1 / 48

TarHeel Linux

TarHeel Linux. ITS Research Computing University of North Carolina at Chapel Hill Anne Blanchard, C.D. Poon. Agenda. Introduction Building TarHeel Linux on Test Machine Details in TarHeel Linux Build Break UNCCH-ITS-RC Software Repository Variation in TarHeel Linux Build Future Work

davin
Download Presentation

TarHeel Linux

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. TarHeel Linux ITS Research Computing University of North Carolina at Chapel Hill Anne Blanchard, C.D. Poon

  2. Agenda • Introduction • Building TarHeel Linux on Test Machine • Details in TarHeel Linux Build • Break • UNCCH-ITS-RC Software Repository • Variation in TarHeel Linux Build • Future Work • Exercise After Build

  3. Test Machine • Test Machine – CCI Desktop Running Windows XP • Current ITS Lab Machines • Lenovo ThinkCentre M58 7479-UN3 • Intel Core 2 E8400 @ 3GHz Processor • 250 GB SATA II Hard Drive • 2GB DDR3 Memory • Integrated 10/100/1000 Ethernet • Distributed as CCI Desktop between 2/2009 and 5/2010

  4. Building THL Let’s Build TarHeel Linux Power Up the Machine Put the NetInstall Disc into the CDROM Drive Hit F12 to select booting from CDROM Wait to see the “boot:” prompt Hit Return to take standard desktop installation Wait 30 minutes for the build

  5. What and Why? Faculty Requests : • Capability to build a desktop Linux distribution on CCI equipment without needing advanced computer expertise • Integration with existing ITS Research Computing systems • Access to a software repository containing a core set of research applications • Easily managed and modified – but SECURE

  6. Which Penguin? • Fedora Core is bleeding-edge Linux • RedHat Enterprise Linux (RHEL) is mostly • stable, but has corporate overhead • CentOS is a more stable Open • Source version of RHEL • Ubuntu is Debian-based and different

  7. Why CentOS? TarHeel Linux based on CentOS • Same kernel and libraries as our Research Computing • Linux clusters • Shared applications with our Research Computing Linux • clusters • 100% RHEL Clone with no licensing overhead • Easy integration into UNC computing environment

  8. Welcome TarHeel Linux The New Penguin in Town

  9. Building THL Before you begin ……. • Register the MAC address for DHCP at onyen.unc.edu • Download 19MB TarHeel Linux NetInstall 5.5 ISO • image from linux.unc.edu and burn to a dvd/cdrom • Think of a very strong root password: • - 8-12 characters • - mixed case alpha, numeric, and special characters • - no dictionary words 4 characters or greater • - leading capital and trailing digit don’t count • Obtain ONYEN of root user and primary user if any

  10. NetInstall One NetInstall ISO – Two Architectures • Is that box 32-bit or 64-bit? • You might be (pleasantly) surprised! • TarHeel Linux NetInstall can determine the difference • The Kickstart file for either i386 or x86_64 will load • automatically

  11. boot: Options at the boot: prompt • Standard Install – either carriage return • or wait 60 sec • IMPORTANT NOTE: This will REFORMAT your hard drive! • Server Install – boot: server • Rescue Mode – boot: rescue

  12. Installation First 30 minutes: • Format the hard drive • Fixed system space • Remainder of drive for home directories • Load the OS onto the hard drive from linux.unc.edu • PostInstall • IPtables • Kerberos • Other security enhancements

  13. After First Boot • Change of Ownership • Enter ONYEN of root user • Establish a strong root password • Enter ONYEN of primary user if different from • root user • All recent Updates and Patches are applied • Final boot to TarHeel Linux !

  14. Root Password • May not contain any dictionary word of 4 • characters or greater • Has 8 -12 Characters • Includes upper and lower case letters • Contains at least 1 number • Contains at least 1 special character

  15. Root Password Cont’d No Luggage Combinations Allowed! • Machine builds with a strong default password • Person holding root is the first (and only) member • of /etc/sudoers • A new (strong) password is chosen at build time • If initial password selection fails (too many tries!), • default can be changed by “sudo passwd root” once • the machine comes up

  16. Login • Root Login with Local Password, only local password in the system • Onyen Login with Onyen Password for root user and primary user if any • Granted sudo access for root user

  17. Build and Break • Continue Building TarHeel Linux • Take a Break for 10 minutes • Questions?

  18. Applications What can TarHeel Linux do for me? • Latest stable versions of: • Firefox browser • Thunderbird email client • OpenOffice productivity tools • Large selection of multi-media applications • AND THERE’S MORE: • UNC’s own local repository containing research • applications – about 1000 RPMs and growing!

