Difference between revisions of "OpenSuse"

From SharedSkies
Jump to navigation Jump to search
 
(62 intermediate revisions by the same user not shown)
Line 1: Line 1:
The observatory's servers and control computers run on the OpenSuse distribution of Linux-based software. Most current systems are using release Leap 42.2 or 42.3, and will have Leap 15 after its release.  We chose the Leap series because of its conservative testing and stability.  Generally the slowed cycle of new versions does not cause problems, except where we need software that is pushing the edge, notably AstroPy.  Our evolving installation notes given below are rewritten as we gain experience with the most recent releases and work-around solutions to problems.   
+
The observatory's servers and control computers run on the OpenSuse distribution of Linux-based software. Leap 15.1 . We have chosen the Leap series because of its conservative testing and stability.  Generally the slowed cycle of new versions does not cause problems, except where we need software that is pushing the edge, notably AstroPy.  We have tested Tumbleweed when Leap 15 was introduced in 2018  and found at the time too many points of failure with networking and compilation to make it a safe choice for professional long term use. However,  it has the significant advantage that it can be built and maintained remotely, such that a remote telescope computer or inaccessible server can be updated without being on site.  Use of Tumbleweed will be evaluated because of this advantage, but as of June 2019 the default remains Leap 15.1 .
 +
 
 +
These evolving installation notes originated with much earlier versions of OpenSuse and are rewritten as we gain experience with the most recent releases and work-around solutions to problems.   
  
 
The following describes how to build a  system with OpenSuse  that provides a solid foundation of software for physics and astronomy for real-time control of telescopes and observatories, use in the laboratory or the field, operating small servers, and processing astronomical data.  
 
The following describes how to build a  system with OpenSuse  that provides a solid foundation of software for physics and astronomy for real-time control of telescopes and observatories, use in the laboratory or the field, operating small servers, and processing astronomical data.  
 +
 +
 +
 +
== Tumbleweed ==
 +
 +
Installation of Tumbleweed as an upgrade to an exisiting system may be done remotely. Please note that the result may be unsuitable for production.
 +
 +
[https://en.opensuse.org/openSUSE:Tumbleweed_upgrade https://en.opensuse.org/openSUSE:Tumbleweed_upgrade]
 +
 +
The process has a few simple steps  to update the current OS, then change repositories, and perform the update.  Following the instructions at these links will result in a new system that should reboot and run immediately.
 +
 +
Because of the very large number of packages involved, it  is best to remove latex and texlive first before doing the update, and then if needed re-install at leisure.  It  can take many hours on a high speed network to get the texlive files. 
 +
 +
DHCP networking in Tumbleweed and Leap 15 does not send a pure MAC address even when it supposed to.  That is, it transmits a longer identifier that may not be recognized by network DHCP services if a  pseudo-static IP based on the MAC has been assigned.  While the solution to this is simple, it  should be done with yast before rebooting the new system, especially when the system is built remotely for Tumbleweed. If this is not done for networks that require the identifier the system networking will not find the assigned pseudo-static IP.
 +
 +
* Network Settings
 +
* Global Options
 +
* DHCP client identifier
 +
* Paste MAC address of the DHCP network interface card
 +
* Edit the field to insert "01:" before the MAC address
 +
 +
Now when the network is configured it will restart and should receive the assigned IP for this card.  Make sure that only one Ethernet connection from the computer is presenting to the network with DHCP.
 +
 +
Check the results with
 +
 +
  ip a
 +
  ethtool eth0
 +
  nslookup www
 +
 +
where the latter tests that DNS services are properly provided.  The configuration is  saved in /etc/sysconfig/network/dhcp .
 +
 +
During the last test of Tumbleweed in 2018, other problems were encountered with compilation of Python from source using the default installations, and with proxy service to the extent that Tumbleweed was not usable without considerable effort.  Also, given its cutting edge character, we are concerned that  new issues could arise during routine updates.  Opensuse Leap has a 18 month development cycle that allows sufficient time between upgrades that it can be a stable solution for production, with the disadvantage that updates require physical presence at the server. 
 +
 +
The following instructions apply primarily to Opensuse Leap 15.1, and should also work for a new installation of Tumbleweed for those who like adventure.
  
  
 
== Before Installation ==
 
== Before Installation ==
  
 +
If possible, for a new installation of the operating system or a major update to a disk in service, consider installing it on a new disk and copying the important files over from the old one. This is the safest path.
  
Prepare a DVD or a USB memory stick with the ISO image of the 64-bit distribution.  OpenSuse's imagewriter is a convenient way to create the correct structure on the USB device.  Newer hardware will accept a USB memory stick for booting, but older  (say prior to 2015) may require a DVD drive.   
+
Prepare a DVD or a USB memory stick with the ISO image of the distribution.  OpenSuse's imagewriter is a convenient way to create the correct structure on the USB device.  Newer hardware will accept a USB memory stick for booting, but older  (say prior to 2015) may require a DVD drive.   
  
 
On a new system not using RAID, deselect RAID in BIOS if it is offered.  This will prevent OpenSuse from creating disk partitions with RAID.  However, if  RAID information has already been written to the disk the OpenSuse installer will assume a RAID configuration even if hardware raid is not enabled.  A simple cure is to install the system twice.  On the first pass use the Expert Partitioner option and delete the proposed raid configuration.  Then in /dev/sda (or equivalent) add a root  and a home ext4 partition but intentionally do not add a boot partition.  The installer will warn you this will not work.  Ignore those warnings and let the installer prepare the disk.  Once that is accomplished you can abort the installation, or let it run to the end. The disk will not be bootable but it will be cleaned of RAID and on the next installation pass you will have a proposal to use the full disk with conventional structure and btrfs for the root partition.
 
On a new system not using RAID, deselect RAID in BIOS if it is offered.  This will prevent OpenSuse from creating disk partitions with RAID.  However, if  RAID information has already been written to the disk the OpenSuse installer will assume a RAID configuration even if hardware raid is not enabled.  A simple cure is to install the system twice.  On the first pass use the Expert Partitioner option and delete the proposed raid configuration.  Then in /dev/sda (or equivalent) add a root  and a home ext4 partition but intentionally do not add a boot partition.  The installer will warn you this will not work.  Ignore those warnings and let the installer prepare the disk.  Once that is accomplished you can abort the installation, or let it run to the end. The disk will not be bootable but it will be cleaned of RAID and on the next installation pass you will have a proposal to use the full disk with conventional structure and btrfs for the root partition.
  
For most new machines allow UEFI (custom option, if available) and disable compatibility mode.  The installer will identify the system as allowing UEFI and properly select the boot configuration.  However,  also use the BIOS setup to change the boot priority to the medium reflecting this  choice. The boot medium and a UEFI installation must match.
+
For most new machines allow UEFI (custom option, if available) and disable compatibility mode in the BIOS.  The installer will identify the system as allowing UEFI and properly select the boot configuration.  However,  also use the BIOS setup to change the boot priority to the medium reflecting this  choice. The boot medium and a UEFI installation must match.
  
 
Opensuse will detect and set up a UEFI boot protocol unless this option is turned off in the BIOS. With that selection it will handle and format large disks.
 
Opensuse will detect and set up a UEFI boot protocol unless this option is turned off in the BIOS. With that selection it will handle and format large disks.
Line 21: Line 58:
 
== During installation ==
 
== During installation ==
  
 +
If your computer has more than one network connection, for example for a local subnet and for a global or institutional network, physically disconnect the local  one until installation is complete.  This will prevent the installation scripts from mis-identifying the network assignments.
  
 
Insert the medium, reboot the system, and select Installation from the splash screen.  If there is a booting problem, use the keyboard to bring up a boot selection screen (often "Del", F11 or F12), and check the boot order and if needed also the BIOS setup.
 
Insert the medium, reboot the system, and select Installation from the splash screen.  If there is a booting problem, use the keyboard to bring up a boot selection screen (often "Del", F11 or F12), and check the boot order and if needed also the BIOS setup.
  
If there is a proxy for network access at this point it may be necessary to enter that information before proceedings to the actual installation.  At the OpenSuse boot screen press F4 for access to the manual network configuration and enter the information.  At Mt. Kent, for example, there is a proxy but it is handled automatically for browsers.  For zypper and yast, however, it has to be explicitly configured to http://proxy.usq.edu.au:8080 so that yast will find the repositories.  After installation for normal use this would be turned off by deselecting the proxy in the yast configuration screen.
+
If there is a proxy for network access at this point it may be necessary to enter that information before proceedings to the actual installation.  At the OpenSuse boot screen press F4 for access to the manual network configuration and enter the information.  At Mt. Kent, for example, there is a proxy but it is handled automatically for browsers.  For zypper and yast, however, it has to be explicitly configured to http://proxy.usq.edu.au:8000 so that yast will find the repositories.  After installation for normal use this would be turned off by deselecting the proxy in the yast configuration screen.
  
On laptops with  Nvidia Quadro graphics and GPU combined with Intel graphics, if the BIOS allows it, deselect options that use the Intel graphics or that automatically select the card to enable sole use of Nvidia. This avoids a multitude of booting and configuration issues, and provides a platform for GPU computing.  The downside is increased power consumption and loss of battery life.  If those are the primary considerations, then it may be best to not use Nvidia at all.  Alternatively, it is possible to install Bumblebee to enable switching between cards for specific uses. Nvidia Quadro will require their proprietary driver for full support.
+
On laptops with  Nvidia Quadro graphics and GPU combined with Intel graphics, if the BIOS allows it, deselect options that use the Intel graphics and then enable sole use of Nvidia. This avoids a multitude of booting and configuration issues, and provides a platform for GPU computing.  The downside is increased power consumption and loss of battery life.  If those are the primary considerations, then it may be best to not use Nvidia at all.  Alternatively, it is possible to install Bumblebee to enable switching between video hardware for specific uses. Nvidia Quadro, which provides GPU computing,  requires their proprietary driver for full support.
  
At this point if the system has a recent Nvidia card it also may be best to disable modeset.  The symptom this is necessary is that subsequent booting freezes before the installation begins. With Leap 42.3 edit the boot options by pressing "e" before the system tries to start an installation.  This will open a simple boot editing screen with instructions.
+
At this point if the system has a recent Nvidia card it also may be best to disable modeset.  The symptom this is necessary is that subsequent booting freezes before the installation begins. Edit the boot options if needed by pressing "e" before the system tries to start an installation.  This will open a simple boot editing screen with instructions.
  
 
At the end of the line for linux add  "nouveau.nomodeset=0" .  Similarly, a problem with an Intel graphics card that was switching, perhaps to a Displayport interface, was fixed with simply "nomodeset".
 
At the end of the line for linux add  "nouveau.nomodeset=0" .  Similarly, a problem with an Intel graphics card that was switching, perhaps to a Displayport interface, was fixed with simply "nomodeset".
Line 34: Line 72:
 
Continue with the installation as instructed on this editing screen. The default settings should work with the following additions and exceptions.
 
Continue with the installation as instructed on this editing screen. The default settings should work with the following additions and exceptions.
  
