Scientific Linux Fermi 6.10 i386/x86_64 Aug 9, 2018
---------------------------------------------------------------------------
Please send bug reports (not questions) to linux-users@listserv.fnal.gov
Also read the Upstream Vendor release notes . They are located at
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/6.10_Release_Notes/
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/6.10_Technical_Notes/
Also read the SL.releasenote for changes between SL and
TUV(The Upstream Vendor). They are located in sl-release-notes/
ITEMS marked with "*" indicate items changed since 6.9 .
----------------------------------------------------------------------------
This is based on the rebuilding of RPMS out of SRPMS's that form Scientific
Linux. Please read this entire document before installing.
Table of contents
INSTALLATION INFO
ADDED compared to Scientific Linux 6.10
UPDATED compared to Scientific Linux 6.10
REMOVED compared to Scientific Linux 6.10
Installer modifications
/contrib
/docs
/notsupported
MISC Notes
HARDWARE SPECIFIC ISSUES
SOFTWARE ISSUES/BUGS
SUPPORT INFO
vendor ERRATA
Each has a "---" line above and below it.
_____________________________________________________________________________
INSTALLATION INFO
NOTE replace "slf6.10" with slf6rolling for ALPHA and BETA releases
_____________________________________________________________________________
Installation Locations
Via NETWORK:
NOTE the http choice is done automatically for network install image
nfs:
linux.fnal.gov:/export/linux/fermi/slf6.10/i386/os/
linux.fnal.gov:/export/linux/fermi/slf6.10/x86_64/os/
ftp:
linux.fnal.gov/linux/fermi/slf6.10/i386/os/
linux.fnal.gov/linux/fermi/slf6.10/x86_64/os/
http:
linux1.fnal.gov/linux/fermi/slf6.10/i386/os/
linux1.fnal.gov/linux/fermi/slf6.10/x86_64/os/
VIA ISO
DVD iso image:
ftp://linux1.fnal.gov/linux/fermi/slf6.10/i386/iso/
ftp://linux1.fnal.gov/linux/fermi/slf6.10/x86_64/iso/
SLF-610--2018-08-01-DVD1.iso
SLF-610--2018-08-01-DVD2.iso
SLF-610--2018-08-01-DVD-DL.iso
network install via boot.iso
ftp://linux1.fnal.gov/linux/fermi/slf6.10/i386/iso/
ftp://linux1.fnal.gov/linux/fermi/slf6.10/x86_64/iso/
SLF-610--2018-08-01-boot.iso
And our easy to remember location
ftp://linux.fnal.gov/downloads/slf6.10/
When installing SLF 6.x as a Xen Paravirtualized Guest the installation
location is
http://linux1.fnal.gov/linux/fermi/slf6x//os/
-----------------------------------------------------------------------------
ADDED compared to Scientific Linux 6.10 i386/x86_64
-----------------------------------------------------------------------------
*slf-release-6.10-1
Provide /etc/yum.repos.d/slf.repo . This repo includes entries for
slf , slf-updates and slf-source. The repos slf and slf-updates
are enabled by default.
slf-bookmarks-6-1.slf6
Customized for SLF
*slf-release-notes
Places Fermi.releasenote in html format
in /usr/share/doc/slf-release-notes-6.10/
alpine
In release
cigetcert
cigetcert gets an X.509 certificate from a SAML 2.0 Service Provider
(SP) such as CILogon using the Enhanced Client and Proxy (ECP)
profile. Optionally it can also get a grid proxy certificate and/or
transfer the proxy to MyProxy.
It was developed for the Fermilab Distributed Computing Access
with Federated Identities (DCAFI) project.
Clam Anti Virus
Clam Anti-Virus. Obtained from the EPEL repository and rebuilt from
src.rpm. http://www.clamav.net
clamav-0.99.1-1.el6.i686.rpm
clamav-db-0.99.1-1.el6.i686.rpm
clamav-devel-0.99.1-1.el6.i686.rpm
clamav-milter-0.99.1-1.el6.i686.rpm
clamav-unofficial-sigs-3.7.1-7.el6.noarch.rpm
clamd-0.99.1-1.el6.i686.rpm
clamsmtp-1.10-6.el6
drbd
These packages have been removed from SLF since they are available
in elrepo and atrpms with a preference to elrepo.
drbd83-utils-8.3.16-1.el6.i686.rpm
kmod-drbd83-8.3.16-2.el6.i686.rpm
flpr
Installed by default. This does NOT require ups/upd.
