OpenSuse

The observatory's servers and control computers run on the OpenSuse distribution of Linux-based software. Leap 15.1 . We have chosen the Leap series because of its conservative testing and stability. Generally the slowed cycle of new versions does not cause problems, except where we need software that is pushing the edge, notably AstroPy. We have been testing Tumbleweed since it was introduced in 2018 because it has the significant advantage that a remote telescope computer or inaccessible server can be updated without being on site. While Leap 15.1 remains the solid choice, Tumbleweed is in use now on serveral telescopes.

These evolving installation notes originated with much earlier versions of OpenSuse and are rewritten as we gain experience with the most recent releases and work-around solutions to problems. The following describes how to build a system with OpenSuse that provides a solid foundation of software for physics and astronomy for real-time control of telescopes and observatories, use in the laboratory or the field, operating small servers, and processing astronomical data.

Tumbleweed

Installation of Tumbleweed as an upgrade to an exisiting system may be done remotely. Please note that the result may be unsuitable for production.

https://en.opensuse.org/openSUSE:Tumbleweed_upgrade

The process has a few simple steps to update the current OS, then change repositories, and perform the update. Following the instructions at these links will result in a new system that should reboot and run immediately.

Because of the very large number of packages involved, it is best to remove latex and texlive first before doing the update, and then if needed re-install at leisure. It can take many hours on a high speed network to get the texlive files.

DHCP networking in Tumbleweed and Leap 15 does not send a pure MAC address even when it supposed to. That is, it transmits a longer identifier that may not be recognized by network DHCP services if a pseudo-static IP based on the MAC has been assigned. While the solution to this is simple, it should be done with yast before rebooting the new system, especially when the system is built remotely for Tumbleweed. If this is not done for networks that require the identifier the system networking will not find the assigned pseudo-static IP.

• Network Settings
• Global Options
• DHCP client identifier
• Paste MAC address of the DHCP network interface card
• Edit the field to insert "01:" before the MAC address

Now when the network is configured it will restart and should receive the assigned IP for this card. Make sure that only one Ethernet connection from the computer is presenting to the network with DHCP.

Check the results with

 ip a
 ethtool eth0
 nslookup www

where the latter tests that DNS services are properly provided. The configuration is saved in /etc/sysconfig/network/dhcp .

Given ithe cutting edge character, we are concerned that issues could arise during routine updates. Opensuse Leap has a 18 month development cycle that allows sufficient time between upgrades that it can be a stable solution for production, with the disadvantage that updates require physical presence at the server. As of July 2020, Tumbleweed has been a reliable platform with the advantage of the most recent libraries.

While the following instructions should work for installing Tumbleweed or Leap.

Before Installation

If possible, for a new installation of the operating system or a major update to a disk in service, consider installing it on a new disk and copying the important files over from the old one. This is the safest path.

Prepare a DVD or a USB memory stick with the ISO image of the distribution. OpenSuse's imagewriter is a convenient way to create the correct structure on the USB device. Newer hardware will accept a USB memory stick for booting, but older (say prior to 2015) may require a DVD drive.

On a new system not using RAID, deselect RAID in BIOS if it is offered. This will prevent OpenSuse from creating disk partitions with RAID. However, if RAID information has already been written to the disk the OpenSuse installer will assume a RAID configuration even if hardware raid is not enabled. A simple cure is to install the system twice. On the first pass use the Expert Partitioner option and delete the proposed raid configuration. Then in /dev/sda (or equivalent) add a root and a home ext4 partition but intentionally do not add a boot partition. The installer will warn you this will not work. Ignore those warnings and let the installer prepare the disk. Once that is accomplished you can abort the installation, or let it run to the end. The disk will not be bootable but it will be cleaned of RAID and on the next installation pass you will have a proposal to use the full disk with conventional structure and btrfs for the root partition.

For most new machines allow UEFI (custom option, if available) and disable compatibility mode in the BIOS. The installer will identify the system as allowing UEFI and properly select the boot configuration. However, also use the BIOS setup to change the boot priority to the medium reflecting this choice. The boot medium and a UEFI installation must match.

Opensuse will detect and set up a UEFI boot protocol unless this option is turned off in the BIOS. With that selection it will handle and format large disks.

Some recent hardware, notably the Supermicro X10-SRA, may hang on booting with older USB devices attached. While we do not know the cause, the cure in this instance was to enable EHCI-Hand-off in the USB configuration options presented for the BIOS. This may apply only to specific applications, and could be kernel-dependent,. In general, the default BIOS settings are fine for installation and need modification later if specific applications raise issues.

During installation

If your computer has more than one network connection, for example for a local subnet and for a global or institutional network, physically disconnect the local one until installation is complete. This will prevent the installation scripts from mis-identifying the network assignments.