  19. TarHeel Linux Repository NetCDF What’s in the Box? TINKER grace Coot TeX Live ccp4 PHONON PyVTK R • Open Source Scientific Applications: • Mathematics & Applied Mathematics • Statistics & Operations Research • Chemistry & Biochemistry • Physics • Open Source Libraries • Open Source Visualization Tools • Open Source RDBMS Tools • Open Source Programming Language Support Qt4 MayaVi buster FreeMat malaga gtkmathview fftw gv hdf5 VTK wv imlib2 CERNLIB ffmpeg inkscape libVorbis Pixman lua firebird Gromacs Octave Amber gambas OpenMPI cairo maxima NumPy PyMol

  20. yum! YellowdogUpdater Modified prompt# yum search ccp4 prompt# yum install openafs-client prompt# yum provides “*/libkudzu*” prompt# yum info coot All RPM Packages are protected with GPG key.

  21. Other Options Not all software is Open or Free! • There are several options: • Purchase the software from the vendor and install • it locally ($$$$) • Get a copy of the software from ITS Software Acquisitions • and install it locally ($) • Install the environment locally to run it out of AFS • (only a few packages are licensed for us to do this) • Example: # yum install matlab-env • This provides a path to the version in AFS and a • local environment is set up to run it properly

  22. X86_64 vs i386 • Architecture x86_64 (64 bit) and i386 (32 • bit) available • In x86_64 repository, some i386 binaries are • available. • Yum figures out what to install to satisfy dependence. • In x86_64, /usr/lib64 and /usr/lib coexist.

  23. RPM • Install into /usr as prefix if possible • Put into /opt if the package is too complex • Create startup scripts in /etc/profile.d to set up environment for packages in /opt • Use “module” to set up environment

  24. Security! • In Research, a computer is just another tool • A good tool is a reliable tool • Reliability = Security! • Make TarHeel Linux secure “out of the box” • Provide tools and nightly system checks and updates to keep it that way

  25. ONYENs The Only Name You’ll Ever Need! • All user accounts are added by ONYEN • Information directly from UNC ITS LDAP Server • Authentication via UNC ITS Kerberos Server • Only one local encrypted password on a TarHeel Linux host! • Command “adduser_unc” adds accounts for new UNC users

  26. Ports & Services “off by default” • Firewall up from first boot • ssh (port 22) is the only port open, and is limited to access from the UNC campus • All unnecessary services are turned off • Email from the root account is outbound and does not require an open port • Sendmail uses privilege separation

  27. Patches & Updates Nightly Updates • Latest CentOS patches and updates installed • automatically • New versions of software installed from TarHeel Linux • repository • New versions of software from Adobe, GraphViz, Mozilla, etc., downloaded and placed in our repository • New Linux kernel put in place and notice sent to the • root user (reboot needed)

  28. Logs & Reports Things that go bump in the night: • logwatch report – Reader’s Digest Condensed • Version • rpm –V - do you have what you asked for? • New kernel announcement – stay up-to-date! • All the usual logs in all the usual places

  29. Logwatch Sample Logwatch message to root user: ################### Logwatch 7.3 (03/24/06) #################### Processing Initiated: Thu Oct 7 04:02:02 2010 Date Range Processed: yesterday ( 2010-Oct-06 ) Period is day. Detail Level of Output: 0 Type of Output: unformatted Logfiles for Host: zircon.its.unc.edu ################################################################## --------------------- pam_unix Begin ------------------------ gnome-screensaver: Unknown Entries: authentication failure; logname= uid=29049 euid=29049 tty=:0.0 ruser= rhost= ….. sshd: Authentication Failures: cdpoon (dhcp27052.vpn.unc.edu): 1 Time(s) ---------------------- pam_unix End -------------------------

  30. rpm -V Sample rpm -V message to root user: Changes Reported: 48c48 < /var/tmp/rpm-tmp.44275: line 851: IntegrateWithGNOME: command not found --- /var/tmp/rpm-tmp.36971: line 851: IntegrateWithGNOME: command not found Errors Reported: prelink: /usr/lib/libORBit-2.so.0.1.0: at least one of file's dependencies has changed since prelinking prelink: /usr/lib/libgconf-2.so.4.1.0: at least one of file's dependencies has changed since prelinking