The flpr binary will reside in /usr/local/bin/
flpr
heartbeat
These packages have been removed from SLF since they are available in
EPEL.
heartbeat-3.0.4-1.el6
heartbeat-devel-3.0.4-1.el6
heartbeat-libs-3.0.4-1.el6
libnet-1.1.5-1.el6
libnet-devel-1.1.5-1.el6
openafs-thiscell-FNAL
Defines FNAL.GOV for openafs.
pidgin-sipe
purple-sipe
A pidgin plugin for Microsoft Chat protocols
Fermi Kerberos
These rpms provide Fermi kerberos tools, configs, and expected
behavior for SLF systems.
krb5-fermi-addons-1.5-1.slf6
krb5-fermi-base-2.2-2
krb5-fermi-config-5.2-1
krb5-fermi-krb5.conf-5.2-1
krb5-fermi-getcert-2.1-1.slf6
Note that krb5-fermi-krb5.conf is not needed at FNAL,
the krb5-fermi-config-4.4-1 package does the same thing.
This package is intended for non SLF installs.
revtex
tetex-natbib-8.31a-1.sl6.1.noarch.rpm
tetex-revtex-4.1-1.sl6.1.noarch.rpm
Added to simplify creating articles for publication
SLIP
Scientific Linux Inventory Project client
Added detection for matlab
Added support for proxy connections
ocsinventory-fermi formerly ocsinventory-client
ocsinventory-fermi-0.9.9-26.noarch.rpm
upsupdbootstrap
Not installed by default.
There are only 2 rpms now. upsupdbootstrap has been incorporated
into each of the rpms below . Only can select 1.
The x86_64 install has a "requires" for the 32bit glibc as all
of ups/upd is 32bit. This the 32bit glibc is installed during
the install.
As always these rpms have NO functionality to OVERWRITE or UPGRADE
a existing UPS/UPD install. Use UPS/UPD to upgrade UPS/UPD.
A default x86_64 bit install does not install any 32 bit libraries
These upsupdbootstrap* rpms have a dependency on glibc.i686 and
compat-libtermcap to accomadate the library dependencies of
all the ups/upd bootstrap installed packages.
If other ups/upd packages are installed later then these need to
be checked to make sure all 32 libraries are installed too. Use
"ldd" to help with this determination.
upsupdbootstrap-fnal-6.0-2
conflicts with upsupdbootstrap-local
Installs ups/upd to /fnal/ups
upsupdbootstrap-local-6.0-2
conflicts with upsupdbootstrap-fnal
Installs ups/upd to /local/ups
yum-conf-slf6x-1-2.slf6
Will keep you at 6x which is the current stable 6x release. So when
we release the next release yum will automatically yum install it
except for the kernel.
yum-conf-fermi-internal
Adds the fermi-internal yum repository
yum-conf-fermi-internal
yum-conf-fermi-other-6-6
Provides slf-fastbugs, fermi-testing and slf-debuginfo
and slf-security-prerelease
via /etc/yum.repos.d/slf-other.repo
All of these repo's are disabled by default.
Added slf-security-prerelease
yum-autoupdate-2-6.7.slf
yum-autoupdate has the nightly yum cron job in it.
The nightly cron job has been modified to check the addons directory.
zz_alpine_user_domain
replaces zz_pine_user_domain
By default when a user sends mail from alpine their email address
is myname@mycomputer.fnal.gov. This rpm changes it so that the
default is myname@fnal.gov by modifying the /etc/pine.conf config file.
zz_apache_no_browsable_directory
Disables the default apache indexes. By default directories
will not be browsable.
zz_apache_use_clogger
This package will reconfigure the default /etc/httpd/conf/httpd.conf
to use clogger in addition to the traditional /var/log/httpd/ logging.
zz_auto_update_kernel
Remove the exclude of the kernel from the nightly autoyum thus
allowing the kernel to be upgraded via the nightly yum. Note
that this does not check if you have custom kernel modules or
a custom kernel installed. You have to ensure that this will
work in your environment. You will have to reboot after the
kernel is upgraded. The rpm does NOT reboot the system. Watch
root email for notification of all nightly auto yum updates.
zz_dhcp_resolv
Removed compared to SL 5.x as not needed anymore.
zz_disable_avahi
This will turn off and disable the avahi daemons
Now installed by default in both the "Fermi Desktop" and
"Fermi Server" install choices.
zz_enable_firewall_fnal-2.0-0
Not installed by default. Available if needed.
Enables and populates /etc/sysconfig/iptables to allow incoming
network connections for fnal.gov only except for a small list
of approved ports. Installed by default if "Fermi Generic Desktop"
or "Fermi Generic Server" are selected.
Changed "off site" open ports to be only sshd.
zz_fermi_ssh_config
Provides fermi kerberized /etc/ssh/ssh_config file.
Installed by default. Triggered on installation of openssh-clients .