Deselect software by taking the checkmark off with a spacebar press.  After installation is complete, return to the software menu of YAST and make sure that those items never to be install (pk-update is the worst of them) are marked "Taboo".  For now, just do not install them.
+
Deselect software by taking the checkmark off with a spacebar press.  After installation is complete, return to the software menu of YAST and make sure that those items never to be install (pk-update is the worst of them, AppArmor not far behind) are marked "Taboo".  Do not install them.
  
Select a user interface of "Other" rather than KDE or Gnome, and then Xfce as default environment to have a lightweight but fully functional system.
+
Leap 15.1 installation offers KDE, Gnome (Wayland), and a basic system for customizing.  We prefer the customized soluiton, and when selecting software add  Xfce for an environment that is lightweight but fully functional.   Add their development code for Gnome and KDE (Qt will be present by default).
  
Select almost all packages by group except Apparmor which should be marked "taboo"Include PHP, MySQL, and Apache unless not needed  for your use. Decline KDE and Gnome desktop but add their development code.  Some KDE and Gnome applications may be loaded individually later. Do not install laptop tools unless you are configuring a laptop.  Otherwise network management will default to be selectively controlled by the user rather than by the system at boot time.  
+
LaTeX and related content is under the  "Technical Writing" group. It is a lengthy download and may be installed laterFor an upgrade, if it is already installed, it may also be best to delete it first, then reinstall when it can run overnight if your network connection is is not very fast.
  
 
Set the computer system clock to use UTC, check the time zone  and  the local time.
 
Set the computer system clock to use UTC, check the time zone  and  the local time.
  
The gparted package may be useful to manage disks larger than 2 TB.  As of Opensuse 13.2 with new disks the installer will use BTRFS for the root partition and XFS for the remainder to make full use of large disks on UEFI systems. In the event of a failure, leaving a critical disk formatted in the wrong size or filesystem, add gdisk from a repository and reformat the disk.  Reboot, and re-install the operating system on the reformatted disk.   
+
The gparted and gnome-disks packages are useful to manage disks larger than 2 TB.  With new disks the installer will use BTRFS and as of Leap 15.1 it will create a large partition for the entire disk. In the event of a failure, leaving a critical disk formatted in the wrong size or filesystem, add gdisk from a repository and reformat the disk.  Reboot, and re-install the operating system on the reformatted disk.  Earlier versions of Leap would install the operating system in a small partition that limited the space available, and then allocated the balance to an XFS partition for user spaceCheck that adequate space is left for your system needs and use the expert mode if needed to allocate space before installing the operating systemOnce partitioned, OpenSuse will use existing partitions as a guide and it is difficult to override these choices later.
 
 
While it would be preferred to use 100 GB for the root directory in a BTRFS, Opensuse by default allocates a marginally large enough 40 GBIt is sufficient for the base system, and if large files are needed in /usr/local/ they can be located in the /home partition with a soft link from /usr/localThe remaining space on the  system disk will be formatted as XFS.  An advantage to putting locally installed software in /usr/local/ and having that outside of the root partition is that in subsequent upgrades there is less risk of losing special software installations.
 
  
Deselect and mark "taboo" Apparmor for systems which do not require its access controls.
+
Deselect and mark "taboo" Apparmor for systems which do not require its access controls. Delete pk-update to avoid nagware about package updates and mark it for non-installation permanently by selecting "taboo"
  
Add nano so that you will have a simple terminal-based editor after booting the first time
+
Turn off firewall (assuming your system is already behind an adequate  institutional or local firewall)
  
Delete pk-update to avoid nagware about package updates and mark it for non-installation permanently by selecting "taboo"
+
Open the  port for SSH
  
Turn off firewall (assuming your system is already behind an institutional or local firewall)
+
Check the boot option for grub2 matches that of your machine (should be UEFI if available)
 
 
Open port for SSH
 
 
 
Check the boot option for grub2 on a non-UEFI system
 
  
 
Complete the installation from the media (either USB or DVD)
 
Complete the installation from the media (either USB or DVD)
  
Remove the medium, reset the boot priority to the hard disk, reboot
+
Remove the medium, reset the boot priority to the hard disk first, reboot
  
  
Line 68: Line 100:
 
Start yast from the command line as su with ''yast --qt'' or "yast2"
 
Start yast from the command line as su with ''yast --qt'' or "yast2"
  
Disable DVD or USB in software respositories
+
Disable DVD or USB in software repositories
  
 
Unless doing GPU development or you have recent nvidia hardware, do not include the repository for nvidia (creates a long term maintenance problem) and use the Nouveau Xorg driver
 
Unless doing GPU development or you have recent nvidia hardware, do not include the repository for nvidia (creates a long term maintenance problem) and use the Nouveau Xorg driver
  
Perform all updates based on default respositories as needed
+
Perform all updates based on default repositories as needed
  
Note that in removing packages, as of OpenSuse 13.2, select Options --> Cleanup when deleting packages to prevent their automatic reinstalling though the preselection feature of Yast.  Generally it is not necessary to remove packages unless there is something about them that interferes with your use of the system.  In most cases they may be disabled in subsequent system configuration.   
+
Note that in removing packages select Options --> Cleanup when deleting packages to prevent their automatic reinstalling though the pre-selection feature of Yast.  Generally it is not necessary to remove packages unless there is something about them that interferes with your use of the system.  In most cases they may be disabled in subsequent system configuration.   
  
 
Remove really annoying pk-update-icon if you missed deleting it initially.  You will have to mark it in YAST for permanent deletion.
 
Remove really annoying pk-update-icon if you missed deleting it initially.  You will have to mark it in YAST for permanent deletion.
  
Add Nvidia public respository if needed and nvidia graphics and gpu drivers. Select the most recent driver unless Nvidia's documentation suggests otherwise for your hardware.
+
Add Nvidia public repository if needed and nvidia graphics and gpu drivers. Select the most recent driver unless Nvidia's documentation suggests otherwise for your hardware.
  
Add texlive if it has not already been selected. Prior to version 42.1 the latex package was installed when technical wriiting was selected as a page category, but currently it does not install unless selected specifically after the installation from a USB image.  This is a very large package with long download time.
+
Add texlive if it has not already been selected.   This is a very large package with long download time.
  
 +
Add lsb
  
 +
Add apache if used as web server
  
Add lsb5
+
Add blas-devel
 
 
Add apache if used as web server
 
  
 
Add php and packages if used as web server
 
Add php and packages if used as web server
Line 99: Line 131:
  
 
Add audio-recorder
 
Add audio-recorder
 
Add celestia (kde-celestia)
 
  
 
Add stellarium
 
Add stellarium
  
Add galculator
+
Add geany
  
 
Add gedit
 
Add gedit
  
 
Add gnome-disk-utility (previously palimpsest)
 
Add gnome-disk-utility (previously palimpsest)
 
Add gnumeric
 
  
 
Add gtkglext-devel  
 
Add gtkglext-devel  
Line 122: Line 150:
 
Add imagewriter
 
Add imagewriter
  
Add libatlas3 (optional required by astromatic software not in Leap 42.3)
+
Add libcurl-devel
 +
 
 +
Add liblapack
 +
 
 +
Add liblapack3 (development files)
 +
 
 +
Add libatlas3 (optional required by astromatic software not in Leap 15)
  
Add libatlas3-devel (optional required by astromatic software not in Leap 42.3)
+
Add libatlas3-devel (optional required by astromatic software not in Leap 15)
  
Add lua-devel
+
Add liblua5_3-5
  
 
Add mlocate
 
Add mlocate
Line 144: Line 178:
 
Add plplot-devel (optionally other plplot packages as needed)
 
Add plplot-devel (optionally other plplot packages as needed)
  
 +
Opensuse Leap installs Python 2.7 and Python 3.6. The default system python command in /etc/alternatives points to python 2.7, but the default "pip" points to python 3's pip.  The preferred scientific Python solution is to install from source in /usr/local and build a version that is independent of the operating systems Python.  This provides for long term maintenance, and few conflicts between dependencies for system code and for cutting edge science code.  If that solution is taken, then do not install optional Python 3 packages but instead build the local version and add modules with pip.
  
 
+
The following packages will go to the system Python 3.6.  Equivalent packages are available for Python 2 without the "3" in the package name.  An end user running ''python'' needs to explicitly call ''python3'', or change the alternative link. If our code is to use  the system version of Python 3, then  the following optional packages would be needed on new systems. For a complete OpenSuse Python3 installation, use the search option in yast for python3-, right click on the field of search results and select all entries.  Then deselect any you do not want.  This will install packages that have conflicts to resolve.  Make your best choice on those. Packages we know we need and are adequately provided by the operating system are  
'Opensuse Leap installs Python 2.7 and Python 3.4. The default system python command in /etc/alternatives points to python 2.7, but the default "pip" points to python 3.4. The following packges will go to Python 3.4.  Equivalent packages are available for Python 2 without the "3" in the package name.  An end user running ''python'' needs to explicitly call ''python3'', or change the alternative link. We are currently moving all python code to Python 3 and installing the following optional packages on new systems. For a complete OpenSuse Python3 installation, use the search option in yast for python3-, right click on the field of search results and select all entries.  Then deselect any you do not want.  This will install packages that have conflicts to resolve.  Make your best choice on those. Packages we know we need and are adequately provided by the operating system are  
 
 
.
 
.
  
Line 187: Line 221:
  
  
Currenty, OpenSuse 42.3 does not provide a Tk component for Python 3That should be remedied in Leap 15, and in the meantime it is best to mark the matplotlib packages as "taboo" in yast, and instead, after work with yast is over, use pip and install matplotlib from pip as described below.   
+
Leap 15 and Tumbleweed should supply Tk with a consistent matplotlibIf there are issues with it, you may deselect the matplotlib packages marking them  "taboo" in yast, and instead, after work with yast is over, use pip and install matplotlib from pip as described below.  This will insure the latest version of matplotlib, especially as Leap ages and matplotlib moves forward with new releases. Nevertheless, best to leave all this alone and install an independent Python solution.
 +
 
 +
Additional packages you will need from YAST are --
 +
 
 +
Add libevent-devel
 +
 
 +
Add libffi-devel (for compiling Python 3.7+)
 +
 
 +
Add libopenssl-1_1-devel
 +
 
 +
Add fftw3-devel, libfftw3-threads, and fftw3-threads-devel
  
 +
Add ncurses-devel (for compiling Python 3.7+)
  
Additional packages you will need are --
+
Add openssl-1_1
  
Add libevent-devel
+
Add python-devel (for compiling Python 3.7+)
  
Add fftw3-devel, fftw3-threads, and fftw3-threads-devel  
+
Add readline-devel (for compiling Python 3.7+ with readline rather than gnulreadline)
  
 
Add sk1
 
Add sk1
Line 208: Line 253:
 
Add qiv
 
Add qiv
  
Add luvcview
+
Add guvcview or luvcview for webcamera viewing
  
 
Add motif
 
Add motif
Line 217: Line 262:
  
 
Add other motif libraries if they are not installed by default
 
Add other motif libraries if they are not installed by default
 +
 +
Add libXmu-devel
 +
 +
Add libXp-devel
  
 
Remove all virtualbox rpm's installed from OpenSuse  
 
Remove all virtualbox rpm's installed from OpenSuse  
Line 224: Line 273:
 
Add yasm-devel
 
Add yasm-devel
  
Add libpng12-devel
+
Add libpng12-devel (optional)
  
 
Add libpng16-devel
 
Add libpng16-devel
Line 231: Line 280:
  
 
Add fxload (used by SBIG cameras)
 
Add fxload (used by SBIG cameras)
 +
 +
If building Python from source as of version 3.6 in order to get urllib to work add the ghc- packages
 +
 +
  
 
== After updates ==
 
== After updates ==
Line 242: Line 295:
 
Edit /etc/sysconfig to set locate default search to root
 
Edit /etc/sysconfig to set locate default search to root
  
Use YAST to set NTP servers for your domain rather than Opensuse's defaults
+
Use YAST to set NTP servers for your domain rather than Opensuse's defaults. New installations of Leap will use chrony rather than ntp for improved synchronization.  With ntp, check the performance using "/usr/sbin/ntpq -p"  or with chrony use "/usr/bin/chronyc tracking".  As of July 2018, chronyc is a preferred option.
  
