br />
chmod a+r /var/log/yum.log<br />
</pre><br />
<br />
Activate rc.local:<br />
<pre><br />
chmod a+x /etc/rc.local<br />
chmod a+x /etc/rc.d/rc.local # TL edit<br />
systemctl start rc-local<br />
systemctl status rc-local<br />
</pre><br />
<br />
== Disable "persistent network names" (DO NOT DO THIS) ==<br />
<br />
<pre><br />
/bin/touch /etc/udev/rules.d/75-persistent-net-generator.rules<br />
/bin/rm /etc/udev/rules.d/70-persistent-net.rules<br />
#shutdown -r now<br />
</pre><br />
<br />
== Configure NIS client (CentOS7) ==<br />
<br />
<pre><br />
yum -y install ypbind authconfig<br />
echo "NISTIMEOUT=5" >> /etc/sysconfig/network<br />
echo "NETWORKWAIT=yes" >> /etc/sysconfig/network<br />
authconfig --enablenis --enablepreferdns --nisdomain LADD-NIS --nisserver ladd00.triumf.ca --update<br />
ypwhich<br />
ypcat -k passwd<br />
systemctl restart autofs<br />
</pre><br />
* On the master NIS node (ladd00), add this new node to /etc/netgroup, and update NIS maps (cd /var/yp; make)<br />
* Use "system-config-users" to add local user accounts<br />
* enable selinux ssh key login to nfs mounted home directories:<br />
<pre><br />
setsebool -P use_nfs_home_dirs 1<br />
</pre><br />
<br />
== Configure NIS secondary server (CentOS7) ==<br />
<br />
Enable local NIS server, make local machine use it:<br />
<br />
<pre><br />
yum -y install ypserv<br />
/usr/lib64/yp/ypinit -s ladd00 ### (/usr/lib/yp/ypinit on 32-bit machines)<br />
systemctl enable rpcbind ypserv ypxfrd yppasswdd<br />
systemctl start rpcbind ypserv ypxfrd yppasswdd<br />
emacs -nw /etc/yp.conf # change "domain XXX server YYY.triumf.ca" to read "domain XXX server localhost"<br />
systemctl restart ypbind<br />
ypwhich # should say "localhost"<br />
ypcat -k auto.master # should work<br />
</pre><br />
<br />
Punch hole in the firewall: (or "make" on NIS master will complain)<br />
<br />
<pre><br />
echo YPSERV_ARGS=\"-p 800\" >> /etc/sysconfig/network<br />
systemctl restart ypserv<br />
firewall-cmd --get-services<br />
firewall-cmd --add-service rpc-bind --permanent<br />
firewall-cmd --add-port=800/tcp --add-port=800/udp --permanent<br />
firewall-cmd --reload<br />
firewall-cmd --list-all<br />
</pre><br />
<br />
* on the NIS master:<br />
** add the new machine to /var/yp/ypservers, run "make -C /var/yp" and also "cd /var/yp; yppush -h newmachine ypservers"<br />
** if using /var/yp/securenets, copy it from NIS master to new NIS secondary server<br />
<br />
Enable hourly NIS update cron job (DO THIS AFTER git pull scripts, see below)<br />
<br />
<pre><br />
cd ~/git/scripts<br />
git pull<br />
cd etc<br />
cd ~/git/scripts/etc; ln -s $PWD/ypxfr-cron-hourly /etc/cron.hourly<br />
</pre><br />
<br />
== Configure AUTOFS (CentOS7) ==<br />
<br />
<pre><br />
yum -y install autofs<br />
systemctl enable autofs<br />
systemctl start autofs<br />
ls -l /daq/daqshare<br />
</pre><br />
<br />
<br />
<br />
== Label Selinux labels ==<br />
<br />
When upgrading non-selinux machines (el6) to el7 (selinux enforcing) the existing<br />
user home directories will not have the correct selinux labels and many things<br />
will not work, including ssh logins (sshd cannot access ~user/.ssh files).<br />
<br />
<pre><br />
semanage fcontext -a -e /home /home1 ### selinux has special rules for /home, assign them to /home1<br />
restorecon -R -v /home1 ### apply the new rules to files in /home1<br />
ls -Zd /home1/alpha/.ssh<br />
# should say: drwx------. alpha users system_u:object_r:ssh_home_t:s0 /home1/alpha/.ssh<br />
</pre><br />
<br />
== Configure time (CentOS7) ==<br />
<br />
Time server ntpd was replaced by chronyd.<br />
<br />
<pre><br />
yum -y install chrony<br />
echo server time1 iburst >> /etc/chrony.conf<br />
echo server time2 iburst >> /etc/chrony.conf<br />
echo server time3 iburst >> /etc/chrony.conf<br />
systemctl enable chronyd<br />
systemctl restart chronyd<br />
chronyc sources<br />
chronyc tracking<br />
</pre><br />
<br />
* if desired, edit /etc/chrony.conf, remove non-triumf time servers<br />
<br />
== Enable automatic system updates (CentOS7) ==<br />
<br />
Disable yum-cron:<br />
<br />
<pre><br />
rpm --erase yum-cron<br />
/bin/rm -v /var/lock/subsys/yum-cron<br />
/bin/rm -v /etc/cron.daily/0yum-daily.cron<br />
/bin/rm -v /etc/cron.hourly/0yum-hourly.cron<br />
</pre><br />
<br />
Enable yum-autoupdate:<br />
<br />
<pre><br />
yum install -y epel-release<br />
yum install -y yum-changelog yum-protectbase yum-tsflags yum-versionlock<br />
rpm -vh --install http://linuxsoft.cern.ch/cern/centos/7.2/cern/x86_64/Packages/yum-kernel-module-1-5.el7.cern.noarch.rpm<br />
rpm -vh --install http://linuxsoft.cern.ch/cern/centos/7.2/cern/x86_64/Packages/yum-autoupdate-4.4.2-1.el7.cern.noarch.rpm<br />
#rpm -vh --install https://daqshare.triumf.ca/~olchansk/linux/yum-autoupdate-4.4.2-1.el7.cern.noarch.rpm https://daqshare.triumf.ca/~olchansk/linux/yum-kernel-module-1-5.el7.cern.noarch.rpm<br />
systemctl enable yum-autoupdate<br />
systemctl start yum-autoupdate<br />
systemctl status yum-autoupdate<br />
</pre><br />
<br />
== Disable automatic system updates (CentOS7) ==<br />
<br />
<pre><br />
yum -y erase yum-autoupdate<br />
/bin/rm -f /etc/sysconfig/yum-autoupdate.rpmsave<br />
/bin/rm -f /var/lock/subsys/yum-autoupdate<br />
</pre><br />
<br />
== Configure system services (CentOS7) ==<br />
<br />
* systemctl list-unit-files | grep enabled | sort ### (to see enabled services)<br />
* disable unwanted services:<br />
<pre><br />
systemctl disable bluetooth<br />
systemctl disable dm-event<br />
systemctl disable dmraid-activation<br />
systemctl disable iscsid<br />
systemctl disable iscsi<br />
systemctl disable iscsiuio<br />
systemctl disable libvirtd<br />
systemctl disable lvm2-lmetad<br />
systemctl disable lvm2-monitor<br />
systemctl disable ModemManager<br />
systemctl disable multipathd<br />
systemctl disable netcf-transaction<br />
systemctl disable lvm2-lvmetad.socket<br />
systemctl disable lvm2-lvmpolld.socket<br />
systemctl disable iscsid.socket<br />
systemctl disable iscsiuio.socket<br />
#systemctl disable <br />
</pre><br />
<br />
== Erase unwanted packages (CentOS7) ==<br />
<br />
* PackageKit # bugs users about security updates, hogs yum lock<br />
* perl-homedir # creates unwanted $HOME/perl5<br />
* ModemManager # thinks that all USB-attached devices are modems<br />
* pcp # sends error email to itself, does not work<br />
* abrt # sends email to root about useless crashes, i.e. crash of X when machine is rebooted<br />
* rear # some kind of backup and recovery tool, not clear what it does, but it sends email complaining how it is broken<br />
* bash-completion # "echo $HOME/<TAB>" becomes "echo \$HOME" (notice "\" added before "$") preventing tab-completion from doing anything useful.<br />
<br />
<pre><br />
yum -y erase PackageKit perl-homedir ModemManager pcp abrt abrt-libs abrt-gui-libs rear bash-completion<br />
</pre><br />
<br />
== Disable unwanted package "tracker" ==<br />
<br />
The "tracker" package is part of the GNOME desktop, it scans the content of all files<br />
into a database for quick searching.<br />
<br />
When it malfunctions, bad things happen, i.e. read through<br />
https://bugzilla.redhat.com/show_bug.cgi?id=747689<br />
<br />
Specific problem I see is that it floods the system log with error messages. Also <br />
consumes network and filesystem bandwidth for NFS mounted home directories.<br />
<br />
This package cannot be removed by "yum erase tracker" dues to dependencies<br />
from core GNOME desktop.<br />
<br />
Instead, do this to deactivate it:<br />
<br />
<pre><br />
chmod -x /usr/libexec/tracker-*<br />
chmod -x /usr/bin/tracker<br />
chattr +i /usr/bin/tracker<br />
chattr +i /usr/libexec/tracker-*<br />
</pre><br />
<br />
== Configure external package repositories (CentOS7) ==<br />
<br />
EPEL: (addtional packages)<br />
<pre><br />
yum install epel-release<br />
</pre><br />
<br />
ELREPO: (kernel modules and drivers) (CentOS8)<br />
<pre><br />
yum install elrepo-release<br />
</pre><br />
<br />
ELREPO: (kernel drivers)<br />
<pre><br />
rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org<br />
rpm -Uvh https://www.elrepo.org/elrepo-release-7.0-2.el7.elrepo.noarch.rpm<br />
yum -y install yum-plugin-fastestmirror<br />
</pre><br />
<br />
== Install packages needed to continue with installation ==<br />
<br />
(+CentOS7)<br />
<br />
(these packages are sometimes missing, they are needed to follow following instructions instructions)<br />
<br />
(SL6.5: libotf is a dependancy of emacs - SL6.5 installer fails to install it)<br />
<br />
<pre><br />
yum install ed patch wget git libotf gdisk emacs perl<br />
</pre><br />
<br />
== Configure Konstantin's scripts ==<br />
<br />
(+Centos7)<br />
<br />
<pre><br />
mkdir ~root/git<br />
cd ~root/git<br />
git clone http://ladd00.triumf.ca/~olchansk/git/scripts.git<br />
cd scripts<br />
git pull<br />
</pre><br />
<br />
Go back to the NIS slave server and install the hourly NIS update cron job.<br />
<br />
== Enable yum version lock ==<br />
<br />
<pre><br />
yum install yum-plugin-versionlock<br />
#yum versionlock packagename # yum versionlock rpcbind<br />
#yum versionlock list # list locked packages<br />
#yum versionlock delete packagename # unlock given package<br />
#yum versionlock clear # delete all locks<br />
</pre><br />
<br />
== Configure trusted ssh keys ==<br />
<br />
(+CentOS7)<br />
<br />
<pre><br />
ssh localhost<br />
interrupt by Ctrl-C<br />
/bin/cp ~/git/scripts/etc/authorized_keys ~/.ssh/<br />
</pre><br />
<br />
== Configure hardware sensors ==<br />
<br />
* yum -y install lm_sensors<br />
* sensors-detect (accept default answer to all questions - press ENTER)<br />
* systemctl restart lm_sensors<br />
* sensors (to see available sensors)<br />
<br />
If no sensors are detected by standard drivers, follow motherboard-specific instructions at the bottom of this page.<br />
<br />
== Configure IPMI sensors ==<br />
<br />
Some machines support the IPMI interface for monitoring the hardware: fan speeds, temperatures, voltages.<br />
<br />
* find out if IPMI is supported. Try this:<br />
<pre><br />
dmidecode | grep -i ipmi<br />
</pre><br />
if output is not blank, IPMI is maybe supported.<br />
* install and enable IPMI software:<br />
<pre><br />
yum install "OpenIPMI*" ipmitool<br />
service ipmi start<br />
ipmitool sensor ### to confirm IPMI is present. If output is blank, do not go further.<br />
chkconfig ipmi on<br />
chkconfig ipmievd on<br />
service ipmi restart<br />
service ipmievd restart<br />
tail -100 /var/log/messages ### look at messages logged by ipmievd<br />
</pre><br />
* (CentOS7) install and enable IPMI software:<br />
<pre><br />
yum install "OpenIPMI*" ipmitool<br />
systemctl start ipmi<br />
ipmitool sensor ### to confirm IPMI is present. If output is blank, do not go further.<br />
systemctl list-unit-files | grep -i ipmi<br />
systemctl enable ipmi<br />
systemctl restart ipmi<br />
systemctl status ipmi<br />
systemctl enable ipmievd<br />
systemctl restart ipmievd<br />
systemctl status ipmievd<br />
tail -100 /var/log/messages ### look at messages logged by ipmievd<br />
</pre><br />
<br />
* if ipmievd complains about SEL buffer overflow, clear it manually:<br />
<pre><br />
ipmitool sel list ### show ipmi messages in raw format<br />
ipmitool sel elist ### show ipmi messages in useful format<br />
ipmitool sel elist > file ### save ipmi messages into a file<br />
ipmitool sel clear ### clear all accumulated ipmi messages<br />
</pre><br />
<br />
* useful ipmi commands:<br />
** ipmitool sensor -- read hardware sensors<br />
** ipmitool sel elist -- report all accumulated messages<br />
<br />
== Configure ECC memory ==<br />
<br />
* check that machine has ECC memory: dmidecode --type memory | grep -i ecc<br />
<br />
Configure mcelog (machine check exception)<br />
<br />
* yum install mcelog<br />
* check that mcelog is running: ps -efw | grep mcelog<br />
* (el6) chkconfig mcelogd on; service mcelogd restart<br />
* (el7) systemctl status mcelog.service; systemctl enable mcelog.service; systemctl restart mcelog.service<br />
<br />
Check for MCE (machine check exception) messages:<br />
<br />
* mcelog --client<br />
* grep -i mce /var/log/messages*<br />
* grep -i ecc /var/log/messages*<br />
<br />
Configure EDAC<br />
<br />
<pre><br />
yum install edac-utils<br />
edac-ctl --mainboard<br />
edac-ctl --status<br />
lsmod | grep edac<br />
modprobe ie31200_edac ### driver for Intel E3-1200 series ECC memory<br />
<br />
[root@grsmid00 ~]# ls -l /sys/devices/system/edac/mc/<br />
... empty<br />
<br />
[root@alpha00 ~]# ls -l /sys/devices/system/edac/mc/<br />
drwxr-xr-x. 15 root root 0 Oct 25 16:40 mc0<br />
...<br />
[root@alpha00 ~]# ls -l /sys/devices/system/edac/mc/mc0<br />
total 0<br />
-r--r--r--. 1 root root 4096 Oct 25 16:40 ce_count<br />
-r--r--r--. 1 root root 4096 Oct 25 16:40 ce_noinfo_count<br />
drwxr-xr-x. 3 root root 0 Oct 25 16:40 csrow0<br />
drwxr-xr-x. 3 root root 0 Oct 25 16:40 csrow1<br />
drwxr-xr-x. 3 root root 0 Oct 25 16:40 csrow2<br />
drwxr-xr-x. 3 root root 0 Oct 25 16:40 csrow3<br />
-r--r--r--. 1 root root 4096 Oct 25 16:40 max_location<br />
-r--r--r--. 1 root root 4096 Oct 25 16:40 mc_name<br />
drwxr-xr-x. 2 root root 0 Oct 25 16:40 power<br />
drwxr-xr-x. 3 root root 0 Oct 25 16:40 rank0<br />
drwxr-xr-x. 3 root root 0 Oct 25 16:40 rank1<br />
drwxr-xr-x. 3 root root 0 Oct 25 16:40 rank2<br />
drwxr-xr-x. 3 root root 0 Oct 25 16:40 rank3<br />
drwxr-xr-x. 3 root root 0 Oct 25 16:40 rank4<br />
drwxr-xr-x. 3 root root 0 Oct 25 16:40 rank5<br />
drwxr-xr-x. 3 root root 0 Oct 25 16:40 rank6<br />
drwxr-xr-x. 3 root root 0 Oct 25 16:40 rank7<br />
--w-------. 1 root root 4096 Oct 25 16:40 reset_counters<br />
-r--r--r--. 1 root root 4096 Oct 25 16:40 seconds_since_reset<br />
-r--r--r--. 1 root root 4096 Oct 25 16:40 size_mb<br />
lrwxrwxrwx. 1 root root 0 Oct 2 12:02 subsystem -> ../../../../../bus/mc0<br />
-r--r--r--. 1 root root 4096 Oct 25 16:40 ue_count<br />
-r--r--r--. 1 root root 4096 Oct 25 16:40 ue_noinfo_count<br />
-rw-r--r--. 1 root root 4096 Oct 25 16:40 uevent<br />
[root@alpha00 ~]# <br />
<br />
[root@alpha00 ~]# edac-ctl --status<br />
edac-ctl: drivers are loaded.<br />
<br />
[root@alpha00 ~]# edac-util <br />
edac-util: No errors to report.<br />
</pre><br />
<br />
== Configure SMARTD (CentOS7) ==<br />
<br />
Default el7 smartd config files send deficient email notices about disk failures. Overwrite.<br />
<br />
<pre><br />
/bin/cp ~/git/scripts/etc/smartd.conf /etc/smartmontools/<br />
/bin/cp ~/git/scripts/etc/smartd_warning.sh /etc/smartmontools/<br />
systemctl enable smartd<br />
systemctl restart smartd<br />
systemctl status smartd<br />
</pre><br />
<br />
== Enable User Disk Quotas (OPTIONAL) ==<br />
<br />
(+CentOS7)<br />
<br />
* read http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Storage_Administration_Guide/ch-disk-quotas.html<br />
* emacs -nw /etc/fstab, add "grpquota,usrquota" to filesystem options, e.g.:<br />
<pre><br />
[root@isdaq00 home1]# grep quota /etc/fstab<br />
UUID=5a2aefbd-45db-475e-841e-12ec89220fbd /home1 ext4 defaults,grpquota,usrquota 1 2<br />
</pre><br />
* cd /; umount /home1; mount /home1<br />
* quotacheck -cug /home1<br />
* quotacheck -avug<br />
* quotaon -av<br />
* quota system is now active<br />
* increase the soft quota time limit from default 7days to 30 or 60 days: edquota -t<br />
* set quotas for all users (see below)<br />
* setup warnquota:<br />
** create warnquota config file: emacs -nw /etc/warnquota.conf<br />
<pre><br />
# values can be quoted:<br />
MAIL_CMD = "/usr/sbin/sendmail -t"<br />
FROM = root<br />