The order of entries in the config file was also incorrect previously
but /etc/ssh/ssh_config should be fixed after installing this package.
Tickets were not forwarding for unqualified hosts prior to this update.
zz_fermi_sshd_config-5.3-3.3
Provides fermi kerberized /etc/ssh/sshd_config file.
Installed by default. Triggered on installation of openssh-server.
zz_gdm_doe_banner
Provides the Fermi DOE Banner on all GDM login windows.
This should be installed on all on-site systems using GDM per DOE
policy.
This is now installed by default on systems loading GDM
zz_gdm_no_user_list
Prevents GDM from displaying a list of valid users. This sets
the same behavior as the default on previous versions of SLF.
This is now installed by default on systems loading GDM
zz_lang_collate-1.0-7
Changes LANG so that sorting is done the same as 6.1 and
earlier. (ABCabc instead of AaBbCc).
Can speed up programs that sort.
zz_local_dns_cache
Updated to release that does not include 8.8.8.8 .
This rpm will change your machine to use a local dns cache before
looking for the standard dns servers. Note, this rpm will install
BIND, configure it, and start it. Note, the BIND process is called
'named'
This rpm makes the following assumptions:
- If this is a fresh install of the rpm, named will be started
and /etc/resolv.conf will be _replaced_ with the only nameserver
being '127.0.0.1'
- If this rpm is updated, it will ensure 'nameserver 127.0.0.1' is in
/etc/resolv.conf
- When removed, not upgraded, 131.225.0.254 and 8.8.8.8 are set instead
unless there is another nameserver already listed.
- Behavior specific to referenced packages will be executed whenever
those packages are installed, updated, or removed.
They consist of: bind NetworkManager dhclient dnsmasq nscd
- On a bind update, bind will be restarted if it is running and
chkconfig named is on
- On a bind update the 'stub' zones (the RFC1912 zones) will be reset.
- On a bind update, 'nameserver 127.0.0.1' will be added to
/etc/resolv.conf if not already listed and bind is running and
chkconfig named is on.
- On a bind update, if nscd is running and chkconfig nscd is on,
nscd will be restarted.
- On a NetworkManager installation or when zz_local_dns_cache is
installed for the first time, '127.0.0.1' will be configured as
the only DNS server for all interfaces whose configuration matches
/etc/sysconfig/network-scripts/ifcfg-* that are not 'ifcfg-lo'
When removed, and not upgraded, nameservers are set to
131.225.0.254 and 8.8.8.8 are set instead
- On a dhclient installation or when when zz_local_dns_cache is
installed for the first time, '127.0.0.1' is added the the dhcp
provided DNS server list.
When removed, not upgraded, this setting is removed.
- On a dnsmasq installation or when when zz_local_dns_cache is
installed for the first time, dnsmasq is disabled.
- On a dnsmasq installation or when when zz_local_dns_cache is
installed for the first time, dnsmasq is configured to query
127.0.0.1 if started with the defaul configuration file.
This feature was requested by people using libvirt/kvm.
- On a nscd installation or update, if nscd is running and also
chkconfig nscd is on, then nscd will be restarted.
If zz_local_dns_cache is removed an if nscd is running and also
chkconfig nscd is on, then nscd will be restarted.
Now correctly preserves config values when updating
certain configs
zz_logwatch_df
Not needed anymore.
zz_ntp_configure-4.2.6-5.slf
Configure ntp for Fermi site network.
Installed by default for "Desktop" and "Server" installs.
Startup script now pokes hole in the firewall for itself
One can manually change the script by editing the file
/etc/sysconfig/ntpd.fermi
Set default timeservers to 131.225.8.127 131.225.17.127
zz_screenlock_kde
Enables screen lock with "blanking" screen saver so power saving
monitors will go into sleep mode.
Ensures that the Timeout value is 10 minutes or less.
Installed by default with KDE .
Note that KDE is not the default desktop.
zz_sendmail_accept
zz_postfix_accept
Replaces SL_sendmail_accept .
Enabled postfix or sendmail to receive email for non localhost
network addresses.
zz_sendmail_fermi_gateway
zz_postfix_fermi_gateway
The zz_postfix_fermi_gateway rpm was fixed
to change the RELAY parameter to be smtp.fnal.gov.
zz_sendmail_fermi_gateway modified to be smtp.fnal.gov
zz_sendmail_fermi_gateway fixed to restore old status correctly
zz_tcp_wrappers_change
Disable all offsite access to common network services. Also
puts in the "DOE required login banners". If it determines that
you have already modified /etc/hosts.allow or host.deny it leaves
them alone.
Installed by default for "Desktop" and "Server" installs.
zz_use_clogger
Adds /etc/rsyslog.d/000-use-clogger.conf to log to clogger.fnal.gov
Installed by default for "Desktop" and "Server" installs.
