Scientific Linux Fermi 5.5 i386				June 18, 2010	

---------------------------------------------------------------------------
Please send bug reports to dawson@fnal.gov,csieh@fnal.gov

Items marked with a "*" have changed since SLF 5.4 .

Please read the Release Notes for Scientific Linux.  It is located at
SL.releasenote

Also read the Upstream Vendor release notes . They are located in
Upstream.vendor.releasenote  

All of the info in the SL.releasenote is valid unless this document
states otherwise.  This document only contains info that is specific
to the Fermi site.  Any reference to SL.releasenote is done to emphasis 
that it contains important information.


----------------------------------------------------------------------------

This is based on the rebuilding of RPMS out of SRPMS's that form Scientific
Linux.  Please read this entire document before installing.  

Table of contents

	INSTALLATION INFO
 	ADDED compared to Scientific Linux 5.5 
 	UPDATED compared to  Scientific Linux 5.5
	Installer modifications
	/contrib 
	/docs
	/notsupported 
	MISC Notes
	HARDWARE SPECIFIC ISSUES
	SOFTWARE ISSUES/BUGS
	SUPPORT INFO
	vendor ERRATA

Each has a "---" line above and below it.
_____________________________________________________________________________
INSTALLATION INFO
_____________________________________________________________________________
Installation Locations

Via NETWORK: 

  nfs:
	linux.fnal.gov:/export/linux/slf55/i386/
  ftp:
  	linux.fnal.gov  /linux/slf55/i386
  http:
  	linux1.fnal.gov /linux/slf55/i386

And our easy to remember location

	ftp://linux.fnal.gov/downloads/slf55/

Default is http,  ftp is very very slow.
  
network install with floppy

  There is no floppy install as the kernel is too big to fit on a floppy.

network install with cdrom

  There is a boot.iso which is small iso image which includes all the 
  drivers.  After download you can use cdrecord to create a cdr with this 
  image on it.

    ftp://linux.fnal.gov/download/slf55/network.install.i386/boot.iso

There is a DVD image
 
   Download and then burn the dvd iso image from
 
     ftp://linux.fnal.gov/download/slf55/dvd.install.i386/

There cd images 
 
   Download and then burn the cd iso image from
 
     ftp://linux.fnal.gov/download/slf55/cd.install.i386/

Installing a Xen Paravirtualized Guest

When installing a Xen Paravirtualized Guest, the location is

  http://linux1.fnal.gov/linux/slf55/i386/sites/Fermi


-----------------------------------------------------------------------------
ADDED compared to Scientific Linux 55 i386
-----------------------------------------------------------------------------
Fermi-release
Fermi-release-notes

*	Fermi-release-5.5-1.i386.rpm
*	Fermi-release-notes-5.5-1.noarch.rpm

	Made change so that /etc/redhat-release, /etc/issue and /etc/issue.net 
	show Scientific Linux Fermi instead of just Scientific  Linux.

Clam Anti Virus

	Clam Anti-Virus.  Obtained from the DAG repository and rebuilt from
 	src.rpm.  http://www.clamav.net
 	perl packages were added so that clamtk would work
  
 	clamav-0.94.2-1.rf.i386.rpm
 	clamav-db-0.94.2-1.rf.i386.rpm
 	clamav-devel-0.94.2-1.rf.i386.rpm
 	clamav-milter-0.94.2-1.rf.i386.rpm
 	clamd-0.94.2-1.rf.i386.rpm
 	clamtk-3.09-1.rf.i386.rpm
 	perl-Config-Tiny-2.12-1.rf.noarch.rpm
 	perl-ExtUtils-Depends-0.301-1.rf.noarch.rpm
 	perl-ExtUtils-PkgConfig-1.11-1.rf.noarch.rpm
 	perl-File-Find-Rule-0.30-1.rf.noarch.rpm
 	perl-gettext-1.05-1.rf.i386.rpm
 	perl-Glib-1.200-1.rf.i386.rpm
 	perl-Gtk2-1.183-1.rf.i386.rpm
 	perl-Number-Compare-0.01-1.2.rf.noarch.rpm
 	perl-Text-Glob-0.08-1.rf.noarch.rpm