SUBJECT = User %i@%h exceeded allocated disk quota<br />
CC_TO = "root"<br />
# If you set this variable CC will be used only when user has less than<br />
# specified grace time left (examples of possible times: 5 seconds, 1 minute,<br />
# 12 hours, 5 days)<br />
# CC_BEFORE = 2 days<br />
SUPPORT = "root"<br />
# Text in the beginning of the mail (if not specified, default text is used)<br />
# This way text can be split to more lines<br />
# Line breaks are done by '|' character<br />
# The expressions %i, %h, %d, and %% are substituted for user/group name,<br />
# host name, domain name, and '%' respectively. For backward compatibility<br />
# %s behaves as %i but is deprecated.<br />
MESSAGE = User "%i" on "%h" has exceeded the allocated disk quota.||Please delete any unnecessary files on following filesystems or|contact the system administrato<br />
r to increase your quota allocation:|<br />
SIGNATURE = --|automated email from warnquota<br />
</pre><br />
** note that %i@%h in the SUBJECT line do not seem to work<br />
** create cron job: emacs -nw /etc/cron.daily/warnquota<br />
<pre><br />
#!/bin/sh<br />
warnquota<br />
#end<br />
</pre><br />
** chmod a+x /etc/cron.daily/warnquota<br />
** touch /etc/crontab<br />
<br />
Useful commands for managing quotas:<br />
* repquota -a | sort -n -k3 ### show quota of all users sorted by disk usage<br />
* edquota -u username ### open "vi" editor to change user quotas<br />
* repquote -a | grep username ### report quota for given user<br />
* setquota -u username 0 0 0 0 /home1 ### disable quotas for given user<br />
* setquota -u username 50000000 100000000 0 0 /home1 ### set quotas for 50GB soft and 100GB hard<br />
* edquota -t ### change user quota time limits<br />
* edquote -tg ### change group quota time limits<br />
<br />
== Enable NFS V4 server (CentOS7) ==<br />
<br />
* create /etc/exports. example: (fsid numbers should be unique and increase 1,2,3,...)<br />
<pre><br />
/home1 @home_export(rw,no_root_squash,async,fsid=1)<br />
/data1 @data_export(rw,no_root_squash,async,fsid=2)<br />
</pre><br />
* check the netgroup file<br />
** if using NIS: check NIS netgroup: ypcat -k netgroup<br />
** if no NIS, create /etc/netgroup: @daqmachines (deap00,,) (deap01,,) (deap02,,)<br />
** if no NIS, edit /etc/nsswitch.conf, make the netgrooup line read: "netgroup: files"<br />
* enable things, start them:<br />
<pre><br />
firewall-cmd --get-services<br />
firewall-cmd --permanent --add-service=nfs<br />
firewall-cmd --reload<br />
firewall-cmd --list-all<br />
systemctl enable nfs-server<br />
systemctl start nfs-server<br />
systemctl status nfs<br />
</pre><br />
<br />
== Enable NFS V3 server (CentOS7) ==<br />
<br />
<pre><br />
ps -efw | grep rpc.mountd # should be running!<br />
firewall-cmd --get-services<br />
firewall-cmd --permanent --add-service=mountd<br />
firewall-cmd --permanent --add-service=rpc-bind<br />
firewall-cmd --reload<br />
firewall-cmd --list-all<br />
</pre><br />
<br />
== Enable NFS V3 server ==<br />
<br />
* edit /etc/hosts.allow, add or uncomment "mountd: 142.90.0.0/255.255.0.0"<br />
* create /etc/exports. example:<br />
<pre><br />
/home1 @home_export(rw,no_root_squash,async)<br />
/data1 @data_export(rw,no_root_squash,async)<br />
</pre><br />
* check the netgroup file<br />
** if using NIS: check NIS netgroup: ypcat -k netgroup<br />
** if no NIS, create /etc/netgroup: @daqmachines (deap00,,) (deap01,,) (deap02,,)<br />
** if no NIS, edit /etc/nsswitch.conf, make the netgrooup line read: "netgroup: files"<br />
* chkconfig nfs on<br />
* chkconfig nfslock on<br />
* service nfs restart<br />
<br />
Then on ladd00 need to do<br />
* ssh to root@ladd00<br />
* edit /etc/auto.daq to add new machine...<br />
* make -C /var/yp<br />
<br />
== Enable NFS V4 SERVER (SL6) ==<br />
<br />
* if used with NIS, same as NFSv3<br />
* if used as standalone, need to edit idmapd.conf - set the "Domain" name to the same value on NFS server and NFS slave (default automagically determined value does not always work). More TBW.<br />
<br />
== Enable AMANDA backups ==<br />
<br />
AMANDA backups are already enabled by TRIUMF kickstart installs. For non-kickstart installation, follow instructions at [[http://amanda/~amanda http://amanda/~amanda]], or look at "/triumfcs/trshare/olchansk/linux/amanda/amanda-enable.perl". As final step, use [[https://helpdesk.triumf.ca https://helpdesk.triumf.ca]] to contact TRIUMF CS to add this new machine to the amanda backup list.<br />
<br />
* yum install triumf-amanda<br />
<br />
== Enable AMANDA backups (CentOS7) ==<br />
<br />
<pre><br />
yum install amanda-client<br />
systemctl list-unit-files | grep -i amanda<br />
#systemctl enable amanda<br />
systemctl enable amanda.socket<br />
systemctl enable amanda-udp.socket<br />
systemctl restart amanda.socket<br />
systemctl restart amanda-udp.socket<br />
firewall-cmd --get-services<br />
firewall-cmd --permanent --add-service=amanda-client<br />
firewall-cmd --reload<br />
firewall-cmd --list-all<br />
echo amanda.triumf.ca amanda amdump >> /var/lib/amanda/.amandahosts<br />
</pre><br />
<br />
On amanda server, add new machine to the disklist, then:<br />
<br />
<pre><br />
amcheck -c daily titan00<br />
</pre><br />
<br />
== Enable DCACHE ==<br />
<br />
DAQ dcache server is mounted as<br />
<br />
/daq/pnfs/triumf.ca/data/<br />
<br />
For Centos-7 machines, you need to adjust the firewall rules in order to be able to communicate with the trdata machines; this is only necessary if you are copying data to trdata. The firewall changes are<br />
<br />
<pre><br />
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="142.90.100.212/32" port protocol="tcp" port="0-65535" accept"<br />
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="142.90.107.156/32" port protocol="tcp" port="0-65535" accept"<br />
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="142.90.100.219/32" port protocol="tcp" port="0-65535" accept"<br />
firewall-cmd --reload<br />
firewall-cmd --list-all<br />
</pre><br />
<br />
This instructions are unnecessary <br />
* # mkdir -p /pnfs<br />
* # edit /etc/rc.local, add to the end of file: "mount -o intr,rw,noac,hard,nfsvers=3 trdata00:/pnfs /pnfs &"<br />
* # . /etc/rc.local<br />
<br />
For more information on, see [[TrdataDcache]] dcache page.<br />
<br />
== Configure Ganglia (Centos7) ==<br />
<br />
CentOS7 Ganglia instructions (EPEL7 ganglia-3.7.2)<br />
<br />
<pre><br />
/bin/rm /etc/gmond.conf<br />
yum -y install "ganglia-gmond*"<br />
/bin/cp -v /dev/null /etc/ganglia/conf.d/multicpu.conf # collects useless data<br />
/bin/cp -v /dev/null /etc/ganglia/conf.d/netstats.pyconf # spews errors into syslog<br />
/bin/cp -v /dev/null /etc/ganglia/conf.d/diskstat.pyconf # collects useless data<br />
/bin/cp -v /dev/null /etc/ganglia/conf.d/procstat.pyconf # do not create /tmp/gmond.conf<br />
/bin/cp ~/git/scripts/etc/gmond.conf /etc/ganglia/gmond.conf<br />
systemctl enable gmond<br />
systemctl restart gmond<br />
systemctl status gmond<br />
</pre><br />
<br />
== Configure TRIUMF DAQ packages ==<br />
<br />
(+CentOS7)<br />
<br />
<pre><br />
cd /etc/yum.repos.d<br />
wget http://daq.triumf.ca/~daqweb/yum/triumf-daq.repo<br />
</pre><br />
<br />
== Install Konstantin's packages ==<br />
<br />
(+CentOS7)<br />
<br />
<pre><br />
yum --disablerepo=\* --enablerepo=triumf-daq --skip-broken install diskscrub emailonreboot monitor_nfs "ganglia-*" triumf_nodeinfo<br />
</pre><br />
<br />
== Install memtest and PXE boot ==<br />
<br />
!!!DO NOT DO THIS!!!<br />
<br />
<pre><br />
cd /boot<br />
wget http://ladd00.triumf.ca/tftpboot/memtest86+-5.01.bin.gz<br />
wget http://ladd00.triumf.ca/tftpboot/memtest86+-4.20.bin.gz<br />
wget http://ladd00.triumf.ca/tftpboot/memtest86+-4.10<br />
wget http://ladd00.triumf.ca/tftpboot/gpxe-1.0.1+-gpxe.lkrn<br />
<br />
emacs -nw /boot/grub/grub.conf<br />
title memtest86+-5.01<br />
root (hd0,0)<br />
kernel /boot/memtest86+-5.01.bin.gz<br />
title memtest86+-4.20<br />
root (hd0,0)<br />
kernel /boot/memtest86+-4.20.bin.gz<br />
title memtest86+-4.10<br />
root (hd0,0)<br />
kernel /boot/memtest86+-4.10<br />
title pxeboot<br />
root (hd0,0)<br />
kernel /boot/gpxe-1.0.1+-gpxe.lkrn<br />
</pre><br />
<br />
== Install node monitoring ==<br />
<br />
(+CentOS7)<br />
<br />
<pre><br />
yum --disablerepo=\* --enablerepo=triumf-daq --skip-broken install triumf_nodeinfo<br />
/usr/sbin/sendnodeinfo.perl --config ladd00.triumf.ca:8600<br />
emacs -nw /etc/nodeinfo<br />
/usr/sbin/sendnodeinfo.perl ladd00.triumf.ca:8600<br />
</pre><br />
<br />
== Install gonodeinfo node monitoring ==<br />
<br />
(+Ubuntu, +CentOS7, +CentOS8)<br />
<br />
go to https://bitbucket.org/dd1/gonodeinfo<br />
follow instructions:<br />
<pre><br />
yum -y install golang<br />
mkdir ~/git<br />
cd ~/git<br />
git clone https://bitbucket.org/dd1/gonodeinfo.git<br />
cd gonodeinfo<br />
git pull<br />
make<br />
make install # install gonodeinfo agent<br />
cd ~ # this is important<br />
</pre><br />
<br />
* emacs -nw /etc/gonodeinfo.conf<br />
* change "Description", "Location", "User" and "Administrator" as appropriate (or delete them)<br />
* change "Servers" to read: Servers: ladd00.triumf.ca:8601<br />
* run gonodeinfo -e<br />
* if error is "connection refused". go to the nodeinfo server to add this client to the access control list:<br />
* on the gonodeinfo server: run gonodereceive -a daq13<br />
* try gonodeinfo again, there should be no error<br />
* on the gonodeinfo server: run gonodereport, look at the web pages, the new machine should be listed now<br />
<br />
== Install latest system updates ==<br />
<br />
(+CentOS7)<br />
<br />
<pre><br />
yum update -y<br />
</pre><br />
<br />
== Configure TRIUMF Printers (CentOS7) ==<br />
<br />
<pre><br />
systemctl stop cups<br />
systemctl disable cups<br />
echo "ServerName printers.triumf.ca" > /etc/cups/client.conf<br />
lpstat -a<br />
</pre><br />
<br />
== Disable syslog spam (CentOS7) ==<br />
<br />
Default el7 config is spamming the syslog with useless messages "systemd: Starting Session", etc. Disable this:<br />
<br />
<pre><br />
echo auditctl -e 0 >> /etc/rc.local<br />
echo /usr/bin/systemd-analyze set-log-level notice >> /etc/rc.local<br />
/etc/rc.local<br />
</pre><br />
<br />
== Install basic system packages (CentOS7) ==<br />
<br />
(if starting from minimal system, basic system packages required:)<br />
<br />
<pre><br />
yum install -y which psmisc redhat-lsb-core xorg-x11-xauth xterm emacs-nox rsync tcpdump strace nfs-utils sysstat iftop tcsh<br />
yum install -y gcc gcc-c++ gdb glibc-static libstdc++-static zlib zlib-devel openssl-devel httpd-tools<br />
</pre><br />
<br />
== Install packages needed for QUARTUS, ROOT, EPICS and MIDAS DAQ ==<br />
<br />
(+CentOS7)<br />
<br />
yum install --skip-broken giflib.x86_64 sysstat "libusb-devel*" unixODBC-devel postgresql-devel libxml2-devel libXpm-devel libgfortran git compat-readline43 "graphviz*" dcap "tigervnc*" telnet glibc"*" strace "fftw*" libpng "freetype*" xpdf "xemacs*" tkcvs xterm mutt "*-g77*" joe "libXmu*" dcap-devel gsl-devel pcre-devel h5py gd-devel xorg-x11-fonts"*" minicom xfig"*" perl-BSD-Resource "net-snmp-*" readline-static git-all nasm imake tcl-devel gv xorg-x11-twm expat-devel screen compat-readline5 ImageMagick ImageMagick-devel wget alacarte scipy numpy sympy nedit gnuplot php-cli php-domxml-php4-php5 php-gd php-fpdf php-cli kdebase cmake tcpdump sqlite sqlite-devel kdegraphics gdisk lsof gconf-editor iftop tk-devel mcelog kdm blt itcl lz4 bzip2 pbzip2 apr-devel apr-util-devel net-tools golang"*" --exclude golang-cover"*"hg"*" --exclude golang"*"hg"*" --exclude golang-pkg"*" --exclude golang-github"*" --exclude golang"*"git"*" mesa"*" xerces-c"*" diffuse clang i2c-tools texlive-revtex texlive-revtex4 kile kbibtex xrdp glibc.i686 gimp gimp-data-extras perl-GD"*" perl-Math"*" perl-Statistics-Basic cmake3 cmake3-gui extra-cmake-modules python2-pip x2go"*" mariadb-devel glibc-devel.i686<br />
<br />
== Install optional packages ==<br />
<br />
!! DO NOT DO THIS !!<br />
<br />
(do not install boost on 32-bit machines)<br />
<br />
yum install --skip-broken "boost-*" <br />
<br />
(packages for 32-bit software compilation on 64-bit machines. this is optional)<br />
<br />
yum install --skip-broken giflib.i386 giflib.i686 compat-libf2c-34.i386 compat-libf2c-34.i686 mysql-devel.i686 openssl-devel.i686 unixODBC-devel.i686 libstdc++-devel.i386 libstdc++-devel.i686 "zlib-*.i686" "libXext-*.i686" "libXtst-*.i686" glibc-static.i686 freetype.i686 fontconfig.i686 libpng.i686 libXrender.i686 glibc-devel.i686 libX11-devel.i686 libXpm-devel.i686 libXft-devel.i686 mysql-devel.i686 dcap-devel.i686 gsl-devel.i686 pcre-devel.i686 fontconfig-devel.i686 freetype-devel.i686 libpng-devel.i686 libjpeg-devel.i686 libgfortran.i686 libxml2-devel.i686 gd-devel.i686 readline-devel.i686 ncurses-devel.i686 libXdmcp.i686 readline-static.i686 compat-readline5.i686<br />
<br />
yum install boost-devel.i686<br />
<br />
(separately install these packages - they collide with the big bunch above)<br />
<br />
yum install rdesktop<br />
<br />
yum reinstall urw-fonts<br />
<br />
== Install libraries for PHYSICA (CentOS7) ==<br />
<br />
To run physica built on el6 from git sources on el7, do this:<br />
<br />
(building physica on el7 is nort supported at this time)<br />
<br />
(see more http://www.triumf.info/wiki/DAQwiki/index.php/PHYSICA)<br />
<br />
<pre><br />
yum -y install libX11.i686 gd.i686 libpng12.i686 readline.i686 compat-libf2c-34.i686<br />
</pre><br />
<br />
== Install additional desktop environements (CentOS7) ==<br />
<br />
<pre><br />
# LXQT (from EPEL)<br />
# NOT COMPATIBLE WITH el7.7 # yum -y install "lxqt*"<br />
# Cinnamon desktop (from EPEL)<br />
yum -y install cinnamon<br />
# KDE5 not available yet<br />
# MATE (from epel)<br />
yum -y groupinstall "MATE Desktop"<br />
yum -y install mate-common mate-icon-theme-faenza mate-netspeed mate-sensors-applet mate-themes-extras mate-utils<br />
yum -y erase ModemManager abrt abrt-libs abrt-gui-libs<br />
# XFCE4 (from EPEL)<br />
yum -y groupinstall xfce<br />
yum -y install "xfce*plugin" xfce4-about --exclude xfce4-hamster-plugin<br />
yum -y erase bash-completion<br />
</pre><br />
<br />
* make the MATE desktop as default<br />
<br />
<pre><br />
cd ~root/git/scripts/<br />
git pull<br />
/bin/cp -v etc/lightdm_default_mate.conf /etc/lightdm/lightdm.conf.d/<br />
</pre><br />
<br />
* lighdm login manager (from EPEL)<br />
<pre><br />
yum install lightdm lightdm-kde lightdm-qt lightdm-qt5<br />
</pre><br />
<br />
* and switch from gdm to lighdm<br />
<pre><br />
systemctl disable gdm.service<br />
systemctl enable lightdm.service<br />
(systemctl stop gdm; systemctl restart lightdm) &<br />
</pre><br />
<br />
== Install SMART scripts ==<br />
<br />
(+CentOS7)<br />
<br />
<pre><br />
ln -sf ~/git/scripts/smart-status/smart-status.perl ~/<br />
</pre><br />
<br />
== Install NTFS drivers ==<br />
<br />
yum install ntfs-3g ntfsprogs (from EPEL)<br />
<br />
== Install HFS and HFS+ drivers (CentOS7) ==<br />
<br />
yum --disablerepo=\* --enablerepo=elrepo install kmod-hfs kmod-hfsplus<br />
<br />
== Install Google Chrome web browser (64-bit CentOS7) ==<br />
<br />
<pre><br />
/bin/cp ~/git/scripts/etc/google-chrome-64.repo /etc/yum.repos.d/<br />
yum install google-chrome-stable<br />
</pre><br />
<br />
== Enable monitoring of HTTPS certificates ==<br />
<br />
On SL6, CentOS7:<br />
<br />
<pre><br />
yum install crypto-utils<br />
/etc/cron.daily/certwatch<br />
strace -f /etc/cron.daily/certwatch |& grep open | grep crt<br />
</pre><br />
<br />
== Enable 100dpi fonts for EPICS ==<br />
<br />
(+CentOS7)<br />
<br />
<pre><br />
