Installing 7-zip on CentOS-7 and Rocky Linux 8

7-zip is free software with open source. It has a high compression ratio in 7z format with LZMA and LZMA2 compression. Supported formats:

  • Packing / unpacking: 7z, XZ, BZIP2, GZIP, TAR, ZIP and WIM
  • Unpacking only: APFS, AR, ARJ, CAB, CHM, CPIO, CramFS, DMG, EXT, FAT, GPT, HFS, IHEX, ISO, LZH, LZMA, MBR, MSI, NSIS, NTFS, QCOW2, RAR, RPM, SquashFS, UDF, UEFI, VDI, VHD, VHDX, VMDK, XAR and Z.

Get 7-zip in Linux

$ wget https://sourceforge.net/projects/sevenzip/files/7-Zip/22.01/7z2201-linux-x64.tar.xz --no-check-certificate

Unpack 7-zip in Linux

$ tar xf 7z2101-linux-x64.tar.xz

Running Issues

If you are encountering issues like (especially on CentOS-7)

[user1@node1 7-zip]$ ./7zz
./7zz: /lib64/libstdc++.so.6: version CXXABI_1.3.8' not found (required by ./7zz) 
./7zz: /lib64/libstdc++.so.6: versionCXXABI_1.3.9' not found (required by ./7zz)

You need a more recent GNU Compilers rather than the default one used in CentOS-7 which is very old, you may want to compile more recent GNU. Remember to complete the $LD_LIBRARY_PATH and $PATH something like this

export PATH=$PATH:/usr/local/gcc-6.5.0/bin
export LD_LIBRARY_PATH= $LD_LIBRARY_PATH:/usr/local/gcc-6.5.0/lib64

abrt-cli status’ timed out is always shown when logging on or changing users

When change or login to specific user, ‘abrt-cli status’ timed out is always shown

Last login: Mon Dec 19 23:32:58 +08 2022 on pts/21 
'abrt-cli status' timed out

To resolve the issue, you may want to check the status of the ‘abrtd’ service, the output will indicate a locked file

# systemctl status abrtd
● abrtd.service - ABRT Automated Bug Reporting Tool
   Loaded: loaded (/usr/lib/systemd/system/abrtd.service; disabled; vendor preset: enabled)
   Active: active (running) since Mon 2022-12-19 23:34:58 +08; 2s ago
 Main PID: 273413 (abrtd)
   CGroup: /system.slice/abrtd.service
           └─273413 /usr/sbin/abrtd -d -s

Dec 19 23:34:58 node1 systemd[1]: Started ABRT Automated Bug Reporting Tool.
Dec 19 23:34:58 node1 systemd[1]: Starting ABRT Automated Bug Reporting Tool...
Dec 19 23:34:58 node1 abrtd[273413]: Lock file '.lock' is locked by process 191242
Dec 19 23:34:59 node1 abrtd[273413]: Lock file '.lock' is locked by process 191242
Dec 19 23:34:59 node1 abrtd[273413]: Lock file '.lock' is locked by process 191242
Dec 19 23:35:00 node1 abrtd[273413]: Lock file '.lock' is locked by process 191242
Dec 19 23:35:00 node1 abrtd[273413]: Lock file '.lock' is locked by process 191242

Stop the abrt Service first.

# systemctl stop abrtd

Kill the Process holding the Lock File

# pkill -9 systemctl stop abrtd

Start the Service again

# systemctl start abrtd

The Lock File should go away.

# systemctl status abrtd
● abrtd.service - ABRT Automated Bug Reporting Tool
   Loaded: loaded (/usr/lib/systemd/system/abrtd.service; disabled; vendor preset: enabled)
   Active: active (running) since Mon 2022-12-19 23:48:02 +08; 4s ago
 Main PID: 334010 (abrtd)
   CGroup: /system.slice/abrtd.service
           └─334010 /usr/sbin/abrtd -d -s

Dec 19 23:48:02 hpc-gekko1 systemd[1]: Started ABRT Automated Bug Reporting Tool.
Dec 19 23:48:02 hpc-gekko1 systemd[1]: Starting ABRT Automated Bug Reporting Tool...
Dec 19 23:48:02 hpc-gekko1 abrtd[334010]: Init complete, entering main loop

How to disable CBC Mode Ciphers in RHEL 8 or Rocky Linux 8

This writeup is reference from The Geek Diary

Edit /etc/sysconfig/sshd and uncomment CRYPTO_POLICY line:

CRYPTO_POLICY=

Edit /etc/ssh/sshd_config file. Add Ciphers, MACs and KexAlgorithms have been added

KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com

After making changes to the configuration file, you may want to do a sanity check on the configuration file

# sshd -t

Restart sshd services

# systemctl restart sshd

To test if weak CBC Ciphers are enabled

$ ssh -vv -oCiphers=3des-cbc,aes128-cbc,aes192-cbc,aes256-cbc [youruserid@IP of your Server]

References:

Using firewall-cmd to configure gateways and isolated client network on CentOS-7 and Rocky Linux 8

Objectives:

Compute Nodes in an HPC environment are usually physically isolated from the public network and has to route through the gateway which are often found in Head Node or any delegated Node in small or small-medium size cluster to access the internet or to access company LAN to access LDAP, you can use the firewall-cmd to route the traffic through the interconnect facing the internet.