 
On a longer term, routine updates can be done from the command line with  
 
On a longer term, routine updates can be done from the command line with  
Line 255: Line 308:
 
== Python ==
 
== Python ==
  
For OpenSuse Leap 42.3 (current as of March 2018)  both Python-2.7 and Python-3.4 are installed.  By default /usr/bin/python points to python2, while pip uses pip3.4 and will update python3.  For the most part unless you need a python2 component, leave the 2.7 installation alone and augment the python3 installation for our software.  Be aware of which system the pip command you choose belongs to.
+
For OpenSuse Leap 15 (current as of November 2018)  both Python-2.7 and Python-3.6 are installed.  By default /usr/bin/python points to python2, while pip uses /usr/bin/pip3.6 and will update python3.  For the most part unless you need a python2 component, leave the 2.7 installation alone and augment the python3 installation for our software.  Be aware of which system the pip command you choose belongs to. A better solution is not to bother with the system versions at all, and to install Python 3 from source.
  
  
=== Python from source ===
+
=== Python - installing the latest from source ===
  
Recently a new issue came up with Astropy, the groupware that consolidates many astronomy-related packages and is the maintainer of the essential pyfits and wcsfits for accessing fits-format files.  Astropy has a sunset policy on the python it supports, and it currently requires Python 3.5 or 3.6.  While it is not stated whether this aggressive  choice will be rolled forward as Python 3.x continues to improve, it suggests that users may need ways to install a version of Python for science that is different from the once a conservative stable server software provided like OpenSuse may offer.  Indeed, Astropy's website urges use of Anaconda, which solves these problems for them and for single users, but can be an additional burden for system managers.   
+
Recently a new issue came up with Astropy, the groupware that consolidates many astronomy-related packages and is the maintainer of the essential pyfits and wcsfits for accessing fits-format files.  Astropy has a sunset policy on the python it supports, and it currently requires Python 3.6 or greater.  While it is not stated whether this aggressive  choice will be rolled forward as Python 3.x continues to improve, it suggests that users may need ways to install a version of Python for science that is different from the one a conservative stable server software like OpenSuse may offer.  Indeed, Astropy's website urges use of Anaconda, which solves these problems for them and for single users, but can be an additional burden for system managers.   
  
The problem may not persist, depending on how quickly OpenSuse and others move to Python 3.6, but currently the choices are to install Anaconda or Canopy Python distributions in a framework that allows systemwide access, to use an unofficial version of Python from the [https://software.opensuse.org/find OpenSuse build service] for ''python36'', or to install it from [https://www.python.org/downloads/ source].  To install from source follow these instructions exactly:
+
The problem may not persist, depending on how quickly OpenSuse and others update Python 3, but currently the choices are to install Anaconda or Canopy Python distributions in a framework that allows systemwide access, or to install it from [https://www.python.org/downloads/ source].   
  
# Download the source tar file currently Python-3.6.4.tgz and as superuser or root copy to /usr/local/src
+
Warning: With Leap 15, many Opensuse system applications will call python3 and will be configured to use the system version. You cannot link /usr/bin/python3 to a locally configured Python and expect that the system programs will work as expectedWrite your local programs to call your local python explicitly. You can also set your PATH so that it searches /usr/local/bin before /usr/bin.
# Untar the file and assign ownership of the new directory tree to yourself as an unpriviledged user
 
# As a normal user, cd into the source directory and run ./configure
 
# The defaults will be fineYour new Python will go into the /usr/local/ directory. Some users prefer /opt, which can be changed as a configuration option.
 
# make
 
# make test
 
# Now as root user --
 
# make altinstall
 
# ln -s /usr/local/lib64/python3.6/lib-dynload/ /usr/local/lib/python3.6/lib-dynload
 
  
The altinstall option is necessary to avoid overwriting or interfering with the system python.  The softlink is needed because some llibrary files in lib64 are not found without it. It is not necessary to assign either PYTHONHOME or PYTHONPATH, or to use an environment manager to have this version work independently of the system version.  However, be aware that the functions you need are explicity in /usr/local/bin and that they refer to python by its version, that is ''python3.6'' and ''pip3.6'' Therefore if you later update the OS to Leap 15 and it also has these executables, there's a potential conflict that would be resolved by the search path and could be ambiguous.
+
To install from source follow these instructions exactly:
 +
 
 +
# Add the packages from Opensuse noted above
 +
# Download the source tar file currently Python-3.7.1.tar.xz and as superuser or root copy to /usr/local/src
 +
# Untar the file and assign ownership of the new directory tree to yourself as an unpriviledged user
 +
# As a normal user, cd into the source directory and run ./configure
 +
# The defaults will be fine.  Your new Python will go into the /usr/local/ directory.  Some users prefer /opt, which can be changed as a configuration option.
 +
# make
 +
# make test
 +
# Now as root user --
 +
# make altinstall
 +
 
 +
If this fails it is probably a missing package.  Check the ones that are required, install them, make clean, make, make test, make altinstall again.
 +
 
 +
# ln -s /usr/local/lib64/python3.7/lib-dynload/ /usr/local/lib/python3.7/lib-dynload
 +
 
 +
Add readline explicitly as a module that works with our GUI after installation
 +
 
 +
#/usr/local/bin/pip3.7 install gnureadline
 +
 
 +
The build process may require adding missing libraries.  There may be  errors when building on a new installation of Leap 15 with the GNU debugging tests that are in testing only and may be ignored. However, Open SSL support needed for pip as of Python 3.7 requires version 1.1 or higher.  Install the libopenssl1_1-devel package.  Do not install libressl.
 +
 
 +
Older Opensuse distributions do not offer an upgrade to a supported OpenSSL version and would need a system software upgrade to use the latest Python without also installing a recent OpenSSL.  This solution worked for Opensuse 42.1. Note if you install libopenssl1_1-devel in more recent Opensuse distributions this is ''not'' needed.
 +
 
 +
# Download the OpenSSL source tar file openssl-1.1.1.tar.gz and as superuse or root copy to /usr/local/src
 +
# Untar the file and configure it as recommended for Unix-like systems with
 +
# ./config --prefix=/usr/local/ssl --openssldir=/usr/local/ssl  '-Wl,--enable-new-dtags,-rpath,$(LIBRPATH)'
 +
# Run "make", "make test", and "make install" to compile, test, and install the code in /usr/local/ssl
 +
# Configure Python with ./configure --with-ssl=/usr/local/ssl and then make it as above.
 +
# Confirm that "test_ssl" runs and passes.
 +
 
 +
The altinstall option is necessary to avoid overwriting or interfering with the system python.  The softlink is needed because some llibrary files in lib64 are not found without it. It is not necessary to assign either PYTHONHOME or PYTHONPATH, or to use an environment manager to have this version work independently of the system version.  However, be aware that the functions you need are explicity in /usr/local/bin and that they refer to python by its version, that is ''python3.7'' and ''pip3.7'' Therefore if you later update the OS to Leap 15 and it also has these executables, there's a potential conflict that would be resolved by the search path and could be ambiguous. Alternatively, explicity link to python in /usr/local/bin in commandline uses or scripts.
  
 
Similarly, if you install Anaconda Python, it will have its own /opt directory tree to navigate, while Canopy Python may use environment variables. To run your own locally built Python ''echo PYTHONHOME'' and ''echo PYTHONPATH'' should return empty strings.
 
Similarly, if you install Anaconda Python, it will have its own /opt directory tree to navigate, while Canopy Python may use environment variables. To run your own locally built Python ''echo PYTHONHOME'' and ''echo PYTHONPATH'' should return empty strings.
Line 281: Line 357:
 
=== Modules by pip ===
 
=== Modules by pip ===
  
Because they are not available as a package in OpenSuse for Python 3, or because you are updating another installation,  use explicitly the pip for your Python.  That is, for the system python3,  /usr/bin/pip points to /etc/alternatives/pip which points to /usr/bin/pip3.4 .  Our separately installed python has /usr/local/bin/pip3.6 .
+
Because they are not available as a package in OpenSuse for Python 3, or because you are updating another installation,  use explicitly the pip for your Python.  That is, for the system python3,  /usr/bin/pip points to /etc/alternatives/pip which points to /usr/bin/pip3.6 in Leap 15 .  Our separately installed python has /usr/local/bin/pip3 .
 +
 
 +
If the system is behind a firewall requiring a proxy, possibly pip will see the system proxy configuration.  If not, try
 +
 
 +
  export https_proxy=http://proxy.domain:port
 +
 
 +
where typically the port is 8000 or 8080.
  
 +
In locally built versions of Python 3.7 or higher without readline-devel previously installed in yast, readline will a missing  module.  For Opensuse a suitable fix is
 +
 +
/usr/local/bin/pip3.7 install gnureadline
 +
 +
Note this is "gnu" readline, not readline.  The latter will segfault reading the history file.
  
 
For installing in the system python, if  matplotlib for Python 3 was installed with yast it must be removed in  a two-step process.  First delete  it from yast and then and mark it taboo so that it will not re-install.  Afterward, remove it from the system python this way.
 