*drbd
*	DRBD mirrors a block device over the network to another machine.
*	Think of it as networked raid 1. It is a building block for
*	setting up high availability (HA) clusters.
*
*	drbd-8.3.7-3.sl.i386.rpm
*	drbd-bash-completion-8.3.7-3.sl.i386.rpm
*	drbd-heartbeat-8.3.7-3.sl.i386.rpm
*	drbd-pacemaker-8.3.7-3.sl.i386.rpm
*	drbd-udev-8.3.7-3.sl.i386.rpm
*	drbd-utils-8.3.7-3.sl.i386.rpm
*	drbd-xen-8.3.7-3.sl.i386.rpm
*	kernel-module-drbd-2.6.18-194.3.1.el5-8.3.7-1.sl5.i686.rpm
*	kernel-module-drbd-2.6.18-194.3.1.el5PAE-8.3.7-1.sl5.i686.rpm
*	kernel-module-drbd-2.6.18-194.3.1.el5xen-8.3.7-1.sl5.i686.rpm

flpr
 	
 	Installed by default.  This does NOT require ups/upd.  
 	The flpr binary will reside in /usr/local/bin/ 
 
 		flpr-2.4-4f.9x.i386.rpm

*heartbeat
*	heartbeat is a basic high-availability subsystem for Linux-HA.
*	It will run scripts at initialization, and when machines go up or down.
*	This version will also perform IP address takeover using gratuitous ARPs.
*	It supports "n-node" clusters with significant capabilities for managing
*	resources and dependencies.
*
*	heartbeat-2.1.4-9.el5.i386.rpm
*	heartbeat-devel-2.1.4-9.el5.i386.rpm
*	heartbeat-gui-2.1.4-9.el5.i386.rpm
*	heartbeat-ldirectord-2.1.4-9.el5.i386.rpm
*	heartbeat-pils-2.1.4-9.el5.i386.rpm
*	heartbeat-stonith-2.1.4-9.el5.i386.rpm
*	libnet-1.1.4-3.el5.i386.rpm
*	libnet-devel-1.1.4-3.el5.i386.rpm

Kerberos

	For SLF 5, we no longer need Fermi's kerberos.
 	We have updated the kx509 and get-cert to be able to use the
 	newer certificate servers
 	
 	krb5-fermi-addons-1.0-2.i386.rpm
 	krb5-fermi-base-1.0-1.noarch.rpm
 	krb5-fermi-config-2.13-1.noarch.rpm
 	krb5-fermi-getcert-1.0-5.i386.rpm
 	krb5-fermi-krb5.conf-2.13-1.noarch.rpm


OpenAFS 
 	
  	See SL.releasenote
 
 	Here is the procedure for installing openafs, using yum
 	  yum install openafs-client kernel-module-openafs-`uname -r` 
  	  yum install openafs-krb5 openafs-thiscell
 
 	openafs-thiscell-FNAL now changes CellAlias so that 
 	/afs/fnal is really /afs/fnal.gov
 
 	openafs-thiscell-FNAL-6.noarch.rpm

qmx-2.2-2.i386.rpm
  
  	QMX Software/Hardware Inventory licensed product from Quest Software.
  	For use on Desktop/Laptop systems only. 
  	Not installed by default

redhat-logos-1.1.25-1.LTS.6.noarch.rpm
 
  	This version of redhat-logo's has all of the generic changes
  	that were made with Scientific Linux as well as changes to make
  	it look like SLF.
  	
  	redhat-logos-4.9.16-1.SLF.4.noarch.rpm

rrdtool
 
 	Round Robin Database Tool to store and display time-series data
 
 	rrdtool-1.3.9-2.sl5.i386.rpm
 	rrdtool-devel-1.3.9-2.sl5.i386.rpm
 	rrdtool-perl-1.3.9-2.sl5.i386.rpm
 	rrdtool-python-1.3.9-2.sl5.i386.rpm
 	rrdtool-ruby-1.3.9-2.sl5.i386.rpm
 	rrdtool-tcl-1.3.9-2.sl5.i386.rpm


SLIP
   	Scientific Linux Inventory Project client
   
          ocsinventory-client-0.9.9-10.noarch.rpm

upsupdbootstrap
   
 	Not installed by default.
 	Links from /usr/local/bin are NOT made anymore.
 	A error in the install script was fixed
  
		upsupdbootstrap-5.0-0.i386.rpm
 		upsupdbootstrap-fnal-5.0-0.i386.rpm
 			conflicts with upsupdbootstrap-local 
 			Installs ups/upd to /fnal/ups
   		upsupdbootstrap-local-5.0-0.i386.rpm
 			conflicts with upsupdbootstrap-fnal
 			Installs ups/upd to /local/ups

yum-conf
 
 	Modified to give Fermi's rpm's a priority, as well as point to
 	Fermi's linux distribution servers instead of scientific linux's.
 