ln -s /usr/share/X11/fonts/100dpi /etc/X11/fontpath.d/<br />
</pre><br />
<br />
== Enable crontab @reboot for MIDAS (CentOS7) ==<br />
<br />
el7 has a bug - cron @reboot entries for normal users can run before autofs is ready, so if the home directory<br />
is on autofs/NFS, it cannot be accessed and the cron job fails. If MIDAS is supposed to be<br />
started by cron @reboot, it will not start (there *will* be an error message in /var/log/cron).<br />
<br />
<pre><br />
mkdir /etc/systemd/system/crond.service.d<br />
echo -e "[Unit]\nAfter=ypbind.service autofs.service\n" > /etc/systemd/system/crond.service.d/local.conf<br />
systemctl daemon-reload<br />
systemctl cat crond.service<br />
</pre><br />
<br />
Explore the systemd dependacy tree using "systemctl list-dependencies" maybe with "--all".<br />
<br />
Visualize the exact boot sequence from previous boot: "systemd-analyze plot > xxx.svg", look at the svg file using a web browser.<br />
<br />
== Enable firewall for MIDAS (CentOS7) ==<br />
<br />
Default el7 configuration prevents all access to servers running on the local machine, including access to MIDAS mhttpd (tcp port 8443) and mserver (all tcp ports).<br />
<br />
To enable access to mhttpd:<br />
<br />
<pre><br />
firewall-cmd --add-port=8443/tcp --permanent<br />
firewall-cmd --reload<br />
firewall-cmd --list-all<br />
</pre><br />
<br />
To enable access to the mserver from a specific host: (replace 142.90.111.175 with the IP address of the permitted host)<br />
<br />
<pre><br />
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="142.90.111.175/32" port protocol="tcp" port="0-65535" accept"<br />
firewall-cmd --reload<br />
firewall-cmd --list-all<br />
</pre><br />
<br />
== Enable firewall for EPICS (CentOS7) ==<br />
<br />
To enable access to TRIUMF EPICS servers, do this:<br />
<br />
<pre><br />
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="142.90.132.0/23" accept"<br />
firewall-cmd --reload<br />
firewall-cmd --list-all<br />
</pre><br />
<br />
For UCN the controls people seem to have EPICS setup on a different server; this might be true for CMMS as well. In this case the firewall rule change should be<br />
<br />
<pre><br />
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="142.90.139.0/23" accept"<br />
firewall-cmd --reload<br />
firewall-cmd --list-all<br />
</pre><br />
<br />
== Disable gdm and X11 (OPTIONAL) ==<br />
<br />
<pre><br />
initctl stop prefdm<br />
echo "start on never" > /etc/init/prefdm.override<br />
echo "start on never" > /etc/init/splash-manager.override<br />
initctl reload-configuration<br />
</pre><br />
<br />
then enable login on default console:<br />
<pre><br />
echo "plymouth quit" >> /etc/rc.local<br />
echo "X_TTY=xxx/dev/tty1" >> /etc/sysconfig/init<br />
</pre><br />
<br />
== Install JAVAWS (OPTIONAL) ==<br />
<br />
* to run Java "web start" jnlp files (EVO, SEEVOGH, etc): javaws Downloads/spider.jnlp<br />
* install javaws:<br />
* yum install icedtea-web icedtea-web-javadoc<br />
<br />
== Install firefox java plugin (OPTIONAL, DO NOT DO THIS) ==<br />
<br />
This installs the Oracle Java plugin:<br />
<br />
* rpm -vh --install ~deap/jdk-7u15-linux-x64.rpm<br />
* ls -l /usr/lib64/mozilla/plugins/<br />
* ln -s /usr/java/jdk1.7.0_15/jre/lib/amd64/libnpjp2.so /usr/lib64/mozilla/plugins/<br />
* start firefox, go edit->preferences->general->manage add-ons->plugins<br />
* "java plugin 1.7.0_15" should be listed<br />
<br />
<br />
<br />
== Configure USB device permissions ==<br />
<br />
(+CentOS7)<br />
<br />
Configure USB device permissions for user access to USB-serial devices, Altera USB Blaster, etc.<br />
<br />
* create file /etc/udev/rules.d/99-usb-chmod.rules with this contents:<br />
<br />
<pre><br />
emacs -nw /etc/udev/rules.d/99-usb-chmod.rules<br />
ACTION=="add", SUBSYSTEM=="usb_device", RUN+="/bin/chmod a+wr /dev/%c"<br />
ACTION=="add", SUBSYSTEM=="usb_device", RUN+="/bin/chmod a+wr /proc/%c"<br />
ACTION=="add", ENV{DEVTYPE}=="usb_device", RUN+="/bin/chmod a+wr $env{DEVNAME}"<br />
ACTION=="add", ENV{DEVTYPE}=="usb_device", RUN+="/bin/chmod a+wr $env{DEVICE}"<br />
ACTION=="add", ENV{PHYSDEVBUS}=="usb-serial", RUN+="/bin/chmod a+wr $env{DEVNAME}"<br />
ACTION=="add", ENV{DEVPATH}=="/class/tty/ttyS*", RUN+="/bin/chmod a+wr $env{DEVNAME}"<br />
ACTION=="add", SUBSYSTEM=="tty", DEVPATH=="*ttyUSB*", RUN+="/bin/chmod a+rw $env{DEVNAME}"<br />
ACTION=="add", SUBSYSTEM=="tty", DEVPATH=="*ttyS*", RUN+="/bin/chmod a+rw $env{DEVNAME}"<br />
</pre><br />
<br />
* apply new permissions: udevadm trigger --action=add<br />
<br />
== Disable modem-manager ==<br />
<br />
The modem-manager will try to talk to any serial devices attached to USB serial ports. It assumes that those devices are modems and will send out modem-specific commands. if the devices are not modems and do not understand or do not like modem commands, well that's too bad. modem-manager is installed by the ModemManager package required by the NetworkManager package, and there is no configuration setting to turn modem-manager off.<br />
<br />
One way to disable it is: chmod a= /usr/sbin/modem-manager<br />
<br />
Another way to disable it is by forced uninstall: rpm --erase --nodeps ModemManager<br />
<br />
Remember to kill the running copy: killall -KILL modem-manager<br />
<br />
Caveat: it is not clear if modem-manager would not be resurrected by an update to the NetworkManager or ModemManager packages.<br />
<br />
== Configure Altera jtagd ==<br />
<br />
(if needed)<br />
<br />
<pre><br />
mkdir /etc/jtagd<br />
echo 'Password = "123";' > /etc/jtagd/jtagd.conf<br />
cp -pv /triumfcs/trshare/olchansk/altera/11.0/quartus/linux/pgm_parts.txt /etc/jtagd/jtagd.pgm_parts<br />
</pre><br />
<br />
* start local jtagd: /triumfcs/trshare/olchansk/altera/11.0/quartus/bin/jtagd<br />
* test local connection: /triumfcs/trshare/olchansk/altera/11.0/quartus/bin/jtagconfig<br />
* test remote connection (add this machine to your .jtag.conf, run jtagconfig<br />
<br />
For more information, go to [[Quartus]]<br />
<br />
== Install EOS ==<br />
<br />
Instructions from here:<br />
http://eos-docs.web.cern.ch/eos-docs/quickstart/setup_repo.html<br />
<br />
<pre><br />
rpm -vh --install https://dss-ci-repo.web.cern.ch/dss-ci-repo/eos/citrine/tag/el-7/x86_64/eos-repo-el7-generic-1.noarch.rpm<br />
yum-config-manager --disable eos-citrine # disable auto-update because all packages are not signed<br />
yum-config-manager --disable eos-dep # disable auto-update because all packages are not signed.<br />
yum install eos-client eos-fuse --enablerepo=eos-citrine<br />
</pre><br />
<br />
== Install fix for the el7 systemd dbus boot hang ==<br />
<br />
Around early Summer 2018 el7 started showing a boot problem. In the nutshell,<br />
there is a problem with the dbus connection between dbus and systemd that<br />
prevents polkit, firewalld, etc from starting. The system eventually boots<br />
enough that one can ssh into it, but most things do not work. Notably,<br />
polkit is not running, firewalld is not running, ssh login takes about 15-30 second.<br />
<br />
Solution is to add a special systemd service to check that dbus started correctly.<br />
It that runs after dbus is started, but before it is used, and it restarts dbus in a loop<br />
with a delay until dbus starts correctly. In testing, dbus always starts correctly after<br />
the first retry.<br />
<br />
<pre><br />
cd ~root/git/scripts/etc<br />
git pull<br />
/bin/cp -vf systemd-check-dbus.perl /usr/bin/<br />
/bin/cp -vf systemd-check-dbus.service /etc/systemd/system/<br />
systemctl daemon-reload<br />
systemctl enable systemd-check-dbus<br />
systemctl start systemd-check-dbus<br />
systemctl status systemd-check-dbus<br />
</pre><br />
<br />
After linux boots, if everything was okey, the script will report this:<br />
<pre><br />
[root@iris01 ~]# systemctl status systemd-check-dbus<br />
...<br />
Feb 08 17:15:49 iris01.triumf.ca systemd[1]: Starting Check that systemd is registered with dbus...<br />
Feb 08 17:15:49 iris01.triumf.ca sh[4283]: Starting check for systemd dbus connection<br />
Feb 08 17:15:50 iris01.triumf.ca sh[4283]: List: string "org.freedesktop.DBus"<br />
Feb 08 17:15:50 iris01.triumf.ca sh[4283]: List: string "org.freedesktop.systemd1"<br />
Feb 08 17:15:50 iris01.triumf.ca sh[4283]: systemd1 dbus service exists, success!<br />
Feb 08 17:15:50 iris01.triumf.ca sh[4283]: Finished check for systemd dbus connection<br />
Feb 08 17:15:50 iris01.triumf.ca systemd[1]: Started Check that systemd is registered with dbus.<br />
</pre><br />
<br />
If the boot problem happened, the script will report about restarting dbus.<br />
<br />
Note: the systemd service file adjusts the start order of other services, this adjustment seems to reduce the probability of the problem.<br />
<br />
== Configure GRUB boot loader (CENTOS7) ==<br />
<br />
* emacs -nw /etc/default/grub, remove "rhgb" and "quiet" from GRUB_CMDLINE_LINUX<br />
* grub2-mkconfig -o /boot/grub2/grub.cfg<br />
* grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg<br />
* grub2-editenv list # show contents of boot environement file<br />
* /bin/rm /boot/grub2/grubenv # remove stale settings, make grub2 boot from first entry in config file<br />
<br />
== Install memtest86+ (CentOS7) ==<br />
<br />
<pre><br />
yum -y install memtest86+<br />
/bin/cp -vf /usr/share/memtest86+/20_memtest86+ /etc/grub.d/<br />
/bin/chmod a+x /etc/grub.d/20_memtest86+ <br />
grub2-mkconfig -o /boot/grub2/grub.cfg<br />
</pre><br />
<br />
== Disable ELREPO ==<br />
<br />
<pre><br />
sed 's/enabled=.*/enabled=0/' -i /etc/yum.repos.d/elrepo_triumf.repo<br />
sed 's/enabled=.*/enabled=0/' -i /etc/yum.repos.d/elrepo.repo<br />
</pre><br />
<br />
== Reduce install size (optional) ==<br />
<br />
This is optional. Only do this if reducing the size of the OS image is very important.<br />
<br />
Do this for VME processors.<br />
<br />
<pre><br />
yum erase "texlive*" "java*" "boost*" libreoffice"*"<br />
#yum erase "xemacs*"<br />
yum erase "libstdc++-docs"<br />
yum erase firefox google-chrome"*"<br />
yum clean all<br />
</pre><br />
<br />
<pre><br />
/bin/rm -rf /usr/share/help<br />
/bin/rm -rf /usr/share/doc<br />
</pre><br />
<br />
== Update from el7.6 to el7.7 ==<br />
<br />
<pre><br />
yum-config-manager --disable zfs<br />
yum-config-manager --disable zfs-kmod<br />
yum-config-manager --disable zfs-testing-kmod<br />
yum versionlock delete zfs<br />
yum versionlock delete kernel<br />
yum -y update "yum*" "rpm*"<br />
yum -y erase libqtxdg lxqt-qtplugin ### LXQT is not compatible<br />
yum update<br />
after rebooting into el7.7, follow instructions for updating ZFS from version 0.7 to 0.8.<br />
</pre><br />
<br />
== Finish installation ==<br />
<br />
reboot<br />
<br />
== Special hardware settings ==<br />
<br />
=== ASUS Crosshair mobo ===<br />
<br />
* use BIOS version 1207 or newer<br />
* (before CentOS7) sensors need these drivers from ELREPO: yum install --noplugins kmod-it87 kmod-k10temp; sensors-detect; service lm_sensors restart; sensors<br />
* CentOS7: installs correct drivers automatically<br />
<br />
=== ASUS Crosshair-II mobo ===<br />
<br />
* use BIOS version 2607 or newer<br />
* for the onboard IDE to work, add "all-generic-ide" to kernel boot options in grub.conf<br />
* sensors need these drivers from ELREPO: yum install --noplugins kmod-it87 kmod-k10temp; sensors-detect; service lm_sensors restart; sensors<br />
<br />
=== ASUS P7P55D EVO mobo ===<br />
<br />
* use BIOS version 2004 or newer<br />
* SL6 - install special driver for on board PCIe GigE network port and disable on board PCI GigE network port:<br />
** yum --enablerepo elrepo install kmod-r8168 kmod-r8169<br />
** # do not do this: sed 's/^blacklist/#blacklist/' -i /etc/modprobe.d/blacklist-r8169.conf<br />
** reboot<br />
** verify that correct drivers are loaded: ethtool -i eth0; ethtool -i eth1<br />
** note: there will be no eth1 - r8169 driver is disabled.<br />
<br />
=== ASUS P6X58-E-WS mobo ===<br />
<br />
* BIOS settings<br />
** F1 or DEL to enter BIOS setup, F8 boot menu<br />
** go to POWER->HW mon, confirm CPU temperature is around 30C. (heatsink is installed correctly. Bad heatsink temperature quickly goes up to 50-70C).<br />
** Main menu: Storage config - SATA change IDE->AHCI<br />
** System information: confirm BIOS version 301, CPU type, memory size<br />
** AI Tweak: set DRAM frequency - AUTO->DDR3-1333<br />
** Advanced->Onboard devices: LAN BOOT: enabled<br />
** Power->HW monitor: CPU Q-FAN: enabled<br />
** Boot->Settings: Quick boot: enabled; Full screen logo: disabled; Wait for F1: disabled<br />
** Save and exit<br />
<br />
=== ASUS E35M1-M PRO mobo ===<br />
<br />
* http://www.asus.com/Motherboards/E35M1M_PRO/#specifications<br />
* use BIOS version 1002 or newer<br />
* for CPU temperature: install kmod-k10temp from ELREPO (kmod-k10temp-0.0-4.el6.elrepo.x86_64.rpm)<br />
* for Sensors: yum --enablerepo elrepo install kmod-w83627ehf; modprobe w83627ehf; sensors<br />
* for Graphics: yum --enablerepo elrepo install kmod-fglrx fglrx-x11-drv<br />
* to enable booting from USB3, edit /etc/dracut.conf, change line "add_drivers" to read: add_drivers+="xhci-hcd"<br />
* to use multiple monitors, run "aticonfig --initial --heads=2 --adapter=1 --xinerama=on", to change screen layout, edit /etc/X11/xorg.conf. Only dual monitors DVI+HDMI seem to work. Tripple monitors does not seem to work.<br />
<br />
Sensors instructions below are obolete (use driver from ELREPO)<br />
* for Sensors, install driver for NCT6776F chip from https://github.com/groeck/w83627ehf/archives/master (in the Makefile, change the line "KERNEL_BUILD=" to read: "KERNEL_BUILD:=/usr/src/kernels/$(TARGET)"):<br />
<pre><br />
cd ~root<br />
wget http://ladd00.triumf.ca/~olchansk/linux/groeck-w83627ehf-dd3e543/w83627ehf.ko<br />
echo "modprobe hwmon; modprobe hwmon-vid; modprobe k10temp; rmmod w83627ehf; insmod /root/w83627ehf.ko" >> /etc/rc.local<br />
</pre><br />
<br />
=== ASUS E45M1-M PRO mobo ===<br />
<br />
* https://www.asus.com/Motherboards/E45M1M_PRO/#specifications<br />
* use BIOS 1202 or newer<br />
* follow the E35M1-M PRO instructions above<br />
<br />
=== ASUS P9X79 WS ===<br />
<br />
* http://www.asus.com/Motherboard/P9X79_WS/<br />
* use BIOS version 3101, 3401, 4701 or newer. If BIOS is 1305 or older, install P9X79-WS-CAP-Converter.ROM (BIOS 2902/3101), then the new BIOS.<br />
* (not needed for CentOS7) for CPU temperature, install coretemp<br />
* (not needed for CentOS7) for sensors, install driver for NCT6776F chip same as E35M1-M above.<br />
* BIOS Settings:<br />
** enter "Advanced mode"<br />
** Ai Tweaker -> Ai Overclock Tuner -> Set to "XMP" - this enables DDR3-1600 RAM speed vs DDR3-1333 by default<br />
** Monitor -> CPU fan speed low limit -> Set to "200 RPM" - we are using high efficiency slow turning CPU coolers and the default 600 RPM is right on the edge of firing false warnings<br />
** Boot -> Full screen logo -> Set to "disabled"<br />
** Wait for F1 -> Set to "disabled"<br />
<br />
=== ASUS P8B-M ===<br />
<br />
* use BIOS version 6103 or newer<br />
* for CPU temperature, install coretemp<br />
* for sensors, install driver for NCT6776F chip same as E35M1-M above.<br />
<br />
=== SUPERMICRO X9SCL ===<br />
<br />
* yum install kmod-w83627ehf.x86_64 coretemp<br />
* xemacs -nw /etc/rc.local, add:<br />
<pre><br />
modprobe coretemp<br />
modprobe w83627ehf<br />
</pre><br />
<br />
=== ASUS Z87-WS ===<br />
<br />
<pre><br />
cd ~root<br />
wget http://ladd00.triumf.ca/~olchansk/linux/nct6775.ko<br />
echo modprobe hwmon-vid >> /etc/rc.local<br />
echo insmod /root/nct6775.ko >> /etc/rc.local<br />
/etc/rc.local<br />
