Author: kittycool only

by

Container runtimes, container images, and other key concepts

This is Linux Container Fundamental 101. If you want more information after reading this blog entry 101 A System’s Guide to Containers by OpenSource.com

What is Linux Container?

A Linux® container is a set of 1 or more processes that are isolated from the rest of the system. All the files necessary to run them are provided from a distinct image, meaning Linux containers are portable and consistent as they move from development to testing, and finally to production. This makes them much quicker to use than development pipelines that rely on replicating traditional testing environments. Because of their popularity and ease of use containers are also an important part of IT security. Read more

What are Container Runtimes?

Take a deep dive into container runtimes so you can understand how container environments are built. Read more

What is Container Image?

A container image contains a packaged application, along with its dependencies, and information on what processes it runs when launched. Read more

4 Linux technologies fundamental to containers

Namespaces, cgroups, seccomp, and SELinux are the Linux technologies that make up the foundations of building and running a container process on your system. Read more

by

Configuring NVMeoF RoCE For SUSE 15

The blog is taken from Configuring NVMeoF RoCE For SUSE 15.

The purpose of this blog post is to provide the steps required to implement NVMe-oF using RDMA over Converged Ethernet (RoCE) for SUSE Enterprise Linux (SLES) 15 and subsequent releases.

An important item to note is that RoCE requires a lossless network, requiring global pause flow control or PFC to be configured on the network for smooth operation.

All of the below steps are implemented using Mellanox Connect-X4 adapters.

The blog is taken from Configuring NVMeoF RoCE For SUSE 15.
by

Listing 50 biggest files in Recursive Directories.

I have always enjoyed BASH Commands that can reveal more the files and directories we have. I wrote a short write-up Checking Disk Usage within the subfolders but avoid mount-point

I wondered whether if I can capture the top 20 directories that uses the most disk space. There was this document by OpenSource.com that I find helpful 7 Linux command-line tips for saving media file space

1 To Find the 50 biggest files in its recursive directory tree

% find  -type f  -exec  du -Sh {} +  |  sort -rh  |  head -n 50
19G     ./Downloads/xxxxxx.iso
17G     ./Downloads/AI/AI.tar
17G     ./Downloads/ISO/xxxx.iso
6.4G    ./Ansys/uuuuuuuu.zip
5.3G    ./.cache/tracker/meta.db
4.5G    ./Downloads/HelloThere_AVX2/tar/E45.tbJ
4.4G    ./Documents/EEEEE/EEEEEE_dvd.iso
3.7G    ./Downloads/12345/2021/2021.tar
.....
......
by

abrtd daemon deleting recently created application core dumps on CentOS 7

When I did the command “systemctl status abrtd.service”, I’ve noticed the following

[root@node1 ~]# systemctl status abrtd.service
● abrtd.service - ABRT Automated Bug Reporting Tool
   Loaded: loaded (/usr/lib/systemd/system/abrtd.service; enabled; vendor preset: enabled)
   Active: active (running) since Wed 2022-01-19 09:52:50 +08; 2 months 11 days ago
 Main PID: 1113 (abrtd)
   CGroup: /system.slice/abrtd.service
           └─1113 /usr/sbin/abrtd -d -s


Apr 01 22:29:43 node1 abrt-server[361048]: Package 'rapidfile' isn't signed with proper key
Apr 01 22:29:44 node1 abrt-server[361048]: 'post-create' on '/var/spool/abrt/ccpp-2022-04-01-22:29:29-360942' exited with 1
Apr 01 22:29:44 node1 abrt-server[361048]: Deleting problem directory '/var/spool/abrt/ccpp-2022-04-01-22:29:29-360942'
Apr 01 22:53:14 node1 abrt-server[423453]: Executable '/usr/local/intel/2019u5/intelpython3/bin/python3.6' doesn't belong to any package and ProcessUnp...et to 'no'
Apr 01 22:53:14 node1 abrt-server[423453]: 'post-create' on '/var/spool/abrt/ccpp-2022-04-01-22:52:40-420563' exited with 1
Apr 01 22:53:14 node1 abrt-server[423453]: Deleting problem directory '/var/spool/abrt/ccpp-2022-04-01-22:52:40-420563'
Apr 01 23:55:22 node1 abrt-server[432522]: '.' does not exist
Apr 01 23:55:23 node1 abrt-server[432522]: 'post-create' on '/var/spool/abrt/ccpp-2022-04-01-23:55:09-432449' exited with 1
Apr 01 23:55:23 node1 abrt-server[432522]: Deleting problem directory '/var/spool/abrt/ccpp-2022-04-01-23:55:09-432449'
Apr 01 23:55:23 node1 abrt-server[432522]: '/var/spool/abrt/ccpp-2022-04-01-23:55:09-432449' does not exist
Hint: Some lines were ellipsized, use -l to show in full.