For installing in the system python, if  matplotlib for Python 3 was installed with yast it must be removed in  a two-step process.  First delete  it from yast and then and mark it taboo so that it will not re-install.  Afterward, remove it from the system python this way.
Line 303: Line 390:
 
Install scipy (pip install scipy)
 
Install scipy (pip install scipy)
  
Install scikit-image will install pillow(pip install scikit-image)
+
Install cython (pip install cython)
 +
 
 +
Install scikit-image which will install pillow (pip install scikit-image)
  
 
Install astropy (pip install astropy)
 
Install astropy (pip install astropy)
  
Install pyephem (pip install pyephem)
+
Install skyfield (pip install skyfield) replaces deprecated pyphem
  
Install healpy  (pip install healpix)
+
Install healpy  (pip install healpy)
  
 
Install reproject  (pip install reproject)  
 
Install reproject  (pip install reproject)  
Line 319: Line 408:
 
Install  pyastronomy (pip install pyastronomy) or from source on github [https://github.com/sczesla/PyAstronomy pyastronomy]
 
Install  pyastronomy (pip install pyastronomy) or from source on github [https://github.com/sczesla/PyAstronomy pyastronomy]
  
 +
Install bokeh for browser-based graphics (pip install bokeh)
 +
 +
Install pycurl for remotely communicating with a server (pip install  pycurl)
 +
 +
If there is an error from the SSL library, use these two commands to resolve the dependency:
 +
 +
  export PYCURL_SSL_LIBRARY=openssl
 +
 +
  pip install  --upgrade --force-reinstall  pycurl
 +
 +
Dowloading files from Google drive requires two modules
 +
 
 +
  pip install --upgrade google-api-python-client
 +
  pip install oauth2client
 +
 +
The first of these provides the module "apiclient" and the other provides tools for authorization which would be imported this way
 +
 
 +
  from apiclient import discovery
 +
  from oauth2client import client
 +
  from oauth2client import tools
 +
  from oauth2client.file import Storage
  
 +
as described by the official google download api respository [https://github.com/google/google-api-python-client here]
  
 
Lastly, install the software chain for data visualization with Python using pip rather than the system package because Pandas is developing rapidly
 
Lastly, install the software chain for data visualization with Python using pip rather than the system package because Pandas is developing rapidly
Line 328: Line 439:
  
 
Install requests (pip install requests)
 
Install requests (pip install requests)
 +
 +
Install flask (pip install flask)
 +
  
  
Line 370: Line 484:
 
Install Alsvid updated for Python3
 
Install Alsvid updated for Python3
  
Install ds9  
+
Install ds9 using a recent version from [http://ds9.si.edu/site/Download.html http://ds9.si.edu/site/Download.html].  For OpenSuse,  ds9 presents a library problem because of its dependency on OpenSSL 1.0.  Old versions of OpenSuse had that library, and copies of it are still available, but it is not part of the latest distribution. The two  are  libcrypto.so.1.0.0 and libssl.so.1.0.0 which may be copied to /usr/local/lib64 followed by "ldconfig".  The problem persists with ds9 8.0 as of July 1, 2019.
  
 
Install xpa
 
Install xpa
Line 387: Line 501:
 
Install astrometry.net
 
Install astrometry.net
  
Download the latest stable package from the git repository. Astrometry.net now will sense and use Python3.  It does not allow configuring with the configure script and it will work as is.  In OpenSuse 42.3 you will have to install netpbm.  Since astrometry uses swig and looks at the python system command, it requires numpy and astropy packages in the place it is looking.  Check util/makefile.common and possibly change #!/usr/bin/env python to #!/usr/bin/env python3 if that is appropriate, and also explicitly direct to your local python if needed.  Correspondingly , you may need to change the  #! lines in the scripts in the src bin directory which also utilize the default system environment. 
+
Download the latest from the astrometry.net website
  
Also netpbm will not be found with the out-of-the-box configurationEdit the file util/makefile.netpbm to have these lines
+
[http://astrometry.net/ http://astrometry.net/]
 +
 
 +
which will be  a recent stable version ready to compile.  The cutting edge is on the git repository
 +
 
 +
[https://github.com/dstndstn/astrometry.net https://github.com/dstndstn/astrometry.net]
 +
 
 +
and it will not compile with editing and is not recommended.
 +
 
 +
Astrometry.net  uses the system default Python unless you chose otherwise.  In Opensuse Leap 15.1 with Python 2.7 as the system default, compilation of astrometry.net still falls back on having some 2.7 packages present.  Before building astrometry.net from source, check that they system has
 +
 
 +
python-devel
 +
python2-numpy-devel
 +
swig
 +
git
 +
libnetpbm-devel
 +
 
 +
to avoid errors on the first attempt.
 +
 
 +
Other python utilities may use  a locally installed Python, say /usr/local/bin/python3.7, if you are compiling with a library path that will find it.  That is,  echo $LD_LIBRARY_PATH  should show /usr/local/lib and /usr/local/lib64.  The environment variables are not preserved when compiling after "su". Two simple solutions are either to change ownership of Astrometry.net and compile as a normal user, or connect directly as root user and compile.  Either way, check the environment first.  Once that is done, edit util/makefile.common so that it reads this way
 +
 
 +
  # don't change this one -- it must match what is in the bin/* scripts
 +
  PYTHON_SCRIPT_DEFAULT := /usr/bin/env python
 +
 
 +
  # change this if you want to set exactly which python program gets run to
 +
  # execute the python scripts in bin/ (image2pnm and friends).
 +
  # Note that this must be a full path (this is a bash requirement).
 +
  #PYTHON_SCRIPT ?= $(PYTHON_SCRIPT_DEFAULT)
 +
  # eg,
 +
  PYTHON_SCRIPT ?= /usr/local/bin/python3.7
 +
 
 +
The only change required is to point specifically to the python you need.  Opensuse Leap 15 also installs Python 3.6, which is one release behind the current one (at this writing) of 3.7.  The simplest solution to this and staying up with the requirements of astropy is to install Python from source in /lusr/local and then link to it here and elsewhere as needed.  However astrometry.net will have a dependence on the systems Python 2.7.
 +
 
 +
In OpenSuse Leap you will also have  edit  util/makefile.netpbm if compilation does not find the libraryYou may  later change the  #! lines in the scripts in the installed bin directory if another Python on the system is preferred.
 +
 
 +
If  netpbm is not be found,  edit the file util/makefile.netpbm to point it to the correct place:
 
    
 
    
  NETPBM_INC = -I/usr/include/netpbm
+
  NETPBM_INC ?= -I/usr/include/netpbm
 
  NETPBM_LIB ?= -L/usr/lib64 -lnetpbm  
 
  NETPBM_LIB ?= -L/usr/lib64 -lnetpbm  
  
Line 403: Line 551:
  
 
Install hp15c
 
Install hp15c
 
Install jedit
 
  
 
Install tightvnc_viewer
 
Install tightvnc_viewer
Line 411: Line 557:
  
 
Install mediawiki (on servers as needed)
 
Install mediawiki (on servers as needed)
 +
 +
Install cfitsio
 +
 +
Install xpa
  
 
Install xmtel (if needed)
 
Install xmtel (if needed)
  
 
Install xmccd (if needed, also provides libcfitsio and xpa)
 
Install xmccd (if needed, also provides libcfitsio and xpa)
 +
 +
  
 
== Update /etc ==
 
== Update /etc ==
Line 452: Line 604:
  
 
With Opensuse's use of the wicked network daemon, a configured network device will not show its IP until it is physically connected to an active network.  The yast configuration option "at boot time" for network configuration means that these ports must  see a live connection when the system is booted to find their configuration.  This is not a bug, it is a "feature". The alternative option  "on cable connection" is not useful for a fixed instrument controller.  If a device is physically connected and does not show its IP in ifconfig, try "systemctl restart network.service" or a reboot.
 
With Opensuse's use of the wicked network daemon, a configured network device will not show its IP until it is physically connected to an active network.  The yast configuration option "at boot time" for network configuration means that these ports must  see a live connection when the system is booted to find their configuration.  This is not a bug, it is a "feature". The alternative option  "on cable connection" is not useful for a fixed instrument controller.  If a device is physically connected and does not show its IP in ifconfig, try "systemctl restart network.service" or a reboot.
 +
 +
 +
== Additional security ==
 +
 +
The OpenSuse network monitoring daemon xinetd provides tcpd wrapper service within the systemd framework.  This enables use of hosts.allow and hosts.deny to filter access  in a simple way. By default, xinetd will not be started with a new installation.  Enable it in the system configuration on YAST and start it on boot.  In hosts.deny put "ALL: ALL" to close the network for everything the software is aware of, and then allow specific IP addresses to access  the services with entries in hosts.allow.  Insure that xinetd is running, and check journalctl for failed login attempts routinely as a basic security front line, usually behind a more secure institutional firewall.
  
  
Line 522: Line 679:
  
 
This provides support where needed for SDXC memory cards through the Microsoft exfat filesystem.
 
This provides support where needed for SDXC memory cards through the Microsoft exfat filesystem.
 +
  
 
== VLC ==
 
== VLC ==
Line 570: Line 728:
  
  
VirtualBox as supplied by OpenSuse cannot be updated using the Oracle site.  Instead of installing their version, we use the latest Oracle RPM which is currently version 5.1.18Version 5.0 and higher supports USB3 in the host OS, and is therefore advisable for camera or storage drive use.
+
VirtualBox as supplied by OpenSuse cannot be updated using the Oracle site.  Instead of installing their version, we use the latest Oracle RPM which is currently version 6.0.8.   
  
 
*Set the BIOS to allow virtualization technology and to allow advanced I/O for sharing resources.
 
*Set the BIOS to allow virtualization technology and to allow advanced I/O for sharing resources.
 
*Retrieve the packages from https://www.virtualbox.org/wiki/Linux_Downloads .
 
*Retrieve the packages from https://www.virtualbox.org/wiki/Linux_Downloads .
*Retrieve the repo file from http://download.virtualbox.org/virtualbox/rpm/opensuse/13.2/virtualbox.repo
+
*Retrieve the repo file f
 
*Retrieve the public key from https://www.virtualbox.org/download/
 
*Retrieve the public key from https://www.virtualbox.org/download/
 
*Install the public key with rpm --import public_key.asc
 
*Install the public key with rpm --import public_key.asc
 
*Install the repository with zypper ar -f ./file.repo
 
*Install the repository with zypper ar -f ./file.repo
*zypper --non-interactive install VirtualBox-5.1-5.1.18_114002_openSUSE132-1.x86_64.rpm
+
*zypper --non-interactive install VirtualBox-xxx-.rpm
 
*Retrieve the extension pack from Oracle's download site.
 
*Retrieve the extension pack from Oracle's download site.
*VBoxManage extpack install .Oracle_VM_VirtualBox_Extension_Pack-5.1.18-114002.vbox-extpack
+
*VBoxManage extpack install .Oracle_VM_VirtualBox_Extension_Pack-xxx.vbox-extpack
 
*In Opensuse YAST, add the Virtualbox guest kernel modules and guest tools, or use the guest additions from Oracle.
 
*In Opensuse YAST, add the Virtualbox guest kernel modules and guest tools, or use the guest additions from Oracle.
 
*Add the virtualbox group to the user(s) who will run it .
 
*Add the virtualbox group to the user(s) who will run it .
Line 602: Line 760:
 
== Zoom not Skype ==
 
== Zoom not Skype ==
  
While Skype is supported on Linux through its newer version,  it does not at this time (2018-03-14) work reliably with the default installation of Opensuse 42.3.  Alternatives include Google Hangouts and conferencing software [https://www.zoom.us Zoom], which is the recommended solution.
+
While Skype is supported again on Linux through its newer version,  it was not working well with Opensuse 42.3 has not been tested with Leap 15.  Alternatives include Google Hangouts and conferencing software [https://www.zoom.us Zoom], which is the recommended solution.
 +
 
 +
 
 +
 
  
 
== Wireless ==
 
== Wireless ==
Line 610: Line 771:
  
 
Few USB network adapters work with the Linux kernel in OpenSuse  .  Only one we have found readily available new is the Buffalo Nfinity Wireless-N compact USB 2.0 adapter.  It is recognized immediately and requires no additional configuration, other than the selection of networkmanager, and the user's choice of connection.
 