sensors<br />
</pre><br />
<br />
=== ASUS Z97-WS ===<br />
<br />
the nct6775 driver does not work because of conflict with ACPI.<br />
<br />
=== ASUS AM1M-A ===<br />
<br />
* use BIOS 602 or later<br />
* SL6.5 installer cannot use USB2 ports and the network. Use USB3 ports (blue colour) to boot USB installer (memtest, rescue, etc)<br />
* SL6.5 kernels require boot option "iommu=soft" or USB2 and network do not work. (USB3 - blue ports - seems okey)<br />
* install ATI/AMD video drivers from ELREPO (see below)<br />
* sensors chip is ITE IT8623E, for SL6, use standalone driver from lm_sensors. (2 fans rpm, 2 temperatures):<br />
<pre><br />
cd ~root<br />
wget http://ladd00.triumf.ca/~olchansk/linux/it87.ko<br />
echo modprobe hwmon_vid >> /etc/rc.local<br />
echo insmod /root/it87.ko >> /etc/rc.local<br />
. /etc/rc.local<br />
</pre><br />
* for el7 use it87.ko driver:<br />
<pre><br />
cd ~root<br />
wget https://daqshare.triumf.ca/~olchansk/linux/CentOS7/it87.ko<br />
echo modprobe hwmon_vid >> /etc/rc.local<br />
echo insmod /root/it87.ko >> /etc/rc.local<br />
. /etc/rc.local<br />
</pre><br />
* sensors output:<br />
<pre><br />
[root@midemma02 ~]# sensors<br />
radeon-pci-0008<br />
Adapter: PCI adapter<br />
temp1: +22.0°C (crit = +120.0°C, hyst = +90.0°C)<br />
<br />
fam15h_power-pci-00c4<br />
Adapter: PCI adapter<br />
power1: N/A (crit = 25.00 W)<br />
<br />
k10temp-pci-00c3<br />
Adapter: PCI adapter<br />
temp1: +22.2°C (high = +70.0°C)<br />
(crit = +70.0°C, hyst = +69.0°C)<br />
<br />
it8603-isa-0290<br />
Adapter: ISA adapter<br />
in0: +0.96 V (min = +2.50 V, max = +2.95 V) ALARM<br />
in1: +2.23 V (min = +0.94 V, max = +1.22 V) ALARM<br />
in2: +2.03 V (min = +0.74 V, max = +0.77 V) ALARM<br />
in3: +2.00 V (min = +1.26 V, max = +0.13 V) ALARM<br />
in4: +2.23 V (min = +2.95 V, max = +2.15 V) ALARM<br />
3VSB: +3.36 V (min = +6.00 V, max = +2.50 V) ALARM<br />
Vbat: +3.22 V <br />
+3.3V: +3.36 V <br />
fan1: 611 RPM (min = 200 RPM)<br />
fan2: 707 RPM (min = 600 RPM) ALARM<br />
temp1: +38.0°C (low = +122.0°C, high = +122.0°C) sensor = thermistor<br />
temp2: +22.0°C (low = +119.0°C, high = -35.0°C) ALARM sensor = thermistor<br />
temp3: -128.0°C (low = +16.0°C, high = +93.0°C) sensor = thermistor<br />
intrusion0: ALARM<br />
<br />
[root@midemma02 ~]# <br />
</pre><br />
* AMD "Athlon(tm) 5350 APU" graphics supports 2 monitors maximum (mobo has 3 video outputs, only 2 can be used together)<br />
<br />
=== Intel SE7230NH1 ===<br />
<br />
* front panel header connector pinout is like this:<br />
<pre><br />
PWR LED | 1 2|<br />
| 3 4|<br />
PWR LED | 5 6|<br />
HDD LED | 7 8|<br />
HDD LED | 9 10|<br />
PWR SW |11 12| NIC1 LED<br />
PWR SW |13 14| NIC1 LED<br />
RST SW |15 16|<br />
RST SW |17 18|<br />
|19 20|<br />
NMI SW |21 22| NIC2 LED<br />
NMI SW |23 24| NIC2 LED<br />
... |... |<br />
|33 34|<br />
</pre><br />
<br />
=== ASUS H110M-A/M.2 ===<br />
<br />
* use BIOS 2003 or later<br />
* dmidecode | grep -i nct reports: Nuvoton NCT5539D<br />
* sensors chip is "NCT6793D or compatible chip", for el7, use this driver:<br />
<pre><br />
cd ~root<br />
wget http://ladd00.triumf.ca/~olchansk/linux/nct6775.ko<br />
echo modprobe hwmon-vid >> /etc/rc.local<br />
echo insmod /root/nct6775.ko >> /etc/rc.local<br />
/etc/rc.local<br />
sensors<br />
</pre><br />
<br />
* sensors output:<br />
<pre><br />
[root@daq03 ~]# sensors<br />
acpitz-virtual-0<br />
Adapter: Virtual device<br />
temp1: +27.8°C (crit = +119.0°C)<br />
temp2: +29.8°C (crit = +119.0°C)<br />
<br />
nct6793-isa-0290<br />
Adapter: ISA adapter<br />
in0: +0.34 V (min = +0.00 V, max = +1.74 V)<br />
in1: +1.02 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in2: +3.39 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in3: +3.39 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in4: +1.02 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in5: +0.15 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in6: +0.97 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in7: +3.38 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in8: +3.12 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in9: +1.00 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in10: +0.14 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in11: +0.12 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in12: +0.14 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in13: +0.12 V (min = +0.00 V, max = +0.00 V) ALARM<br />
in14: +0.13 V (min = +0.00 V, max = +0.00 V) ALARM<br />
fan1: 1041 RPM (min = 0 RPM)<br />
fan2: 1020 RPM (min = 0 RPM)<br />
fan5: 0 RPM (min = 0 RPM)<br />
fan6: 0 RPM<br />
SYSTIN: +119.0°C (high = +98.0°C, hyst = +95.0°C) sensor = thermistor<br />
CPUTIN: +26.5°C (high = +80.0°C, hyst = +75.0°C) sensor = thermistor<br />
AUXTIN0: +27.5°C sensor = thermistor<br />
AUXTIN1: +112.0°C sensor = thermistor<br />
AUXTIN2: +111.0°C sensor = thermistor<br />
AUXTIN3: +111.0°C sensor = thermistor<br />
PECI Agent 0: +28.0°C (high = +98.0°C, hyst = +95.0°C)<br />
(crit = +100.0°C)<br />
PECI Agent 0 Calibration: +25.5°C <br />
PCH_CHIP_CPU_MAX_TEMP: +0.0°C <br />
PCH_CHIP_TEMP: +0.0°C <br />
intrusion0: ALARM<br />
intrusion1: ALARM<br />
beep_enable: disabled<br />
<br />
coretemp-isa-0000<br />
Adapter: ISA adapter<br />
Physical id 0: +31.0°C (high = +80.0°C, crit = +100.0°C)<br />
Core 0: +31.0°C (high = +80.0°C, crit = +100.0°C)<br />
Core 1: +28.0°C (high = +80.0°C, crit = +100.0°C)<br />
<br />
[root@daq03 ~]# <br />
</pre><br />
<br />
=== Supermicro X11SSH-F ===<br />
<br />
* blacklist the mei and mei_me drivers per http://www.supermicro.com/support/faqs/faq.cfm?faq=14537<br />
<pre><br />
[root@alpha00 ~]# more /etc/modprobe.d/blacklist.conf<br />
blacklist mei<br />
blacklist mei_me<br />
[root@alpha00 ~]# <br />
</pre><br />
* mobo requires M.2 PCIe SSD (M.2 SATA SSD would not work. SATA SATA SSD ok)<br />
* boot from M.2 PCIe SSD requires UEFI boot (from an MSDOS partition on the SSD)<br />
<br />
=== ASUS TUF Z390M-PRO GAMING (WI-FI) ===<br />
<br />
* BIOS 2417 is okey, upgrade to this if older<br />
* do not set XMP memory mode<br />
* in the BIOS, enable the boot compatibility support module mode: BIOS (press DEL) -> Advanced mode -> BOOT -> CSM Module -> Enable CSM "yes".<br />
* for SL6, install e1000e driver from ELREPO:<br />
<pre><br />
yum install --enablerepo=elrepo kmod-e1000e<br />
</pre><br />
* sensors chip appears to be "Nuvoton NCT6798D" not clear what driver to use<br />
* dmidecode | grep -i nct reports: Nuvoton NCT6798D<br />
* kmod-nct6775-0.0-5.el7_7.elrepo.x86_64.rpm from ELrepo finds the chip but bombs because of conflict with ACPI<br />
<br />
=== ASUS PRIME X399-A ===<br />
<br />
* BIOS 1002<br />
* for reading temperatures and fan rotations, install driver: https://github.com/electrified/asus-wmi-sensors/issues/29<br />
<br />
== Configure X11 graphics ==<br />
<br />
=== Special settings for DAQ ===<br />
<br />
* add the following at the end of /etc/X11/xorg.conf. The enables Ctrl-Alt-KP-/ and Ctrl-Alt-KP-* to unlock the keyboard after Altera Quartus crash:<br />
<pre>Section "ServerFlags"<br />
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Option "AllowDeactivateGrabs" "true"<br />
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Option "AllowClosedownGrabs" "true"<br />
EndSection</pre><br />
<br />
=== Install NVIDIA drivers ===<br />
<br />
* yum --enablerepo=elrepo install nvidia-detect<br />
* run: nvidia-detect<br />
* as instructed by nvidia-detect, install correct driver:<br />
** yum --enablerepo=elrepo install kmod-nvidia<br />
** yum --enablerepo=elrepo install kmod-nvidia-304xx<br />
** yum --enablerepo=elrepo install kmod-nvidia-173xx<br />
* (before SL6.x: if it fails due to conflict with module-init-tools, run "yum --disablerepo \* --enablerepo elrepo update module-init-tools")<br />
* yum erase xorg-x11-glamor ### see http://elrepo.org/tiki/kmod-nvidia (search for glamor)<br />
* mv /etc/X11/xorg.conf /etc/X11/xorg.conf-xxx<br />
* nvidia-xconfig<br />
* (SL6) reboot<br />
* (SL5) /dev/MAKEDEV nvidia<br />
* (SL5) restart the X11 server (Ctrl-Alt-Backspace or "killall Xorg gdm-binary")<br />
* observe that X11 server restarts using the NVIDIA driver (big NVIDIA logo on startup)<br />
* if needed, login as root and run "nvidia-settings" to setup dual-screen configuration, etc<br />
<br />
=== Install legacy NVIDIA drivers ===<br />
<br />
For old NVIDIA cards:<br />
* GeForce FX 5500<br />
<br />
<pre><br />
wget http://us.download.nvidia.com/XFree86/Linux-x86/173.14.31/NVIDIA-Linux-x86-173.14.31-pkg1.run<br />
sh ./NVIDIA-Linux-x86-173.14.31-pkg1.run<br />
</pre><br />
<br />
* GeForce 6200 - NVIDIA Corporation NV44A [GeForce 6200]<br />
<pre><br />
yum install nvidia-x11-drv-304xx-304.121 --enablerepo=elrepo<br />
nvidia-xconfig<br />
rmmod nvidia<br />
killall gdm-binary<br />
login as root<br />
nvidia-settings to setup multiple displays<br />
</pre><br />
<br />
=== Install ATI/AMD drivers ===<br />
<br />
* yum --enablerepo elrepo install kmod-fglrx fglrx-x11-drv<br />
* check that /etc/X11/xorg.conf section "Device" entry "Driver" says "fglrx"<br />
* run "aticonfig --initial" to create xorg.conf if existing one is not good<br />
* run "amdcccle" as root to configure dual-screens, etc<br />
Note: 'amdcccle' is a GUI, so you must run this command from within a running X session<br />
* killall Xorg<br />
<br />
=== Install ATI/AMD drivers (CentOS7) ===<br />
<br />
* wget http://elrepo.org/linux/testing/el7/x86_64/RPMS/fglrx-x11-drv-15.12-3.el7.elrepo.x86_64.rpm<br />
* wget http://elrepo.org/linux/testing/el7/x86_64/RPMS/kmod-fglrx-15.12-3.el7.elrepo.x86_64.rpm<br />
* yum install acpid<br />
* rpm -vh --install kmod-fglrx-15.12-3.el7.elrepo.x86_64.rpm fglrx-x11-drv-15.12-3.el7.elrepo.x86_64.rpm<br />
* amdconfig -f --initial<br />
* grub2-mkconfig -o /boot/grub2/grub.cfg<br />
* reboot<br />
* login as root<br />
* amdcccle<br />
<br />
NOTE: if both drivers - radeon and fglrx are loaded, boot will hang. the radeon driver is supposed to be blacklisted through grub rdblacklist=radeon entry which is installed by running grub2-mkconfig.<br />
<br />
=== Install Intel drivers for HD4600/Z87 ===<br />
<br />
SL6.5 has the required drivers for the socket 1150 machines with Intel HD4600 graphics and Z87 chipset.<br />
<br />
ASUS Z87 WS motherboard has these video connections with corresponding Intel video port assignements, as reported by "xrandr":<br />
* DisplayPort - DP1/HDMI1<br />
* MiniDisplayPort - DP2/HDMI2<br />
* HDMI - HDMI3<br />
<br />
Due to hardware limitations, 3 HDMI monitors using 2 passive DP-HDMI adapters (and 1 straight HDMI) cannot be used.<br />
<br />
To use 3 monitors do this:<br />
* 1st monitor: DisplayPort - DP-to-HDMI-passive-adapter - HDMI monitor (not tried: DP-to-DP-cable - DisplayPort monitor).<br />
* 2nd monitor: MiniDisplayPort - MiniDP-to-DP-cable - DisplayPort monitor<br />
* 3rd monitor: HDMI - HDMI-cable - HDMI monitor<br />
<br />
With the monitors I have (Dell 1920x1200 VGA-HDMI-DP), the software thinks that there are 4 monitors: somehow both DP2 and HDMI2 see 1 minitor each, but the hardware cannot drive 4 monitors, so everything goes blank. To fix, disable HDMI2 (xrandr -display :0 --output HDMI2 --off) and enable DP2 (xrandr -display :0 --output DP2 --auto).<br />
<br />
How to make this configuration permanent and how to assign monitor locations (left-right, etc), you figure it out.<br />
<br />
=== Manual selection of monitor, video mode and resolution ===<br />
<br />
Automatic selection of monitor and video mode usually works. When it does not, configure it manualls:<br />
<br />
* physically go to the computer<br />
* login as root<br />
* run "nvidia-settings" on machines using the NVIDIA driver<br />
* run "aticonfig" on machines with the ATI/AMD driver (use "aticonfig --initial" for initial setup, and good luck with anything more complicated)<br />
* run "system-config-display".<br />
** In the "hardware" tab, select monitor type: "generic LCD 1280x1024" or "generic LCD 1600x1200".<br />
** In the "settings" tab, select "1280x1024" or "1600x1200" and "Thousands of colors".<br />
** Press "ok", the display settings application should close.<br />
* Logout, the new login window should use the new settings.<br />
<br />
=== Disable screen saver ===<br />
<br />
If machine is booted without any monitor connected, current video cards to not enable any video outputs. If a monitor is connected later, there is no video image and there is no easy way to get a video image.<br />
<br />
This can be solved by configuring X11 to always enable some video output. Because the monitor type is not known when X11 starts, one has to select some standard video mode (i.e. VESA 1280x1024) on some video output (VGA, DVI or HDMI).<br />
<br />
Only NVIDIA cards with the NVIDIA driver (from EPEL) is supported by these instructions.<br />
<br />
* create default xorg.conf: nvidia-xconfig<br />
* edit /etc/X11/xorg.conf<br />
* add monitor section for the fake monitor:<br />
<pre><br />
Section "Monitor"<br />
Identifier "Monitor0"<br />
VendorName "Unknown"<br />
ModelName "Unknown"<br />
HorizSync 31.0 - 83.0<br />
VertRefresh 59.0 - 61.0<br />
Option "DPMS" "off"<br />
ModeLine "1280x1024" 108.00 1280 1328 1440 1688 1024 1025 1028 1066 +hsync +vsync<br />
EndSection<br />
</pre><br />
* add output selection in the "Device" section:<br />
<pre><br />
Section "Device"<br />
Identifier "Device0"<br />
Driver "nvidia"<br />
VendorName "NVIDIA Corporation"<br />
BoardName "GeForce 210"<br />
#Option "ConnectedMonitor" "DFP"<br />
#Option "ConnectedMonitor" "CRT"<br />
Option "ConnectedMonitor" "CRT-1"<br />
Option "UseEDID" "no"<br />
EndSection<br />
</pre><br />
* add fake video mode to the "Screen" section:<br />
<pre><br />
Section "Screen"<br />
Identifier "Screen0"<br />
Device "Device0"<br />
Monitor "Monitor0"<br />
DefaultDepth 24<br />
SubSection "Display"<br />
Depth 24<br />
Modes "1280x1024"<br />
EndSubSection<br />
EndSection<br />
</pre><br />
* disable screen saver and DPMS power off in the "ServerLayout" or "ServerFlags" section:<br />
<pre><br />
Section "ServerLayout"<br />
Identifier "Layout0"<br />
Screen 0 "Screen0" 0 0<br />
InputDevice "Keyboard0" "CoreKeyboard"<br />
InputDevice "Mouse0" "CorePointer"<br />
Option "Xinerama" "0"<br />
Option "BlankTime" "0"<br />
Option "StandbyTime" "0"<br />
Option "SuspendTime" "0"<br />
Option "OffTime" "0"<br />
EndSection<br />
<br />
Section "ServerFlags" <br />
Option "BlankTime" "0" <br />
Option "StandbyTime" "0" <br />
Option "SuspendTime" "0" <br />
Option "OffTime" "0" <br />
EndSection <br />
</pre><br />
<br />
== Finish installation ==<br />
<br />
* logout and reboot the computer to have all the changes to take effect<br />
<br />
== Configure HTTPS server (CentOS7) ==<br />
<br />
This will configure the HTTPS/SSL certificate using "certbot" and "letsencrypt" and configure an HTTPS web server using apache httpd.<br />
<br />
First, configure apache httpd:<br />
<br />
* execute these commands:<br />
<pre><br />
yum install -y mod_ssl certwatch crypto-utils<br />
cd /etc/httpd/conf.d/<br />
mv ssl.conf ssl.conf-not-used ### remove the stock ssl.conf which refers to the localhost certificate that will expire in 1 year<br />
touch ssl.conf ### create a blank file to prevent automatic updates from installing a stock ssl.conf file<br />
# this is done later: rm /etc/pki/tls/certs/localhost.crt<br />
</pre><br />
* create new file ssl-daq12.conf # use actual hostname instead of daq12<br />
<pre><br />
Listen 443 https<br />
#SSLPassPhraseDialog exec:/usr/libexec/httpd-ssl-pass-dialog<br />
SSLSessionCache shmcb:/run/httpd/sslcache(512000)<br />
SSLSessionCacheTimeout 300<br />
