RHEL 7

by

Compiling glibc-2.29 at CentOS-7

Step 1: Download the glibc

To Download the glibc-2.29, do download at https://ftp.gnu.org/gnu/glibc/

Step 2: Compile and Build the glibc libraries

# tar zxvf glibc-2.29.tar.gz
# cd glibc-2.29
# mkdir build
# cd build

Step 3: Compile and install

# ../configure --prefix=/usr/local/glibc-2.29
# make -j8
# make install

Step 4: Errors encountered

.....
checking version of ld... 2.27, ok
checking for gnumake... no
checking for gmake... gmake
checking version of gmake... 3.82, bad
checking for gnumsgfmt... no
checking for gmsgfmt... no
checking for msgfmt... msgfmt
checking version of msgfmt... 0.19.8.1, ok
.....

Step 5: You might need the new version of GNU make to resolve the issue

To Download the make-4.2.1, do download at https://ftp.gnu.org/gnu/make/

To compile the make, it is very simple

# tar -zxvf make-4.2.1.tar.gz
# cd make-4.2.1
# ./configure --prefix=/usr/local/make-4.2.1
# make && make install

Step 6: Update the $PATH & $LD_LIBRARY_PATH

# export PATH=$PATH:/usr/local/make-4.2.1/bin
# export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/local/make-4.2.1/lib

Step 7: Repeat Step 3

by

Installing 7-zip on CentOS-7 and Rocky Linux 8

7-zip is free software with open source. It has a high compression ratio in 7z format with LZMA and LZMA2 compression. Supported formats:

  • Packing / unpacking: 7z, XZ, BZIP2, GZIP, TAR, ZIP and WIM
  • Unpacking only: APFS, AR, ARJ, CAB, CHM, CPIO, CramFS, DMG, EXT, FAT, GPT, HFS, IHEX, ISO, LZH, LZMA, MBR, MSI, NSIS, NTFS, QCOW2, RAR, RPM, SquashFS, UDF, UEFI, VDI, VHD, VHDX, VMDK, XAR and Z.

Get 7-zip in Linux

$ wget https://sourceforge.net/projects/sevenzip/files/7-Zip/22.01/7z2201-linux-x64.tar.xz --no-check-certificate

Unpack 7-zip in Linux

$ tar xf 7z2101-linux-x64.tar.xz

Running Issues

If you are encountering issues like (especially on CentOS-7)

[user1@node1 7-zip]$ ./7zz
./7zz: /lib64/libstdc++.so.6: version CXXABI_1.3.8' not found (required by ./7zz) 
./7zz: /lib64/libstdc++.so.6: versionCXXABI_1.3.9' not found (required by ./7zz)

You need a more recent GNU Compilers rather than the default one used in CentOS-7 which is very old, you may want to compile more recent GNU. Remember to complete the $LD_LIBRARY_PATH and $PATH something like this

export PATH=$PATH:/usr/local/gcc-6.5.0/bin
export LD_LIBRARY_PATH= $LD_LIBRARY_PATH:/usr/local/gcc-6.5.0/lib64
by

abrt-cli status’ timed out is always shown when logging on or changing users

When change or login to specific user, ‘abrt-cli status’ timed out is always shown

Last login: Mon Dec 19 23:32:58 +08 2022 on pts/21 
'abrt-cli status' timed out

To resolve the issue, you may want to check the status of the ‘abrtd’ service, the output will indicate a locked file

# systemctl status abrtd
● abrtd.service - ABRT Automated Bug Reporting Tool
   Loaded: loaded (/usr/lib/systemd/system/abrtd.service; disabled; vendor preset: enabled)
   Active: active (running) since Mon 2022-12-19 23:34:58 +08; 2s ago
 Main PID: 273413 (abrtd)
   CGroup: /system.slice/abrtd.service
           └─273413 /usr/sbin/abrtd -d -s

Dec 19 23:34:58 node1 systemd[1]: Started ABRT Automated Bug Reporting Tool.
Dec 19 23:34:58 node1 systemd[1]: Starting ABRT Automated Bug Reporting Tool...
Dec 19 23:34:58 node1 abrtd[273413]: Lock file '.lock' is locked by process 191242
Dec 19 23:34:59 node1 abrtd[273413]: Lock file '.lock' is locked by process 191242
Dec 19 23:34:59 node1 abrtd[273413]: Lock file '.lock' is locked by process 191242
Dec 19 23:35:00 node1 abrtd[273413]: Lock file '.lock' is locked by process 191242
Dec 19 23:35:00 node1 abrtd[273413]: Lock file '.lock' is locked by process 191242

Stop the abrt Service first. 

# systemctl stop abrtd

Kill the Process holding the Lock File

# pkill -9 systemctl stop abrtd

Start the Service again

# systemctl start abrtd

The Lock File should go away.