Few USB network adapters work with the Linux kernel in OpenSuse  .  Only one we have found readily available new is the Buffalo Nfinity Wireless-N compact USB 2.0 adapter.  It is recognized immediately and requires no additional configuration, other than the selection of networkmanager, and the user's choice of connection.
 +
 +
When configuring a laptop that will need flexible control of the network, consider changing the default /etc/sysconfig/network/config  entry from "no" to
 +
 +
  NETCONFIG_FORCE_REPLACE="yes"
 +
 +
This change will insure that if you change networks the resolv.conf file will be rewritten, and it may affect other files that get modified in some way.  The downside is that you will need to use the root password when restarting the network.
 +
 +
  
 
== Static LAN and dnsmasq ==
 
== Static LAN and dnsmasq ==
Line 624: Line 793:
 
* Change the laptop networking to run wickedd instead of networkmanager.
 
* Change the laptop networking to run wickedd instead of networkmanager.
  
The second method using the powerful console commandline interface for Network Manager is the best solution but requires specific commands for each situation.  We will provide additional help with this in a separate wiki entry.
+
The second method using the powerful console command line interface for Network Manager is the best solution but requires specific commands for each situation.  A common problem has been network management when a device is to be attached to an Ethernet adapter on a USB3 connection. For example, we use a StarTech adapter that runs on a powered laptop port to provide both ethernet and  additional USB3 connections to a camera and environmental sensors.  The network connection has to be associated with dnsmasq to enable DHCP connections from cameras.  With networkmanager on opensuse, this new device is not configurable through the YAST tools.  The solution is
 +
 
 +
1. Boot the computer with the device installed so that it is recognized without an issue
 +
 
 +
2. As root create the connection and bring it up
 +
 
 +
  nmcli con add con-name "usb-ethernet" ifname eth1 type ethernet ip4 192.168.1.1/24
 +
  nmcli con up usb-ethernet
 +
 
 +
3.  Check that it is present
 +
 
 +
  ifconfig
 +
 
 +
  eth1  Link encap:Ethernet  HWaddr 00:05:1B:D0:88:E3 
 +
          inet addr:192.168.1.1  Bcast:192.168.1.255  Mask:255.255.255.
 +
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
 +
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
 +
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
 +
          collisions:0 txqueuelen:1000
 +
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)
 +
 
 +
4.  Configure dnsmasq.conf with lines such as
 +
 
 +
  interface=eth1 
 +
  dhcp-range=192.168.1.50,192.168.1.100,12h
 +
 
 +
5.  Enable and start dnsmasq in sysconfigure
 +
 
 +
These changes should remain in effect until removed, and a camera attached to the new network connection will be seen on the local "usb-ethernet",
  
 
The third option is the default for a desktop system. The disadvantage to the third option in the laptop world is that wickedd does not have the end-user support for wireless networking that networkmanager provides.  Further, when switching from one system to another, there are inevitable configuration issues, particularly with the management of host resolution and the file /etc/resolv.conf.
 
The third option is the default for a desktop system. The disadvantage to the third option in the laptop world is that wickedd does not have the end-user support for wireless networking that networkmanager provides.  Further, when switching from one system to another, there are inevitable configuration issues, particularly with the management of host resolution and the file /etc/resolv.conf.
Line 634: Line 831:
 
LINK_REQUIRED=no
 
LINK_REQUIRED=no
  
As of Opensuse 42.1, this line is not inserted by the yast2 configurator, and consequently the network device will stall  and wickedd will report "setup-in-progress".  The simple solution is to enter this by hand if you see this error and need a second network active on power up.
+
As of Opensuse 42.3, this line is not inserted by the yast2 configurator, and consequently the network device will stall  and wickedd will report "setup-in-progress".  The simple solution is to enter this by hand if you see this error and need a second network active on power up.
  
  
Line 644: Line 841:
 
proxy = proxy.usq.edu.au:8080
 
proxy = proxy.usq.edu.au:8080
  
without the "http" prefix.
+
without the "http" prefix. Alternatively, if there is a system proxy, then curl can be run with a command line that over rides it for specific addresses or for everything with a wildcard
 +
 
 +
curl --no-proxy *
 +
 
  
 
Both Firefox and Chrome browsers will negotiate an automatic proxy server while curl, zypper, and yast will not.
 
Both Firefox and Chrome browsers will negotiate an automatic proxy server while curl, zypper, and yast will not.

Latest revision as of 15:47, 15 August 2019

The observatory's servers and control computers run on the OpenSuse distribution of Linux-based software. Leap 15.1 . We have chosen the Leap series because of its conservative testing and stability. Generally the slowed cycle of new versions does not cause problems, except where we need software that is pushing the edge, notably AstroPy. We have tested Tumbleweed when Leap 15 was introduced in 2018 and found at the time too many points of failure with networking and compilation to make it a safe choice for professional long term use. However, it has the significant advantage that it can be built and maintained remotely, such that a remote telescope computer or inaccessible server can be updated without being on site. Use of Tumbleweed will be evaluated because of this advantage, but as of June 2019 the default remains Leap 15.1 .

These evolving installation notes originated with much earlier versions of OpenSuse and are rewritten as we gain experience with the most recent releases and work-around solutions to problems.

The following describes how to build a system with OpenSuse that provides a solid foundation of software for physics and astronomy for real-time control of telescopes and observatories, use in the laboratory or the field, operating small servers, and processing astronomical data.


Tumbleweed

Installation of Tumbleweed as an upgrade to an exisiting system may be done remotely. Please note that the result may be unsuitable for production.

https://en.opensuse.org/openSUSE:Tumbleweed_upgrade

The process has a few simple steps to update the current OS, then change repositories, and perform the update. Following the instructions at these links will result in a new system that should reboot and run immediately.

Because of the very large number of packages involved, it is best to remove latex and texlive first before doing the update, and then if needed re-install at leisure. It can take many hours on a high speed network to get the texlive files.

DHCP networking in Tumbleweed and Leap 15 does not send a pure MAC address even when it supposed to. That is, it transmits a longer identifier that may not be recognized by network DHCP services if a pseudo-static IP based on the MAC has been assigned. While the solution to this is simple, it should be done with yast before rebooting the new system, especially when the system is built remotely for Tumbleweed. If this is not done for networks that require the identifier the system networking will not find the assigned pseudo-static IP.

  • Network Settings
  • Global Options
  • DHCP client identifier
  • Paste MAC address of the DHCP network interface card
  • Edit the field to insert "01:" before the MAC address

Now when the network is configured it will restart and should receive the assigned IP for this card. Make sure that only one Ethernet connection from the computer is presenting to the network with DHCP.

Check the results with

 ip a
 ethtool eth0
 nslookup www

where the latter tests that DNS services are properly provided. The configuration is saved in /etc/sysconfig/network/dhcp .

During the last test of Tumbleweed in 2018, other problems were encountered with compilation of Python from source using the default installations, and with proxy service to the extent that Tumbleweed was not usable without considerable effort. Also, given its cutting edge character, we are concerned that new issues could arise during routine updates. Opensuse Leap has a 18 month development cycle that allows sufficient time between upgrades that it can be a stable solution for production, with the disadvantage that updates require physical presence at the server.

The following instructions apply primarily to Opensuse Leap 15.1, and should also work for a new installation of Tumbleweed for those who like adventure.


Before Installation

If possible, for a new installation of the operating system or a major update to a disk in service, consider installing it on a new disk and copying the important files over from the old one. This is the safest path.

Prepare a DVD or a USB memory stick with the ISO image of the distribution. OpenSuse's imagewriter is a convenient way to create the correct structure on the USB device. Newer hardware will accept a USB memory stick for booting, but older (say prior to 2015) may require a DVD drive.

On a new system not using RAID, deselect RAID in BIOS if it is offered. This will prevent OpenSuse from creating disk partitions with RAID. However, if RAID information has already been written to the disk the OpenSuse installer will assume a RAID configuration even if hardware raid is not enabled. A simple cure is to install the system twice. On the first pass use the Expert Partitioner option and delete the proposed raid configuration. Then in /dev/sda (or equivalent) add a root and a home ext4 partition but intentionally do not add a boot partition. The installer will warn you this will not work. Ignore those warnings and let the installer prepare the disk. Once that is accomplished you can abort the installation, or let it run to the end. The disk will not be bootable but it will be cleaned of RAID and on the next installation pass you will have a proposal to use the full disk with conventional structure and btrfs for the root partition.

For most new machines allow UEFI (custom option, if available) and disable compatibility mode in the BIOS. The installer will identify the system as allowing UEFI and properly select the boot configuration. However, also use the BIOS setup to change the boot priority to the medium reflecting this choice. The boot medium and a UEFI installation must match.

Opensuse will detect and set up a UEFI boot protocol unless this option is turned off in the BIOS. With that selection it will handle and format large disks.

Some recent hardware, notably the Supermicro X10-SRA, may hang on booting with older USB devices attached. While we do not know the cause, the cure in this instance was to enable EHCI-Hand-off in the USB configuration options presented for the BIOS. This may apply only to specific applications, and could be kernel-dependent,. In general, the default BIOS settings are fine for installation and need modification later if specific applications raise issues.


During installation

If your computer has more than one network connection, for example for a local subnet and for a global or institutional network, physically disconnect the local one until installation is complete. This will prevent the installation scripts from mis-identifying the network assignments.

Insert the medium, reboot the system, and select Installation from the splash screen. If there is a booting problem, use the keyboard to bring up a boot selection screen (often "Del", F11 or F12), and check the boot order and if needed also the BIOS setup.

If there is a proxy for network access at this point it may be necessary to enter that information before proceedings to the actual installation. At the OpenSuse boot screen press F4 for access to the manual network configuration and enter the information. At Mt. Kent, for example, there is a proxy but it is handled automatically for browsers. For zypper and yast, however, it has to be explicitly configured to http://proxy.usq.edu.au:8000 so that yast will find the repositories. After installation for normal use this would be turned off by deselecting the proxy in the yast configuration screen.

On laptops with Nvidia Quadro graphics and GPU combined with Intel graphics, if the BIOS allows it, deselect options that use the Intel graphics and then enable sole use of Nvidia. This avoids a multitude of booting and configuration issues, and provides a platform for GPU computing. The downside is increased power consumption and loss of battery life. If those are the primary considerations, then it may be best to not use Nvidia at all. Alternatively, it is possible to install Bumblebee to enable switching between video hardware for specific uses. Nvidia Quadro, which provides GPU computing, requires their proprietary driver for full support.

At this point if the system has a recent Nvidia card it also may be best to disable modeset. The symptom this is necessary is that subsequent booting freezes before the installation begins. Edit the boot options if needed by pressing "e" before the system tries to start an installation. This will open a simple boot editing screen with instructions.