SSLRandomSeed startup file:/dev/urandom 256<br />
SSLRandomSeed connect builtin<br />
SSLCryptoDevice builtin<br />
<br />
<VirtualHost *:443><br />
ServerName daq12.triumf.ca<br />
DocumentRoot /var/www/html<br />
ErrorLog /var/log/httpd/daq12.log<br />
SSLEngine on<br />
# note SSLProtocol, SSLCipherSuite and some other settings are overwritten by /etc/letsencrypt/options-ssl-apache.conf<br />
# new SSL settings: K.O. Jan 2020, SSLlabs rating "A+"<br />
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1<br />
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!SEED:!IDEA:!RC4:!RSA<br />
SSLHonorCipherOrder on<br />
# pervious SSL settings:<br />
#SSLProtocol all -SSLv2 -SSLv3<br />
#SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!SEED:!IDEA:!RC4<br />
SSLCertificateFile /etc/pki/tls/certs/localhost.crt<br />
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key<br />
#SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt<br />
#ProxyPass /elog/ http://localhost:8082/ retry=1<br />
#ProxyPass / http://localhost:8080/ retry=1<br />
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"<br />
<Location /><br />
SSLRequireSSL<br />
AuthType Basic<br />
AuthName "DAQ password protected site"<br />
Require valid-user<br />
# create password file: touch /etc/httpd/htpasswd<br />
# to add new user or change password: htpasswd /etc/httpd/htpasswd username<br />
AuthUserFile /etc/httpd/htpasswd<br />
</Location><br />
</VirtualHost><br />
</pre><br />
* stop httpd from listening on port 80: edit /etc/httpd/conf/httpd.conf, comment-out the line "Listen 80"<br />
* enable and start httpd:<br />
<pre><br />
systemctl enable httpd<br />
systemctl restart httpd<br />
systemctl status httpd<br />
</pre><br />
* try to access https://daq12.triumf.ca<br />
** you should see a complaint about self-signed certificate<br />
** you should see a request for password (do not login yet)<br />
** if you get "connection refused", HTTPS port 443 may need to be enabled in the local firewall, then try again:<br />
<pre><br />
firewall-cmd --add-port=443/tcp --permanent<br />
firewall-cmd --reload<br />
firewall-cmd --list-all<br />
</pre><br />
<br />
Second, configure certbot:<br />
<br />
(Note: as of 2018-01-18 certbot requires use of http port 80 to get the initial https certificate,<br />
renewal can continue to use the https port 443)<br />
<br />
(Note: as of 2019-01-?? certbot requires use of port 80 for renewals)<br />
<br />
* check that port 80 is not used by anything:<br />
* netstat -an | grep LISTEN | grep ^tcp | grep 80<br />
* lsof -P | grep -i tcp | grep LISTEN | grep 80<br />
* if lsof reports that httpd is listening on port 80, follow the httpd instructions above (remove "listen 80" from httpd.conf<br />
<br />
* install certbot and open tcp port 80 in the firewall:<br />
<pre><br />
yum install -y certbot python2-certbot-apache # (from EPEL)<br />
firewall-cmd --add-port=80/tcp --permanent<br />
firewall-cmd --reload<br />
firewall-cmd --list-all<br />
</pre><br />
* certbot certonly --standalone --installer apache # then answer questions:<br />
* "activate HTTPS for daq12.triumf.ca" - say ok<br />
* "enter email address" - enter your own email address<br />
* "please read terms..." - read the terms and say "agree"<br />
* it will take a few moments...<br />
* "please choose..." - say "easy" (http access is disabled (a) by firewall, (b) by local configuration<br />
* "congratulations..." - say ok.<br />
* certbot install --apache --cert-name daq12.triumf.ca # then answer questions:<br />
* "choose redirect..." - say "1" (no redirect)<br />
* look inside ssl-daq12.conf to see that SSLCertificateFile & co point to certbot certificates in /etc/letsencrypt/live/daq12.triumf.ca/<br />
* remove self-signed localhost certificate, it will expire in 1 year and cause warnings and complaints: rm /etc/pki/tls/certs/localhost.crt<br />
* enable automatic renewal<br />
<pre><br />
systemctl enable certbot-renew.timer<br />
systemctl start certbot-renew.timer<br />
systemctl list-timers --all<br />
</pre><br />
<br />
* to check corrent renewal and to update the certbot config file in /etc/letsencrypt/renewal, run this:<br />
<pre><br />
certbot renew --standalone --installer apache --force-renewal<br />
</pre><br />
<br />
NOTE: this certificate will expire in 3 months, automatic renewal should work starting with certbot-0.12.0-4.el7.noarch.<br />
Certificate expiration should be automatically detected by "certwatch" and email<br />
will be sent to local root user, to be forwarded to an actual person by ~root/.forward.<br />
<br />
Third, activate password protection:<br />
<br />
* as shown in the config file above, create password file and initial user: (replace "midas" with specific username)<br />
<pre><br />
touch /etc/httpd/htpasswd<br />
htpasswd /etc/httpd/htpasswd midas<br />
</pre><br />
<br />
Final test:<br />
* access https://daq12.triumf.ca - https status should be "green"<br />
* login with password should work<br />
* the apache httpd test page should load<br />
* check site security using the SSLlabs https tester. (I get grade "A-"): https://www.ssllabs.com/ssltest/<br />
<br />
From here:<br />
* enable proxy for MIDAS mhttpd - uncomment redirect in the config file above<br />
* enable proxy for ELOG - ditto<br />
* setsebool -P httpd_can_network_connect 1<br />
* systemctl restart httpd<br />
<br />
NOTE: if certbot fails with errors about 'module' object has no attribute 'pyopenssl',<br />
try this: pip install requests==2.6.0<br />
<br />
== Configure large RAID6 arrays ==<br />
<br />
* connect the disks<br />
* check the disks health<br />
** run smart-status.perl<br />
* partition the disks<br />
** yum install gdisk<br />
** gdisk /dev/sdX<br />
** delete all partitions: o<br />
** create new partition: n, enter, enter, enter, fd00 (default sizes, partition type fd00)<br />
** write and exit: w<br />
* check presence of all partitions:<br />
** /bin/ls -l /dev/sd*1<br />
* prepare to use an external bitmap file<br />
** touch /md6bitmap<br />
** edit /etc/fstab, change entry for root filesystem from: "defaults 1 1" to "defaults 0 0"<br />
** edit /boot/grub/grub.conf, change entry "kernel ... ro ..." to "kernel ... rw ..."<br />
* create raid array:<br />
** mdadm --create /dev/md6 --level=6 --bitmap=/md6bitmap --raid-devices=10 /dev/sd[b-k]1<br />
** mdadm -Ds >> /etc/mdadm.conf<br />
** cleanup /etc/mdadm.conf<br />
** echo "echo 16384 > /sys/block/md6/md/stripe_cache_size" >> /etc/rc.local<br />
** echo "echo 1 > /sys/block/md6/md/sync_speed_min" >> /etc/rc.local<br />
** source /etc/rc.local<br />
* observe raid array rebuild:<br />
** watch -d -n1 "cat /proc/mdstat"<br />
<br />
== Configure ZFS ==<br />
<br />
=== Install ZFS ===<br />
<br />
(from here: https://github.com/zfsonlinux/zfs/wiki/RHEL-%26-CentOS)<br />
<br />
Follow the instructions for "kABI-tracking kmod" - dkms modules seem to always mess up the system when upgrading to next release of zfs.<br />
<br />
<pre><br />
#rpm -vh --install http://archive.zfsonlinux.org/epel/zfs-release.el7.noarch.rpm<br />
#yum install http://download.zfsonlinux.org/epel/zfs-release.el7.noarch.rpm<br />
#yum install http://download.zfsonlinux.org/epel/zfs-release.el7_3.noarch.rpm<br />
#yum install http://download.zfsonlinux.org/epel/zfs-release.el7_4.noarch.rpm<br />
#yum install http://download.zfsonlinux.org/epel/zfs-release.el7_5.noarch.rpm<br />
#yum install http://download.zfsonlinux.org/epel/zfs-release.el7_6.noarch.rpm<br />
yum install http://download.zfsonlinux.org/epel/zfs-release.el7_7.noarch.rpm<br />
yum-config-manager --disable zfs<br />
yum-config-manager --disable zfs-kmod<br />
yum --enablerepo=zfs-kmod install zfs<br />
#sed 's/^SELINUX=.*/SELINUX=disabled/' -i /etc/selinux/config<br />
echo USE_DISK_BY_ID=\'yes\' >> /etc/default/zfs<br />
#shutdown -r now # required to load the zfs kernel modules and to disable selinux<br />
modprobe zfs # should work<br />
zpool status # should report no pools available<br />
</pre><br />
<br />
#Note: zfs and selinux and not compatible: with selinux enabled, files on zfs cannot be deleted (files are gone, but "df" does not go down, zfs-0.6.5.7-1.el7.centos.x86_64), see #https://github.com/zfsonlinux/zfs/issues/4845<br />
<br />
* http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/zfs-quickstart.html)<br />
* http://www.freebsd.org/cgi/man.cgi?query=zpool&sektion=8<br />
<br />
=== Update ZFS 0.7 to 0.8 ===<br />
<br />
For CentOS-7.6:<br />
<br />
<pre><br />
yum-config-manager --disable zfs<br />
yum-config-manager --disable zfs-kmod<br />
yum-config-manager --disable zfs-testing-kmod<br />
yum --enablerepo=zfs-testing-kmod --showduplicates list zfs # list all available versions in "zfs-testing-kmod"<br />
yum erase zfs spl<br />
yum --enablerepo=zfs-testing-kmod --showduplicates install zfs # maybe specify specific version<br />
</pre><br />
<br />
For CentOS-7.7:<br />
<br />
<pre><br />
rm /etc/yum.repos.d/zfs.repo* ### delete old repo files<br />
yum upgrade http://download.zfsonlinux.org/epel/zfs-release.el7_7.noarch.rpm<br />
yum-config-manager --disable zfs<br />
yum-config-manager --disable zfs-kmod<br />
yum erase zfs spl<br />
yum --enablerepo=zfs-kmod install zfs<br />
</pre><br />
<br />
Note: if you see yum offering to install "dkms" and "zfs-dkms", the yum config is wrong (we use the kmod-zfs package), check that "zfs" repo is disabled, "zfs-kmod" repo is enabled - see the yum-config-manager commands above.<br />
<br />
=== Lock kernel and zfs packages ===<br />
<br />
<pre><br />
yum versionlock kernel<br />
yum versionlock zfs<br />
yum-config-manager --disable zfs<br />
yum-config-manager --disable zfs-kmod<br />
</pre><br />
<br />
=== Follow generic ZFS instructions ===<br />
<br />
Here: [[ZFS]]<br />
<br />
== performance notes ==<br />
<br />
Go here: [[disk_benchmarks]]<br />
<br />
== Configure UEFI boot ==<br />
<br />
Some mobo can boot from NVME (PCIe) SSDs only via UEFI boot. Do this:<br />
<br />
* partition the NVME SSD using gdisk (must be GPT partition table, must have MSDOS EFI partition size 512MiB)<br />
<pre><br />
[root@alpha00 ~]# gdisk -l /dev/nvme0n1<br />
GPT fdisk (gdisk) version 0.8.6 ...<br />
Found valid GPT with protective MBR; using GPT.<br />
Disk /dev/nvme0n1: 500118192 sectors, 238.5 GiB<br />
Logical sector size: 512 bytes<br />
Disk identifier (GUID): 1A82CC87-2757-44ED-980F-C78E3681D9D3<br />
Partition table holds up to 128 entries<br />
First usable sector is 34, last usable sector is 500118158<br />
Partitions will be aligned on 2048-sector boundaries<br />
Total free space is 2014 sectors (1007.0 KiB)<br />
<br />
Number Start (sector) End (sector) Size Code Name<br />
1 2048 1050623 512.0 MiB EF00 EFI System<br />
2 1050624 500118158 238.0 GiB 8300 Linux filesystem<br />
[root@alpha00 ~]# <br />
</pre><br />
* create filesystems<br />
<pre><br />
mkfs.msdos /dev/nvme0n1p1<br />
mkfs.xfs /dev/nvme0n1p2<br />
</pre><br />
* prepare EFI partition<br />
<pre><br />
mkdir /mnt/efi<br />
mount /dev/nvme0n1p1 /mnt/efi<br />
mkdir -p /mnt/efi/efi/boot<br />
cp /boot/vmlinuz... vmlinuz # copy the desired linux kernel<br />
cp /boot/initramfs... initramfs.img # copy the matching initramfs file<br />
#from /home/olchansk/sysadm/syslinux/syslinux-6.03 copy<br />
cp .../efi64/efi/syslinux.efi .<br />
cp .../efi64/com32/elflink/ldlinux/ldlinux.e64 .<br />
cp syslinux.efi bootx64.efi<br />
</pre><br />
* create syslinux config file: syslinux.cfg<br />
<pre><br />
default linux<br />
label linux<br />
kernel vmlinuz<br />
append ro root=/dev/nvme0n1p2 nomodeset initrd=initramfs.img<br />
</pre><br />
* prepare system partition<br />
<pre><br />
mkdir /mnt/tmp<br />
mount /dev/nvme0n1p2 /mnt/tmp<br />
rsync -avx / /mnt/tmp<br />
cd /mnt/tmp<br />
#edit etc/fstab<br />
#edit etc/syslinux/selinux # set selinux to permissive mode because rsync did not copy the selinux labels<br />
</pre><br />
* unmount and reboot<br />
* restore selinux labels after first boot<br />
<pre><br />
#login as root<br />
cd /<br />
restorecon -R / # can also add "-v" to see progress, but runs much slower<br />
#edit /etc/sysconfig/selinux # enable selinux<br />
#shutdown -r now # reboot with selinux enabled<br />
</pre></div>
Lindner
https://daq00.triumf.ca/DaqWiki/index.php?title=TRB3_Centos-7_instructions&diff=4059
TRB3 Centos-7 instructions
2020-01-21T19:59:37Z
<p>Lindner: /* Setting up for MIDAS data taking */</p>
<hr />
<div>== Introduction == <br />
<br />
See [https://www.triumf.info/wiki/DAQwiki/index.php/GSI_TRB3 main TRB3 document] for introductory material.<br />
<br />
== Centos-7 network setup == <br />
<br />
Install a switch of second network port. Do the following to configure DHCP on second network port, to assign IP to the TRB3. This example uses 192.168.1.X addresses; the Centos-7 machine is 192.168.1.253, the TRB3 is meant to be assigned 192.1681.1.1. This example uses TRB #171; adapt the instructions to your TRB number.<br />
<br />
1) Assign a static 192.168.1.253 IP to your second network interface, using nm-connection-editor. This is what the configuration looks like afterwards for me<br />
<br />
<pre><br />
[root@daq11 tmp]# cat /etc/sysconfig/network-scripts/ifcfg-static_trb3 <br />
HWADDR=30:85:A9:A9:17:83<br />
TYPE=Ethernet<br />
PROXY_METHOD=none<br />
BROWSER_ONLY=no<br />
BOOTPROTO=none<br />
IPADDR=192.168.1.253<br />
PREFIX=24<br />
GATEWAY=192.168.1.253<br />
DEFROUTE=yes<br />
IPV4_FAILURE_FATAL=no<br />
IPV6INIT=yes<br />
IPV6_AUTOCONF=yes<br />
IPV6_DEFROUTE=yes<br />
IPV6_FAILURE_FATAL=no<br />
IPV6_PRIVACY=no<br />
IPV6_ADDR_GEN_MODE=stable-privacy<br />
NAME=static_trb3<br />
UUID=89793cba-7645-42cf-ac24-f7e48bd08948<br />
ONBOOT=yes<br />
<br />
[root@daq11 tmp]# ifconfig enp12s0<br />
enp12s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500<br />
inet 192.168.1.253 netmask 255.255.255.0 broadcast 192.168.1.255<br />
inet6 fe80::f3e:f38e:d9ba:d654 prefixlen 64 scopeid 0x20<link><br />
ether 30:85:a9:a9:17:83 txqueuelen 1000 (Ethernet)<br />
RX packets 52604116955 bytes 23147929921965 (21.0 TiB)<br />
RX errors 0 dropped 0 overruns 0 frame 0<br />
TX packets 13999033 bytes 1196314909 (1.1 GiB)<br />
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0<br />
device interrupt 19 memory 0xfb100000-fb120000 <br />
</pre><br />
<br />
2) Install dhcp <br />
<pre><br />
yum -y install dhcp <br />
</pre><br />
<br />
3) Configure DHCP to look for the expected IP address for TRB3<br />
<br />
<pre><br />
[root@daq11 tmp]# cat /etc/dhcp/dhcpd.conf<br />
<br />
allow booting;<br />
allow bootp;<br />
ignore unknown-clients;<br />
#ddns-update-style ad-hoc;<br />
<br />
# set lease time to 3 days<br />
default-lease-time 259200;<br />
max-lease-time 259200;<br />
<br />
# Define the new subnet<br />
subnet 192.168.1.0 netmask 255.255.255.0 {<br />
interface enp12s0;<br />
range 192.168.1.100 192.168.1.250; <br />
not authoritative;<br />
deny unknown-clients;<br />
} <br />
<br />
# Define IP for TRB3<br />
group {<br />
default-lease-time infinite;<br />
max-lease-time infinite;<br />
host trb171 { fixed-address 192.168.1.1; hardware ethernet da:7a:36:e9:37:ac; }<br />
}<br />
</pre><br />
<br />
<br />
4) Start DHCP and see if it assigns correct IP to TRB3<br />
<br />
<pre><br />
[root@daq11 tmp]# systemctl enable dhcpd<br />
Created symlink from /etc/systemd/system/multi-user.target.wants/dhcpd.service to /usr/lib/systemd/system/dhcpd.service.<br />
[root@daq11 tmp]# systemctl restart dhcpd;<br />
<br />
<power cycle TRB3><br />
<check ping works><br />
[root@daq11 tmp]# ping 192.168.1.1<br />
PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data.<br />
64 bytes from 192.168.1.1: icmp_seq=2 ttl=255 time=0.087 ms<br />