Insert the medium, reboot the system, and select Installation from the splash screen. If there is a booting problem, use the keyboard to bring up a boot selection screen (often "Del", F11 or F12), and check the boot order and if needed also the BIOS setup.

If there is a proxy for network access at this point it may be necessary to enter that information before proceedings to the actual installation. At the OpenSuse boot screen press F4 for access to the manual network configuration and enter the information. At Mt. Kent, for example, there is a proxy but it is handled automatically for browsers. For zypper and yast, however, it has to be explicitly configured to http://proxy.usq.edu.au:8000 so that yast will find the repositories. After installation for normal use this would be turned off by deselecting the proxy in the yast configuration screen.

On laptops with Nvidia Quadro graphics and GPU combined with Intel graphics, if the BIOS allows it, deselect options that use the Intel graphics and then enable sole use of Nvidia. This avoids a multitude of booting and configuration issues, and provides a platform for GPU computing. The downside is increased power consumption and loss of battery life. If those are the primary considerations, then it may be best to not use Nvidia at all. Alternatively, it is possible to install Bumblebee to enable switching between video hardware for specific uses. Nvidia Quadro, which provides GPU computing, requires their proprietary driver for full support.

At this point if the system has a recent Nvidia card it also may be best to disable modeset. The symptom this is necessary is that subsequent booting freezes before the installation begins. Edit the boot options if needed by pressing "e" before the system tries to start an installation. This will open a simple boot editing screen with instructions.

At the end of the line for linux add "nouveau.nomodeset=0" . Similarly, a problem with an Intel graphics card that was switching, perhaps to a Displayport interface, was fixed with simply "nomodeset".

Continue with the installation as instructed on this editing screen. The default settings should work with the following additions and exceptions.

Deselect software by taking the checkmark off with a spacebar press. After installation is complete, return to the software menu of YAST and make sure that those items never to be install (pk-update is the worst of them, AppArmor not far behind) are marked "Taboo". Do not install them.

Leap 15.1 installation offers KDE, Gnome (Wayland), and a basic system for customizing. We prefer the customized soluiton, and when selecting software add Xfce for an environment that is lightweight but fully functional. Add their development code for Gnome and KDE (Qt will be present by default).

LaTeX and related content is under the "Technical Writing" group. It is a lengthy download and may be installed later. For an upgrade, if it is already installed, it may also be best to delete it first, then reinstall when it can run overnight if your network connection is is not very fast.

Set the computer system clock to use UTC, check the time zone and the local time.

The gparted and gnome-disks packages are useful to manage disks larger than 2 TB. With new disks the installer will use BTRFS and as of Leap 15.1 it will create a large partition for the entire disk. In the event of a failure, leaving a critical disk formatted in the wrong size or filesystem, add gdisk from a repository and reformat the disk. Reboot, and re-install the operating system on the reformatted disk. Earlier versions of Leap would install the operating system in a small partition that limited the space available, and then allocated the balance to an XFS partition for user space. Check that adequate space is left for your system needs and use the expert mode if needed to allocate space before installing the operating system. Once partitioned, OpenSuse will use existing partitions as a guide and it is difficult to override these choices later.

Deselect and mark "taboo" Apparmor for systems which do not require its access controls. Delete pk-update to avoid nagware about package updates and mark it for non-installation permanently by selecting "taboo"

Turn off firewall (assuming your system is already behind an adequate institutional or local firewall)

Open the port for SSH

Check the boot option for grub2 matches that of your machine (should be UEFI if available)

Complete the installation from the media (either USB or DVD)

Remove the medium, reset the boot priority to the hard disk first, reboot

From OpenSuse using YAST

Start yast from the command line as su with yast --qt or "yast2"

Disable DVD or USB in software repositories

Unless doing GPU development or you have recent nvidia hardware, do not include the repository for nvidia (creates a long term maintenance problem) and use the Nouveau Xorg driver instead. If you have an older nvidia card that may not be supported properly in either nouveau or nnvidia drivers, remove nouveau and rely on the VESA driver. It almost always works with any graphics card and display.

Perform all updates based on default repositories as needed

Note that in removing packages select Options --> Cleanup when deleting packages to prevent their automatic reinstalling though the pre-selection feature of Yast. Generally it is not necessary to remove packages unless there is something about them that interferes with your use of the system. In most cases they may be disabled in subsequent system configuration.

Remove really annoying pk-update-icon if you missed deleting it initially. You will have to mark it in YAST for permanent deletion.

Add Nvidia public repository if needed and nvidia graphics and gpu drivers. Select the most recent driver unless Nvidia's documentation suggests otherwise for your hardware.

Add texlive if it has not already been selected. This is a very large package with long download time.