Scenario:

Traffic will be routed through the Head Node’s eno1 (internet facing) from the Head Node’s eno2 (private network). The interconnect eno1 is attached to a switch where the compute nodes are similarly attached. Some

  1. 192.168.1.0/24 is the private network subnet.
  2. 192.168.1.1 is the IP Address of the Head Node
  3. 155.1.1.2 is the IP Address of the external-facing ethernet ie eno1

Check the zones.

# firewall-cmd --list-all-zones

Check the Active Zones

# firewall-cmd --get-active-zones
external
  interfaces: eno2
internal
  interfaces: eno1

Enable masquerade at the Head Node’s External Zone

IP masquerading is a process where one computer acts as an IP gateway for a network. For masquerading, the gateway dynamically looks up the IP of the outgoing interface all the time and replaces the source address in the packets with this address.

You use masquerading if the IP of the outgoing interface can change. A typical use case for masquerading is if a router replaces the private IP addresses, which are not routed on the internet, with the public dynamic IP address of the outgoing interface on the router.

For more information. Do take a look at 5.10. Configuring IP Address Masquerading

# firewall-cmd --zone=external --query-masquerade 
no
# firewall-cmd --zone=external --add-masquerade --permanent
# firewall-cmd --reload

Compute Nodes at the Private Network 

(Assuming that eno1 is connected to the private switch). It is very important that you input the gateway at the compute node’s /etc/sysconfig/network-scripts/ifcfg-eno1)

.....
.....
DEVICE=enp47s0f1
ONBOOT=yes
IPADDR=192.168.1.2 #Internal IP Address of the Compute Node
NETMASK=255.255.255.0
GATEWAY=192.168.1.1 #Internal IP Address of the Head Node

Next, you have to put the Network Interface of the Client in the Internal Zone of the firewall-cmd. Assuming that eno1 is also used by the Client Network

# firewall-cmd --zone=internal --change-interface=eno1 --permanent

You may want to set the selinux to disabled

# setenforce 0

Configure the Head Node’s External Zone.

For Zoning, do take a look at 5.7.8. Using Zone Targets to Set Default Behavior for Incoming Traffic

For this setting, we have chosen target “default”

# firewall-cmd --zone=external --set-target=default

You can configure other settings. For the External Zone. For example, add SSH Service, mDNS

# firewall-cmd --permanent --zone=external --add-service=ssh
# firewall-cmd --permanent --zone=external --add-service=mdns
# firewall-cmd --runtime-to-permanent
# firewall-cmd --reload

Make sure the right Ethernet is placed in the right Zone. For External-Facing Ethernet Card, (eno2), you may want to place it

# firewall-cmd --zone=external --change-interface=eno2 --permanent

For Internal Facing Ethernet Card, (eno1), you want want to place it

# firewall-cmd --zone=internal --change-interface=eno1 --permanent

Configure the firewall-Source of Internal Network (eno1)

# firewall-cmd --zone=internal --add-source=192.168.1.0/24

Checking the Settings in the “firewall-cmd –get-active-zones”

# firewall-cmd --get-active-zones
internal (active)
  target: default
  icmp-block-inversion: no
  interfaces: eno1
  sources: 192.168.1.0/32
  services: dhcpv6-client mdns ssh
  ports:
  protocols:
  forward: no
  masquerade: no
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: eno2
  sources:
  services: dhcpv6-client ssh
  ports: 
  protocols:
  forward: no
  masquerade: yes
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:

Check the Firewall Status

systemctl status firewalld.service

Compiling Singularity-CE-3.10.0 on Rocky Linux 8

The Official Documentation can be found at https://sylabs.io/guides/3.0/user-guide/installation.html

Prerequisites 1 – Go

Go to the Download Page https://go.dev/dl/ to download the Linux Version.

Extract the archive you downloaded into /usr/local, creating a Go tree in /usr/local/go.

This step below will remove a previous installation at /usr/local/go, if any, prior to extracting. Please back up any data before proceeding.

