This repository contains RPMs to assist with using the Fermilab General Computing Environment on EL9 systems.
Packages in this repository are signed by GPG Key:
pub 4096R/ABEC1471 2020-01-30
uid Fermilab RPM Key (Used for signing RPMs built at Fermilab) <LINUX-USERS@LISTSERV.FNAL.GOV>
sub 4096R/804610A8 2020-01-30
Source Repos
The source for packages in these repos can be found at https://github.com/fermilab-context-rpms. You can review it for recomendations on how to configure your system if use of these packages is not right for your environment.
Installation Instructions
RPMs can be loaded interactively with dnf/yum and/or at install time with Kickstart.
These RPMs will own their configuration files. Any local changes will be reverted upon upgrade. Your modified files will be saved off as .rpmsave files. |
You are expected to have working access to the OS repos. If you require use of the local Fermilab mirrors you should install the yum-conf-fermilab-mirror package first. |
1. Interactive Steps
This method should work for any admin who wishes to install some or all of the Fermilab packages. |
-
You will need to install the fermilab yum repo
sudo yum install https://linux-mirrors.fnal.gov/linux/fermilab/almalinux/9/yum-conf-fermilab.rpm
-
To get specific packages, you can install them as normal now:
sudo yum install ${SOMEPACKAGE}
-
To get the minimum requirements for on-site computing:
sudo yum install --setopt=install_weak_deps=False fermilab-base_on-site
-
To get all the recommended packages run:
sudo yum install --setopt=install_weak_deps=True fermilab-base_on-site
or
sudo yum group install fermilab
-
To get all the recommended and optional packages run:
sudo yum group install --with-optional fermilab
These yum commands should not cause errors if run multiple times. |
2. From Kickstart
Add the yum repo to your known repos:
repo --name=fermilab --baseurl=https://linux-mirrors.fnal.gov/linux/fermilab/almalinux/$releasever/$basearch/
%packages
@fermilab
Or you may specify any specific packages you wish to select from this repo
Additional Information on Fermilab Packages
- fermilab-base_on-site
-
This package requires the config RPMs that will alter your system settings for use at Fermilab. A
sudo yum install
on this package will install those dependencies automatically. It uses RPM’s rich dependencies to suggest additional, optional, packages that may be useful. - fermilab-conf_ca-certs
-
Place the Fermilab CA Certificates (for our local CA) in
/usr/share/fermilab-conf_ca-certs
. You can fetch them directly from https://authentication.fnal.gov/certs/ - fermilab-conf_ca-certs-trust
-
Adds the Fermilab CA Certificates (for our local CA) to your CA Trust Store. You can fetch them directly from https://authentication.fnal.gov/certs/
- fermilab-conf_doe-banner
-
Contains the standardized banner messages for use at Fermilab.
- fermilab-conf_doe-banner-cockpit
-
Add a notification banner to the cockpit login screen regarding your rights and restrictions on the Fermilab Network.
- fermilab-conf_doe-banner-console
-
Add a notification banner to the text console regarding your rights and restrictions on the Fermilab Network.
- fermilab-conf_doe-banner-gdm
-
Add a notification banner to the GDM login window regarding your rights and restrictions on the Fermilab Network.
- fermilab-conf_doe-banner-login-screen
-
Add a notification banner to the recognized login windows regarding your rights and restrictions on the Fermilab Network.
- fermilab-conf_email-gateway
-
Setup postfix to route outbound email through an approved mail gateway.
- fermilab-conf_firewall
-
Add a firewall zone with the FNAL IP ranges.
- fermilab-conf_firewall-firewalld
-
Add a firewalld zone with the FNAL IP ranges.
This rpm will reload the firewalld config. |
- fermilab-conf_http-use-syslog
-
Setup webservers to log into syslog.
- fermilab-conf_http-use-syslog-apache-httpd
-
Setup apache-httpd to log to syslog.
This rpm may result in double logging on your system. |
The apache-httpd ErrorLog may only be defined once. The definition closest to access is the one used. |
- fermilab-conf_http-use-syslog-nginx
-
Setup nginx to log to syslog
This rpm may result in double logging on your system. |
- fermilab-conf_install-updates
-
Ensure all system updates are applied nightly.
- fermilab-conf_kerberos
-
Load the Fermilab Kerberos configuration settings.
fermilab-conf_kerberos no longer uses /etc/kdc.list to customize
the default kdc list. You should instead create a custom entry in
/etc/krb5.conf.d/00-my-kdcs.conf with your expected settings. |
- fermilab-conf_login-screen-no-user-list
-
Do not show a list of valid users on the recognized login windows.
- fermilab-conf_login-screen-no-user-list-gdm
-
Do not show a list of valid users on the GDM login window.
- fermilab-conf_ocsinventory
-
Configuration for the Fermilab OCS Inventory Server.
- fermilab-conf_screenlock
-
Setup screensaver to lock automatically after inactivity on recognized desktops.
- fermilab-conf_screenlock-gnome
-
Setup GNOME desktop to lock automatically after inactivity.
- fermilab-conf_screenlock-weston
-
Setup Weston desktop to lock automatically after inactivity.
- fermilab-conf_ssh
-
Pull in SSH config settings useful for Fermilab SSH Servers.
- fermilab-conf_ssh-client
-
Add SSH client settings useful for connecting to Fermilab SSH Servers.
- fermilab-conf_ssh-server
-
Configure your SSH Server for use on the Fermilab Network.
- fermilab-conf_sssd
-
Configure SSSD to permit Kerberos or local password authentication. This package also provides behavior similar to
fermilab-conf_kerberos-local-passwords
from the SL7 Fermilab Context.
fermilab-conf_sssd will attempt to reconfigure authentication on your system.
If this fails, you will need to manually run authselect for your system. |
- fermilab-conf_system-logger
-
Forward your system logs to the Central Log Server.
- fermilab-conf_system-logger-rsyslog
-
Forward your system logs via rsyslog to the Central Log Server.
- fermilab-conf_timesync
-
Setup a supported NTP client to use the Fermilab approved timeservers.
- fermilab-conf_timesync-chrony
-
Setup the chrony NTP client to use the Fermilab approved timeservers.
- fermilab-util_kcron
-
Setup Kerberos rights for scheduled jobs and daemons.
- fermilab-util_kx509
-
A simple utility to fetch CI Logon certificates for Fermilab.
- fermilab-util_makehostkeys
-
A simple utility to fetch Kerberos keytabs.
- yum-conf-fermilab
-
The yum repo definitions for the Fermilab repos.
- yum-conf-fermilab-gpgkey
-
The GPG key used in the yum repo definitions for the Fermilab repos.
- yum-conf-fermilab-mirror
-
DNF/Yum repo definitions for Fermilab’s local mirrors.
- yum-conf-fermilab-mirror-almalinux
-
DNF/Yum repo definitions for Fermilab’s local mirror of AlmaLinux.
- yum-conf-fermilab-mirror-centos-stream
-
DNF/Yum repo definitions for Fermilab’s local mirror of CentOS Stream.
- yum-conf-fermilab-mirror-epel
-
DNF/Yum repo definitions for Fermilab’s local mirror of EPEL.
- yum-conf-fermilab-mirror-epel-next
-
DNF/Yum repo definitions for Fermilab’s local mirror of EPEL-Next.