*	yum-conf-55-1.SLF.noarch.rpm

yum-conf-5x

  	Will keep you at 5x which is the current stable 5x release.  So when
  	we release the next 5 release yum will automatically yum install it
  	except for the kernel.  

        yum-conf-5x-2-4.SLF.noarch.rpm
  
 		yum install yum-conf-5x

*yum-conf-fermi-internal
* 
* 	Adds the fermi-internal yum repository
*	
*	yum-conf-fermi-internal-5-1.noarch.rpm

yum-autoupdate-1-1.SLF.noarch.rpm
 
 	yum-autoupdate has the nightly yum cron job in it.
 	The nightly cron job has been modified to check the add-ons directory.

zz_auto_update_kernel-1.0-1.noarch.rpm
 
 	Remove the exclude of the kernel from the nightly autoyum thus
 	allowing the kernel to be upgraded via the nightly yum.  Note
 	that this does not check if you have custom kernel modules or
 	a custom kernel installed.  You have to ensure that this will
 	work in your environment.  You will have to reboot after the
 	kernel is upgraded.  The rpm does NOT reboot the system. Watch
 	root email for notification of all nightly auto yum updates.

zz_dhcp_resolv-3.0.5-1.noarch.rpm
 
 	This rpm fixes that so that when your network starts, as it checks 
 	your resolv.conf, if you have dhcp.fnal.gov, but not fnal.gov it will
 	put it in, so that you will have "search fnal.gov dhcp.fnal.gov" in 
 	your /etc/resolv.conf file.
 	Does not work with NetworkManager

*zz_disable_avahi-1.0-0.5.noarch.rpm
*
*	This will turn off and disable the avahi daemons

zz_lang_collate-1.0-4.noarch.rpm

	Changes LANG so that sorting is done the same as 6.1 and
	earlier.  (ABCabc instead of AaBbCc).
 	Can speed up programs that sort.

zz_local_dns_cache-1.0-3.noarch.rpm

	This rpm will change your machine to use a local dns cache before
	looking for the standard dns servers  
	
zz_logwatch_df-1.1-2.noarch.rpm
  
  	By default logwatch does a df -h when looking at disk usage.  
  	This can be unwanted if you have alot of NFS mounted disks.  
  	This rpm changes that command to be df -lP -h, which looks at 
  	local disks only, and the output is in the POSIX output format.

*zz_ntp_configure-4.2.0-9.noarch.rpm
  
 	Configure ntp for Fermi site network.
   	Startup script now pokes hole in the firewall for itself
  	One can manually change the script by editing the file 
  	/etc/sysconfig/ntpd.fermi

zz_pine_user_domain-1.0-2.noarch.rpm
 
 	By default when a user sends mail from pine their email address
 	is myname@mycomputer.fnal.gov.  This rpm changes it so that the
 	default is myname@fnal.gov by modifying the /etc/pine.conf config file.

zz_qmx_collection_scripts-1.0-2.noarch.rpm
  
  	Scripts to collect baseline compliance data that will be
  	sent to SMS via QMX.  Only for use on Desktops and laptops.
  	Not installed by default.

zz_screenlock_kde
  
  	Enables screen lock with "blanking"
  	screen saver so power saving monitors will go into sleep mode.
        Ensures that the Timeout value is 15 minutes or less.
  	Preserves existing values if they are less than required
  	minimum value.  Installed by default if KDE is installed.

zz_sendmail_fermi_gateway-2.0-1.noarch.rpm
  
  	This rpm is designed to send outbound sendmail e-mail through 
  	the fermilab e-mail gateway(smtp.fnal.gov). 