Add lsb

Add apache if used as web server

Add blas-devel

Add php and packages if used as web server

Add gsl and gsl-devel

Add nano

Add timidity

Add audacity

Add audio-recorder

Add stellarium

Add geany

Add gedit

Add gnome-disk-utility (previously palimpsest)

Add gtkglext-devel

Add hdf5 (required by Python Pynpoint-exoplanet)

Add hdf5-devel

Add hdf5-devel-static

Add imagewriter

Add libcurl-devel

Add liblapack

Add liblapack3 (development files)

Add libatlas3 (optional required by astromatic software not in Leap 15)

Add libatlas3-devel (optional required by astromatic software not in Leap 15)

Add liblua5_3-5

Add mlocate

Add nasm (used by openh264)

Add netpbm

Add libnetpbm-devel

Add okular

Add pavucontrol (pulse audio control to work around problems with defaults)

Add plplot

Add plplot-devel (optionally other plplot packages as needed)

Opensuse Leap installs Python 2.7 and Python 3.6. The default system python command in /etc/alternatives points to python 2.7, but the default "pip" points to python 3's pip. The preferred scientific Python solution is to install from source in /usr/local and build a version that is independent of the operating systems Python. This provides for long term maintenance, and few conflicts between dependencies for system code and for cutting edge science code. If that solution is taken, then do not install optional Python 3 packages but instead build the local version and add modules with pip.

The following packages will go to the system Python 3.6. Equivalent packages are available for Python 2 without the "3" in the package name. An end user running python needs to explicitly call python3, or change the alternative link. If our code is to use the system version of Python 3, then the following optional packages would be needed on new systems. For a complete OpenSuse Python3 installation, use the search option in yast for python3-, right click on the field of search results and select all entries. Then deselect any you do not want. This will install packages that have conflicts to resolve. Make your best choice on those. Packages we know we need and are adequately provided by the operating system are .

Add python3-Beautifulsoup4

Add python3-Cython

Add Python3-Sphinx

Add python3-cairo-devel

Add python3-certifi (optional, may cause other issues)

Add python3-dateutil

Add python3-distutils-extra

Add python3-Flask

Add python3-idle

Add python3-numpy or use pip.

Add python3-numpy-devel or use pip.

Add python3-qt4

Add python3-qt5

Add python3-scipy or use pip for this and related packages to get the most recent versions.

Add python3-sympy

You will also need matplotlib and its add-ons.

Add python3-matplotlib

Add python3-matplotlib-tk

Leap 15 and Tumbleweed should supply Tk with a consistent matplotlib. If there are issues with it, you may deselect the matplotlib packages marking them "taboo" in yast, and instead, after work with yast is over, use pip and install matplotlib from pip as described below. This will insure the latest version of matplotlib, especially as Leap ages and matplotlib moves forward with new releases. Nevertheless, best to leave all this alone and install an independent Python solution.

Additional packages you will need from YAST are --

Add libevent-devel

Add libffi-devel (for compiling Python 3.7+)

Add libopenssl-1_1-devel

Add fftw3-devel, libfftw3-threads, and fftw3-threads-devel

Add ncurses-devel (for compiling Python 3.7+)

Add openssl-1_1

Add python-devel (for compiling Python 3.7+)

Add readline-devel (for compiling Python 3.7+ with readline rather than gnulreadline)

Add sk1

Add xfig

Add ufraw

Add gimp-ufraw

Add gphoto but not gphotofs

Add qiv

Add guvcview or luvcview for webcamera viewing

Add motif

Add motif-devel

Add motif-devel-32bit

Add other motif libraries if they are not installed by default

Add libXmu-devel

Add libXp-devel

Remove all virtualbox rpm's installed from OpenSuse

Add yasm

Add yasm-devel

Add libpng12-devel (optional)

Add libpng16-devel

If using Grace earlier than 5.1.25 deselect libpng16-compat-devel and select libpng12-compat-devel

Add fxload (used by SBIG cameras)

If building Python from source as of version 3.6 in order to get urllib to work add the ghc- packages

After updates

Disable modemmanager because it interferes with serial ports used for instruments

Configure dnsmasq if used to run a subnet and start it from yast

Disable avahi as unnecessary in our environment

Edit /etc/sysconfig to set locate default search to root

Use YAST to set NTP servers for your domain rather than Opensuse's defaults. New installations of Leap will use chrony rather than ntp for improved synchronization. With ntp, check the performance using "/usr/sbin/ntpq -p" or with chrony use "/usr/bin/chronyc tracking". As of July 2018, chronyc is a preferred option.

On a longer term, routine updates can be done from the command line with

 zypper up

Add any needed Python3 modules requiring pip, notably matplotlib (see below)

Python

For Opensuse Tumbleweed (current as of April 2020) both Python-2.7 and Python-3.8 are installed. By default /usr/bin/python points to python2, while pip uses /usr/bin/pip3.8 and will update python3. For the most part unless you need a python2 component, leave the 2.7 installation alone and augment the python3 installation for our software. Be aware of which system the pip command you choose belongs to. A preferred solution is not to bother with the system versions at all, and to install Python 3 from source.