The Issue seems to be caused by

  • The abrtd daemon deletes recently created core dumps
  • Error: Package isn’t signed with proper key

According to Red Hat Knowledge Base “Why does the abrtd daemon delete recently created application core dumps?”, the resolution can be simply

% vim /etc/abrt/abrt-action-save-package-data.conf 
OpenGPGCheck = no
ProcessUnpackaged = yes

Restart the abrtd daemon – as root – for the new settings to take effect:

# systemctl restart abrtd.service

According to Red Hat, the root cause is written as followed:
When the OpenGPGCheck variable is set to yes (the default setting), this informs ABRT to only analyse and handle crashes in applications provided by packages which are signed by the GPG keys whose locations are listed in the /etc/abrt/gpg_keys file. Setting OpenGPGCheck = no, tells ABRT to catch crashes in all programs. Also, abrt is configured to capture coredump of files installed from rpm only. Variable ‘ProcessUnpackaged’ tells abrt to keep the coredump even if application is not installed via rpm/yum.

References:

by

Efficient Heterogeneous Parallel Programming Using OpenMP

This article is taken from Intel “Efficient Heterogeneous Parallel Programming Using OpenMP”. In this article, we will show you how to do CPU+GPU asynchronous calculations using OpenMP.

In some cases, offloading computations to an accelerator like a GPU means that the host CPU sits idle until the offloaded computations are finished. However, using the CPU and GPU resources simultaneously can improve the performance of an application. In OpenMP® programs that take advantage of heterogenous parallelism, the master clause can be used to exploit simultaneous CPU and GPU execution. In this article, we will show you how to do CPU+GPU asynchronous calculation using OpenMP.
…..
…..
…..

The Intel® oneAPI DPC++/C++ Compiler was used with following command-line options:
‑O3 ‑Ofast ‑xCORE‑AVX512 ‑mprefer‑vector‑width=512 ‑ffast‑math ‑qopt‑multiple‑gather‑scatter‑by‑shuffles ‑fimf‑precision=low
‑fiopenmp ‑fopenmp‑targets=spir64=”‑fp‑model=precise”

…..
…..
…..
OpenMP provides true asynchronous, heterogeneous execution on CPU+GPU systems. It’s clear from our timing results and VTune profiles that keeping the CPU and GPU busy in the OpenMP parallel region gives the best performance. We encourage you to try this approach.

Intel: Efficient Heterogeneous Parallel Programming Using OpenMP (Best Practices to Keep the CPU and GPU Working at the Same Time)

by

Compiling ORCA-4.2.1 with OpenMPI-3.1.4

ORCA is a general-purpose quantum chemistry package that is free of charge for academic users. The Project and Download Website can be found at ORCA Forum

You have to register yourself before you can participate in the forum or download ORCA-4.2.1. The current latest version for ORCA is 5.0.3. The package you might want to consider is ORCA 4.2.1, Linux, x86-64, .tar.xz Archive

Prerequisites that I use.