---------------------------------------------------------------------------
UPDATED compared to Scientific Linux 6 i386/x86_64
----------------------------------------------------------------------------
pam_krb5
pam_krb5 has NOT been updated to support cryptocards. There
is NO support for cryptocards in this release.
redhat-logos
Includes graphics from SL
This version of redhat-logo's has all of the generic changes
that were made with Scientific Linux as well as changes to make
it look like SLF.
Now provides sl-logos and slf-logos
yum-conf-adobe
x86_64 support was added
Added this metapackage which will install the 32 or 64 bit
repo depending on your system.
yum-conf-atrpms
yum-conf-elrepo
yum-conf-epel
yum-conf-rpmforge
yum-conf-rpmfusion
Installs the repo files for these external repos.
The repos remain disabled and a few packages have been masked
to prevent their installation as they conflict with ones we provide.
Additionally yum-plugin-protectbase is installed to further prevent
installing these packages over SLF provided packages. The documentation
for yum-plugin-protectbase provides further instructions on changing
this behavior.
End users are responsible to verify that they comply with all
Licenses .
-----------------------------------------------------------------------------
REMOVED compared to Scientific Linux 6 i386/x86_64
-----------------------------------------------------------------------------
revisor-mock
sl-release
sl-release-notes
sl-bookmarks
----------------------------------------------------------------------------
Installer modifications -- compared to SL 6
---------------------------------------------------------------------------
Anaconda (installer)
Changes to "defaults" in the installer.
The timezone default is still America/Chicago but the
method of change has changed . The new method changes
the default for all "lang=en_US.UTF-8" installs . Note
that "lang=en_US.UTF-8" is the default. Can change with
either kickstart or the install GUI .
Fixed the issue where slf6.x could not be installed as
kvm guest.
America/Chicago is default timezone. Default was New York.
Kerberos is enabled by default .
Default network boot.iso install is via http to the onsite
installation servers .
Disk Partitioning layout default is "custom".
The ipv4 vs ipv6 default was changed to ipv4. ipv6 can still
be selected if needed.
We changed the default choice for "tasks" to be
"Fermi Generic Desktop" and "Fermi Generic Server" .
The boot.iso image installs the security errata by default.
The DVD iso images have the option to select that security errata
are installed by default.
Compatibility NSS/NSPR libraries
These are installed by default on systems selecting GUI desktops.
These were added to simplify use of the onsite VPN
---------------------------------------------------------------------------
KNOWN LIMITATIONS/BUGS
---------------------------------------------------------------------------
"text" install only installs "core". There is no X . This is a VERY
VERY VERY limited install.
If there is not "enough" memory the kdump "first boot" screen will pop up
a "error box". This "error" looks "bad" but it is just informational.
During a network install there is a "screen" that displays the "installation"
repositories. There is no need to disable any of these. Please
DO NOT disable any of these repos.
Note that updates are only between the same major version. So in this case
that is SLF 6 to SLF 6. This is the same as TUV. There are NO UPGRADES from
SLF 4 or 5 to SLF 6 , not even yum upgrades !!!! Don't try it it doesn't work.
If you enter a "hostname" during the install and you have selected "dhcp" the
"hostname" will be what is returned by the "hostname" command but this will NOT
set DHCP_HOSTNAME to this "hostname" as happened on SLF 5. To enable
dhcp hostname edit /etc/sysconfig/network-scripts/ifcfg-.
Add DHCP_HOSTNAME=.
---------------------------------------------------------------------------
MISC NOTES
---------------------------------------------------------------------------
---------------------------------------------------------------------------
SUPPORT INFO
---------------------------------------------------------------------------
Scientific Linux Fermi web pages
http://fermilinux.fnal.gov/
Fermi Linux Community support mailing list
linux-users@fnal.gov
Which is archived at
http://listserv.fnal.gov/archives/linux-users.html
Scientific Linux web page
http://www.scientificlinux.org
------------------------------------------------------------------------------
SECURITY ERRATA RELEASED AFTER SLF6.x was released
------------------------------------------------------------------------------
Security errata will not be placed in the default install tree as has been
done with prior releases of Scientific Linux Fermi. They will only
reside in the updates/security/ directory.
The boot.iso "network install iso" will install all available security
errata during the install unless you disable the security repo during the
install.
The DVD images do NOT install security errata during the install by default
because the network is not available. If you enable the "Scientific Linux Fermi Security" repo on the "repo" screen then security errata will be installed
assuming the network is available.
You will have to do a "yum -y update" after the installation via DVD to
install all the security errata if you did not enable the network and the
"Scientific Linux Fermi Security" repo during the install.