Python - installing the latest from source

For Astropy and perhaps other modules that are under rapid development, the system Python 3 and the latest package requirements may be incompatible. With that option your local programs will call your local python explicitly, for example as /usr/local/bin/python3. You can also set your PATH so that it searches /usr/local/bin before /usr/bin to circumvent the system version.

To install from source follow these instructions exactly:

# Add the packages from Opensuse noted above with attention to the patterns for development
# Download the source tar file currently Python-3.7.1.tar.xz and as superuser or root copy to /usr/local/src 
# Untar the file
# Within the source directory  run ./configure 
# The defaults will be fine.  Your new Python will go into the /usr/local/ directory.  Some users prefer /opt, which can be changed as a configuration option.
# make
# make test
# make altinstall

If this fails it is probably a missing package. Check the ones that are required, install them, make clean, make, make test, make altinstall again.

# ln -s /usr/local/lib64/python3.8/lib-dynload/ /usr/local/lib/python3.8/lib-dynload

The altinstall option is necessary to avoid overwriting or interfering with the system python. The softlink is needed because some library files in lib64 are not found without it. It is not necessary to assign either PYTHONHOME or PYTHONPATH, or to use an environment manager to have this version work independently of the system version. However, be aware that the functions you need are explicity in /usr/local/bin and that they refer to python by its version, that is python3.8 and pip3.8 which can have a softlink to python3.

Similarly, if you install Anaconda Python, it will have its own /opt directory tree to navigate, while Canopy Python may use environment variables. To run your own locally built Python echo PYTHONHOME and echo PYTHONPATH should return empty strings.

Modules by pip

Because they are not available as a package in OpenSuse for Python 3, or because you are updating another installation, use explicitly the pip for your Python. That is, for the system python3, /usr/bin/pip points to /etc/alternatives/pip which points to /usr/bin/pip3.8 in Tumbleweed . Our separately installed python has /usr/local/bin/pip3 .

If the system is behind a firewall requiring a proxy, possibly pip will see the system proxy configuration. If not, try

 export https_proxy=http://proxy.domain:port

where typically the port is 8000 or 8080.

In locally built versions of Python without readline-devel previously installed in yast, readline may be a missing module. A suitable fix is

/usr/local/bin/pip3.8 install gnureadline

Note this is "gnu" readline, not readline. The latter will segfault reading the history file.

For installing in the system python, if matplotlib for Python 3 was installed with yast it must be removed in a two-step process. First delete it from yast and then and mark it taboo so that it will not re-install. Afterward, remove it from the system python this way.

pip uninstall matplotlib

pip install matplotlib --upgrade --no-cache-dir

Also for the system python you may need to do this

pip uninstall six

pip install six --upgrade --no-cache-dir

Now if you are building a separate Python for science, use the pip for it and add the modules you need. This may include several that were installed on the system using yast, as well the matplotlib ones and these. Start with these since pip will resolve dependencies, probably use cached source unless you tell it not to, and in the process grow the missing branches of your Python tree. Later, if you find something missing, you can add it as needed.

Install matplotlib will install numpy (pip install matplotlib)

Install scipy (pip install scipy)

Install cython (pip install cython)

Install scikit-image which will install pillow (pip install scikit-image)

Install astropy (pip install astropy)

Install skyfield (pip install skyfield) replaces deprecated pyphem

Install healpy (pip install healpy)

Install reproject (pip install reproject)

Install quantities (pip install quantities) to have physical constants

Install emcee (pip install emcee) to have an MCMC library

Install pyastronomy (pip install pyastronomy) or from source on github pyastronomy

Install bokeh for browser-based graphics (pip install bokeh)

Install pycurl for remotely communicating with a server (pip install pycurl)

If there is an error from the SSL library, use these two commands to resolve the dependency:

 export PYCURL_SSL_LIBRARY=openssl

 pip install  --upgrade --force-reinstall  pycurl

Dowloading files from Google drive requires two modules

 pip install --upgrade google-api-python-client
 pip install oauth2client

The first of these provides the module "apiclient" and the other provides tools for authorization which would be imported this way

 from apiclient import discovery
 from oauth2client import client
 from oauth2client import tools
 from oauth2client.file import Storage

as described by the official google download api respository here

Lastly, install the software chain for data visualization with Python using pip rather than the system package because Pandas is developing rapidly

Install pandas (pip install pandas)

Install scrapy (pip install scrapy)

Install requests (pip install requests)

Install flask (pip install flask)

Astropy

Astropy is a collaboration to provide a consistent and comprehensive distribution of astronomical software to the research community. For systems running Python 3.5 and above it can be installed as other packages

Install astropy (pip install astropy)

The recent restriction excluding Python 3.4 means that new installations on older operating systems cannot add astropy without some work around solution such as described above.