At the end of the line for linux add "nouveau.nomodeset=0" . Similarly, a problem with an Intel graphics card that was switching, perhaps to a Displayport interface, was fixed with simply "nomodeset".

Continue with the installation as instructed on this editing screen. The default settings should work with the following additions and exceptions.

Deselect software by taking the checkmark off with a spacebar press. After installation is complete, return to the software menu of YAST and make sure that those items never to be install (pk-update is the worst of them, AppArmor not far behind) are marked "Taboo". Do not install them.

Leap 15.1 installation offers KDE, Gnome (Wayland), and a basic system for customizing. We prefer the customized soluiton, and when selecting software add Xfce for an environment that is lightweight but fully functional. Add their development code for Gnome and KDE (Qt will be present by default).

LaTeX and related content is under the "Technical Writing" group. It is a lengthy download and may be installed later. For an upgrade, if it is already installed, it may also be best to delete it first, then reinstall when it can run overnight if your network connection is is not very fast.

Set the computer system clock to use UTC, check the time zone and the local time.

The gparted and gnome-disks packages are useful to manage disks larger than 2 TB. With new disks the installer will use BTRFS and as of Leap 15.1 it will create a large partition for the entire disk. In the event of a failure, leaving a critical disk formatted in the wrong size or filesystem, add gdisk from a repository and reformat the disk. Reboot, and re-install the operating system on the reformatted disk. Earlier versions of Leap would install the operating system in a small partition that limited the space available, and then allocated the balance to an XFS partition for user space. Check that adequate space is left for your system needs and use the expert mode if needed to allocate space before installing the operating system. Once partitioned, OpenSuse will use existing partitions as a guide and it is difficult to override these choices later.

Deselect and mark "taboo" Apparmor for systems which do not require its access controls. Delete pk-update to avoid nagware about package updates and mark it for non-installation permanently by selecting "taboo"

Turn off firewall (assuming your system is already behind an adequate institutional or local firewall)

Open the port for SSH

Check the boot option for grub2 matches that of your machine (should be UEFI if available)

Complete the installation from the media (either USB or DVD)

Remove the medium, reset the boot priority to the hard disk first, reboot


From OpenSuse using YAST

Start yast from the command line as su with yast --qt or "yast2"

Disable DVD or USB in software repositories

Unless doing GPU development or you have recent nvidia hardware, do not include the repository for nvidia (creates a long term maintenance problem) and use the Nouveau Xorg driver

Perform all updates based on default repositories as needed

Note that in removing packages select Options --> Cleanup when deleting packages to prevent their automatic reinstalling though the pre-selection feature of Yast. Generally it is not necessary to remove packages unless there is something about them that interferes with your use of the system. In most cases they may be disabled in subsequent system configuration.

Remove really annoying pk-update-icon if you missed deleting it initially. You will have to mark it in YAST for permanent deletion.

Add Nvidia public repository if needed and nvidia graphics and gpu drivers. Select the most recent driver unless Nvidia's documentation suggests otherwise for your hardware.

Add texlive if it has not already been selected. This is a very large package with long download time.

Add lsb

Add apache if used as web server

Add blas-devel

Add php and packages if used as web server

Add gsl and gsl-devel

Add nano

Add timidity

Add audacity

Add audio-recorder

Add stellarium

Add geany

Add gedit

Add gnome-disk-utility (previously palimpsest)

Add gtkglext-devel

Add hdf5 (required by Python Pynpoint-exoplanet)

Add hdf5-devel

Add hdf5-devel-static

Add imagewriter

Add libcurl-devel

Add liblapack

Add liblapack3 (development files)

Add libatlas3 (optional required by astromatic software not in Leap 15)

Add libatlas3-devel (optional required by astromatic software not in Leap 15)

Add liblua5_3-5

Add mlocate

Add nasm (used by openh264)

Add netpbm

Add libnetpbm-devel

Add okular

Add pavucontrol (pulse audio control to work around problems with defaults)

Add plplot

Add plplot-devel (optionally other plplot packages as needed)

Opensuse Leap installs Python 2.7 and Python 3.6. The default system python command in /etc/alternatives points to python 2.7, but the default "pip" points to python 3's pip. The preferred scientific Python solution is to install from source in /usr/local and build a version that is independent of the operating systems Python. This provides for long term maintenance, and few conflicts between dependencies for system code and for cutting edge science code. If that solution is taken, then do not install optional Python 3 packages but instead build the local version and add modules with pip.

The following packages will go to the system Python 3.6. Equivalent packages are available for Python 2 without the "3" in the package name. An end user running python needs to explicitly call python3, or change the alternative link. If our code is to use the system version of Python 3, then the following optional packages would be needed on new systems. For a complete OpenSuse Python3 installation, use the search option in yast for python3-, right click on the field of search results and select all entries. Then deselect any you do not want. This will install packages that have conflicts to resolve. Make your best choice on those. Packages we know we need and are adequately provided by the operating system are .


Add python3-Beautifulsoup4

Add python3-Cython

Add Python3-Sphinx

Add python3-cairo-devel

Add python3-certifi (optional, may cause other issues)

Add python3-dateutil

Add python3-distutils-extra

Add python3-Flask

Add python3-idle

Add python3-numpy or use pip.

Add python3-numpy-devel or use pip.

Add python3-qt4

Add python3-qt5

Add python3-scipy or use pip for this and related packages to get the most recent versions.

Add python3-sympy

You will also need matplotlib and its add-ons.

Add python3-matplotlib

Add python3-matplotlib-tk


Leap 15 and Tumbleweed should supply Tk with a consistent matplotlib. If there are issues with it, you may deselect the matplotlib packages marking them "taboo" in yast, and instead, after work with yast is over, use pip and install matplotlib from pip as described below. This will insure the latest version of matplotlib, especially as Leap ages and matplotlib moves forward with new releases. Nevertheless, best to leave all this alone and install an independent Python solution.

Additional packages you will need from YAST are --

Add libevent-devel

Add libffi-devel (for compiling Python 3.7+)

Add libopenssl-1_1-devel

Add fftw3-devel, libfftw3-threads, and fftw3-threads-devel

Add ncurses-devel (for compiling Python 3.7+)

Add openssl-1_1

Add python-devel (for compiling Python 3.7+)

Add readline-devel (for compiling Python 3.7+ with readline rather than gnulreadline)

Add sk1

Add xfig

Add ufraw

Add gimp-ufraw

Add gphoto but not gphotofs

Add qiv

Add guvcview or luvcview for webcamera viewing

Add motif

Add motif-devel

Add motif-devel-32bit

Add other motif libraries if they are not installed by default

Add libXmu-devel

Add libXp-devel

Remove all virtualbox rpm's installed from OpenSuse

Add yasm

Add yasm-devel

Add libpng12-devel (optional)

Add libpng16-devel

If using Grace earlier than 5.1.25 deselect libpng16-compat-devel and select libpng12-compat-devel

Add fxload (used by SBIG cameras)

If building Python from source as of version 3.6 in order to get urllib to work add the ghc- packages


After updates

Disable modemmanager because it interferes with serial ports used for instruments

Configure dnsmasq if used to run a subnet and start it from yast

Disable avahi as unnecessary in our environment

Edit /etc/sysconfig to set locate default search to root

Use YAST to set NTP servers for your domain rather than Opensuse's defaults. New installations of Leap will use chrony rather than ntp for improved synchronization. With ntp, check the performance using "/usr/sbin/ntpq -p" or with chrony use "/usr/bin/chronyc tracking". As of July 2018, chronyc is a preferred option.

On a longer term, routine updates can be done from the command line with

 zypper up

Add any needed Python3 modules requiring pip, notably matplotlib (see below)



Python

For OpenSuse Leap 15 (current as of November 2018) both Python-2.7 and Python-3.6 are installed. By default /usr/bin/python points to python2, while pip uses /usr/bin/pip3.6 and will update python3. For the most part unless you need a python2 component, leave the 2.7 installation alone and augment the python3 installation for our software. Be aware of which system the pip command you choose belongs to. A better solution is not to bother with the system versions at all, and to install Python 3 from source.


Python - installing the latest from source

Recently a new issue came up with Astropy, the groupware that consolidates many astronomy-related packages and is the maintainer of the essential pyfits and wcsfits for accessing fits-format files. Astropy has a sunset policy on the python it supports, and it currently requires Python 3.6 or greater. While it is not stated whether this aggressive choice will be rolled forward as Python 3.x continues to improve, it suggests that users may need ways to install a version of Python for science that is different from the one a conservative stable server software like OpenSuse may offer. Indeed, Astropy's website urges use of Anaconda, which solves these problems for them and for single users, but can be an additional burden for system managers.

The problem may not persist, depending on how quickly OpenSuse and others update Python 3, but currently the choices are to install Anaconda or Canopy Python distributions in a framework that allows systemwide access, or to install it from source.

Warning: With Leap 15, many Opensuse system applications will call python3 and will be configured to use the system version. You cannot link /usr/bin/python3 to a locally configured Python and expect that the system programs will work as expected. Write your local programs to call your local python explicitly. You can also set your PATH so that it searches /usr/local/bin before /usr/bin.

To install from source follow these instructions exactly:

# Add the packages from Opensuse noted above
# Download the source tar file currently Python-3.7.1.tar.xz and as superuser or root copy to /usr/local/src 
# Untar the file and assign ownership of the new directory tree to yourself as an unpriviledged user
# As a normal user, cd into the source directory and run ./configure 
# The defaults will be fine.  Your new Python will go into the /usr/local/ directory.  Some users prefer /opt, which can be changed as a configuration option.
# make
# make test
# Now as root user --
# make altinstall

If this fails it is probably a missing package. Check the ones that are required, install them, make clean, make, make test, make altinstall again.

# ln -s /usr/local/lib64/python3.7/lib-dynload/ /usr/local/lib/python3.7/lib-dynload

Add readline explicitly as a module that works with our GUI after installation

#/usr/local/bin/pip3.7 install gnureadline

The build process may require adding missing libraries. There may be errors when building on a new installation of Leap 15 with the GNU debugging tests that are in testing only and may be ignored. However, Open SSL support needed for pip as of Python 3.7 requires version 1.1 or higher. Install the libopenssl1_1-devel package. Do not install libressl.

Older Opensuse distributions do not offer an upgrade to a supported OpenSSL version and would need a system software upgrade to use the latest Python without also installing a recent OpenSSL. This solution worked for Opensuse 42.1. Note if you install libopenssl1_1-devel in more recent Opensuse distributions this is not needed.

# Download the OpenSSL source tar file openssl-1.1.1.tar.gz and as superuse or root copy to /usr/local/src
# Untar the file and configure it as recommended for Unix-like systems with
# ./config --prefix=/usr/local/ssl --openssldir=/usr/local/ssl   '-Wl,--enable-new-dtags,-rpath,$(LIBRPATH)'
# Run "make", "make test", and "make install" to compile, test, and install the code in /usr/local/ssl
# Configure Python with ./configure --with-ssl=/usr/local/ssl and then make it as above. 
# Confirm that "test_ssl" runs and passes.