Unpacking ORCA-4.2.1

% tar -xvf orca_4_2_1_linux_x86-64_openmpi314.tar.xz
.....
.....
orca_4_2_1_linux_x86-64_openmpi314/autoci_rhf_poly1_sigma
orca_4_2_1_linux_x86-64_openmpi314/orca_eprnmr_mpi
orca_4_2_1_linux_x86-64_openmpi314/autoci_uhf_poly1_sigma
orca_4_2_1_linux_x86-64_openmpi314/orca_casscf
orca_4_2_1_linux_x86-64_openmpi314/autoci_iprocisd_sigma_alpha_doublet_mpi
orca_4_2_1_linux_x86-64_openmpi314/autoci_rohf_cisd_product
orca_4_2_1_linux_x86-64_openmpi314/orca_gstep
orca_4_2_1_linux_x86-64_openmpi314/contrib/
orca_4_2_1_linux_x86-64_openmpi314/contrib/G2_MP2.cmp
orca_4_2_1_linux_x86-64_openmpi314/contrib/W2_2.cmp
orca_4_2_1_linux_x86-64_openmpi314/contrib/G2_MP2_SV.cmp
orca_4_2_1_linux_x86-64_openmpi314/contrib/G2_MP2_SVP.cmp
orca_4_2_1_linux_x86-64_openmpi314/orca4.2-eula.pdf
orca_4_2_1_linux_x86-64_openmpi314/Third_Party_Licenses_ORCA_4.2.pdf

Running ORCA. If your environment has Module Environment

% module load openmpi/3.1.4/gcc-6.5.0

If not, you have to pacify PATH and LD_LIBRARY_PATH, MANPATH

export PATH=$PATH:$OPENMPI_HOME/bin
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$OPENMPI_HOME/lib:$OPENMPI_HOME/lib64
export MANPATH=$MANPATH:$OPENMPI_HOME/share

Typical Input file

Calling ORCA requires full pathing

/usr/local/orca_4_2_1_linux_x86-64_openmpi314/orca $INPUT > $OUTPUT "--bind-to core --verbose"

For Input File usage, you may want to take a look at the ORCA 4.2.1 Manual found when you unpack or you can look at it online at orca_manual_4_2_1.pdf (enea.it) .

For example…….

! B3LYP def2-SVP SP
%tddft
tda false
nroots 50
triplets true
end
%pal
nprocs 32
end

* xyz 0 1 fac_irppy3.xyz
  Ir        0.00000        0.00000        0.03016
   N       -1.05797        1.55546       -1.09121
   N        1.87606        0.13850       -1.09121
.....
.....
by

High-Severity Zero-Day Bug in Google Chrome

This article is taken from Singapore Computer Emergency Response Team (SINGCERT) titled High-Severity Zero-Day Bug in Google Chrome

Google has released Chrome 99.0.4844.84 for Windows, Mac, Linux and Chrome 99.0.4844.88 for Android users to address a high-severity zero-day bug (CVE-2022-1096)The vulnerability is a Type Confusion in V8 JavaScript engine exploit, and is reported to exist in the wild. V8 is Chrome’s component that is responsible for processing JavaScript code.

Type confusion refers to coding bugs during which an application initialises data execution operations using input of a specific “type” but is tricked into treating the input as a different “type”. This leads to logical errors in the application’s memory, which may allow an attacker to run unrestricted malicious codes inside an application.

No further technical details about the bug have been published by Google.

Google Chrome users on Windows, Mac and Linux are advised to upgrade to Chrome 99.0.4844.84 immediately by going into Chrome menu > Help > About Google Chrome, while Android users may refer to the Google Play Store for Chrome 99 (99.0.4844.88) version.

High-Severity Zero-Day Bug in Google Chrome
by

Compiling pybind11 with GNU-6.5

The Project Website can be found at https://github.com/pybind/pybind11

pybind11 is a lightweight header-only library that exposes C++ types in Python and vice versa, mainly to create Python bindings of existing C++ code. Its goals and syntax are similar to the excellent Boost.Python library by David Abrahams: to minimize boilerplate code in traditional extension modules by inferring type information using compile-time introspection.

The Compiling Steps can be found at https://pybind11.readthedocs.io/en/stable/basics.html

mkdir build
cd build
cmake .. -DDOWNLOAD_EIGEN=ON -DDOWNLOAD_CATCH=ON
make check -j 4