# systemctl status abrtd
● abrtd.service - ABRT Automated Bug Reporting Tool
   Loaded: loaded (/usr/lib/systemd/system/abrtd.service; disabled; vendor preset: enabled)
   Active: active (running) since Mon 2022-12-19 23:48:02 +08; 4s ago
 Main PID: 334010 (abrtd)
   CGroup: /system.slice/abrtd.service
           └─334010 /usr/sbin/abrtd -d -s

Dec 19 23:48:02 hpc-gekko1 systemd[1]: Started ABRT Automated Bug Reporting Tool.
Dec 19 23:48:02 hpc-gekko1 systemd[1]: Starting ABRT Automated Bug Reporting Tool...
Dec 19 23:48:02 hpc-gekko1 abrtd[334010]: Init complete, entering main loop
by

Detecting and Shutting Down VNC Server in CentOS-7

To list the ports and the Xvnc session’s associated user, as root, enter:

# lsof -i -P | grep vnc
Xvnc        2267     root    5u  IPv6    76766      0t0  TCP *:6003 (LISTEN)
Xvnc        2267     root    6u  IPv4    76767      0t0  TCP *:6003 (LISTEN)
Xvnc        2267     root    9u  IPv4    76775      0t0  TCP *:5903 (LISTEN)
Xvnc        2267     root   10u  IPv6    76776      0t0  TCP *:5903 (LISTEN)

Apparently, there is some Xvnc running. To do a quick shutdown

# systemctl |grep vnc
vncserver@:1.service                                                                             loaded active running   Remote desktop service (VNC)
  system-vncserver.slice                                                                           loaded active active    system-vncserver.slice

# systemctl stop vncserver@:1.servic
# systemctl stop system-vncserver.slice

Check that the XVNc again

# systemcl stop xvnc.socket
# systemctl status xvnc.socket
* xvnc.socket - XVNC Server
   Loaded: loaded (/usr/lib/systemd/system/xvnc.socket; disabled; vendor preset: disabled)
   Active: inactive (dead)
   Listen: [::]:5900 (Stream)
Accepted: 0; Connected: 0

# systemctl |grep vnc

If however, you are interested in setting up VNC, there is a good article for you to consider
Remote-desktop to a host using VNC¶

by

Using firewall-cmd to configure gateways and isolated client network on CentOS-7 and Rocky Linux 8

Objectives:

Compute Nodes in an HPC environment are usually physically isolated from the public network and has to route through the gateway which are often found in Head Node or any delegated Node in small or small-medium size cluster to access the internet or to access company LAN to access LDAP, you can use the firewall-cmd to route the traffic through the interconnect facing the internet.

Scenario:

Traffic will be routed through the Head Node’s eno1 (internet facing) from the Head Node’s eno2 (private network). The interconnect eno1 is attached to a switch where the compute nodes are similarly attached. Some

  1. 192.168.1.0/24 is the private network subnet.
  2. 192.168.1.1 is the IP Address of the Head Node
  3. 155.1.1.2 is the IP Address of the external-facing ethernet ie eno1

Check the zones. 

# firewall-cmd --list-all-zones

Check the Active Zones

# firewall-cmd --get-active-zones
external
  interfaces: eno2
internal
  interfaces: eno1

Enable masquerade at the Head Node’s External Zone

IP masquerading is a process where one computer acts as an IP gateway for a network. For masquerading, the gateway dynamically looks up the IP of the outgoing interface all the time and replaces the source address in the packets with this address.

You use masquerading if the IP of the outgoing interface can change. A typical use case for masquerading is if a router replaces the private IP addresses, which are not routed on the internet, with the public dynamic IP address of the outgoing interface on the router.

For more information. Do take a look at 5.10. Configuring IP Address Masquerading

# firewall-cmd --zone=external --query-masquerade 
no
# firewall-cmd --zone=external --add-masquerade --permanent
# firewall-cmd --reload

Compute Nodes at the Private Network 

(Assuming that eno1 is connected to the private switch). It is very important that you input the gateway at the compute node’s /etc/sysconfig/network-scripts/ifcfg-eno1)

.....
.....
DEVICE=enp47s0f1
ONBOOT=yes
IPADDR=192.168.1.2 #Internal IP Address of the Compute Node
NETMASK=255.255.255.0
GATEWAY=192.168.1.1 #Internal IP Address of the Head Node

Next, you have to put the Network Interface of the Client in the Internal Zone of the firewall-cmd. Assuming that eno1 is also used by the Client Network 

# firewall-cmd --zone=internal --change-interface=eno1 --permanent

You may want to set the selinux to disabled

# setenforce 0

Configure the Head Node’s External Zone.

For Zoning, do take a look at 5.7.8. Using Zone Targets to Set Default Behavior for Incoming Traffic

For this setting, we have chosen target “default”

# firewall-cmd --zone=external --set-target=default

You can configure other settings. For the External Zone. For example, add SSH Service, mDNS

# firewall-cmd --permanent --zone=external --add-service=ssh
# firewall-cmd --permanent --zone=external --add-service=mdns
# firewall-cmd --runtime-to-permanent
# firewall-cmd --reload

Make sure the right Ethernet is placed in the right Zone. For External-Facing Ethernet Card, (eno2), you may want to place it 

# firewall-cmd --zone=external --change-interface=eno2 --permanent

For Internal Facing Ethernet Card, (eno1), you want want to place it

# firewall-cmd --zone=internal --change-interface=eno1 --permanent

Configure the firewall-Source of Internal Network (eno1)

# firewall-cmd --zone=internal --add-source=192.168.1.0/24

Checking the Settings in the “firewall-cmd –get-active-zones”

# firewall-cmd --get-active-zones
internal (active)
  target: default
  icmp-block-inversion: no
  interfaces: eno1
  sources: 192.168.1.0/32
  services: dhcpv6-client mdns ssh
  ports:
  protocols:
  forward: no
  masquerade: no
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:

public (active)
  target: default
  icmp-block-inversion: no
  interfaces: eno2
  sources:
  services: dhcpv6-client ssh
  ports: 
  protocols:
  forward: no
  masquerade: yes
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:

Check the Firewall Status

systemctl status firewalld.service