This repository contains RPMs to assist with using the Fermilab General Computing Environment on EL8 systems.

Packages in this repository are signed by GPG Key:

pub   4096R/ABEC1471 2020-01-30
uid                  Fermilab RPM Key (Used for signing RPMs built at Fermilab) <LINUX-USERS@LISTSERV.FNAL.GOV>
sub   4096R/804610A8 2020-01-30

Installation Instructions

There are three clear ways to load the relevant RPMs onto your system. You may use more than one if you desire.

1. Full Automation

Warning The following command will make a number of changes on your behalf! These changes are not totally visable to you during installation!
yum install https://linux-mirrors.fnal.gov/linux/fermilab/centos/8/fermilab-apply-site-config.rpm
Note This RPM will remove itself from the system automatically. This permits you to re-run this as often as you wish with one command.

2. Interactive Steps

You will need to install the fermilab yum repo

yum install https://linux-mirrors.fnal.gov/linux/fermilab/centos/8/yum-conf-fermilab.rpm
  • To get the minimum requirements

    yum install fermilab-base_on-site
  • To get all the recommended packages run

    yum group install fermilab
  • To get all the recommended and optional packages run

    yum group install --with-optional fermilab
Note You can run these yum commands multiple times if you wish.

3. From Kickstart

Add the yum repo to your known repos:

repo --name=fermilab --baseurl=https://linux-mirrors.fnal.gov/linux/fermilab/centos/$releasever/$basearch/
%packages
@fermilab

Or you may specify any package names you wish to select from this repo

Additional Information on Packages

fermilab-apply-site-config

This package will install the Fermilab RPMs repo and fork off a second task to install any expected RPMs.

fermilab-base_on-site

This package depends on the config RPMs that will alter your system settings for use at Fermilab.

fermilab-conf_ca-certs

Adds the Fermilab CA Certificates (for our local CA) to your CA Trust Store.

fermilab-conf_doe-banner-console

Add a notification banner to the text console regarding your rights and restrictions on the Fermilab Network.

fermilab-conf_doe-banner-login-screen

Add a notification banner to the GDM login window regarding your rights and restrictions on the Fermilab Network.

fermilab-conf_email-gateway

Setup postfix to route outbound email through an approved mail gateway.

fermilab-conf_install-updates

Ensure all system updates are applied nightly.

fermilab-conf_kerberos

Load the Fermilab Kerberos configuration settings.

fermilab-conf_login-screen-no-user-list

Do not show a list of valid users on the GDM login window.

fermilab-conf_screenlock

Setup Gnome, KDE, and Mate screensaver to lock automatically after inactivity.

fermilab-conf_ssh-client

Add SSH client settings useful for connecting to Fermilab SSH Servers.

fermilab-conf_ssh-server

Configure your SSH Server for use on the Fermilab Network.

fermilab-conf_sssd

Configure SSSD to permit Kerberos or local password authentication. This package also provides behavior similar to fermilab-conf_kerberos-local-passwords from the SL7 Fermilab Context.

fermilab-conf_system-logger

Forward your system logs from rsyslogd to the Central Log Server.

fermilab-conf_timesync

Setup chronyd to use the Fermilab approved timeservers.

fermilab-util_kcron

Setup Kerberos rights for scheduled jobs and daemons.

fermilab-util_makehostkeys

A simple utility to fetch Kerberos keytabs.

fermilab-util_ocsinventory

Configuration for the Fermilab OCS Inventory Server.

yum-conf-fermilab

The yum repo definitions for the Fermilab repos.