by

Configuring VTST with VASP-6.4.2 with Intel 2023.1

Taken from VTST.Tools Installation Guide

The VTST•Tools has a Fortran component which can be linked into the VASP code as well as a collection of scripts.

Step 1: Download the VTST Code

Download the VTST Code (vtstcode.tgz) at http://theory.cm.utexas.edu/vtsttools/download.html 

Step 2: Building VTST code into VASP

To install, download the files in vtsttools/vtstcode, choose a version, and copy the files in the directory into your vasp source directory. The file chain.F is replaced, so back up the old version. There are other files in the package: neb.F, dynmat.F, dimer.F, lanczos.F, sd.F, cg.F, qm.F, lbfgs.F, bfgs.F, fire.F, and opt.F in and vtstcode6.4/ directories. The vtstcode6.4/ directory contains another file called ml_pyamff.F and directory named pyamff_fortran/, which interface to a machine learning package PyAMFF.

In my situation, I put it in /usr/local/vasp-6.4.2-vtst/vasp.6.4.2/src

$ cd /usr/local/vasp-6.4.2-vtst/vasp.6.4.2/src
$ tar -zxvf vtstcode-198.tgz
$ cd vtstcode-198/vtstcode6.4
$ cp -Rv * /usr/local/vasp-6.4.2-vtst/vasp.6.4.2/src

Step 3: Find the variable SOURCE in the .objects file (a hidden file in src/)

Find the variable SOURCE in the .objects file (a hidden file in src/), which defines which objects will be built, and add the following objects before chain.o:

$ cd /usr/local/vasp-6.4.2-vtst/vasp.6.4.2/src
$ ls -al .objects
$ vim .objects

Around line 126, before chain.o, insert the following

bfgs.o dynmat.o instanton.o lbfgs.o sd.o cg.o dimer.o bbm.o \
fire.o lanczos.o neb.o qm.o \
pyamff_fortran/*.o ml_pyamff.o \
opt.o

Step 4: Update the LIB in makefile inside src/

# vim /usr/local/vasp-6.4.2-vtst/vasp.6.4.2/src/makefile
LIB=lib parser pyamff_fortran

To be continued with VASP Installation later.

by

Microsoft leaks 38TB of private data via unsecured Azure storage

According to the Article “Microsoft leaks 38TB of private data via unsecured Azure storage

The Microsoft AI research division accidentally leaked dozens of terabytes of sensitive data starting in July 2020 while contributing open-source AI learning models to a public GitHub repository.

Almost three years later, this was discovered by cloud security firm Wiz whose security researchers found that a Microsoft employee inadvertently shared the URL for a misconfigured Azure Blob storage bucket containing the leaked information.

Microsoft linked the data exposure to using an excessively permissive Shared Access Signature (SAS) token, which allowed full control over the shared files. This Azure feature enables data sharing in a manner described by Wiz researchers as challenging to monitor and revoke.

Microsoft leaks 28TB of private data via unsecure Azure storage

by

What is TMPFS?

TMPFS is a filesystem that exists only in memory. When you reboot the Server, the content of the TMPFS is gone. This is perfect for mounting the /tmp directory

In your /etc/fstab

tmpfs /tmp tmpfs size=30% 0 0

The size option set the maximum size of the filesystem. In the setting above, it can take up to 30% of the total RAM. If you umount the file system, all memory is returned.

by

Compiling Quantum ESPRESSO-7.2 with Intel-2023.1 on Rocky Linux 8

Step 1: Download the package from Quantum ESPRESSO. You have to register and login before you can download.

# tar -zxvf qe-7.2.tar.gz

Step 2: Source Intel Environment

$ source /usr/local/intel/2023.1/setvars.sh
:: initializing oneAPI environment ...
   -bash: BASH_VERSION = 4.4.20(1)-release
   args: Using "$@" for setvars.sh arguments:
:: advisor -- latest
:: ccl -- latest
:: clck -- latest
:: compiler -- latest
:: dal -- latest
:: debugger -- latest
:: dev-utilities -- latest
:: dnnl -- latest
:: dpcpp-ct -- latest
:: dpl -- latest
:: inspector -- latest
:: intelpython -- latest
:: ipp -- latest
:: ippcp -- latest
:: ipp -- latest
:: itac -- latest
:: mkl -- latest
:: mpi -- latest
:: tbb -- latest
:: vtune -- latest
:: oneAPI environment initialized ::

Step 3: Remember to Prepare the Intel Optimised BLAS95, LAPACK95 and FFTW. Do take a look at

Step 4: Compile the QE

Once you have loaded the Intel Configuration costly, QE will detect and configure. Compilation is very simple. 