zz_tcp_wrappers_change-3.0-3.noarch.rpm
 
 	Disable all offsite access to common network services.  Also
 	puts in the "DOE required login banners".  If it determines that
 	you have already modified /etc/hosts.allow or host.deny it leaves
 	them alone.
	Change to add perl to requires as %post uses perl
  	
zz_tex_tweaks-1.0-1.noarch.rpm
 
         Changes the default paper size to 8.5 x 11 vs A3

zz_use_clogger-1.0-1.noarch.rpm
 
 	Change /etc/syslog.conf to log to clogger.fnal.gov
  
---------------------------------------------------------------------------
UPDATED compared to Scientific Linux 55 x86_64 
----------------------------------------------------------------------------
OpenSSH 
 
   	This is the openssh from S.L. 5.x with some patches and modifications.
   
   	The client does kerberos with both fermi's old openssh(old gssapi), 
	as well as generic new openssh's(new gssapi)

 	The server only does the kerberos with the newer versions of openssh
   
   	It does 'kerberos only' by default
      
   	openssh-server is NOT installed by default.

 	added Mark Mengel's GSS_HOSTNAME patch
 
 	openssh-4.3p2-42.slf5.i386.rpm
 	openssh-askpass-4.3p2-42.slf5.i386.rpm
 	openssh-clients-4.3p2-42.slf5.i386.rpm
 	openssh-server-4.3p2-42.slf5.i386.rpm
 


pam_krb5
  
  	This is a modified version of the pam_krb5 that comes with SL5.
  	This pam module has the ability to do cryptocard authentication.
  	
 	pam_krb5-2.2.11-6.slf5.i386.rpm

----------------------------------------------------------------------------
Installer modifications
---------------------------------------------------------------------------
Anaconda (installer)
	       

     Changes to "defaults" from vendor installer.

  	Firewall is on by default. 
 	The zz_ntp_configure-4.2.0-6 rpm pokes a hole for inbound ntp.

	US/Central is default timezone.  vendor default was New York.

	Kerberos is on by default with a realm of FNAL.GOV .  vendor default
	was off.

 	Default install is via http.  If one wishes to use nfs then type 
 	nfs at the isolinux prompt.  If one wishes to use ftp then type ftp
	at the isolinux prompt.

	Added support for "sites"

  	Added support for workgroups
	
  	Workgroup maintainers can now check their workgroups in an out of cvs

  	Fixed the kernel-module bug that was in SLF 5.0

---------------------------------------------------------------------------
/contrib/ 
---------------------------------------------------------------------------
The packages in this section have been contributed by various people.  They
are presented AS IS and there is no guarantee of them working.  These packages
are NOT supported by us.  They will only get security updates if the
contributor provides them.  If you have questions about them then ask the
contributor.

To use with yum:
For one time only (prefered method)
  yum --enablerepo=Fermi-contrib install <package>

To enable for all yum updates/install (including autoyum)

  edit the file /etc/yum.repos.d/fermi-contrib.repo
  and change the line
        enabled=0
  to
  	enabled=1

See README's in the RPMS/ directorys for specific package info.

/sites/Fermi/contrib/RPMS/

---------------------------------------------------------------------------
KNOWN LIMITATIONS/BUGS
---------------------------------------------------------------------------
The estimated time to install is not even close.

After you have picked a workgroup on the workgroup selection page and moved
to the next back, you cannot go back to that page.  The installer will die.

---------------------------------------------------------------------------
MISC NOTES
---------------------------------------------------------------------------
If you select "linux text" or you might want to type
   "linux text noipv6"
   because the install trys to do ipv6 and since there is no support
   at FNAL for ipv6 it takes a long time to timeout

kickstart users might want to add the "noipv6" option to their ks.cfg file
---------------------------------------------------------------------------
SUPPORT INFO
---------------------------------------------------------------------------
Fermi site users should start with the "Fermi" specific support areas and
use the Scientific Linux next.

Scientific Linux Fermi web pages

	https://fermilinux.fnal.gov/

Fermi Linux Community support mailing list

  linux-users@fnal.gov

	Which is archived at 

		http://listserv.fnal.gov/archives/linux-users.html

Scientific Linux web page

	http://www.scientificlinux.org	
------------------------------------------------------------------------------
SECURITY ERRATA RELEASED AFTER SL55 was released
------------------------------------------------------------------------------