Astropy resolves dependencies on pyfits, originally developed at the Space Telescope Science Institute. Code requiring pyfits will work by adding

 import astropy.io.fits as pyfits

to the Python 3 source.

From source in /usr/local

For rpm packages use

 zypper --non-interactive install package.rpm  

or add --no-gpg-checks if necessary. For java routines. install the source in /usr/local and provide a softlink through a startup script in /usr/localbin. Larger packages such as alternative python builds would also go in /usr/local in preference to /opt. The entire /usr/local tree should not be in the root partition, but linked to it from a user partitiion that will not be lost in system re-installation.

Install nedit from updated source to /usr/local/bin with a link in /usr/bin/

Add lame and lame library packages for mp3 audio

Install mplayer through the command line svn checkout svn://svn.mplayerhq.hu/mplayer/trunk mplayer or from a stable package along with skin and codecs

Install AstroImageJ and update to the latest daily build. Copy the current best practice configuration from a working system.

Install AstroCC

Install Alsvid updated for Python3

Install ds9 using a recent version from http://ds9.si.edu/site/Download.html. For OpenSuse, ds9 presents a library problem because of its dependency on OpenSSL 1.0. Old versions of OpenSuse had that library, and copies of it are still available, but it is not part of the latest distribution. The two are libcrypto.so.1.0.0 and libssl.so.1.0.0 which may be copied to /usr/local/lib64 followed by "ldconfig". The problem persists with ds9 8.0 as of July 1, 2019.

Install xpa

Install cfitsio with make, make shared, and make install. Then manually copy lib64 and include installation directories to /usr/local/lib64 and /usr/local/include, and run ldconfig.

Install grace (build from source with local FFT modifications for normalization)

Install Aladin

Install xephem -

Copy the XEphem source from the licensed archive to a temporary directory. Install each disk by default in /usr/local. Remove all the ._ files which are created on a Mac OS and remove the execute permissions on many files that come from the source. Copy the xephem.sites list with augmented sites into the auxil directory. Update the Soft* catalogs. Copy XEphem to the /etc directory for global defaults to the home observatory. Optionally, recompile the source code and copy it to /usr/local/bin/, removing the default pre-compiled version in /usr/bin/ . Copy xephem.man (not xephem.1) to /usr/local/man/man1.

Install astrometry.net

Download the latest from the astrometry.net website

http://astrometry.net/

which will be a recent stable version ready to compile. The cutting edge is on the git repository

https://github.com/dstndstn/astrometry.net

and it will not compile with editing and is not recommended.

Astrometry.net uses the system default Python unless you chose otherwise. In Opensuse Leap 15.1 with Python 2.7 as the system default, compilation of astrometry.net still falls back on having some 2.7 packages present. Before building astrometry.net from source, check that they system has

python-devel python2-numpy-devel swig git libnetpbm-devel

to avoid errors on the first attempt.

Other python utilities may use a locally installed Python, say /usr/local/bin/python3.7, if you are compiling with a library path that will find it. That is, echo $LD_LIBRARY_PATH should show /usr/local/lib and /usr/local/lib64. The environment variables are not preserved when compiling after "su". Two simple solutions are either to change ownership of Astrometry.net and compile as a normal user, or connect directly as root user and compile. Either way, check the environment first. Once that is done, edit util/makefile.common so that it reads this way

 # don't change this one -- it must match what is in the bin/* scripts
 PYTHON_SCRIPT_DEFAULT := /usr/bin/env python

 # change this if you want to set exactly which python program gets run to
 # execute the python scripts in bin/ (image2pnm and friends).
 # Note that this must be a full path (this is a bash requirement).
 #PYTHON_SCRIPT ?= $(PYTHON_SCRIPT_DEFAULT)
 # eg,
 PYTHON_SCRIPT ?= /usr/local/bin/python3.7

The only change required is to point specifically to the python you need. Opensuse Leap 15 also installs Python 3.6, which is one release behind the current one (at this writing) of 3.7. The simplest solution to this and staying up with the requirements of astropy is to install Python from source in /lusr/local and then link to it here and elsewhere as needed. However astrometry.net will have a dependence on the systems Python 2.7.

In OpenSuse Leap you will also have edit util/makefile.netpbm if compilation does not find the library. You may later change the #! lines in the scripts in the installed bin directory if another Python on the system is preferred.