64 bytes from 192.168.1.1: icmp_seq=3 ttl=255 time=0.144 ms<br />
<br />
[root@daq11 tmp]# systemctl status dhcpd<br />
● dhcpd.service - DHCPv4 Server Daemon<br />
Loaded: loaded (/usr/lib/systemd/system/dhcpd.service; enabled; vendor preset: disabled)<br />
Active: active (running) since Mon 2018-04-09 16:20:35 PDT; 18s ago<br />
Docs: man:dhcpd(8)<br />
man:dhcpd.conf(5)<br />
Main PID: 10650 (dhcpd)<br />
Status: "Dispatching packets..."<br />
CGroup: /system.slice/dhcpd.service<br />
└─10650 /usr/sbin/dhcpd -f -cf /etc/dhcp/dhcpd.conf -user dhcpd -group dhcpd --no-pid<br />
<br />
Apr 09 16:20:35 daq11.triumf.ca dhcpd[10650]: Wrote 0 new dynamic host decls to leases file.<br />
Apr 09 16:20:35 daq11.triumf.ca dhcpd[10650]: Wrote 0 leases to leases file.<br />
Apr 09 16:20:35 daq11.triumf.ca dhcpd[10650]: Listening on LPF/enp12s0/30:85:a9:a9:17:83/192.168.1.0/24<br />
Apr 09 16:20:35 daq11.triumf.ca dhcpd[10650]: Sending on LPF/enp12s0/30:85:a9:a9:17:83/192.168.1.0/24<br />
Apr 09 16:20:35 daq11.triumf.ca dhcpd[10650]: Sending on Socket/fallback/fallback-net<br />
Apr 09 16:20:35 daq11.triumf.ca systemd[1]: Started DHCPv4 Server Daemon.<br />
Apr 09 16:20:49 daq11.triumf.ca dhcpd[10650]: DHCPDISCOVER from da:7a:36:e9:37:ac via enp12s0<br />
Apr 09 16:20:49 daq11.triumf.ca dhcpd[10650]: DHCPOFFER on 192.168.1.1 to da:7a:36:e9:37:ac via enp12s0<br />
Apr 09 16:20:49 daq11.triumf.ca dhcpd[10650]: DHCPREQUEST for 192.168.1.1 (192.168.1.253) from da:7a:36:e9:37:ac via enp12s0<br />
Apr 09 16:20:49 daq11.triumf.ca dhcpd[10650]: DHCPACK on 192.168.1.1 to da:7a:36:e9:37:ac via enp12s0<br />
</pre><br />
<br />
5) Assign hostname to this IP<br />
<pre><br />
[root@daq11 tmp]# more /etc/hosts<br />
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4<br />
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6<br />
192.168.1.1 trb171<br />
</pre><br />
<br />
6) Open a hole in firewall to the TRB3<br />
<pre><br />
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.1.1/32" port protocol="tcp" port="0-65535" accept"<br />
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.1.1/32" port protocol="udp" port="0-65535" accept"<br />
firewall-cmd --add-port=5071/udp --permanent<br />
firewall-cmd --reload<br />
</pre><br />
<br />
== Centos-7 Software Setup == <br />
<br />
The TRB3 software and associated analysis packages are developed on newer operating systems than Centos-7 (namely Opensuse). So a certain amount of work is needed to get the software to work on Centos-7. <br />
<br />
1) I started by copying over the software in trbsoft from an existing installation.<br />
<br />
scp trbsoft_backup.tar.gz trb3@ladd00:/data0/trb3/.<br />
<br />
2) The main problem is with the TRB3 code requiring a newer version of perl. I used perlbrew to setup a newer version of perl than Centos-7 supports:<br />
<br />
Following the instructions on website:<br />
<br />
[https://perlbrew.pl/ https://perlbrew.pl/ ]<br />
<br />
<pre><br />
source ~/perl5/perlbrew/etc/bashrc<br />
perlbrew init<br />
perlbrew install perl-5.24.0<br />
</pre><br />
<br />
and then add this line to login script<br />
<br />
<pre><br />
rm -f /home/trb3/.perlbrew/init<br />
source ~/perl5/perlbrew/etc/bashrc<br />
perlbrew switch perl-5.24.0 <br />
</pre><br />
<br />
3) Rebuild libtrbnet with different perl<br />
<br />
<pre><br />
cd ~/trbsoft/trbnettools/libtrbnet_perl<br />
perl Makefile.PL<br />
cd ..<br />
make TRB3=1 clean<br />
make TRB3=1<br />
make TRB3=1 install<br />
</pre><br />
<br />
4) Modify <br />
<br />
<pre><br />
~/trbsoft/daqtools/merge_serial_address.pl<br />
and<br />
~/trbsoft/daqtools/web/cts_gui<br />
</pre><br />
<br />
to use the perlbrew version of perl, rather than the system default. <br />
<br />
<br />
5) Rebuild DABC (optional: this step is not necessary if we use the UDP version of the frontend, which is default now)<br />
<br />
Make sure you have ROOT (ie ROOTSYS) setup properly<br />
<br />
<pre><br />
svn co https://subversion.gsi.de/dabc/trb3 trb3<br />
cd trb3<br />
make<br />
</pre><br />
<br />
This seems to build dabc and stream successfully. go4 doesn't compile cleanly, but this doesn't matter for the MIDAS frontend readout.<br />
<br />
6) Modify the IP and MAC address in the file trbsoft/daqtools/users/triumf_trb171/db/register_configgbe_ip.db. This should be the IP and MAC address of the private IP interface on the server computer; so the IP is 192.168.1.253 in our case; use ipconfig to check the MAC.<br />
<br />
7) Setup your login script (BASH in this case):<br />
<br />
<pre><br />
<br />
DAQ_TOOLS_PATH=~/trbsoft/daqtools<br />
USER_DIR=~/trbsoft/daqtools/users/triumf_trb171<br />
TRB_WEB_DIR=$DAQ_TOOLS_PATH/web<br />
<br />
export PATH=$PATH:$DAQ_TOOLS_PATH:$HOME/trbsoft/trbnettools/bin<br />
export PATH=$PATH:$DAQ_TOOLS_PATH/tools<br />
export PATH=$PATH:$USER_DIR<br />
export PATH=$PATH:$HOME/trbsoft/trb3/dabc/bin/<br />
export LD_LIBRARY_PATH=$HOME/trbsoft/trb3/dabc/lib/<br />
<br />
# Use perl 5.24<br />
rm -f /home/trb3/.perlbrew/init<br />
source ~/perl5/perlbrew/etc/bashrc<br />
perlbrew switch perl-5.24.0 <br />
<br />
### TL<br />
### This part restarts the trbnetd server;<br />
### this server takes instructions from trbcmd executable and<br />
### passes them actually to the TRB.<br />
export TRB3_SERVER=trb171:26000<br />
export TRBNETDPID=$(pgrep -f "trbnetd -i 171")<br />
<br />
export DAQOPSERVER=localhost:171<br />
<br />
export LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:/home/trb3/trbsoft/trbnettools/libtrbnet<br />
<br />
test -s ~/.alias && . ~/.alias || true<br />
<br />
# PATH="/home/trb3/perl5/bin${PATH:+:${PATH}}"; export PATH;<br />
PERL5LIB="/home/trb3/perl5/perlbrew/perls/perl-5.24.0/lib/5.24.0/:/home/trb3/trbsoft/daqtools/web/include:/home/trb3/trbsoft/trbnettools/libtrbnet_perl/blib/lib:/usr/share/perl5/vendor_perl"; export PERL5LIB;<br />
#PERL_LOCAL_LIB_ROOT="/home/trb3/perl5${PERL_LOCAL_LIB_ROOT:+:${PERL_LOCAL_LIB_ROOT}}"; export PERL_LOCAL_LIB_ROOT;<br />
#PERL_MB_OPT="--install_base \"/home/trb3/perl5\""; export PERL_MB_OPT;<br />
#PERL_MM_OPT="INSTALL_BASE=/home/trb3/perl5"; export PERL_MM_OPT;<br />
export LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:/home/trb3/trbsoft/trbnettools/libtrbnet_perl/blib/arch/auto/HADES/TrbNet/<br />
<br />
<br />
# setup ROOT <br />
source ~/packages/root/bin/thisroot.sh <br />
<br />
# setup MIDAS<br />
export MIDASSYS=${HOME}/packages/midas<br />
export PATH=${PATH}:${MIDASSYS}/linux/bin<br />
export MIDAS_EXPTAB=${HOME}/online/exptab<br />
export ROOTANASYS=${HOME}/packages/rootana<br />
<br />
<br />
</pre><br />
<br />
<br />
8) Now start the trb3 program and initialize the TRB3<br />
<br />
<pre><br />
cd ~/trbsoft/daqtools/users/triumf_trb171<br />
source startup.sh<br />
</pre><br />
<br />
<br />
9) If this is a new TRB3, need to modify the following files, <br />
<br />
<pre><br />
trbcmd i 0xffff <br />
# check open to figure out the serial number of new TRB3 FPGAs<br />
# use this info to modify following files:<br />
vi db/addresses_trb3.db<br />
vi $DAQ_TOOLS_PATH/base/serials_trb3.db<br />
vi db/register_configtdc.db<br />
<br />
</pre><br />
<br />
== TRB3 MIDAS implementation == <br />
<br />
We have a working MIDAS readout of the TRB3 TDC data. Currently this readout uses a lot of the original GSI tools for setting up the TRB3 before the readout can start. At this time you need to do steps 1 and 2 described in "Start up instructions" in order to setup the TRB3 before starting the MIDAS frontend. Eventually we will try to remove as many as possible of the original GSI tools. <br />
<br />
MIDAS frontend code is available here:<br />
<br />
https://bitbucket.org/ttriumfdaq/trb3_frontend<br />
<br />
The MIDAS frontend is setup to read events directly from the UDP buffer. You can see a running MIDAS TRB3 frontend here:<br />
<br />
https://daq11.triumf.ca:8443<br />
<br />
(midas/midas).<br />
<br />
=== Setting up for MIDAS data taking === <br />
<br />
We are using the account trb3@daq11.triumf.ca for running this DAQ. If you need to restart the DAQ system, do the following<br />
<br />
* Run the setup program that will initialize the TRB3 and set the 10kHz software trigger<br />
<pre> <br />
cd /home/trb3/trbsoft/daqtools/users/triumf_trb171<br />
source startup.sh<br />
</pre><br />
<br />
* (Optional) We can also start a webgui that allows us to check/configure the TRB3 separate from MIDAS; this is sometimes useful for monitoring. To do this, do<br />
<pre><br />
cd /home/trb3/trbsoft/daqtools/web<br />
export PERL5LIB=/home/trb3/perl5/perlbrew/perls/perl-5.24.0/lib/5.24.0/:/home/trb3/trbsoft/daqtools/web/include:/home/trb3/trbsoft/trbnettools/libtrbnet_perl/bli b/lib:/usr/share/perl5/vendor_perl<br />
./cts_gui --noopenxterm --port=1234 --endpoint=0xc001<br />
</pre><br />
This allows access to GSI [http://daq11:1234/ web GUI].<br />
<br />
* Start the MIDAS TRB3 readout frontend, if not running:<br />
<pre><br />
/home/trb3/online/trb3_frontend/fetrb3UDP.exe -D<br />
</pre><br />
<br />
Actually, the default fetrb3UDP program does not create all the ODB settings that it should. It misses one setting, which specifies the name of the bank for a particular address. Create this variable after running the program the first time, using odbedit:<br />
<br />
<pre><br />
[local:trb3:R]Settings> cd /Equipment/TRB3_UDP/Settings<br />
[local:trb3:S]Settings>create STRING trb765 <br />
String length [32]:<br />
[local:trb3:S]Settings>move trb765 1<br />
[local:trb3:S]Settings>set trb765 TRBA<br />
</pre><br />
<br />
As noted, we currently (April 9) we have the TRB3 setup with a 10kHz software trigger.<br />
<br />
== Running the analyzer == <br />
<br />
I added simple decoder and histograming classes to rootana. Currently I have only implemented the crude TDC calibration into the TRB3 bank decoders. In the long run we may want to integrate the fine TDC calibration directly into the frontend. <br />
<br />
To look at the analyzer display, run the following<br />
<br />
<pre><br />
/home/trb3/online/trb3_frontend/analyzer/anaDisplay.exe<br />
</pre><br />
<br />
The display shows different histograms, arranged by FPGA and channel number. Histograms are<br />
<br />
# The TDC times for each channel, with crude calibration applied<br />
# The TDC raw fine times; ie, the raw counts for the sub-5ns part of the TDCs<br />
# TDC time difference histograms; for this canvas you can set the reference FPGA and channel<br />
<br />
Analyzer notes:<br />
* On the physical TRB3 board the FPGAs are numbered as being 1-4, but the analyzer converts these to the more normal 0-3 indexing.<br />
* Channel 0 is also the TDC associated with the actual trigger; in our case, the time of the software trigger<br />
* For FPGA 0 and 1 the firmware is configured so we are reading both leading and falling TDC edges; so for these FPGAs channel 1 is the leading edge of the first input and channel 2 is the trailing edge of the first input, and so on. For FPGAs 2 and 3 we are only reading the leading edge of the TDCs.<br />
<br />
To dump data from MIDAS file, do following<br />
<br />
<pre><br />
cd /home/trb3/online/trb3_frontend/analyzer<br />
./ana.exe /home/trb3/online/run00026.mid.gz<br />
</pre><br />
<br />
Modify ana.cxx to analyze the TDC data and type 'make' to recompile ana.exe.</div>
Lindner
https://daq00.triumf.ca/DaqWiki/index.php?title=GSI_TRB3&diff=4015
GSI TRB3
2020-01-21T19:09:15Z
<p>Lindner: /* Updating TRB3 firmware */</p>
<hr />
<div>TRB3 is an FPGA-TDC board made and sold by GSI. It can achieve ~20ps timing resolution<br />
<br />
== Documentation == <br />
<br />
[http://trb.gsi.de/ Main TRB3 webpage]<br />
<br />
[http://jspc29.x-matter.uni-frankfurt.de/docu/trb3docu.pdf Main TRB3 Manual]<br />
<br />
[[Image:Trb3docu.pdf]] local copy of the manual<br />
<br />
[[Image:trb3.pdf]] local copy of the schematics<br />
<br />
== Hardware Information ==<br />
<br />
=== Power === <br />
<br />
The TRB3 runs off 50V DC power. The TRB3 needs a fan in order to operate. Between the fan and the TRB3 they draw ~0.5A on 50V.<br />
<br />
=== Clock and Trigger ===<br />
<br />
Michael Traxler provided the following picture of clock and trigger circuitry:<br />
<br />
[[Image:trb_clockdistribution.png|700x350px]]<br />
<br />
Michael also provides following details<br />
<br />
Clock:<br />
* system clock frequency of 200MHz can be taken either from the internal oscillator, or via the second LVDS pair (pin 3 and 6) of the connector "RJ-45-Clock". They are distributed to all 5 FPGAs to the primary-clock-input. <br />
* In all "modern" FPGA designs (since several years) you don't have to do anything in registers to use the external clock. The scheme is simple: When an external clock is available and stable and the PLL locks to it at power up, the external clock is used. If not, the internal clock is used.<br />
<br />
Trigger:<br />
* If you have a CTS (or a single TRB3 setup) the trigger is generated in the CTS, from external tigger sources. This you can see in Table 27 in the TRB3-manual (currently page 75). For instance, one of the external trigger signals is on pair 2 of the trigger RJ45 connector<br />
* So, for the CTS, there are 4 different inputs available on the two RJ45 connectors, which all can be used at the same time. If you need more, you can add a CTS-AddOn on the backside of the TRB3 and then you have many more trigger inputs. Each input will generate a certain "trigger type" data word in the data stream to distinguish between the trigger inputs.<br />
<br />
== TDC calibration ==<br />
<br />
The concept of the FPGA-TDC calibration is described here:<br />
<br />
http://dabc.gsi.de/doc/dabc2/hadaq_tdc_calibr.html<br />
<br />
One important summary from that document: we require ~1e5 random hits for every channel in order to build up an individual fine counter calibration for each channel.<br />
<br />
== Computer and Software Setup Instructions == <br />
<br />
Currently have gotten the TRB3 working on three different configurations. On this page we provide information that is generic to each setup. The links provide instructions for the parts of the operation that are unique to each setup:<br />
<br />
1) A GSI-provided readout package (and analysis package) which runs on OpenSuse. See [[TRB3 GSI Opensuse instructions]].<br />
<br />
2) A MIDAS-based readout on an Opensuse machine. No instructions.<br />
<br />
3) A MIDAS-based readout on a Centos-7 machine. See [[TRB3 Centos-7 instructions]].<br />
<br />
On this page we provide information that is generic to each setup. The links provide instructions for the parts of the operation that are unique to each setup:<br />
<br />
We setup TRB3 on a private network. So need machine with second ethernet port.<br />
<br />
== Useful TRB3 commands ==<br />
<br />
a) Get IDs for TRB3 FPGAs (1 central FPGA and 4 FPGAs for TDCs):<br />
<br />
<pre><br />
trb3_user@linux-klyr:~/lindner> trbcmd i 0xffff<br />
0xc001 0xe1000006e937ac28 0x05<br />
0x0100 0x9c000006e937a028 0x00<br />
0x0101 0x91000006e95e8328 0x01<br />
0x0102 0x75000006e9383128 0x02<br />
0x0103 0xe6000006e96e5228 0x03<br />
</pre><br />
<br />
The four FPGAs that actually make TDCs are numbered 0x100, 0x101, 0x102, 0x103.<br />
<br />
b) Print out raw TDCs for the events that are coming in through event builder<br />
<br />
<pre><br />
hldprint localhost:6789 -onlytdc 0x0100 -num 0 <br />
</pre><br />
<br />
c) Print out raw TDCs for events in file<br />
<br />
<pre><br />
hldprint //data/trb3_data/pulser17342114715.hld -onlytdc 0x0100 -num 0 <br />
</pre><br />
<br />
d) Print out raw data stream from EB<br />
<br />
<pre><br />
hldprint localhost:6789 -raw<br />
</pre><br />
<br />
e) Check the status of the clock<br />
<br />