The altinstall option is necessary to avoid overwriting or interfering with the system python. The softlink is needed because some llibrary files in lib64 are not found without it. It is not necessary to assign either PYTHONHOME or PYTHONPATH, or to use an environment manager to have this version work independently of the system version. However, be aware that the functions you need are explicity in /usr/local/bin and that they refer to python by its version, that is python3.7 and pip3.7 Therefore if you later update the OS to Leap 15 and it also has these executables, there's a potential conflict that would be resolved by the search path and could be ambiguous. Alternatively, explicity link to python in /usr/local/bin in commandline uses or scripts.

Similarly, if you install Anaconda Python, it will have its own /opt directory tree to navigate, while Canopy Python may use environment variables. To run your own locally built Python echo PYTHONHOME and echo PYTHONPATH should return empty strings.


Modules by pip

Because they are not available as a package in OpenSuse for Python 3, or because you are updating another installation, use explicitly the pip for your Python. That is, for the system python3, /usr/bin/pip points to /etc/alternatives/pip which points to /usr/bin/pip3.6 in Leap 15 . Our separately installed python has /usr/local/bin/pip3 .

If the system is behind a firewall requiring a proxy, possibly pip will see the system proxy configuration. If not, try

 export https_proxy=http://proxy.domain:port

where typically the port is 8000 or 8080.

In locally built versions of Python 3.7 or higher without readline-devel previously installed in yast, readline will a missing module. For Opensuse a suitable fix is

/usr/local/bin/pip3.7 install gnureadline

Note this is "gnu" readline, not readline. The latter will segfault reading the history file.

For installing in the system python, if matplotlib for Python 3 was installed with yast it must be removed in a two-step process. First delete it from yast and then and mark it taboo so that it will not re-install. Afterward, remove it from the system python this way.

pip uninstall matplotlib

pip install matplotlib --upgrade --no-cache-dir

Also for the system python you may need to do this

pip uninstall six

pip install six --upgrade --no-cache-dir


Now if you are building a separate Python for science, use the pip for it and add the modules you need. This may include several that were installed on the system using yast, as well the matplotlib ones and these. Start with these since pip will resolve dependencies, probably use cached source unless you tell it not to, and in the process grow the missing branches of your Python tree. Later, if you find something missing, you can add it as needed.

Install matplotlib will install numpy (pip install matplotlib)

Install scipy (pip install scipy)

Install cython (pip install cython)

Install scikit-image which will install pillow (pip install scikit-image)

Install astropy (pip install astropy)

Install skyfield (pip install skyfield) replaces deprecated pyphem

Install healpy (pip install healpy)

Install reproject (pip install reproject)

Install quantities (pip install quantities) to have physical constants

Install emcee (pip install emcee) to have an MCMC library

Install pyastronomy (pip install pyastronomy) or from source on github pyastronomy

Install bokeh for browser-based graphics (pip install bokeh)

Install pycurl for remotely communicating with a server (pip install pycurl)

If there is an error from the SSL library, use these two commands to resolve the dependency:

 export PYCURL_SSL_LIBRARY=openssl
 pip install  --upgrade --force-reinstall  pycurl

Dowloading files from Google drive requires two modules

 pip install --upgrade google-api-python-client
 pip install oauth2client

The first of these provides the module "apiclient" and the other provides tools for authorization which would be imported this way

 from apiclient import discovery
 from oauth2client import client
 from oauth2client import tools
 from oauth2client.file import Storage

as described by the official google download api respository here

Lastly, install the software chain for data visualization with Python using pip rather than the system package because Pandas is developing rapidly

Install pandas (pip install pandas)

Install scrapy (pip install scrapy)

Install requests (pip install requests)

Install flask (pip install flask)


Astropy

Astropy is a collaboration to provide a consistent and comprehensive distribution of astronomical software to the research community. For systems running Python 3.5 and above it can be installed as other packages

Install astropy (pip install astropy)

The recent restriction excluding Python 3.4 means that new installations on older operating systems cannot add astropy without some work around solution such as described above.

Astropy resolves dependencies on pyfits, originally developed at the Space Telescope Science Institute. Code requiring pyfits will work by adding

 import astropy.io.fits as pyfits

to the Python 3 source.




From source in /usr/local

For rpm packages use

 zypper --non-interactive install package.rpm  

or add --no-gpg-checks if necessary. For java routines. install the source in /usr/local and provide a softlink through a startup script in /usr/localbin. Larger packages such as alternative python builds would also go in /usr/local in preference to /opt. The entire /usr/local tree should not be in the root partition, but linked to it from a user partitiion that will not be lost in system re-installation.


Install nedit from updated source to /usr/local/bin with a link in /usr/bin/

Add lame and lame library packages for mp3 audio

Install mplayer through the command line svn checkout svn://svn.mplayerhq.hu/mplayer/trunk mplayer or from a stable package along with skin and codecs

Install AstroImageJ and update to the latest daily build. Copy the current best practice configuration from a working system.

Install AstroCC

Install Alsvid updated for Python3

Install ds9 using a recent version from http://ds9.si.edu/site/Download.html. For OpenSuse, ds9 presents a library problem because of its dependency on OpenSSL 1.0. Old versions of OpenSuse had that library, and copies of it are still available, but it is not part of the latest distribution. The two are libcrypto.so.1.0.0 and libssl.so.1.0.0 which may be copied to /usr/local/lib64 followed by "ldconfig". The problem persists with ds9 8.0 as of July 1, 2019.

Install xpa

Install cfitsio with make, make shared, and make install. Then manually copy lib64 and include installation directories to /usr/local/lib64 and /usr/local/include, and run ldconfig.

Install grace (build from source with local FFT modifications for normalization)

Install Aladin

Install xephem -

Copy the XEphem source from the licensed archive to a temporary directory. Install each disk by default in /usr/local. Remove all the ._ files which are created on a Mac OS and remove the execute permissions on many files that come from the source. Copy the xephem.sites list with augmented sites into the auxil directory. Update the Soft* catalogs. Copy XEphem to the /etc directory for global defaults to the home observatory. Optionally, recompile the source code and copy it to /usr/local/bin/, removing the default pre-compiled version in /usr/bin/ . Copy xephem.man (not xephem.1) to /usr/local/man/man1.


Install astrometry.net

Download the latest from the astrometry.net website

http://astrometry.net/

which will be a recent stable version ready to compile. The cutting edge is on the git repository

https://github.com/dstndstn/astrometry.net

and it will not compile with editing and is not recommended.

Astrometry.net uses the system default Python unless you chose otherwise. In Opensuse Leap 15.1 with Python 2.7 as the system default, compilation of astrometry.net still falls back on having some 2.7 packages present. Before building astrometry.net from source, check that they system has

python-devel python2-numpy-devel swig git libnetpbm-devel

to avoid errors on the first attempt.

Other python utilities may use a locally installed Python, say /usr/local/bin/python3.7, if you are compiling with a library path that will find it. That is, echo $LD_LIBRARY_PATH should show /usr/local/lib and /usr/local/lib64. The environment variables are not preserved when compiling after "su". Two simple solutions are either to change ownership of Astrometry.net and compile as a normal user, or connect directly as root user and compile. Either way, check the environment first. Once that is done, edit util/makefile.common so that it reads this way

 # don't change this one -- it must match what is in the bin/* scripts
 PYTHON_SCRIPT_DEFAULT := /usr/bin/env python
 # change this if you want to set exactly which python program gets run to
 # execute the python scripts in bin/ (image2pnm and friends).
 # Note that this must be a full path (this is a bash requirement).
 #PYTHON_SCRIPT ?= $(PYTHON_SCRIPT_DEFAULT)
 # eg,
 PYTHON_SCRIPT ?= /usr/local/bin/python3.7

The only change required is to point specifically to the python you need. Opensuse Leap 15 also installs Python 3.6, which is one release behind the current one (at this writing) of 3.7. The simplest solution to this and staying up with the requirements of astropy is to install Python from source in /lusr/local and then link to it here and elsewhere as needed. However astrometry.net will have a dependence on the systems Python 2.7.

In OpenSuse Leap you will also have edit util/makefile.netpbm if compilation does not find the library. You may later change the #! lines in the scripts in the installed bin directory if another Python on the system is preferred.

If netpbm is not be found, edit the file util/makefile.netpbm to point it to the correct place:

NETPBM_INC ?= -I/usr/include/netpbm
NETPBM_LIB ?= -L/usr/lib64 -lnetpbm 

Astrometry.net by default installs in /usr/local/astrometry. Add /usr/local/astrometry/bin to the $PATH in /etc/profile.local. Replace the data directory with a soft link to the system archive of astrometry data files, currently the 4200 series. On systems witih limited root disk space, install astrometry on another disk and link it to /usr/local for consistency with scripts.

Install swarp

Install sextractor

Install psfex (current release does not build in Opensuse Leap due to cblas package incompatibility)

Install hp15c

Install tightvnc_viewer

Install moodle (depends on mysql, apache, and php) on educational servers

Install mediawiki (on servers as needed)

Install cfitsio

Install xpa

Install xmtel (if needed)

Install xmccd (if needed, also provides libcfitsio and xpa)


Update /etc

Copy motd

Edit HOSTNAME

Add entries to /etc/rc.d/boot.local

Add profile.local

Edit /etc/dnsmasq.conf as needed



Settings for the network

Configure network as needed for additional cards defined for internal zone

Configure dnsmasq as needed to service one or more cards

Add masquerade to firewall settings if internal zone present (required for dnsmasq ip forwarding)

Start the firewall if using dnsmasq or needing the security it provides

Start dnsmasq

Run services manager and turn off unused services

Run lsof -i to confirm there are no insecure open ports

Reboot the system

With Opensuse's use of the wicked network daemon, a configured network device will not show its IP until it is physically connected to an active network. The yast configuration option "at boot time" for network configuration means that these ports must see a live connection when the system is booted to find their configuration. This is not a bug, it is a "feature". The alternative option "on cable connection" is not useful for a fixed instrument controller. If a device is physically connected and does not show its IP in ifconfig, try "systemctl restart network.service" or a reboot.


Additional security

The OpenSuse network monitoring daemon xinetd provides tcpd wrapper service within the systemd framework. This enables use of hosts.allow and hosts.deny to filter access in a simple way. By default, xinetd will not be started with a new installation. Enable it in the system configuration on YAST and start it on boot. In hosts.deny put "ALL: ALL" to close the network for everything the software is aware of, and then allow specific IP addresses to access the services with entries in hosts.allow. Insure that xinetd is running, and check journalctl for failed login attempts routinely as a basic security front line, usually behind a more secure institutional firewall.


Desktop

Run nvidia-settings to set display for a system with Nvidia hardware if the Nvidia drivers are installed. The latest community Nvidia support is adequate for most purposes without installing the proprietary Nvidia driver and kernel module. The system is more easily maintained if it runs using the community supported package which is improving quickly.


OpenGL with Nvidia

Users should be members of the video group to have access to opengl applications. If they are not, the application may run slowly (glxgears) or crash (celestia). For some applications with older hardware the Nouveau open source driver will suffice and be less likely to interfere with system updates later. This driver is compatible with randr and allows command line setting of multiple displays. For example if there are two displays on the graphics card, a command line such as

  • xrandr -q

will list the available displays and their capabilities, while one such as

  • xrandr --output DVI-I-2 --right-of DVI-I-1

will configure them as one screen providing acceleration across the desktop.

Newer Nvidia cards and all of the Quadro family require loading the lastest nvidia driver and the kernel modification. Add Nvidia as a repository and use YAST to manage the updates. Reboot the system afterwards. Run nvidia-settings to configure the desktop. If needed, save the xorg.conf file and copy it to /etc/X11 so that it applies on the next restart of the X server.


Google Chrome

Install the Chrome public keys

and then with the Firefox browser retrieve the latest 64-bit rpm package of Chrome and install it

  • zypper --non-interactive install google-chrome-stable_current_x86_64.rpm

Installation of Google Earth is similar

  • zypper --non-interactive install google-earth-stable_current_x86_64.rpm


Adobe Flash

Until late 2016 Adobe had stopped supporting Flash on Linux. While Adobe now has resumed security updates for Flash that will work with Firefox, a better solution is to install Google Chrome. This provides full support for the remaining Flash websites and reliable security plus DRM management when needed. Both Chrome and Firefox block Flash content when HTML5 alternatives are available.


gPhoto2

The gphoto2 application runs Nikon DSLR cameras for real-time observing, scripted imaging, and called by cgi routines from a web server. To give the USB device the proper permissions without invoking unwanted software (the default for a Gnome installation in OpenSuse), we make sure that libgphoto2 is installed, but not the file system. In OpenSuse there will not be a udev rules file installed by default.

As root user,

cd /etc/udev/rules.d

/usr/lib64/libgphoto2/print-camera-list udev-rules version 175 group video mode 0666 > 90-gphoto.rules

where the version given has to be high enough to work with udev and still be recognized by libgphoto2.

Add the video group to users who will be observers, and to the user wwwrun by editing /etc/group or by using YAST.

When a camera is connected or turned on, it will accessible by any user in the video group, including the cgi applications used for remote operations.

exFAT

Add fuse-exfat from OpenSuse package search, currently version 1.2.4

  • zypper --non-interactive install fuse-exfat-1.2.4-2.1.x86_64.rpm

This provides support where needed for SDXC memory cards through the Microsoft exfat filesystem.


VLC

The version of VLC that can be installed with Yast lacks all proprietary codecs necessary for many common uses. The OpenSuse version should not be installed. To build from source --

  • Install lua and lua-devel if not already installed
  • Download the latest source tarball from VLC (currently 2.2.1)
  • Use the latest x264 source also from VLC, compile, and install
  • Use the latest ffmpeg source tar file best taken from mplayer, compile, and install
  • Untar ffmpeg
  • ./configure --enable-pic --libdir=/usr/local/lib64 --enable-libmp3lame --enable-libx264 -enable-gpl
  • make
  • make install
  • ldconfig
  • Untar vlc
  • ./configure --disable-mad --disable-a52
  • make
  • make install


Mplayer and ffmpeg

  • Install the source code in /usr/local/src/ --
  • svn checkout svn://svn.mplayerhq.hu/mplayer/trunk mplayer
  • Untar the codecs and skin files into /usr/local . We use a collection saved in mplayer_codecs.tar.gz that installs into share/mplayer and lib/codecs
  • In the source directory, ./configure --enable-gui then make, make install

If ffmpeg is needed elsewhere (as it would be for Blender and other video editing applications), copy the internal version of ffmpeg from mplayer into its own /usr/local/src/ directory, compile the executables, and install system-wide. In this use it can be reconfigured to add x264, so do that as well with these steps:

Remove the obsolete Opensuse NASM package if it has been installed, and get the most recent NASM from http://www.nasm.us/pub/nasm/ . This is currently version 2.13 and is required to build x264. Build and install it with the defaults. It will go into /usr/ rather than /usr/local if you forget to select "local" explicitly. This will not matter until you rebuild the system with updated Opensuse files.

Get x264 (it may be better than openH264, which currently does not compile on Opensuse) with git clone http://git.videolan.org/git/x264.git . Build it using the configuration options for creating static and shared libraries, and install it.

Lastly, in the cloned copy of ffmpeg from mplayer, ./configure --enable-libx264 --enable-gpl, make, and make install.


Simple Screen Recorder

This very effective tool for making on-line instructional videos and lecture content is included in the Opensuse distribution. However, the distributed version lacks many useful codecs. Retrieve the source code, probably best from Packman where it will have been prepared for Opensuse. Compile it as an unprivileged user with the configuration flags ./configure --without-jack --oldincludedir=/usr/local/include that currently make it work without jack and with x264 on Opensuse. Install it as root with "make install". This version will have the codecs of ffmpeg and be broadly useful without needing subsequent file conversions.


VirtualBox

VirtualBox as supplied by OpenSuse cannot be updated using the Oracle site. Instead of installing their version, we use the latest Oracle RPM which is currently version 6.0.8.

  • Set the BIOS to allow virtualization technology and to allow advanced I/O for sharing resources.
  • Retrieve the packages from https://www.virtualbox.org/wiki/Linux_Downloads .
  • Retrieve the repo file f
  • Retrieve the public key from https://www.virtualbox.org/download/
  • Install the public key with rpm --import public_key.asc
  • Install the repository with zypper ar -f ./file.repo
  • zypper --non-interactive install VirtualBox-xxx-.rpm
  • Retrieve the extension pack from Oracle's download site.
  • VBoxManage extpack install .Oracle_VM_VirtualBox_Extension_Pack-xxx.vbox-extpack
  • In Opensuse YAST, add the Virtualbox guest kernel modules and guest tools, or use the guest additions from Oracle.
  • Add the virtualbox group to the user(s) who will run it .
  • Start the qt interface from the command line with virtualbox .
  • Create a directory that will be shared with the guest OS and set this up in virtualbox when building a virtual machine .
  • Once the guest OS is installed, add the guest additions to it also, to enable the shared directory and mouse/pointer integration .
  • Lastly, read the Virtualbox on-line manual .

For access to the USB system the guest OS must have a driver installed. Virtualbox presents a virtual xHCI USB3 device to the guest. The driver provided by Intel has worked for us in a Windows 7 installation.


OpenGL

Users must belong to the video group to have access to OpenGL when NVidia drivers are in use.


Zoom not Skype

While Skype is supported again on Linux through its newer version, it was not working well with Opensuse 42.3 has not been tested with Leap 15. Alternatives include Google Hangouts and conferencing software Zoom, which is the recommended solution.



Wireless

Laptops by default will have networkmanager running their hardware and wireless connections. Desktops will not. To enable desktop wireless with minimal need for configuration, use Yast, Network Settings, and Global Settings to select networkmanager rather than wickedd. With that change, there will be a desktop icon in the system tray and the interface may be selected by the user.

Few USB network adapters work with the Linux kernel in OpenSuse . Only one we have found readily available new is the Buffalo Nfinity Wireless-N compact USB 2.0 adapter. It is recognized immediately and requires no additional configuration, other than the selection of networkmanager, and the user's choice of connection.

When configuring a laptop that will need flexible control of the network, consider changing the default /etc/sysconfig/network/config entry from "no" to

 NETCONFIG_FORCE_REPLACE="yes"

This change will insure that if you change networks the resolv.conf file will be rewritten, and it may affect other files that get modified in some way. The downside is that you will need to use the root password when restarting the network.


Static LAN and dnsmasq

We use dnsmasq to manage local area networks (LAN) from a second network device on telescope computers. Typically the device address is set to 192.168.0.1/24, or to 1.1/24 if there is another LAN operating. The configuration file for dnsmasq is set to point to the device, i.e. eth1, to which the switch is attached.

This works well if (a) there is a switch attached and turned on, and (b) the computer is running the wickedd manager which is the default in current Opensuse releases based on systemd. It is seeming not possible, or certainly not straightforward, to run a lan from a laptop which is configured with networkmanager.

To attach a networked instrument such as a camera to a laptop that by default is configured with network manager the options are

  • Attach the device to a switch which itself is integrated into a LAN with DHCP provided by another computer system.
  • Custom configure the wired network interface using nmcli.
  • Change the laptop networking to run wickedd instead of networkmanager.

The second method using the powerful console command line interface for Network Manager is the best solution but requires specific commands for each situation. A common problem has been network management when a device is to be attached to an Ethernet adapter on a USB3 connection. For example, we use a StarTech adapter that runs on a powered laptop port to provide both ethernet and additional USB3 connections to a camera and environmental sensors. The network connection has to be associated with dnsmasq to enable DHCP connections from cameras. With networkmanager on opensuse, this new device is not configurable through the YAST tools. The solution is

1. Boot the computer with the device installed so that it is recognized without an issue

2. As root create the connection and bring it up

 nmcli con add con-name "usb-ethernet" ifname eth1 type ethernet ip4 192.168.1.1/24
 nmcli con up usb-ethernet

3. Check that it is present

 ifconfig 
 
 eth1  Link encap:Ethernet  HWaddr 00:05:1B:D0:88:E3  
          inet addr:192.168.1.1  Bcast:192.168.1.255  Mask:255.255.255.
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

4. Configure dnsmasq.conf with lines such as

 interface=eth1  
 dhcp-range=192.168.1.50,192.168.1.100,12h

5. Enable and start dnsmasq in sysconfigure

These changes should remain in effect until removed, and a camera attached to the new network connection will be seen on the local "usb-ethernet",

The third option is the default for a desktop system. The disadvantage to the third option in the laptop world is that wickedd does not have the end-user support for wireless networking that networkmanager provides. Further, when switching from one system to another, there are inevitable configuration issues, particularly with the management of host resolution and the file /etc/resolv.conf.

The basic process is to use yast or yast2, select network device configuration, and change the manager to wickedd. This will allow editing the individual network devices. Set the static ip address for the device that will handle the LAN, edit the device entry, change it to "internal", and set it to activate on boot through the setting in the Global tab. Shutdown and reboot the system. The ethernet adapter must be inserted at boot time.

As superuser use "wicked show all" to see the status of the devices, or "wicked ifstatus eth1" to see the status of one network device. Each device has a configuration file in /etc/sysconfig/network/, such as ifcfg-eth1 for eth1. Within that file there should be a line which says

LINK_REQUIRED=no

As of Opensuse 42.3, this line is not inserted by the yast2 configurator, and consequently the network device will stall and wickedd will report "setup-in-progress". The simple solution is to enter this by hand if you see this error and need a second network active on power up.


Proxy

The system proxy settings are set globally in /etc/sysconfig/proxy . It is best to use yast to configure them. At USQ for normal use these fields are blank. However for installation through yast and zypper and for updates the fields have to be populated with http://proxy.usq.edu.au:8000. Also for use of curl where there is a proxy, it can be set in .curlrc for that user by adding a line such as

proxy = proxy.usq.edu.au:8080

without the "http" prefix. Alternatively, if there is a system proxy, then curl can be run with a command line that over rides it for specific addresses or for everything with a wildcard

curl --no-proxy *


Both Firefox and Chrome browsers will negotiate an automatic proxy server while curl, zypper, and yast will not.