Applications on RHEL and clones

Google Chrome browser

To install the Google Chrome browser see instructions in http://www.tecmint.com/install-google-chrome-on-redhat-centos-fedora-linux/ and https://wiki.centos.org/AdditionalResources/Repositories/GoogleYumRepos.

Create the file /etc/yum.repos.d/google.repo:

[google-chrome]
name=google-chrome
baseurl=http://dl.google.com/linux/chrome/rpm/stable/$basearch
enabled=1
gpgcheck=1
gpgkey=https://dl-ssl.google.com/linux/linux_signing_key.pub

and then do:

yum install google-chrome-stable

Warning: If the user’s home directory is NFS mounted, Chrome may fail to start with a message like:

Failed to create /home/XXX/.pki/nssdb directory.

This is due to SE:ref:Linux, see https://bugzilla.redhat.com/show_bug.cgi?id=1184848. Solution is unknown (except to set SELinux to permissive).’

Google Authenticator for Linux (MFA)

Google_Authenticator provides a two-step authentication procedure using one-time passcodes (OTP). The OTP generator application is available for iOS, Android and Blackberry. Similar to S/KEY Authentication the authentication mechanism integrates into the Linux PAM system.

Time-based One-time Password (TOTP) is a computer algorithm that generates a one-time password (OTP) which uses the current time as a source of uniqueness. TOTP is defined in RFC6238.

Documentation:

• Setting up multi-factor authentication on Linux systems (Red Hat).

• Set Up SSH Two-Factor Authentication (2FA) on CentOS/RHEL Server

• Google Authenticator instructions (archlinux).

Summary:

• Install packages from EPEL and Base:

  dnf install google-authenticator qrencode qrencode-libs
  

• In /etc/ssh/sshd_config configure the use of password + one-time code:

  ChallengeResponseAuthentication yes
  

  To enforce the use of password + one-time code for all users, including root:

  AuthenticationMethods publickey,keyboard-interactive
  

  Restart the sshd service.

• Add to /etc/pam.d/sshd near the top of the file:

  # two-factor authentication via Google Authenticator
  auth     required     pam_google_authenticator.so secret=${HOME}/.ssh/google_authenticator
  

Users must do:

• Install the Google Authenticator app, the most well-known TOTP mobile app available via Google Play or Apple App store on mobile phones. In addition, the Microsoft Authenticator app works as well with the QR-codes generated here.

• Run the google-authenticator command to create a new secret key in the ~/.ssh/ directory (default is in ~/.google_authenticator):

  google-authenticator -s ~/.ssh/google_authenticator
  

  Answer y (yes) to all questions to use the defaults. The emergency scratch codes are also in this file.

  See also the pam_google_authenticator man-page.

To redisplay the QR code of a previously generated key:

• https://stackoverflow.com/questions/34520928/how-to-generate-a-qr-code-for-google-authenticator-that-correctly-shows-issuer-d

Users can use the qrencode command to generate ASCII output QR code with:

qrencode -o- -t ANSI256 -d 300 -s 10 "otpauth://totp/$USER@`hostname`?secret=`head -1 $HOME/.ssh/google_authenticator`"

Sometimes, we just want to enable the 2FA capability just when we connect from outside our local network. To achieve this, create a file (e.g. /etc/security/access-local.conf) and add the networks where you want to be able to bypass the 2FA from:

# only allow from local IP range
+ : ALL : 192.168.20.0/24
# Additional network: VPN tunnel ip range (in case you have one)
+ : ALL : 10.xx.yy.0/24
+ : ALL : LOCAL
- : ALL : ALL

Then edit your /etc/pam.d/sshd and add the line at the top:

#%PAM-1.0
auth [success=1 default=ignore] pam_access.so accessfile=/etc/security/access-local.conf

MATLAB

We can install MATLAB from https://downloads.cc.dtu.dk using the FIK key file method. The installation may take about 28 GB of disk space, in addition to the 17 GB ISO image.

CentOS 8 systems need this package for the GUI to work correctly:

dnf install libcanberra-gtk2

and users need to set this environment variable to avoid GTK warnings:

export GTK_PATH=/usr/lib64/gtk-2.0

NVIDIA graphics cards on desktops

Desktop PCs and workstations which have an NVIDIA graphics card should have drivers installed in a different way, because the GPU instructions do not work with X11 displays.

• Read RHEL8 instructions in https://docs.nvidia.com/cuda/cuda-installation-guide-linux/index.html

  Install prerequisites:

  dnf install gcc kernel-devel kernel-headers
  

  Disable SE:ref:Linux in /etc/selinux/config:

  SELINUX=permissive
  

  Blacklist the Nouveau driver. Create a file at /etc/modprobe.d/blacklist-nouveau.conf with the following contents:

  blacklist nouveau
  options nouveau modeset=0
  

  Regenerate the kernel initramfs:

  sudo dracut --force
  

  Update and reboot:

  dnf update
  reboot
  

  Set the system to mode 3:

  init 3
  

  Verify that the Nouveau driver is not loaded. The Nouveau drivers are loaded if the following command prints anything:

  lsmod | grep nouveau
  

  Finally install Nvidia drivers.

