Difference: CentOS7Upgrade (1 vs. 7)
Revision 72020-09-29 - WilliamSeligman
| Line: 1 to 1 | ||||||||
|---|---|---|---|---|---|---|---|---|
CentOS 7 upgrades | ||||||||
| Line: 70 to 70 | ||||||||
| None of the national labs have adopted the Ubuntu distribution for large-scale physics-analysis tasks. | ||||||||
| Changed: | ||||||||
| < < | What needs to be upgraded. | |||||||
| > > | What needs to be upgraded | |||||||
| These are the lists of systems on the Nevis Linux cluster that need to be upgraded, organized by research group. If a system's name is bold, then it is exposed to the outside world and is vulnerable to being hacked. | ||||||||
Revision 62020-09-29 - WilliamSeligman
Revision 52020-09-29 - WilliamSeligman
| Line: 1 to 1 | ||||||||
|---|---|---|---|---|---|---|---|---|
CentOS 7 upgrades | ||||||||
| Line: 20 to 20 | ||||||||
Consequences | ||||||||
| Changed: | ||||||||
| < < | The obvious one is that compiled for Scientific Linux 6 will probably not run on CentOS 7. At minimum, your analysis software will have to be recompiled. It's likely there will be version issues with libraries and such. | |||||||
| > > | The obvious one is that software compiled for Scientific Linux 6 will probably not run on CentOS 7. At minimum, your analysis software will have to be recompiled. It's likely there will be version issues with libraries and such. | |||||||
| It's possible that your analysis software is tied to specific versions of external packages are not available on CentOS 7. It may be necessary to rewrite some programs and scripts. | ||||||||
| Line: 62 to 62 | ||||||||
Why not CentOS 8? | ||||||||
| Changed: | ||||||||
| < < | There's some logic to this question. CentOS 7 will cease to be supported on 30-Jun-2024, which means in less than five years we have to go through the exercise again. If we go to CentOS 8 now, we wouldn't have to upgrade until 2029. | |||||||
| > > | There's some logic to this question. CentOS 7 will cease to be supported on 30-Jun-2024, which means in less than five years we have to go through this exercise again. If we go to CentOS 8 now, we wouldn't have to upgrade until 2029. | |||||||
| However, to my knowledge none of the national labs are supporting CentOS 8 yet. It's been out for only a year, and will take a while to permeate through the scientific community. Also, the "jump" from CentOS 7 to CentOS 8 is larger than the one from 6 to 7; an upgrade from 6 to 8 may be even more disruptive to analysis tasks. | ||||||||
Revision 42020-09-28 - WilliamSeligman
| Line: 1 to 1 | ||||||||
|---|---|---|---|---|---|---|---|---|
CentOS 7 upgrades | ||||||||
| Line: 46 to 46 | ||||||||
| If a system is attached to a BIOS-level KVM-over-IP (KVM = keyboard-video-monitor; BIOS-level = I can interact with the system while it boots), then I can upgrade the system remotely. There have been persistent hardware issues with this approach, but we're still trying. | ||||||||
| Added: | ||||||||
| > > | Note that this approach may require your group to spend some money for the hardware to access your systems. | |||||||
Network bootI'm working on scripts that would automatically upgrade a system to CentOS 7 if the system was booted over the network. I'm still validating this approach. It would also require someone to manually intervene at a system's console as it's being rebooted. | ||||||||
| Line: 56 to 58 | ||||||||
| The difference between CentOS and Scientfic Linux are a few configuration files that are only relevant if a given system is physically located at either Fermilab or CERN. | ||||||||
| Changed: | ||||||||
| < < | As a measure of insignificance of this difference, there will be no "Scientific Linux 8". The Scientific Linux project ends with SL7, and suggests that its users move to CentOS. | |||||||
| > > | As a measure of insignificance of this difference, there will be no "Scientific Linux 8." The Scientific Linux project ends with SL7, and suggests that its users move to CentOS. | |||||||
Why not CentOS 8? | ||||||||
| Line: 67 to 69 | ||||||||
What about Ubuntu?None of the national labs have adopted the Ubuntu distribution for large-scale physics-analysis tasks. | ||||||||
| Added: | ||||||||
| > > |
What needs to be upgraded.These are the lists of systems on the Nevis Linux cluster that need to be upgraded, organized by research group. If a system's name is bold, then it is exposed to the outside world and is vulnerable to being hacked.ATLASThese systems currently run SL6:
DOEThese systems currently run SL6:
Electronics designThis system is still running Scientific Linux 5:
NeutrinoThese systems currently run SL6:
VERITAS/CTAThese systems currently run SL6:
| |||||||
Revision 32020-09-28 - WilliamSeligman
| Line: 1 to 1 | ||||||||
|---|---|---|---|---|---|---|---|---|
CentOS 7 upgrades | ||||||||
| Changed: | ||||||||
| < < | Scientific Linux 6 (SL6) will reach the end of its maintenance life on 30-Nov-2020. We have to consider what to do with those systems that are still running SL6 before then. | |||||||
| > > | Scientific Linux 6 (SL6) will reach the end of its maintenance life on 30-Nov-2020. We have to consider what to do with those systems that are still running SL6 before then. The preferred answer is to upgrade to CentOS 7. I'd like to hear from all the research groups before the end of October about the solution they'd prefer. | |||||||
| Changed: | ||||||||
| < < | --++ Why do we need to upgrade? | |||||||
| > > | Why do we need to upgrade? | |||||||
| There are two reasons: | ||||||||
| Line: 12 to 12 | ||||||||
| Once SL6 is no longer being maintained, if there are any security holes in it, hackers will be able to exploit it without fear that the exploits will be patched. That means that any system that can be accessed from the outside world (see the list below) will be vulnerable. | ||||||||
| Changed: | ||||||||
| < < | It's possible that hackers have be holding on to "zero-day" exploits and will start actively using them on 1-Dec-2020. I already know from the system logs that any Nevis system that allows outside access is already being attacked several times a minutes. | |||||||