Check bit 8 of register 0xd300. <br />
<br />
This indicates that an external clock is being used<br />
<pre><br />
[agtdc@daq16 triumf_trb171]$ trbcmd r 0xc001 0xd300<br />
0xc001 0x00000101<br />
</pre><br />
<br />
This indicates that an internal clock is being used<br />
<pre><br />
[agtdc@daq16 triumf_trb171]$ trbcmd r 0xc001 0xd300<br />
0xc001 0x00000001<br />
</pre><br />
<br />
<br />
f) "Ping of death" somehow ping board to reboot it:<br />
<br />
<pre><br />
ping -pc001 trb171<br />
</pre><br />
<br />
== Updating TRB3 firmware ==<br />
<br />
Based on instructions from Michael<br />
<br />
General points:<br />
<br />
* Take care that you have a stable setup with the power-supply stable and cooling ok, as if you turn off the board while reprogramming you need a programming cable to recover the FPGA.<br />
<br />
* List of available firmware files are here:<br />
https://jspc29.x-matter.uni-frankfurt.de/trbweb/?action=page&url=design-files<br />
<br />
<br />
Steps to flash<br />
<br />
1) Get firmware. Ie:<br />
<pre> wget http://jspc29.x-matter.uni-frankfurt.de/bitfiles/trb3_periph_padiwa_tdc_32_stretch_triggerlogic28-4_20181024.bit </pre><br />
<br />
2) reflashing is done via:<br />
<br />
<pre> trbflash program 0x<TRB-address-of-FPGA> ./trb3_periph_padiwa_tdc_32_stretch_triggerlogic28-4_20181024.bit<br />
</pre><br />
<br />
<br />
<pre> <br />
trbflash program 0x0102 ./trb3_periph_padiwa_tdc_32_stretch_triggerlogic28-4_20181024.bit<br />
trbflash program 0x0103 ./trb3_periph_padiwa_tdc_32_stretch_triggerlogic28-4_20181024.bit </pre><br />
<br />
3) after a successful flash and verify (automatic):<br />
<br />
<pre> trbcmd reload 0x<TRB-address-of-FPGA> </pre><br />
<br />
4) But do it one FPGA after the other, if you do it the first time.<br />
You can also reprogramm all of them at once with a broadcast address.</div>
Lindner
https://daq00.triumf.ca/DaqWiki/index.php?title=GSI_TRB3&diff=4014
GSI TRB3
2020-01-21T19:08:55Z
<p>Lindner: /* Updating TRB3 firmware */</p>
<hr />
<div>TRB3 is an FPGA-TDC board made and sold by GSI. It can achieve ~20ps timing resolution<br />
<br />
== Documentation == <br />
<br />
[http://trb.gsi.de/ Main TRB3 webpage]<br />
<br />
[http://jspc29.x-matter.uni-frankfurt.de/docu/trb3docu.pdf Main TRB3 Manual]<br />
<br />
[[Image:Trb3docu.pdf]] local copy of the manual<br />
<br />
[[Image:trb3.pdf]] local copy of the schematics<br />
<br />
== Hardware Information ==<br />
<br />
=== Power === <br />
<br />
The TRB3 runs off 50V DC power. The TRB3 needs a fan in order to operate. Between the fan and the TRB3 they draw ~0.5A on 50V.<br />
<br />
=== Clock and Trigger ===<br />
<br />
Michael Traxler provided the following picture of clock and trigger circuitry:<br />
<br />
[[Image:trb_clockdistribution.png|700x350px]]<br />
<br />
Michael also provides following details<br />
<br />
Clock:<br />
* system clock frequency of 200MHz can be taken either from the internal oscillator, or via the second LVDS pair (pin 3 and 6) of the connector "RJ-45-Clock". They are distributed to all 5 FPGAs to the primary-clock-input. <br />
* In all "modern" FPGA designs (since several years) you don't have to do anything in registers to use the external clock. The scheme is simple: When an external clock is available and stable and the PLL locks to it at power up, the external clock is used. If not, the internal clock is used.<br />
<br />
Trigger:<br />
* If you have a CTS (or a single TRB3 setup) the trigger is generated in the CTS, from external tigger sources. This you can see in Table 27 in the TRB3-manual (currently page 75). For instance, one of the external trigger signals is on pair 2 of the trigger RJ45 connector<br />
* So, for the CTS, there are 4 different inputs available on the two RJ45 connectors, which all can be used at the same time. If you need more, you can add a CTS-AddOn on the backside of the TRB3 and then you have many more trigger inputs. Each input will generate a certain "trigger type" data word in the data stream to distinguish between the trigger inputs.<br />
<br />
== TDC calibration ==<br />
<br />
The concept of the FPGA-TDC calibration is described here:<br />
<br />
http://dabc.gsi.de/doc/dabc2/hadaq_tdc_calibr.html<br />
<br />
One important summary from that document: we require ~1e5 random hits for every channel in order to build up an individual fine counter calibration for each channel.<br />
<br />
== Computer and Software Setup Instructions == <br />
<br />
Currently have gotten the TRB3 working on three different configurations. On this page we provide information that is generic to each setup. The links provide instructions for the parts of the operation that are unique to each setup:<br />
<br />
1) A GSI-provided readout package (and analysis package) which runs on OpenSuse. See [[TRB3 GSI Opensuse instructions]].<br />
<br />
2) A MIDAS-based readout on an Opensuse machine. No instructions.<br />
<br />
3) A MIDAS-based readout on a Centos-7 machine. See [[TRB3 Centos-7 instructions]].<br />
<br />
On this page we provide information that is generic to each setup. The links provide instructions for the parts of the operation that are unique to each setup:<br />
<br />
We setup TRB3 on a private network. So need machine with second ethernet port.<br />
<br />
== Useful TRB3 commands ==<br />
<br />
a) Get IDs for TRB3 FPGAs (1 central FPGA and 4 FPGAs for TDCs):<br />
<br />
<pre><br />
trb3_user@linux-klyr:~/lindner> trbcmd i 0xffff<br />
0xc001 0xe1000006e937ac28 0x05<br />
0x0100 0x9c000006e937a028 0x00<br />
0x0101 0x91000006e95e8328 0x01<br />
0x0102 0x75000006e9383128 0x02<br />
0x0103 0xe6000006e96e5228 0x03<br />
</pre><br />
<br />
The four FPGAs that actually make TDCs are numbered 0x100, 0x101, 0x102, 0x103.<br />
<br />
b) Print out raw TDCs for the events that are coming in through event builder<br />
<br />
<pre><br />
hldprint localhost:6789 -onlytdc 0x0100 -num 0 <br />
</pre><br />
<br />
c) Print out raw TDCs for events in file<br />
<br />
<pre><br />
hldprint //data/trb3_data/pulser17342114715.hld -onlytdc 0x0100 -num 0 <br />
</pre><br />
<br />
d) Print out raw data stream from EB<br />
<br />
<pre><br />
hldprint localhost:6789 -raw<br />
</pre><br />
<br />
e) Check the status of the clock<br />
<br />
Check bit 8 of register 0xd300. <br />
<br />
This indicates that an external clock is being used<br />
<pre><br />
[agtdc@daq16 triumf_trb171]$ trbcmd r 0xc001 0xd300<br />
0xc001 0x00000101<br />
</pre><br />
<br />
This indicates that an internal clock is being used<br />
<pre><br />
[agtdc@daq16 triumf_trb171]$ trbcmd r 0xc001 0xd300<br />
0xc001 0x00000001<br />
</pre><br />
<br />
<br />
f) "Ping of death" somehow ping board to reboot it:<br />
<br />
<pre><br />
ping -pc001 trb171<br />
</pre><br />
<br />
== Updating TRB3 firmware ==<br />
<br />
Based on instructions from Michael<br />
<br />
General points:<br />
<br />
* Take care that you have a stable setup with the power-supply stable and cooling ok, as if you turn off the board while reprogramming you need a programming cable to recover the FPGA.<br />
<br />
* List of available firmware files are here:<br />
https://jspc29.x-matter.uni-frankfurt.de/trbweb/?action=page&url=design-files<br />
<br />
<br />
Steps to flash<br />
<br />
1) Get firmware. Ie:<br />
<pre> wget http://jspc29.x-matter.uni-frankfurt.de/bitfiles/trb3_periph_padiwa_tdc_32_stretch_triggerlogic28-4_20181024.bit </pre><br />
<br />
2) reflashing is done via:<br />
<br />
<pre> trbflash program 0x<TRB-address-of-FPGA> ./trb3_periph_padiwa_tdc_32_stretch_triggerlogic28-4_20181024.bit<br />
<br />
</pre><br />
<br />
for example: <br />
<br />
<pre> <br />
trbflash program 0x0102 ./trb3_periph_padiwa_tdc_32_stretch_triggerlogic28-4_20181024.bit<br />
trbflash program 0x0103 ./trb3_periph_padiwa_tdc_32_stretch_triggerlogic28-4_20181024.bit </pre><br />
<br />
3) after a successful flash and verify (automatic):<br />
<br />
<pre> trbcmd reload 0x<TRB-address-of-FPGA> </pre><br />
<br />
4) But do it one FPGA after the other, if you do it the first time.<br />
You can also reprogramm all of them at once with a broadcast address.</div>
Lindner
https://daq00.triumf.ca/DaqWiki/index.php?title=GSI_TRB3&diff=4013
GSI TRB3
2020-01-21T19:05:41Z
<p>Lindner: /* Updating TRB3 firmware */</p>
<hr />
<div>TRB3 is an FPGA-TDC board made and sold by GSI. It can achieve ~20ps timing resolution<br />
<br />
== Documentation == <br />
<br />
[http://trb.gsi.de/ Main TRB3 webpage]<br />
<br />
[http://jspc29.x-matter.uni-frankfurt.de/docu/trb3docu.pdf Main TRB3 Manual]<br />
<br />
[[Image:Trb3docu.pdf]] local copy of the manual<br />
<br />
[[Image:trb3.pdf]] local copy of the schematics<br />
<br />
== Hardware Information ==<br />
<br />
=== Power === <br />
<br />
The TRB3 runs off 50V DC power. The TRB3 needs a fan in order to operate. Between the fan and the TRB3 they draw ~0.5A on 50V.<br />
<br />
=== Clock and Trigger ===<br />
<br />
Michael Traxler provided the following picture of clock and trigger circuitry:<br />
<br />
[[Image:trb_clockdistribution.png|700x350px]]<br />
<br />
Michael also provides following details<br />
<br />
Clock:<br />
* system clock frequency of 200MHz can be taken either from the internal oscillator, or via the second LVDS pair (pin 3 and 6) of the connector "RJ-45-Clock". They are distributed to all 5 FPGAs to the primary-clock-input. <br />
* In all "modern" FPGA designs (since several years) you don't have to do anything in registers to use the external clock. The scheme is simple: When an external clock is available and stable and the PLL locks to it at power up, the external clock is used. If not, the internal clock is used.<br />
<br />
Trigger:<br />
* If you have a CTS (or a single TRB3 setup) the trigger is generated in the CTS, from external tigger sources. This you can see in Table 27 in the TRB3-manual (currently page 75). For instance, one of the external trigger signals is on pair 2 of the trigger RJ45 connector<br />
* So, for the CTS, there are 4 different inputs available on the two RJ45 connectors, which all can be used at the same time. If you need more, you can add a CTS-AddOn on the backside of the TRB3 and then you have many more trigger inputs. Each input will generate a certain "trigger type" data word in the data stream to distinguish between the trigger inputs.<br />
<br />
== TDC calibration ==<br />
<br />
The concept of the FPGA-TDC calibration is described here:<br />
<br />
http://dabc.gsi.de/doc/dabc2/hadaq_tdc_calibr.html<br />
<br />
One important summary from that document: we require ~1e5 random hits for every channel in order to build up an individual fine counter calibration for each channel.<br />
<br />
== Computer and Software Setup Instructions == <br />
<br />
Currently have gotten the TRB3 working on three different configurations. On this page we provide information that is generic to each setup. The links provide instructions for the parts of the operation that are unique to each setup:<br />
<br />
1) A GSI-provided readout package (and analysis package) which runs on OpenSuse. See [[TRB3 GSI Opensuse instructions]].<br />
<br />
2) A MIDAS-based readout on an Opensuse machine. No instructions.<br />
<br />
3) A MIDAS-based readout on a Centos-7 machine. See [[TRB3 Centos-7 instructions]].<br />
<br />
On this page we provide information that is generic to each setup. The links provide instructions for the parts of the operation that are unique to each setup:<br />
<br />
We setup TRB3 on a private network. So need machine with second ethernet port.<br />
<br />
== Useful TRB3 commands ==<br />
<br />
a) Get IDs for TRB3 FPGAs (1 central FPGA and 4 FPGAs for TDCs):<br />
<br />
<pre><br />
trb3_user@linux-klyr:~/lindner> trbcmd i 0xffff<br />
0xc001 0xe1000006e937ac28 0x05<br />
0x0100 0x9c000006e937a028 0x00<br />
0x0101 0x91000006e95e8328 0x01<br />
0x0102 0x75000006e9383128 0x02<br />
0x0103 0xe6000006e96e5228 0x03<br />
</pre><br />
<br />
The four FPGAs that actually make TDCs are numbered 0x100, 0x101, 0x102, 0x103.<br />
<br />
b) Print out raw TDCs for the events that are coming in through event builder<br />
<br />
<pre><br />
hldprint localhost:6789 -onlytdc 0x0100 -num 0 <br />
</pre><br />
<br />
c) Print out raw TDCs for events in file<br />
<br />
<pre><br />
hldprint //data/trb3_data/pulser17342114715.hld -onlytdc 0x0100 -num 0 <br />
</pre><br />
<br />
d) Print out raw data stream from EB<br />
<br />
<pre><br />
hldprint localhost:6789 -raw<br />
</pre><br />
<br />
e) Check the status of the clock<br />
<br />
Check bit 8 of register 0xd300. <br />
<br />
This indicates that an external clock is being used<br />
<pre><br />
[agtdc@daq16 triumf_trb171]$ trbcmd r 0xc001 0xd300<br />
0xc001 0x00000101<br />
</pre><br />
<br />
This indicates that an internal clock is being used<br />
<pre><br />
[agtdc@daq16 triumf_trb171]$ trbcmd r 0xc001 0xd300<br />
0xc001 0x00000001<br />
</pre><br />
<br />
<br />
f) "Ping of death" somehow ping board to reboot it:<br />
<br />
<pre><br />
ping -pc001 trb171<br />
</pre><br />
<br />
== Updating TRB3 firmware ==<br />
<br />
Based on instructions from Michael<br />
<br />
General points:<br />
<br />
* Take care that you have a stable setup with the power-supply stable and cooling ok, as if you turn off the board while reprogramming you need a programming cable to recover the FPGA.<br />
<br />
* List of available firmware files are here:<br />
https://jspc29.x-matter.uni-frankfurt.de/trbweb/?action=page&url=design-files<br />
<br />
<br />
Steps to flash<br />
<br />
1) Get firmware. Ie:<br />
<pre> wget http://jspc29.x-matter.uni-frankfurt.de/bitfiles/trb3_periph_padiwa_tdc_32_stretch_triggerlogic28-4_20181024.bit </pre><br />
<br />
2) reflashing is done via:<br />
<br />
<pre> trbflash program 0x<TRB-address-of-FPGA> ./trb3_periph_padiwa_tdc_32_stretch_triggerlogic28-4_20181024.bit </pre><br />
<br />
for example: <br />
<br />
<pre> <br />
trbflash program 0x0102 ./trb3_periph_padiwa_tdc_32_stretch_triggerlogic28-4_20181024.bit<br />
trbflash program 0x0103 ./trb3_periph_padiwa_tdc_32_stretch_triggerlogic28-4_20181024.bit </pre><br />
<br />
3) after a successful flash and verify (automatic):<br />
<br />
<pre> trbcmd reload 0x<TRB-address-of-FPGA> </pre><br />
<br />
4) But do it one FPGA after the other, if you do it the first time.<br />
You can also reprogramm all of them at once with a broadcast address.</div>
Lindner
https://daq00.triumf.ca/DaqWiki/index.php?title=GSI_TRB3&diff=4012
GSI TRB3
2020-01-21T19:04:21Z
<p>Lindner: /* Updating TRB3 firmware */</p>
<hr />
<div>TRB3 is an FPGA-TDC board made and sold by GSI. It can achieve ~20ps timing resolution<br />
<br />
== Documentation == <br />
<br />
[http://trb.gsi.de/ Main TRB3 webpage]<br />
<br />
[http://jspc29.x-matter.uni-frankfurt.de/docu/trb3docu.pdf Main TRB3 Manual]<br />
<br />
[[Image:Trb3docu.pdf]] local copy of the manual<br />
<br />
[[Image:trb3.pdf]] local copy of the schematics<br />
<br />
== Hardware Information ==<br />
<br />
=== Power === <br />
<br />
The TRB3 runs off 50V DC power. The TRB3 needs a fan in order to operate. Between the fan and the TRB3 they draw ~0.5A on 50V.<br />
<br />
=== Clock and Trigger ===<br />
<br />
Michael Traxler provided the following picture of clock and trigger circuitry:<br />
<br />
[[Image:trb_clockdistribution.png|700x350px]]<br />
<br />
Michael also provides following details<br />
<br />
Clock:<br />
* system clock frequency of 200MHz can be taken either from the internal oscillator, or via the second LVDS pair (pin 3 and 6) of the connector "RJ-45-Clock". They are distributed to all 5 FPGAs to the primary-clock-input. <br />