# ./configure --prefix=/usr/local/qe-2.7 ----with-scalapack=intel --enable-shared --enable-openmp | tee Configure.out
# make all
# make install

Step 5: Optional (If you wish to reconfigure again, do a clean up)

Do a clean up by using the command 

# make veryclean
by

Linux expect and spawn id exp6 not open issue

I was having an issue with my expect script

spawn ssh licensecheck@192.168.1.0
Password:
Authentication failed.
send: spawn id exp6 not open
    while executing
.....
.....

This my code…..

#!/usr/bin/expect
set timeout 20
spawn ssh -o PubkeyAuthentication=no licensecheck@192.168.1.0

expect "Password: " {send "mypassword\r"}
expect "$ " {send "/usr/xxx/xxx/xxx/lmstat -a\r"}
expect "$ " {send "exit\r"}

Do check out whether the expression is correct. In case, I leave a space after “Password: ” After I remove, the space, the error is gone. There is also a write-up in a form. Do take a look at Linux – spawn_id: spawn id exp6 not open

by

Disabling Avahi-Daemon on CentOS 7

I was having a bit of difficult of turning Avahi-Daemon which is also called mDNS since I do not need the Service. When I use the command

# systemctl status avahi-daemon
● avahi-daemon.service - Avahi mDNS/DNS-SD Stack
   Loaded: loaded (/usr/lib/systemd/system/avahi-daemon.service; enabled; vendor preset: enabled)
   Active: active (running) since Mon 2023-08-28 08:46:26 +08; 14h ago
 Main PID: 36457 (avahi-daemon)
   Status: "avahi-daemon 0.6.31 starting up."
    Tasks: 2
   Memory: 676.0K
   CGroup: /system.slice/avahi-daemon.service
           ├─36457 avahi-daemon: running [hpc-r001.local]
           └─36494 avahi-daemon: chroot helper
.....
.....
.....

Unable to Stop ???

I tried to stop it, but the daemon did not stop….. Hmmmmm

# systemctl stop avahi-daemon
Warning: Stopping avahi-daemon.service, but it can still be activated by:
  avahi-daemon.socket
[root@hpc-r001 ~]# systemctl status avahi-daemon
● avahi-daemon.service - Avahi mDNS/DNS-SD Stack
   Loaded: loaded (/usr/lib/systemd/system/avahi-daemon.service; enabled; vendor preset: enabled)
   Active: active (running) since Mon 2023-08-28 23:11:54 +08; 10s ago
 Main PID: 372559 (avahi-daemon)
   Status: "avahi-daemon 0.6.31 starting up."
    Tasks: 2
   Memory: 704.0K
   CGroup: /system.slice/avahi-daemon.service
           ├─372559 avahi-daemon: running [hpc-r001.local]
           └─372563 avahi-daemon: chroot helper

Unable to Disable ???

I tried to disable as well. But…… still alive?

# systemctl disable avahi-daemon
Removed symlink /etc/systemd/system/multi-user.target.wants/avahi-daemon.service.
Removed symlink /etc/systemd/system/dbus-org.freedesktop.Avahi.service.
Removed symlink /etc/systemd/system/sockets.target.wants/avahi-daemon.socket.
[root@hpc-r001 ~]# systemctl status avahi-daemon
● avahi-daemon.service - Avahi mDNS/DNS-SD Stack
   Loaded: loaded (/usr/lib/systemd/system/avahi-daemon.service; disabled; vendor preset: enabled)
   Active: active (running) since Mon 2023-08-28 23:12:25 +08; 2min 32s ago
 Main PID: 372707 (avahi-daemon)
   Status: "avahi-daemon 0.6.31 starting up."
   CGroup: /system.slice/avahi-daemon.service
           ├─372707 avahi-daemon: running [hpc-r001.local]
           └─372709 avahi-daemon: chroot helper

Finally…… Mask, Disable then stop.