  31. New Kernel Sample New Kernel message to root user: Subject: A new kernel is waiting on zircon.its.unc.edu Date: Fri, 24 Sep 2010 04:02:03 -0400 From: root root@zircon.its.unc.edu To: root@zircon.its.unc.edu <root@zircon.its.unc.edu> To: Chi-Duen Poonzircon.its.unc.edu is currently running the followingkernel: vmlinuz-2.6.18-194.11.3.el5which dates to Mon Aug 30 16:19:16 EDT 2010.A new kernel is now available: vmlinuz-2.6.18-194.11.4.el5All current patches and updates have already been installed;the exception being the new kernel.zircon.its.unc.edu has been set up to find and runthe most recent kernel on the next reboot.Please find a time in the very near future when the hostis quiescent, and schedule a shutdown -r Thank you - and Secure Computing for All!The TarHeel Linux Team

  32. THL Hardware • Based on CCI desktop originally • Extended to other kinds of machines, server, laptop, Mac, etc. • Should be able to run on machines with Intel and AMD chips • Limited by driver availability, such as Wifi driver

  33. THL Server • At boot prompt, type “server” • Same as desktop excluding thl-theme package • For low end video card with low resolution • Without THL login screen • Without THL screen saver

  34. THL Virtualization • Tested extensively with Virtualbox on CCI machines • THL as host OS and Windows 7 as guest OS • Windows 7 as host OS and THL as guest OS

  35. THL Laptop • Virtualization vs. Dual Boot • Tested extensively with VirtualBox • Windows 7 as host OS and THL as guest OS • Borrowed video/sound/Wifi capability from Windows 7 • Dual Boot – Issues with Wifi

  36. THL in USB Key • At boot prompt, type “usb” • THL build in 16GB USB key drive • Slower but with write capabilities • (LiveCD without write capabilities) • Extremely portable • Required machine to boot from USB drive

  37. VPN in THL • Installed vpnc in THL, used Onyen and Onyen password to access VPN • With VirtualBox Windows 7 as host OS, used VPN client in Windows 7, allowed VPN access in THL as guest OS

  38. THL in iMac • Applied Math lab in Phillips Hall basement as pilot project • Dual Boot MacOS X and THL using rEFIT as boot agent • Used VirtualBox with MacOS X as host OS and THL as guest OS

  39. Message Passing • OpenMPI in UNCCH-ITS-RC repository • Used “module load openmpi-x86_64” to set up environment for x86_64 machine • Gromacs compiled over OpenMPI • Tested in CCI ThinkCentre E20 running 4 way parallel Gromacs jobs

  40. THL in VCL • Virtual Computer Lab (VCL) from ITS Research Computing, http://vcl.unc.edu • THL build in VCL • Customized for different needs and purposes

  41. THL in GPU Computing • Tested GPU Computing on a Lenovo S20 with Nvidia Tesla C1060 GPU • Started compiling applications for running jobs in GPU

  42. Future Works • Root User/Primary User/Root Password confirmation during installation • RPM Packages update • Extensive documentation in THL Wiki • Encrypted filesystem for sensitive data • Vmware Player for virtualization

  43. Future Works Cont’d • TarHeel Linux 6 with better user interface • Static IP address build • Review drive partition • Gparted to re-partition drive partition • Any other recommendation?

  44. TarHeel Born! What makes TarHeel Linux Specific to UNC? • Accounts are created using information from the UNC • LDAP Server • Authentication uses ITS Kerberos Server • ISO for OS is only available from the UNC Campus • Network • Software repositories are only available from the • UNC Campus Network or via VPN

  45. A Bigger Hammer? What happens if my research outgrows my desktop’s capabilities? • CCI Desktops are mostly dual-core 64-bit machines • (although we support 32-bit) • New CCI quad-core machines have arrived! • Applications developed on a TarHeel Linux machine • will run on our Research Clusters • Applications can be run on remote hosts from the • TarHeel Linux desktop

  46. Documentation & Support TarHeel Linux wiki • Public section for general information • ~root for TarHeel Linux root users • thl_admin for developers tarheellinux@listserv.unc.edumaillist • General announcements from THL developers • Can be used for community discussions help.unc.edu - Online Help Request (Remedy) • Research Computing – TarHeel Linux Support

  47. Contact Information TarHeel Linux Wiki: http://tarheellinux.unc.edu TarHeel Linux NetInstall ISO Download: http://linux.unc.edu/centos/5.5/iso/noarch/TarHeelLinux-5.5-netinstall.iso (find it in the wiki!) TarHeel Linux : research@unc.edu Anne C. Blanchard – blanchar@unc.edu Chi-Duen Poon – cdpoon@unc.edu

  48. Yum Exercise • Use yum to look for AFS client • Install AFS client • Get AFS token and access AFS Isis space • Use yum to look for Matlab environment • Install Matlab environment • Run Matlab • Use yum to look for KompoZer • Install KompoZer • Run KompoZer

More Related