If netpbm is not be found, edit the file util/makefile.netpbm to point it to the correct place:

NETPBM_INC ?= -I/usr/include/netpbm
NETPBM_LIB ?= -L/usr/lib64 -lnetpbm 

Astrometry.net by default installs in /usr/local/astrometry. Add /usr/local/astrometry/bin to the $PATH in /etc/profile.local. Replace the data directory with a soft link to the system archive of astrometry data files, currently the 4200 series. On systems witih limited root disk space, install astrometry on another disk and link it to /usr/local for consistency with scripts.

Install swarp

Install sextractor

Install psfex (current release does not build in Opensuse Leap due to cblas package incompatibility)

Install hp15c

Install tightvnc_viewer

Install moodle (depends on mysql, apache, and php) on educational servers

Install mediawiki (on servers as needed)

Install cfitsio

Install xpa

Install xmtel (if needed)

Install xmccd (if needed, also provides libcfitsio and xpa)

Update /etc

Copy motd

Edit HOSTNAME

Add entries to /etc/rc.d/boot.local

Add profile.local

Edit /etc/dnsmasq.conf as needed

Settings for the network

Configure network as needed for additional cards defined for internal zone

Configure dnsmasq as needed to service one or more cards

Add masquerade to firewall settings if internal zone present (required for dnsmasq ip forwarding)

Start the firewall if using dnsmasq or needing the security it provides

Start dnsmasq

Run services manager and turn off unused services

Run lsof -i to confirm there are no insecure open ports

Reboot the system

With Opensuse's use of the wicked network daemon, a configured network device will not show its IP until it is physically connected to an active network. The yast configuration option "at boot time" for network configuration means that these ports must see a live connection when the system is booted to find their configuration. This is not a bug, it is a "feature". The alternative option "on cable connection" is not useful for a fixed instrument controller. If a device is physically connected and does not show its IP in ifconfig, try "systemctl restart network.service" or a reboot.

Additional security

The OpenSuse network monitoring daemon xinetd provides tcpd wrapper service within the systemd framework. This enables use of hosts.allow and hosts.deny to filter access in a simple way. By default, xinetd will not be started with a new installation. Enable it in the system configuration on YAST and start it on boot. In hosts.deny put "ALL: ALL" to close the network for everything the software is aware of, and then allow specific IP addresses to access the services with entries in hosts.allow. Insure that xinetd is running, and check journalctl for failed login attempts routinely as a basic security front line, usually behind a more secure institutional firewall.

Desktop

Run nvidia-settings to set display for a system with Nvidia hardware if the Nvidia drivers are installed. The latest community Nvidia support is adequate for most purposes without installing the proprietary Nvidia driver and kernel module. The system is more easily maintained if it runs using the community supported package which is improving quickly.

The default desktop is set this way

• update-alternatives --config default-xsession.desktop

and respond to the options. The WM system configuration is not read by most managers. Set xfce.deskop or else it will default to gnome and make remote starting of VNC with xfce impossible.

OpenGL with Nvidia

Users should be members of the video group to have access to opengl applications. If they are not, the application may run slowly (glxgears) or crash (celestia). For some applications with older hardware the Nouveau open source driver will suffice and be less likely to interfere with system updates later. This driver is compatible with randr and allows command line setting of multiple displays. For example if there are two displays on the graphics card, a command line such as

• xrandr -q

will list the available displays and their capabilities, while one such as

• xrandr --output DVI-I-2 --right-of DVI-I-1

will configure them as one screen providing acceleration across the desktop.

Newer Nvidia cards and all of the Quadro family require loading the lastest nvidia driver and the kernel modification. Add Nvidia as a repository and use YAST to manage the updates. Reboot the system afterwards. Run nvidia-settings to configure the desktop. If needed, save the xorg.conf file and copy it to /etc/X11 so that it applies on the next restart of the X server.

Google Chrome

Install the Chrome public keys

• wget https://dl.google.com/linux/linux_signing_key.pub
• sudo rpm --import linux_signing_key.pub

and then with the Firefox browser retrieve the latest 64-bit rpm package of Chrome and install it

• zypper --non-interactive install google-chrome-stable_current_x86_64.rpm

Installation of Google Earth is similar

• zypper --non-interactive install google-earth-stable_current_x86_64.rpm

Adobe Flash

Until late 2016 Adobe had stopped supporting Flash on Linux. While Adobe now has resumed security updates for Flash that will work with Firefox, a better solution is to install Google Chrome. This provides full support for the remaining Flash websites and reliable security plus DRM management when needed. Both Chrome and Firefox block Flash content when HTML5 alternatives are available.

gPhoto2

The gphoto2 application runs Nikon DSLR cameras for real-time observing, scripted imaging, and called by cgi routines from a web server. To give the USB device the proper permissions without invoking unwanted software (the default for a Gnome installation in OpenSuse), we make sure that libgphoto2 is installed, but not the file system. In OpenSuse there will not be a udev rules file installed by default.