To prevent a service from running you need to “mask” it first

# systemctl mask avahi-daemon
Created symlink from /etc/systemd/system/avahi-daemon.service to /dev/null.
# systemctl disable avahi-daemon
# systemctl stop avahi-daemon


# systemctl status avahi-daemon
● avahi-daemon.service
   Loaded: masked (/dev/null; bad)
   Active: inactive (dead) since Mon 2023-08-28 23:15:42 +08; 20min ago
 Main PID: 372707 (code=exited, status=0/SUCCESS)
by

Using NMCLI to manage Network on Rocky Linux 8

Point 1: View all the saved connections

# nmcli connection show
ens1f0     XXXX-XXXX-XXXX-XXXX-XXXX  ethernet  ens1f0
ens1f1     YYYY-YYYY-YYYY-YYYY-YYYY  ethernet  ens1f1
ens10f0    ZZZZ-ZZZZ-ZZZZ-ZZZZ-ZZZZ  ethernet  --
ens10f1    AAAA-AAAA-AAAA-AAAA-AAAA  ethernet  --

Point 2a: Stop Network

You can use the command “nmcli connection down ssid/uuid". For example 

# nmcli connection down XXXX-XXXX-XXXX-XXXX-XXXX
Connection 'eno0' successfully deactivated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/3)

Point 2b: Start Network

You can use the command “nmcli connection up ssid/uuid". For example 

# nmcli connection up XXXX-XXXX-XXXX-XXXX-XXXX
Connection 'eno0' successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/3)

Point 3: Device Connection

To check the Device status

# nmcli dev status
ens1f0  ethernet  connected     ens1f0
eno1f1  ethernet  connected     ens1f1
eno10f0  ethernet  disconnected  --
eno10f1  ethernet  disconnected  --

Point 4: List all Device 

# nmcli device show
GENERAL.DEVICE:                         ens1f0
GENERAL.TYPE:                           ethernet
GENERAL.HWADDR:                         XX:XX:XX:XX:XX:XX
GENERAL.MTU:                            1500
GENERAL.STATE:                          100 (connected)
GENERAL.CONNECTION:                     ens1f0
GENERAL.CON-PATH:                       /org/freedesktop/NetworkManager/ActiveConnection/2
WIRED-PROPERTIES.CARRIER:               on
IP4.ADDRESS[1]:                         192.168.0.1
IP4.GATEWAY:                            192.168.0.254
IP4.ROUTE[1]:                           dst = 0.0.0.0/0, nh = 192.168.0.254, mt = 101
IP4.ROUTE[2]:                           dst = 198.168.0.0/19, nh = 0.0.0.0, mt = 101
IP6.ADDRESS[1]:                         xxxx::xxxx:xxxx:xxxx:xxxx/64
IP6.GATEWAY:                            --
IP6.ROUTE[1]:                           dst = fe80::/64, nh = ::, mt = 1024

GENERAL.DEVICE:                         eno1f1
GENERAL.TYPE:                           ethernet
GENERAL.HWADDR:                         94:6D:AE:9B:76:1C
GENERAL.MTU:                            1500
GENERAL.STATE:                          100 (connected)
GENERAL.CONNECTION:                     eno1f1
GENERAL.CON-PATH:                       /org/freedesktop/NetworkManager/ActiveConnection/4
WIRED-PROPERTIES.CARRIER:               on
IP4.ADDRESS[1]:                         192.168.200.201/19
IP4.GATEWAY:                            --
IP4.ROUTE[1]:                           dst = 192.168.192.0/19, nh = 0.0.0.0, mt = 102
IP6.ADDRESS[1]:                         fe80::966d:aeff:fe9b:761c/64
IP6.GATEWAY:                            --
IP6.ROUTE[1]:                           dst = fe80::/64, nh = ::, mt = 1024

Point 5: Start and Stop Device 

# nmcli con down ens1d1
# nmcli con up ens1d1

References:

  1. nmcli command in Linux with Examples
by

Having kernel hung_task_timeout_secs Issues

There is a good article Linux Kernel panic issue: How to fix hung_task_timeout_secs and blocked for more than 120 seconds problem which provides an explanation and solution to kernel hung_task_timeout_secs Issues.