See instructions in:

• CentOS 8: https://linuxconfig.org/how-to-install-the-nvidia-drivers-on-centos-8

• CentOS 8 in https://developer.nvidia.com/cuda-downloads:

  dnf config-manager --add-repo https://developer.download.nvidia.com/compute/cuda/repos/rhel8/x86_64/cuda-rhel8.repo
  dnf clean all
  dnf module install nvidia-driver:latest-dkms
  dnf install cuda
  

• See Streamlining NVIDIA Driver Deployment on RHEL 8 with Modularity Streams. When migrating the EL8 release, remove the driver and reinstall it:

  dnf remove nvidia-driver
  dnf module reset nvidia-driver
  dnf module install nvidia-driver:latest-dkms
  

  Install the latest CUDA repo:

  dnf install https://developer.download.nvidia.com/compute/cuda/repos/rhel8/x86_64/cuda-11-5-11.5.1-1.x86_64.rpm
  

  Reboot the system

• CentOS 7: https://linuxconfig.org/how-to-install-the-nvidia-drivers-on-centos-7-linux

NVIDIA GPUs

Note: Desktop PCs and workstations should be installed as shown in the above section.

Install prerequisites from EPEL:

yum install epel-release
yum install dkms

Download NVIDIA software from http://www.nvidia.com/Download/index.aspx:

• Select the appropriate GPU driver for Linux 64-bit RHEL7.

• Installation instructions are:

  yum install nvidia-driver-local-repo-rhel7-*.x86_64.rpm
  yum clean all
  yum install cuda-drivers
  reboot
  

To view the NVIDIA driver version:

modinfo nvidia

Check the status of the GPUs with nvidia-smi NVIDIA System Management Interface program:

nvidia-smi

There is an on-line manial-page at https://man.archlinux.org/man/nvidia-smi.1.en

To view the GPU connection topology matrix:

nvidia-smi topo --matrix

When the driver is loaded, the driver version can be found by executing the command:

cat /proc/driver/nvidia/version

NVIDIA official repository

See https://ahelpme.com/linux/centos7/install-cuda-and-nvidia-video-driver-under-centos-7/.

Install the Nvidia repo:

yum install -y yum-utils
yum-config-manager --add-repo http://developer.download.nvidia.com/compute/cuda/repos/rhel7/x86_64/cuda-rhel7.repo

Install the driver and CUDA:

yum install nvidia-driver-latest-dkms cuda
yum install cuda-drivers
reboot

CUDA

The CUDA toolkit can be downloaded from https://developer.nvidia.com/cuda-downloads. There is an installation guide at http://docs.nvidia.com/cuda/cuda-installation-guide-linux

Download the repo file and install the CUDA tools:

yum install cuda-repo-rhel7-8.0.61-1.x86_64.rpm
yum clean all
yum install cuda

Installation instructions for a static CUDA version:

wget https://developer.download.nvidia.com/compute/cuda/12.2.0/local_installers/cuda_12.2.0_535.54.03_linux.run
sudo sh cuda_12.2.0_535.54.03_linux.run

NVIDIA Persistence Daemon

NVIDIA is providing a user-space daemon on Linux to support persistence of driver state across CUDA job runs. The daemon approach provides a more elegant and robust solution to this problem than persistence mode. See:

• https://docs.nvidia.com/cuda/cuda-installation-guide-linux/index.html#post-installation-actions

• http://docs.nvidia.com/deploy/driver-persistence/index.html#persistence-daemon

On CentOS 8 you can start this service:

rpm -q nvidia-persistenced
systemctl enable nvidia-persistenced
systemctl start nvidia-persistenced

One may alternatively put htis in /etc/rc.local:

if test -x /usr/bin/nvidia-smi
then
      echo Checking NVIDIA driver
      /usr/bin/nvidia-smi
      echo Start the nvidia-persistenced daemon
      /usr/bin/nvidia-persistenced --verbose
fi

Nvidia process accounting

Enable Nvidia process accounting using nvidia-smi:

/usr/bin/nvidia-smi --accounting-mode=1
/usr/bin/nvidia-smi --query --display=ACCOUNTING

Now you can query Nvidia process accounting, see:

nvidia-smi --help-query-accounted-apps

for example:

nvidia-smi --query-accounted-apps=gpu_name,pid,time,gpu_util,mem_util,max_memory_usage --format=csv

Nvidia Data Center GPU Manager (DCGM)

Nvidia has a new Data Center GPU Manager (DCGM) suite of tools which includes NVIDIA Validation Suite (NVVS). Download of DCGM requires membership of the Data Center GPU Manager (DCGM) Program. Install the RPM by:

yum install datacenter-gpu-manager-1.7.1-1.x86_64.rpm

Run the NVVS tool:

nvvs -g -l /tmp/nvvs.log

The (undocumented?) log file (-l) seems to be required.

Oracle VirtualBox

See the Oracle VirtualBox on Linux page.

VLC media player ==============–

VLC media player for Red Hat Enterprise Linux is a free and open source cross-platform multimedia player and framework that plays most multimedia files as well as DVDs, Audio CDs, VCDs, and various streaming protocols. Installation requires EPEL and RPM_Fusion repositories.