As root user,

cd /etc/udev/rules.d

/usr/lib64/libgphoto2/print-camera-list udev-rules version 175 group video mode 0666 > 90-gphoto.rules

where the version given has to be high enough to work with udev and still be recognized by libgphoto2.

Add the video group to users who will be observers, and to the user wwwrun by editing /etc/group or by using YAST.

When a camera is connected or turned on, it will accessible by any user in the video group, including the cgi applications used for remote operations.

exFAT

Add fuse-exfat from OpenSuse package search, currently version 1.2.4

• zypper --non-interactive install fuse-exfat-1.2.4-2.1.x86_64.rpm

This provides support where needed for SDXC memory cards through the Microsoft exfat filesystem.

VLC

The version of VLC that can be installed with Yast lacks all proprietary codecs necessary for many common uses. The OpenSuse version should not be installed. To build from source --

• Install lua and lua-devel if not already installed

• Download the latest source tarball from VLC (currently 2.2.1)
• Use the latest x264 source also from VLC, compile, and install
• Use the latest ffmpeg source tar file best taken from mplayer, compile, and install

• Untar ffmpeg
• ./configure --enable-pic --libdir=/usr/local/lib64 --enable-libmp3lame --enable-libx264 -enable-gpl
• make
• make install
• ldconfig

• Untar vlc
• ./configure --disable-mad --disable-a52
• make
• make install

Mplayer and ffmpeg

• Install the source code in /usr/local/src/ --
• svn checkout svn://svn.mplayerhq.hu/mplayer/trunk mplayer
• Untar the codecs and skin files into /usr/local . We use a collection saved in mplayer_codecs.tar.gz that installs into share/mplayer and lib/codecs
• In the source directory, ./configure --enable-gui then make, make install

If ffmpeg is needed elsewhere (as it would be for Blender and other video editing applications), copy the internal version of ffmpeg from mplayer into its own /usr/local/src/ directory, compile the executables, and install system-wide. In this use it can be reconfigured to add x264, so do that as well with these steps:

Remove the obsolete Opensuse NASM package if it has been installed, and get the most recent NASM from http://www.nasm.us/pub/nasm/ . This is currently version 2.13 and is required to build x264. Build and install it with the defaults. It will go into /usr/ rather than /usr/local if you forget to select "local" explicitly. This will not matter until you rebuild the system with updated Opensuse files.

Get x264 (it may be better than openH264, which currently does not compile on Opensuse) with git clone http://git.videolan.org/git/x264.git . Build it using the configuration options for creating static and shared libraries, and install it.

Lastly, in the cloned copy of ffmpeg from mplayer, ./configure --enable-libx264 --enable-gpl, make, and make install.

Simple Screen Recorder

This very effective tool for making on-line instructional videos and lecture content is included in the Opensuse distribution. However, the distributed version lacks many useful codecs. Retrieve the source code, probably best from Packman where it will have been prepared for Opensuse. Compile it as an unprivileged user with the configuration flags ./configure --without-jack --oldincludedir=/usr/local/include that currently make it work without jack and with x264 on Opensuse. Install it as root with "make install". This version will have the codecs of ffmpeg and be broadly useful without needing subsequent file conversions.

VirtualBox

VirtualBox as supplied by OpenSuse cannot be updated using the Oracle site. Instead of installing their version, we use the latest Oracle RPM which is currently version 6.0.8.

• Set the BIOS to allow virtualization technology and to allow advanced I/O for sharing resources.
• Retrieve the packages from https://www.virtualbox.org/wiki/Linux_Downloads .
• Retrieve the repo file f
• Retrieve the public key from https://www.virtualbox.org/download/
• Install the public key with rpm --import public_key.asc
• Install the repository with zypper ar -f ./file.repo
• zypper --non-interactive install VirtualBox-xxx-.rpm
• Retrieve the extension pack from Oracle's download site.
• VBoxManage extpack install .Oracle_VM_VirtualBox_Extension_Pack-xxx.vbox-extpack
• In Opensuse YAST, add the Virtualbox guest kernel modules and guest tools, or use the guest additions from Oracle.
• Add the virtualbox group to the user(s) who will run it .
• Start the qt interface from the command line with virtualbox .
• Create a directory that will be shared with the guest OS and set this up in virtualbox when building a virtual machine .
• Once the guest OS is installed, add the guest additions to it also, to enable the shared directory and mouse/pointer integration .

• Lastly, read the Virtualbox on-line manual .

For access to the USB system the guest OS must have a driver installed. Virtualbox presents a virtual xHCI USB3 device to the guest. The driver provided by Intel has worked for us in a Windows 7 installation.

OpenGL

Users must belong to the video group to have access to OpenGL when NVidia drivers are in use.

Zoom not Skype

While Skype is supported again on Linux through its newer version, it was not working well with Opensuse 42.3 has not been tested with Leap 15. Alternatives include Google Hangouts and conferencing software Zoom, which is the recommended solution.