By default Linux uses up to 40% of the available memory for file system caching. After this mark has been reached the file system flushes all outstanding data to disk causing all following IOs going synchronous. For flushing out this data to disk this there is a time limit of 120 seconds by default. In the case here the IO subsystem is not fast enough to flush the data withing 120 seconds. As IO subsystem responds slowly and more requests are served, System Memory gets filled up resulting in the above error, thus serving HTTP requests.

Linux Kernel panic issue: How to fix hung_task_timeout_secs and blocked for more than 120 seconds problem

Resolution

Change vm.dirty_ratio and vm.dirty_backgroud_ratio

# sysctl -w vm.dirty_ratio=10
# sysctl -w vm.dirty_background_ratio=5
# sysctl -p

If you wish to make it permanent, add the 2 lines to /etc/sysctl.conf

vm.dirty_background_ratio = 5
vm.dirty_ratio = 10
by

Automating the Linux Client Server for Centrify and 2FA on Rocky Linux 8

The whole manual setup including those on the Active Directory can be found at Preparing a Linux Client Server for Centrify and 2FA for CentOS-7

If you just want to automate the Linux portion, here is something you may wish to consider.

Update the sshd_config Templates (The most important portion is that the “PasswordAuthentication no” and “ChallengeResponseAuthentication yes” is present. The whole sshd_config template is too large for me to put into the blog. 

.....
.....
# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no
PasswordAuthentication no

# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes
ChallengeResponseAuthentication yes
.....
.....
- name: Generate /etc/ssh/sshd_config from /etc/ssh/sshd_config.j2 template
  template:
      src: ../templates/sshd_config.j2
      dest: /etc/ssh/sshd_config
      owner: root
      group: root
      mode: 0600
  when:
    - ansible_os_family == "RedHat"
    - ansible_distribution_major_version == "8"

- name: Restart SSH Service
  systemd:
    name: sshd
    state: restarted
    enabled: yes
  when:
    - ansible_os_family == "RedHat"
    - ansible_distribution_major_version == "8"
  changed_when: false

Here is Centrify_2FA.yml to insert the IWaTrustRoot.pem certificate

- name: Copy IwaTrustRoot.pem to /etc/pki/ca-trust/source/anchors/
  template:
      src: /usr/local/software/certificate/IwaTrustRoot.pem
      dest: /etc/pki/ca-trust/source/anchors/
      owner: root
      group: root
      mode: 0600
  become: true
  when:
    - ansible_os_family == "RedHat"
    - ansible_distribution_major_version == "8"

- name: Copy IwaTrustRoot.pem to /var/centrify/net/certs
  template:
      src: /usr/local/software/certificate/IwaTrustRoot.pem
      dest: /var/centrify/net/certs
      owner: root
      group: root
      mode: 0600
  become: true
  when:
    - ansible_os_family == "RedHat"
    - ansible_distribution_major_version == "8"

Restart the CentrifyDC and do a Flush so that the AD is updated.

- name: CentrifyDC Restart
  ansible.builtin.shell: "/usr/share/centrifydc/bin/centrifydc restart"
  register: centrifydc_status
  changed_when: false

- name: Active Directory Flush
  ansible.builtin.shell: "adflush -f"
  register: flush_status
  changed_when: false

- name: Centrify Service Restarted
  debug:
    msg: "Load Average: {{ centrifydc_status.stdout }}"
by

Azure looks like a house of cards collapsing under the weight of exploits and vulnerabilities

Taken from Microsoft comes under blistering criticism for “grossly irresponsible” security – ars Technica

Microsoft has once again come under blistering criticism for the security practices of Azure and its other cloud offerings, with the CEO of security firm Tenable saying Microsoft is “grossly irresponsible” and mired in a “culture of toxic obfuscation.”

The comments from Amit Yoran, chairman and CEO of Tenable, come six days after Sen. Ron Wyden (D-Ore.) blasted Microsoft for what he said were “negligent cybersecurity practices” that enabled hackers backed by the Chinese government to steal hundreds of thousands of emails from cloud customers………. 

Microsoft comes under blistering criticism for “grossly irresponsible” security