% rm -rf /usr/local/go && tar -C /usr/local -xzf go1.18.3.linux-amd64.tar.gz

Add /usr/local/go/bin to the PATH environment variable. You can do this by adding the following line to your $HOME/.profile or /etc/profile (for a system-wide installation):

export PATH=$PATH:/usr/local/go/bin

Verify the Installation with the command

% go version

Compiling Singularity

To download Singularity, do visit the download site. Singularity uses a build system called makeit. mconfig is called to generate Makefile and them make is used to compile and install

% git clone https://github.com/sylabs/singularity.git --recurse-submodules
% cd singularity
% ./mconfig --prefix=/usr/local/singularity-ce-3.10.0
% cd builddir
% make
% make install
.....
.....
 checking: header linux/securebits.h... yes
 checking: header linux/capability.h... yes
 checking: libseccomp+headers... yes
 checking: conmon source... no

conmon source not found

Unless you are building --without-conmon you must 'git clone --recurse-submodules'
or 'git submodule update --init'.

You may want to install glib2-devel, delete the singularity directory and make the singularity again.

% dnf install glib2-devel

Remote the cloned singularity directory and git clone again

% rm -Rv --force singularity
% git clone https://github.com/sylabs/singularity.git --recurse-submodules

Recompile with mconfig again. If successful, it should be something like

=> generating fragments ...
=> building Makefile ...
=> generating singularity-ce.spec ...
=> project singularity-ce setup with :
    - host arch: x86_64
    - host wordsize: 64-bit
    - host C compiler: cc
    - host Go compiler: /usr/local/go-1.18.3/bin/go
    - host system: unix
      ---
    - target arch: x86_64
    - target wordsize: 64-bit
    - target C compiler: cc
      ---
    - config profile: release
      ---
    - SUID install: yes
    - Network plugins: yes
    - seccomp support: yes
    - Build conmon: yes
      ---
    - verbose: no
      ---
    - cryptsetup: /usr/sbin/cryptsetup
      ---
    - version: 3.10.0+21-g1b1a05ff8
% cd builddir
% make
% make install

Testing

As long as you see a cow your installation is working properly…….

% singularity run library://godlovedc/funny/lolcow
< Exercise caution in your daily affairs. >
 -----------------------------------------
        \   ^__^
         \  (oo)\_______
            (__)\       )\/\
                ||----w |
                ||     ||

References:

  1. https://sylabs.io/guides/3.0/user-guide/installation.html
  2. https://github.com/NIH-HPC/Singularity-Tutorial
  3. Compiling Singularity-CE-3.9.2 on CentOS-7

Error while loading shared libraries: libnsl.so.1: cannot open shared object file: No such file or directory on Rocky-Linux 8.5

If you encounter an error similar to this

% /usr/local/ansys_inc/v221/fluent/fluent22.1.0/launcher/bin/../lnamd64/launcher1: error while loading shared libraries: libnsl.so.1: cannot open shared object file: No such file or director

You have to install the libnsl library as libnsl.so.1 is not installed in Red Hat Linux release 8 be default.

% dnf install libnsl

Compiling GCC 12.1.0 on Rocky Linux 8.5

Option 1: The longer and customised method

Step 1: Download the following prerequisites applications libraries from https://gcc.gnu.org/pub/gcc/infrastructure/

  1. gmp-6.2.1
  2. mpfr-4.1.0
  3. mpc-1.2.1

Step 1. Install gmp-6.2.1

% bunzip2 gmp-6.2.1.tar.bz2
% tar -xvf gmp-6.2.1.tar
% cd gmp-6.2.1
% ./configure --prefix=/usr/local/gmp-6.2.1
% make 
% make install

Step 2: Install mpfr-4.1.0 (requires gmp-6.2.1 as prerequisites)

% bunzip2 mpfr-4.1.0.tar.bz
% tar -xvf mpfr-4.1.0.tar
% cd mpfr-4.1.0/
% ./configure --prefix=/usr/local/mpfr-4.1.0 --with-gmp=/usr/local/gmp-6.2.1/
% make
% make install

Step 3: Install mpc-1.2.1 (requires gmp-6.2.1 and mpfr-4.1.0)

% tar -zxvf mpc-1.2.1.tar.gz
% cd mpc-1.2.1/
% ./configure --prefix=/usr/local/mpc-1.2.1 -with-gmp=/usr/local/gmp-6.2.1 --with-mpfr=/usr/local/mpfr-4.1.0
% make
% make install

Step 4: Install isl-0.24 (requires gmp-6.2.1 as prerequisites)

% bunzip2 isl-0.24.tar.bz2
% tar -xvf isl-0.24.tar
% cd isl-0.24
% ./configure --prefix=/usr/local/isl-0.24 --with-gmp-prefix=/usr/local/gmp-6.2.1/
% make
% make install

