guide:Os/2010.1
Contents |
requirements
- Versions
- Scientific Linux version 5.4 64 bit (OGSA-DAI)
- Scientific Linux version 5.6 64 bit (Unicore 6, Globus ToolKit 4 and 5, NFS, Torque, OGSA-DAI, dCache, cfengine, Login server, interactive node, WN)
- Information
|
Scientific Linux is a free operating system, co-developed by Fermi National Accelerator Laboratory and the European Organization for Nuclear Research (CERN), and which aims to be 100% compatible with and based on Red Hat Enterprise Linux. Its primary purpose is to reduce duplicated effort of the labs, and to have a common install base for the various experimenters. |
- Links
- Documents
- FG3-5 Recommendations Static Firewall.pdf
- Scientific Linux 4.x installation
- Scientific Linux 5.x installation
- Update SL5x
- Scientific Linux 5.4 features
- Scientific Linux 5.6 features
- Images
notes
Optimizing the configuration:
Use minimal operating system installation without firewall. To verify installed packages use the command
-
rpm -qa | grep package_name
Install the following additional packages:
-
yum -y install wget yum rpm make gcc gcc-c++ tar sed zlib openssl
After the installation is complete, turn off any unnecessary services (like gpm, sendmail, cups, haldaemon, messagebus, pcmcia, anacron, atd) with the following command:
-
chkconfig <SERVICE> off
Configure the following settings for the server:
deactivate automatic update for yum
# completely stop any updates chkconfig yum off /etc/init.d/yum stop # but this will not allow to make a security updates, hence use vi /etc/yum.conf # add into repository options: exclude=java*
While in the first phase of the D-Grid project connections should be allowed from any external host, restrictions on the basis of IP-address or IP-subnet will be considered in a next step.
Re- and deinstallation, updates
There are some software managers (e.g. yum, yast) for operating systems which do the job well for update and new installation for packages. Please see the appropriate attributes for current task in the manuals for them.
firewall
Incoming connections
Configurations for the following middleware components are separately described:
Outgoing connections
All hosts in the D-Grid reference installation must be able to communicate with external services, i.e. the firewall must allow outgoing connections to any remote host for the following ports:
| Service | Ports |
| NJS | 1128 |
| GRAM | 2119 |
| GRIS | 2135-2136 |
| BDII | 2170 |
| GridFTP | 2811 |
| WS-GRAM + WS-MDS + RFT + R-GMA + SRM + WSRF-DAI | 8443 |
| GRAM + WS-GRAM + GridFTP | 20000-25000 |
Further information can be found in the document Image:FG3-5 Recommendations Static Firewall.pdf.