* In all "modern" FPGA designs (since several years) you don't have to do anything in registers to use the external clock. The scheme is simple: When an external clock is available and stable and the PLL locks to it at power up, the external clock is used. If not, the internal clock is used.<br />
<br />
Trigger:<br />
* If you have a CTS (or a single TRB3 setup) the trigger is generated in the CTS, from external tigger sources. This you can see in Table 27 in the TRB3-manual (currently page 75). For instance, one of the external trigger signals is on pair 2 of the trigger RJ45 connector<br />
* So, for the CTS, there are 4 different inputs available on the two RJ45 connectors, which all can be used at the same time. If you need more, you can add a CTS-AddOn on the backside of the TRB3 and then you have many more trigger inputs. Each input will generate a certain "trigger type" data word in the data stream to distinguish between the trigger inputs.<br />
<br />
== TDC calibration ==<br />
<br />
The concept of the FPGA-TDC calibration is described here:<br />
<br />
http://dabc.gsi.de/doc/dabc2/hadaq_tdc_calibr.html<br />
<br />
One important summary from that document: we require ~1e5 random hits for every channel in order to build up an individual fine counter calibration for each channel.<br />
<br />
== Computer and Software Setup Instructions == <br />
<br />
Currently have gotten the TRB3 working on three different configurations. On this page we provide information that is generic to each setup. The links provide instructions for the parts of the operation that are unique to each setup:<br />
<br />
1) A GSI-provided readout package (and analysis package) which runs on OpenSuse. See [[TRB3 GSI Opensuse instructions]].<br />
<br />
2) A MIDAS-based readout on an Opensuse machine. No instructions.<br />
<br />
3) A MIDAS-based readout on a Centos-7 machine. See [[TRB3 Centos-7 instructions]].<br />
<br />
On this page we provide information that is generic to each setup. The links provide instructions for the parts of the operation that are unique to each setup:<br />
<br />
We setup TRB3 on a private network. So need machine with second ethernet port.<br />
<br />
== Useful TRB3 commands ==<br />
<br />
a) Get IDs for TRB3 FPGAs (1 central FPGA and 4 FPGAs for TDCs):<br />
<br />
<pre><br />
trb3_user@linux-klyr:~/lindner> trbcmd i 0xffff<br />
0xc001 0xe1000006e937ac28 0x05<br />
0x0100 0x9c000006e937a028 0x00<br />
0x0101 0x91000006e95e8328 0x01<br />
0x0102 0x75000006e9383128 0x02<br />
0x0103 0xe6000006e96e5228 0x03<br />
</pre><br />
<br />
The four FPGAs that actually make TDCs are numbered 0x100, 0x101, 0x102, 0x103.<br />
<br />
b) Print out raw TDCs for the events that are coming in through event builder<br />
<br />
<pre><br />
hldprint localhost:6789 -onlytdc 0x0100 -num 0 <br />
</pre><br />
<br />
c) Print out raw TDCs for events in file<br />
<br />
<pre><br />
hldprint //data/trb3_data/pulser17342114715.hld -onlytdc 0x0100 -num 0 <br />
</pre><br />
<br />
d) Print out raw data stream from EB<br />
<br />
<pre><br />
hldprint localhost:6789 -raw<br />
</pre><br />
<br />
e) Check the status of the clock<br />
<br />
Check bit 8 of register 0xd300. <br />
<br />
This indicates that an external clock is being used<br />
<pre><br />
[agtdc@daq16 triumf_trb171]$ trbcmd r 0xc001 0xd300<br />
0xc001 0x00000101<br />
</pre><br />
<br />
This indicates that an internal clock is being used<br />
<pre><br />
[agtdc@daq16 triumf_trb171]$ trbcmd r 0xc001 0xd300<br />
0xc001 0x00000001<br />
</pre><br />
<br />
<br />
f) "Ping of death" somehow ping board to reboot it:<br />
<br />
<pre><br />
ping -pc001 trb171<br />
</pre><br />
<br />
== Updating TRB3 firmware ==<br />
<br />
Based on instructions from Michael<br />
<br />
General points:<br />
<br />
* Take care that you have a stable setup with the power-supply stable and cooling ok, as if you turn off the board while reprogramming you need a programming cable to recover the FPGA.<br />
<br />
* List of available firmware files are here:<br />
https://jspc29.x-matter.uni-frankfurt.de/trbweb/?action=page&url=design-files<br />
<br />
<br />
Steps to flash<br />
<br />
1) Get firmware. Ie:<br />
<pre> wget http://jspc29.x-matter.uni-frankfurt.de/bitfiles/trb3_periph_padiwa_tdc_32_stretch_triggerlogic28-4_20181024.bit </pre><br />
<br />
reflashing is done via:<br />
<br />
$ trbflash program 0x<TRB-address-of-FPGA> ./trb3_periph_padiwa_tdc_32_stretch_triggerlogic28-4_20181024.bit<br />
<br />
in your case: $ trbflash program 0x0102 ./trb3_periph_padiwa_tdc_32_stretch_triggerlogic28-4_20181024.bit<br />
and $ trbflash program 0x0103 ./trb3_periph_padiwa_tdc_32_stretch_triggerlogic28-4_20181024.bit<br />
<br />
after a successful flash and verify (automatic):<br />
$ trbcmd reload 0x<TRB-address-of-FPGA><br />
<br />
But do it one FPGA after the other, if you do it the first time.<br />
You can also reprogramm all of them at once with a broadcast address.</div>
Lindner
https://daq00.triumf.ca/DaqWiki/index.php?title=GSI_TRB3&diff=4011
GSI TRB3
2020-01-21T19:02:55Z
<p>Lindner: /* Updating TRB3 firmware */</p>
<hr />
<div>TRB3 is an FPGA-TDC board made and sold by GSI. It can achieve ~20ps timing resolution<br />
<br />
== Documentation == <br />
<br />
[http://trb.gsi.de/ Main TRB3 webpage]<br />
<br />
[http://jspc29.x-matter.uni-frankfurt.de/docu/trb3docu.pdf Main TRB3 Manual]<br />
<br />
[[Image:Trb3docu.pdf]] local copy of the manual<br />
<br />
[[Image:trb3.pdf]] local copy of the schematics<br />
<br />
== Hardware Information ==<br />
<br />
=== Power === <br />
<br />
The TRB3 runs off 50V DC power. The TRB3 needs a fan in order to operate. Between the fan and the TRB3 they draw ~0.5A on 50V.<br />
<br />
=== Clock and Trigger ===<br />
<br />
Michael Traxler provided the following picture of clock and trigger circuitry:<br />
<br />
[[Image:trb_clockdistribution.png|700x350px]]<br />
<br />
Michael also provides following details<br />
<br />
Clock:<br />
* system clock frequency of 200MHz can be taken either from the internal oscillator, or via the second LVDS pair (pin 3 and 6) of the connector "RJ-45-Clock". They are distributed to all 5 FPGAs to the primary-clock-input. <br />
* In all "modern" FPGA designs (since several years) you don't have to do anything in registers to use the external clock. The scheme is simple: When an external clock is available and stable and the PLL locks to it at power up, the external clock is used. If not, the internal clock is used.<br />
<br />
Trigger:<br />
* If you have a CTS (or a single TRB3 setup) the trigger is generated in the CTS, from external tigger sources. This you can see in Table 27 in the TRB3-manual (currently page 75). For instance, one of the external trigger signals is on pair 2 of the trigger RJ45 connector<br />
* So, for the CTS, there are 4 different inputs available on the two RJ45 connectors, which all can be used at the same time. If you need more, you can add a CTS-AddOn on the backside of the TRB3 and then you have many more trigger inputs. Each input will generate a certain "trigger type" data word in the data stream to distinguish between the trigger inputs.<br />
<br />
== TDC calibration ==<br />
<br />
The concept of the FPGA-TDC calibration is described here:<br />
<br />
http://dabc.gsi.de/doc/dabc2/hadaq_tdc_calibr.html<br />
<br />
One important summary from that document: we require ~1e5 random hits for every channel in order to build up an individual fine counter calibration for each channel.<br />
<br />
== Computer and Software Setup Instructions == <br />
<br />
Currently have gotten the TRB3 working on three different configurations. On this page we provide information that is generic to each setup. The links provide instructions for the parts of the operation that are unique to each setup:<br />
<br />
1) A GSI-provided readout package (and analysis package) which runs on OpenSuse. See [[TRB3 GSI Opensuse instructions]].<br />
<br />
2) A MIDAS-based readout on an Opensuse machine. No instructions.<br />
<br />
3) A MIDAS-based readout on a Centos-7 machine. See [[TRB3 Centos-7 instructions]].<br />
<br />
On this page we provide information that is generic to each setup. The links provide instructions for the parts of the operation that are unique to each setup:<br />
<br />
We setup TRB3 on a private network. So need machine with second ethernet port.<br />
<br />
== Useful TRB3 commands ==<br />
<br />
a) Get IDs for TRB3 FPGAs (1 central FPGA and 4 FPGAs for TDCs):<br />
<br />
<pre><br />
trb3_user@linux-klyr:~/lindner> trbcmd i 0xffff<br />
0xc001 0xe1000006e937ac28 0x05<br />
0x0100 0x9c000006e937a028 0x00<br />
0x0101 0x91000006e95e8328 0x01<br />
0x0102 0x75000006e9383128 0x02<br />
0x0103 0xe6000006e96e5228 0x03<br />
</pre><br />
<br />
The four FPGAs that actually make TDCs are numbered 0x100, 0x101, 0x102, 0x103.<br />
<br />
b) Print out raw TDCs for the events that are coming in through event builder<br />
<br />
<pre><br />
hldprint localhost:6789 -onlytdc 0x0100 -num 0 <br />
</pre><br />
<br />
c) Print out raw TDCs for events in file<br />
<br />
<pre><br />
hldprint //data/trb3_data/pulser17342114715.hld -onlytdc 0x0100 -num 0 <br />
</pre><br />
<br />
d) Print out raw data stream from EB<br />
<br />
<pre><br />
hldprint localhost:6789 -raw<br />
</pre><br />
<br />
e) Check the status of the clock<br />
<br />
Check bit 8 of register 0xd300. <br />
<br />
This indicates that an external clock is being used<br />
<pre><br />
[agtdc@daq16 triumf_trb171]$ trbcmd r 0xc001 0xd300<br />
0xc001 0x00000101<br />
</pre><br />
<br />
This indicates that an internal clock is being used<br />
<pre><br />
[agtdc@daq16 triumf_trb171]$ trbcmd r 0xc001 0xd300<br />
0xc001 0x00000001<br />
</pre><br />
<br />
<br />
f) "Ping of death" somehow ping board to reboot it:<br />
<br />
<pre><br />
ping -pc001 trb171<br />
</pre><br />
<br />
== Updating TRB3 firmware ==<br />
<br />
Based on instructions from Michael<br />
<br />
General points:<br />
<br />
* Take care that you have a stable setup with the power-supply stable and cooling ok, as if you turn off the board while reprogramming you need a programming cable to recover the FPGA.<br />
<br />
* List of available firmware files are here:<br />
https://jspc29.x-matter.uni-frankfurt.de/trbweb/?action=page&url=design-files</div>
Lindner
https://daq00.triumf.ca/DaqWiki/index.php?title=GSI_TRB3&diff=4010
GSI TRB3
2020-01-21T19:02:43Z
<p>Lindner: /* Updating TRB3 firmware */</p>
<hr />
<div>TRB3 is an FPGA-TDC board made and sold by GSI. It can achieve ~20ps timing resolution<br />
<br />
== Documentation == <br />
<br />
[http://trb.gsi.de/ Main TRB3 webpage]<br />
<br />
[http://jspc29.x-matter.uni-frankfurt.de/docu/trb3docu.pdf Main TRB3 Manual]<br />
<br />
[[Image:Trb3docu.pdf]] local copy of the manual<br />
<br />
[[Image:trb3.pdf]] local copy of the schematics<br />
<br />
== Hardware Information ==<br />
<br />
=== Power === <br />
<br />
The TRB3 runs off 50V DC power. The TRB3 needs a fan in order to operate. Between the fan and the TRB3 they draw ~0.5A on 50V.<br />
<br />
=== Clock and Trigger ===<br />
<br />
Michael Traxler provided the following picture of clock and trigger circuitry:<br />
<br />
[[Image:trb_clockdistribution.png|700x350px]]<br />
<br />
Michael also provides following details<br />
<br />
Clock:<br />
* system clock frequency of 200MHz can be taken either from the internal oscillator, or via the second LVDS pair (pin 3 and 6) of the connector "RJ-45-Clock". They are distributed to all 5 FPGAs to the primary-clock-input. <br />
* In all "modern" FPGA designs (since several years) you don't have to do anything in registers to use the external clock. The scheme is simple: When an external clock is available and stable and the PLL locks to it at power up, the external clock is used. If not, the internal clock is used.<br />
<br />
Trigger:<br />
* If you have a CTS (or a single TRB3 setup) the trigger is generated in the CTS, from external tigger sources. This you can see in Table 27 in the TRB3-manual (currently page 75). For instance, one of the external trigger signals is on pair 2 of the trigger RJ45 connector<br />
* So, for the CTS, there are 4 different inputs available on the two RJ45 connectors, which all can be used at the same time. If you need more, you can add a CTS-AddOn on the backside of the TRB3 and then you have many more trigger inputs. Each input will generate a certain "trigger type" data word in the data stream to distinguish between the trigger inputs.<br />
<br />
== TDC calibration ==<br />
<br />
The concept of the FPGA-TDC calibration is described here:<br />
<br />
http://dabc.gsi.de/doc/dabc2/hadaq_tdc_calibr.html<br />
<br />
One important summary from that document: we require ~1e5 random hits for every channel in order to build up an individual fine counter calibration for each channel.<br />
<br />
== Computer and Software Setup Instructions == <br />
<br />
Currently have gotten the TRB3 working on three different configurations. On this page we provide information that is generic to each setup. The links provide instructions for the parts of the operation that are unique to each setup:<br />
<br />
1) A GSI-provided readout package (and analysis package) which runs on OpenSuse. See [[TRB3 GSI Opensuse instructions]].<br />
<br />
2) A MIDAS-based readout on an Opensuse machine. No instructions.<br />
<br />
3) A MIDAS-based readout on a Centos-7 machine. See [[TRB3 Centos-7 instructions]].<br />
<br />
On this page we provide information that is generic to each setup. The links provide instructions for the parts of the operation that are unique to each setup:<br />
<br />
We setup TRB3 on a private network. So need machine with second ethernet port.<br />
<br />
== Useful TRB3 commands ==<br />
<br />
a) Get IDs for TRB3 FPGAs (1 central FPGA and 4 FPGAs for TDCs):<br />
<br />
<pre><br />
trb3_user@linux-klyr:~/lindner> trbcmd i 0xffff<br />
0xc001 0xe1000006e937ac28 0x05<br />
0x0100 0x9c000006e937a028 0x00<br />
0x0101 0x91000006e95e8328 0x01<br />
0x0102 0x75000006e9383128 0x02<br />
0x0103 0xe6000006e96e5228 0x03<br />
</pre><br />
<br />
The four FPGAs that actually make TDCs are numbered 0x100, 0x101, 0x102, 0x103.<br />
<br />
b) Print out raw TDCs for the events that are coming in through event builder<br />
<br />
<pre><br />
hldprint localhost:6789 -onlytdc 0x0100 -num 0 <br />
</pre><br />
<br />
c) Print out raw TDCs for events in file<br />
<br />
<pre><br />
hldprint //data/trb3_data/pulser17342114715.hld -onlytdc 0x0100 -num 0 <br />
</pre><br />
<br />
d) Print out raw data stream from EB<br />
<br />
<pre><br />
hldprint localhost:6789 -raw<br />
</pre><br />
<br />
e) Check the status of the clock<br />
<br />
Check bit 8 of register 0xd300. <br />
<br />
This indicates that an external clock is being used<br />
<pre><br />
[agtdc@daq16 triumf_trb171]$ trbcmd r 0xc001 0xd300<br />
0xc001 0x00000101<br />
</pre><br />
<br />
This indicates that an internal clock is being used<br />
<pre><br />
[agtdc@daq16 triumf_trb171]$ trbcmd r 0xc001 0xd300<br />
0xc001 0x00000001<br />
</pre><br />
<br />
<br />
f) "Ping of death" somehow ping board to reboot it:<br />
<br />
<pre><br />
ping -pc001 trb171<br />
</pre><br />
<br />
== Updating TRB3 firmware ==<br />
<br />
Based on instructions from Michael<br />
<br />
General points:<br />
<br />
* Take care that you have a stable setup with the power-supply stable and<br />
cooling ok, as if you turn off the board while reprogramming you need a<br />
programming cable to recover the FPGA.<br />
<br />
* List of available firmware files are here:<br />
https://jspc29.x-matter.uni-frankfurt.de/trbweb/?action=page&url=design-files</div>
Lindner