| > > | It's possible that hackers have be holding on to "zero-day" exploits and will start actively using them on 1-Dec-2020. I already know from the system logs that any Nevis system that allows outside access is already being attacked several times a minute. | |||||||
SoftwareThe national labs are closing down the SL6 versions of their software suites (e.g., LArSoft for MicroBooNE; Athena for ATLAS). Any system that runs SL6 might not be able to keep up with the latest versions of your software. | ||||||||
| Added: | ||||||||
| > > | ConsequencesThe obvious one is that compiled for Scientific Linux 6 will probably not run on CentOS 7. At minimum, your analysis software will have to be recompiled. It's likely there will be version issues with libraries and such. It's possible that your analysis software is tied to specific versions of external packages are not available on CentOS 7. It may be necessary to rewrite some programs and scripts. | |||||||
What can we do?For any system still running SL6, there are two choices: | ||||||||
| Line: 31 to 37 | ||||||||
| If I cut off outside access to a system via the firewall, then there's no particular security risk. You can still access the system via VPN. This may be the best solution for systems that you need to keep running SL6 (upgrading would interfere with analysis effort, there's no SL6 support for a given software package, etc.). \ No newline at end of file | ||||||||
| Added: | ||||||||
| > > |
How to upgrade?As of Sep-2020, there's no simple way for me to visit Nevis. There are two approaches we're pursuing for the upgrades:KVMIf a system is attached to a BIOS-level KVM-over-IP (KVM = keyboard-video-monitor; BIOS-level = I can interact with the system while it boots), then I can upgrade the system remotely. There have been persistent hardware issues with this approach, but we're still trying.Network bootI'm working on scripts that would automatically upgrade a system to CentOS 7 if the system was booted over the network. I'm still validating this approach. It would also require someone to manually intervene at a system's console as it's being rebooted.
QuestionsWhy CentOS 7? Why not Scientific Linux 7?The difference between CentOS and Scientfic Linux are a few configuration files that are only relevant if a given system is physically located at either Fermilab or CERN. As a measure of insignificance of this difference, there will be no "Scientific Linux 8". The Scientific Linux project ends with SL7, and suggests that its users move to CentOS.Why not CentOS 8?There's some logic to this question. CentOS 7 will cease to be supported on 30-Jun-2024, which means in less than five years we have to go through the exercise again. If we go to CentOS 8 now, we wouldn't have to upgrade until 2029.
However, to my knowledge none of the national labs are supporting CentOS 8 yet. It's been out for only a year, and will take a while to permeate through the scientific community. Also, the "jump" from CentOS 7 to CentOS 8 is larger than the one from 6 to 7; an upgrade from 6 to 8 may be even more disruptive to analysis tasks.
What about Ubuntu?None of the national labs have adopted the Ubuntu distribution for large-scale physics-analysis tasks. | |||||||
Revision 22020-09-28 - WilliamSeligman
| Line: 1 to 1 | ||||||||
|---|---|---|---|---|---|---|---|---|
CentOS 7 upgrades | ||||||||
| Line: 30 to 30 | ||||||||
| If I cut off outside access to a system via the firewall, then there's no particular security risk. You can still access the system via VPN. | ||||||||
| Changed: | ||||||||
| < < | This may be the best solution for systems that you need to keep running SL6 (e.g., upgrading would interfere with analysis effort, there's no SL6 support for a given software package, etc.). | |||||||
| > > | This may be the best solution for systems that you need to keep running SL6 (upgrading would interfere with analysis effort, there's no SL6 support for a given software package, etc.). | |||||||
| \ No newline at end of file | ||||||||
Revision 12020-09-28 - WilliamSeligman
| Line: 1 to 1 | ||||||||
|---|---|---|---|---|---|---|---|---|
| Added: | ||||||||
| > > |
CentOS 7 upgradesScientific Linux 6 (SL6) will reach the end of its maintenance life on 30-Nov-2020. We have to consider what to do with those systems that are still running SL6 before then.
--++ Why do we need to upgrade?
There are two reasons:
SecurityOnce SL6 is no longer being maintained, if there are any security holes in it, hackers will be able to exploit it without fear that the exploits will be patched. That means that any system that can be accessed from the outside world (see the list below) will be vulnerable. It's possible that hackers have be holding on to "zero-day" exploits and will start actively using them on 1-Dec-2020. I already know from the system logs that any Nevis system that allows outside access is already being attacked several times a minutes.SoftwareThe national labs are closing down the SL6 versions of their software suites (e.g., LArSoft for MicroBooNE; Athena for ATLAS). Any system that runs SL6 might not be able to keep up with the latest versions of your software.What can we do?For any system still running SL6, there are two choices:Upgrade to CentOS 7This is the preferred solution. Unfortunately, it's complicated by the pandemic. I'm working on potential solutions (see below).Cut off outside accessIf I cut off outside access to a system via the firewall, then there's no particular security risk. You can still access the system via VPN. This may be the best solution for systems that you need to keep running SL6 (e.g., upgrading would interfere with analysis effort, there's no SL6 support for a given software package, etc.). | |||||||
View topic | History: r7 < r6 < r5 < r4 | More topic actions...
Copyright © 2008-2023 by the contributing authors. All material on this collaboration platform is the property of the contributing authors. Ideas, requests, problems regarding TWiki? Send feedback