Configure and Build GCC

% git clone git://gcc.gnu.org/git/gcc.git
% cd gcc
% mkdir build-gcc
% cd build-gcc
% ../configure --prefix=/usr/local/gcc-12.1 --enable-bootstrap --enable-languages=c,c++,fortran,lto --enable-shared --enable-threads=posix --enable-checking=release --enable-multilib --with-system-zlib --enable-__cxa_atexit --disable-libunwind-exceptions --enable-gnu-unique-object --enable-linker-build-id --with-gcc-major-version-only --with-linker-hash-style=gnu --enable-plugin --enable-initfini-array --disable-libmpx --enable-offload-targets=nvptx-none --without-cuda-driver --enable-gnu-indirect-function --enable-cet --with-tune=generic --with-arch_32=x86-64 --build=x86_64-redhat-linux --with-static-standard-libraries --with-gmp=/usr/local/gmp-6.2.1 --with-mpc=/usr/local/mpc-1.2.1 --with-mpfr=/usr/local/mpfr-4.1.0 --with-isl=/usr/local/isl-0.24 --with-isl-lib=/usr/local/isl-0.24/lib --with-isl-include=/usr/local/isl-0.24/include

You may encounter issues like

/usr/local/software/gcc/build-gcc/./gcc/cc1: error while loading shared libraries: libisl.so.23: cannot open shared object file: No such file or directory

An alternative way is to let GCC do the download for you….. Retracing the steps

% git clone git://gcc.gnu.org/git/gcc.git
% cd gcc
% contrib/download_prerequisites
% mkdir build-gcc
% cd build-gcc
% ../configure --prefix=/usr/local/gcc-12.1 --enable-bootstrap --enable-languages=c,c++,fortran,lto --enable-shared --enable-threads=posix --enable-checking=release --enable-multilib --with-system-zlib --enable-__cxa_atexit --disable-libunwind-exceptions --enable-gnu-unique-object --enable-linker-build-id --with-gcc-major-version-only --with-linker-hash-style=gnu --enable-plugin --enable-initfini-array --disable-libmpx --enable-offload-targets=nvptx-none --without-cuda-driver --enable-gnu-indirect-function --enable-cet --with-tune=generic --with-arch_32=x86-64 --build=x86_64-redhat-linux --with-static-standard-libraries

If you encounter any errors during make such as

/usr/include/gnu/stubs.h:7:11: fatal error: gnu/stubs-32.h: No such file or directory

It is due to missing glibc-devel and glibc-devel.i686. You have to do a dnf install glibc-devel and glibc-devel.i686

% dnf install glibc-devel glibc-devel.i686

Option 2: The Faster Method

You can take a look at Compiling GCC-10.4.0 on CentOS-7 and tune to GCC-12.1.0

References:

References:

https://gcc.gnu.org/wiki/InstallingGCC

Compiling cmake-3.21.3 on Rocky Linux 8.5

If you are compiling the cmake-3.21.3 on Rocky Linux 8.5, and encounter the issues

-- Could NOT find OpenSSL, try to set the path to OpenSSL root folder in the system variable OPENSSL_ROOT_DIR (missing: OPENSSL_CRYPTO_LIBRARY OPENSSL_INCLUDE_DIR)

The problem is easy to resolve, you just need to install the openssl and openssl-devel libraries

# dnf install openssl openssl-devel

You should be able to bootrap easily.

Alternatively, instead of using ./boostrap, you can use the traditional configure command

#./configure --prefix=/usr/local/cmake-3.21.3
# make
# make install

Installing Nvidia Drivers on Rocky Linux 8.5

If you are planning to install Nvidia Drivers on Rocky Linux 8.5, you may want to use DNF to install. For a detailed explanation Streamlining NVIDIA Driver Deployment on RHEL 8 with Modularity Streams

Step 1: Add Offical Nvidia Repository to Package Managers repository list.

# dnf config-manager --add-repo=https://developer.download.nvidia.com/compute/cuda/repos/rhel8/x86_64/cuda-rhel8.repo

Step 2: Install Kernel-Devel and Headers used by the Drivers

# dnf install kernel-devel-$(uname -r) kernel-headers-$(uname -r)

Step 3: Installing Nvidia Drivers and Settings

# dnf install nvidia-driver nvidia-settings

Step 4: Install CUDA Drivers and REboot

# dnf install cuda-driver

Once done, do a reboot,

# reboot

If after a reboot and if you do a “nvidia-smi” and receive an error like the one

# nvidia-smi
NVIDIA-SMI has failed because it couldn't communicate with the NVIDIA driver. Make sure that the latest NVIDIA driver is installed and running.

You may want to take a look at https://gist.github.com/espoirMur/65cec3d67e0a96e270860c9c276ab9fa. It could be coming Secure Boot Option in your BIOS.

“This system is not registered to Red Hat Insights” after log in to Rocky Linux 8.5

If you have warning messages such as after your login to your

This system is not registered to Red Hat Insights. See https://cloud.redhat.com/
To register this system, run: insights-client --register

To remove the warning permanently, you can do a

# dnf remove insights-client

References: