Install Scientific Linux 7

Important Note for 2019

During 2019, grid sites will be migrating to CentOS7 and the grid may have a mix of Scientific Linux 6 and CentOS7 resources for a while; the current status can be found here. Although the grid site migration to CentOS7 has a deadline of 1 June 2019, there are still some sites at the tail end of the migration. However Tier3 sites should consider their migration to CentOS7, if not already done.

Atlas release 21 and newer (ie CMake releases) do not get recompiled on the grid. As such, if users send ATLAS jobs compiled on CentOS7 platforms to the grid, and if they land on SL6 resources, they will fail. The way to avoid this is one of the following methods:

  • to submit from CentOS7 machine to the grid using --osMatching option for prun --osMatching ... or pathena --osMatching ....
  • to compile and submit using a container from a CentOS7 machine; ie do setupATLAS -c slc6 to checkout, compile, submit. See this page for details.
  • use lxplus6.cern.ch to checkout, compile and submit. (but lxplus6 machines may get rarer to find.)

Other known CentOS7 issues are described in this Twiki page.

Required packages

Warning, important You will need system privileges for this. Install Scientific Linux on your computer; you can choose any packages or versions you like but make sure that the following are also installed:

Note Please note that only 64-bit OS will be supported in ATLASLocalRootBase.

  • Install the SL7 (or CentOS7) desktop version.
  • Install the HEP_OSlibs metarpm; see Instructions
yum install  http://linuxsoft.cern.ch/wlcg/centos7/x86_64/wlcg-repo-1.0.0-1.el7.noarch.rpm 
yum install HEP_OSlibs
 
      echo "user.max_user_namespaces = 15000"  > /etc/sysctl.d/90-max_user_namespaces.conf
      sysctl -p /etc/sysctl.d/90-max_user_namespaces.conf
    • check as a normal user that setupATLAS -c slc6 works (ie Singularity containers run). If not, you may need to install an additional rpm such as libseccomp if it says that library is missing. (reference: ADCINFR-132)

Kerberos Configuration

Example, this is what it should look like with the CERN.CH configurations.

# Configuration snippets may be placed in this directory as well
includedir /etc/krb5.conf.d/

[logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log

[libdefaults]
 dns_lookup_realm = false
 ticket_lifetime = 24h
 renew_lifetime = 7d
 forwardable = true
 rdns = false
# default_realm = EXAMPLE.COM
 default_realm = CERN.CH
 default_ccache_name = KEYRING:persistent:%{uid}

[realms]
# EXAMPLE.COM = {
#  kdc = kerberos.example.com
#  admin_server = kerberos.example.com
# }

[realms]
  CERN.CH = {
    default_domain = cern.ch
    kpasswd_server = afskrb5m.cern.ch
    admin_server = afskrb5m.cern.ch
    kdc = cerndc.cern.ch
  }

[domain_realm]
# .example.com = EXAMPLE.COM
# example.com = EXAMPLE.COM
  cern.ch = CERN.CH
  .cern.ch = CERN.CH

Test status

Note

  • tested on SL7.2
  • tested with bash. zsh and tcsh limited testing (mainly setup to ensure ALRB scripts work.)

Name SL6 cvmfs Installations Native SL7 Installation Comments To be done
agis DONE DONE  
asetup DONE DONE    
atlantis DONE DONE    
eiclient     EIClient is not working outside cern.ch at the moment so it is not fully supported.  
emi DONE (centos7 version setup) DONE    
fax DONE DONE    
ganga DONE DONE    
lcgenv DONE DONE    
panda DONE DONE    
pod     PoD is no longer being developed and if there is no need for this tool, it will no longer be supported on SL7. Please contact desilva@cern.ch if you need PoD.  
pyami DONE DONE    
rcsetup DONE DONE    
root DONE DONE    
rucio DONE DONE    
sft DONE DONE    
xrootd DONE DONE    
advancedTools gcc DONE DONE    
advancedTools git DONE DONE    
advancedTools python DONE DONE    
diagnostics checkOS DONE DONE    
diagnostics db-fnget DONE DONE    
diagnostics db-readReal DONE DONE    
diagnostics gridCert DONE DONE    
diagnostics runKV DONE DONE    
diagnostics setMeUp DONE DONE There are no SL7 compatible tutorials  
diagnostics setMeUpData DONE DONE    
diagnostics supportInfo DONE DONE    
helpMe DONE DONE    
printMenu DONE DONE    
showVersions DONE DONE    

Problems / Known Issues

Name Date Comments Resolved ?
emi 19 May 2016 fetchCA/CRL unavailable but setup works from cvmfs Fixed.
emi 19 May 2016 $X509_USER_PROXY env not set after proxy fetched. Checking if expected new behaviour. Seen also with rpms; looks normal so ignore.
emi 19 May 2016 grid-proxy-info missing Resolved, s9 Aug 2016 in v03 alpha version.
asetup 29 Aug 2016 slc5 releases are NOT failing to setup on lxplus7; ok on SL7 testbeds. Fixed.
emi 29 Aug 2016 generating a novoms proxy with grid-proxy-init and then obtaining a voms one from it with noregen results proxy type=proxy which seems to fail to ping the pandaServers (gridCert diagnostics) Fixed in preview-01
rucio 30 Aug 2016 rucio upload generates error messages failing but actually uploads file - only seen on tcsh Fixed in latest rucio
ganga 30 Aug 2016 ganga startup fails to load GangaPanda template; kerberos_sspi module and tries to load dq2. Fixed.
-- AsokaDeSilva - 2016-03-23
Edit | Attach | Watch | Print version | History: r27 < r26 < r25 < r24 < r23 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r27 - 2019-07-26 - AsokaDeSilva
 
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2019 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback