92 lines
2.9 KiB
ReStructuredText
92 lines
2.9 KiB
ReStructuredText
Software and Licenses
|
|
=====================
|
|
|
|
|
|
.. toctree::
|
|
:maxdepth: 1
|
|
|
|
software/updates
|
|
|
|
|
|
Licenses
|
|
========
|
|
|
|
Our Red Hat Enterprise Linux subscriptions are provided by ETHZ, other licenses
|
|
are usually managed by Roland Blättler.
|
|
|
|
The RHEL repositories can be accessed on the `ETHZ Satellite server
|
|
<https://id-sat-prd-02.ethz.ch>`_. It is only accessible from within PSI and a
|
|
special account is needed, which can be requested at
|
|
https://cd-portal.sp.ethz.ch/_layouts/15/start.aspx#/SitePages/Home.aspx.
|
|
|
|
One thing to keep in mind is that several groups at PSI use the Satellite server
|
|
directly, so not all PSI hosts known to the Satellite belong to the central
|
|
Linux environment. In particular the network team has a number of systems there.
|
|
|
|
Normally only certain infrastructure systems are registered with the Satellite.
|
|
|
|
About once a year we report the total number of systems to ETHZ, so they can
|
|
track subscription usage. When we started using the ETHZ subscriptions in 2016
|
|
we provided an estimate of 2000 systems max.
|
|
|
|
|
|
Distribution and deployment
|
|
---------------------------
|
|
|
|
All software is distributed as RPMs with the following exceptions:
|
|
|
|
- some software is provided via AFS/NFS instead
|
|
- configuration files and scripts that can be considered configuration, e.g. the
|
|
files in ``/etc/cron.daily``
|
|
- server applications can be deployed by cloning a Git repository (e.g. sysdb)
|
|
|
|
There are a number of advantages to deploying software as RPM:
|
|
|
|
- automatic installation/protection of dependencies
|
|
- inventory of installed software (``rpm -qa`` etc) including version
|
|
information
|
|
- integrity checking (``rpm -q --verify``)
|
|
- ownership tracking (``rpm -qf``, ``yum provides``)
|
|
- no network dependency, which is useful for laptops and increases reliability
|
|
on other systems
|
|
|
|
|
|
Repositories
|
|
------------
|
|
|
|
We maintain an internal mirror for every repository that we use, or at least a
|
|
local repository containing the specific packages. We never point ``yum.conf``
|
|
(or any other package manager) to an external repository directly.
|
|
|
|
The repository server is ``repos.psi.ch``.
|
|
|
|
Currently we maintain the following repositories:
|
|
|
|
1. RHEL 7 (almost all channels)
|
|
2. EPEL for RHEL 7
|
|
3. Puppetlabs PC1
|
|
4. Google Chrome
|
|
5. OpenAFS (PSI)
|
|
6. GPFS (PSI)
|
|
7. OpenHPC
|
|
|
|
The mirroring is done using :manpage:`reposync(1)` with custom :manpage:`yum.conf` files.
|
|
|
|
|
|
The script to run a sync of all the repositories is `/opt/pli/sbin/psi-mirror-yum` but is
|
|
currently not executed automatically.
|
|
|
|
To add a new repository to the list the files `/opt/pli/etc/mirror/yum.conf` and
|
|
`/opt/pli/etc/mirror/repolist` should be edited. The first file contains the repositories
|
|
definitions, the second one the list of repositories to mirror.
|
|
|
|
|
|
|
|
Packaging
|
|
---------
|
|
|
|
All packaging information for in-house packages must be tracked in Git. The
|
|
repositories containing packaging information should be in the
|
|
`linux-packages <https://git.psi.ch/groups/linux-packages>`_ group on the
|
|
Gitlab server.
|