Wireless

Laptops by default will have networkmanager running their hardware and wireless connections. Desktops will not. To enable desktop wireless with minimal need for configuration, use Yast, Network Settings, and Global Settings to select networkmanager rather than wickedd. With that change, there will be a desktop icon in the system tray and the interface may be selected by the user.

Few USB network adapters work with the Linux kernel in OpenSuse . Only one we have found readily available new is the Buffalo Nfinity Wireless-N compact USB 2.0 adapter. It is recognized immediately and requires no additional configuration, other than the selection of networkmanager, and the user's choice of connection.

When configuring a laptop that will need flexible control of the network, consider changing the default /etc/sysconfig/network/config entry from "no" to

 NETCONFIG_FORCE_REPLACE="yes"

This change will insure that if you change networks the resolv.conf file will be rewritten, and it may affect other files that get modified in some way. The downside is that you will need to use the root password when restarting the network.

Static LAN and dnsmasq

We use dnsmasq to manage local area networks (LAN) from a second network device on telescope computers. Typically the device address is set to 192.168.0.1/24, or to 1.1/24 if there is another LAN operating. The configuration file for dnsmasq is set to point to the device, i.e. eth1, to which the switch is attached.

This works well if (a) there is a switch attached and turned on, and (b) the computer is running the wickedd manager which is the default in current Opensuse releases based on systemd. It is seeming not possible, or certainly not straightforward, to run a lan from a laptop which is configured with networkmanager.

To attach a networked instrument such as a camera to a laptop that by default is configured with network manager the options are

• Attach the device to a switch which itself is integrated into a LAN with DHCP provided by another computer system.
• Custom configure the wired network interface using nmcli.
• Change the laptop networking to run wickedd instead of networkmanager.

The second method using the powerful console command line interface for Network Manager is the best solution but requires specific commands for each situation. A common problem has been network management when a device is to be attached to an Ethernet adapter on a USB3 connection. For example, we use a StarTech adapter that runs on a powered laptop port to provide both ethernet and additional USB3 connections to a camera and environmental sensors. The network connection has to be associated with dnsmasq to enable DHCP connections from cameras. With networkmanager on opensuse, this new device is not configurable through the YAST tools. The solution is

1. Boot the computer with the device installed so that it is recognized without an issue

2. As root create the connection and bring it up

 nmcli con add con-name "usb-ethernet" ifname eth1 type ethernet ip4 192.168.1.1/24
 nmcli con up usb-ethernet

3. Check that it is present

 ifconfig 
 
 eth1  Link encap:Ethernet  HWaddr 00:05:1B:D0:88:E3  
          inet addr:192.168.1.1  Bcast:192.168.1.255  Mask:255.255.255.
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

4. Configure dnsmasq.conf with lines such as

 interface=eth1  
 dhcp-range=192.168.1.50,192.168.1.100,12h

5. Enable and start dnsmasq in sysconfigure

These changes should remain in effect until removed, and a camera attached to the new network connection will be seen on the local "usb-ethernet",

The third option is the default for a desktop system. The disadvantage to the third option in the laptop world is that wickedd does not have the end-user support for wireless networking that networkmanager provides. Further, when switching from one system to another, there are inevitable configuration issues, particularly with the management of host resolution and the file /etc/resolv.conf.

The basic process is to use yast or yast2, select network device configuration, and change the manager to wickedd. This will allow editing the individual network devices. Set the static ip address for the device that will handle the LAN, edit the device entry, change it to "internal", and set it to activate on boot through the setting in the Global tab. Shutdown and reboot the system. The ethernet adapter must be inserted at boot time.

As superuser use "wicked show all" to see the status of the devices, or "wicked ifstatus eth1" to see the status of one network device. Each device has a configuration file in /etc/sysconfig/network/, such as ifcfg-eth1 for eth1. Within that file there should be a line which says

LINK_REQUIRED=no

As of Opensuse 42.3, this line is not inserted by the yast2 configurator, and consequently the network device will stall and wickedd will report "setup-in-progress". The simple solution is to enter this by hand if you see this error and need a second network active on power up.

Proxy

The system proxy settings are set globally in /etc/sysconfig/proxy . It is best to use yast to configure them. At USQ for normal use these fields are blank. However for installation through yast and zypper and for updates the fields have to be populated with http://proxy.usq.edu.au:8000. Also for use of curl where there is a proxy, it can be set in .curlrc for that user by adding a line such as

proxy = proxy.usq.edu.au:8080

without the "http" prefix. Alternatively, if there is a system proxy, then curl can be run with a command line that over rides it for specific addresses or for everything with a wildcard

curl --no-proxy *

Both Firefox and Chrome browsers will negotiate an automatic proxy server while curl, zypper, and yast will not.