The observatory's servers and control computers run on the OpenSuse distribution of Linux-based software. Leap 15.1 . We have chosen the Leap series because of its conservative testing and stability. Generally the slowed cycle of new versions does not cause problems, except where we need software that is pushing the edge, notably AstroPy. We have been testing Tumbleweed since it was introduced in 2018 because it has the significant advantage that a remote telescope computer or inaccessible server can be updated without being on site. While Leap 15.1 remains the solid choice, Tumbleweed is in use now on serveral telescopes.
These evolving installation notes originated with much earlier versions of OpenSuse and are rewritten as we gain experience with the most recent releases and work-around solutions to problems. The following describes how to build a system with OpenSuse that provides a solid foundation of software for physics and astronomy for real-time control of telescopes and observatories, use in the laboratory or the field, operating small servers, and processing astronomical data.
- 1 Tumbleweed
- 2 Before Installation
- 3 During installation
- 4 From OpenSuse using YAST
- 5 After updates
- 6 Python
- 7 From source in /usr/local
- 8 Update /etc
- 9 Settings for the network
- 10 Additional security
- 11 Desktop
- 12 OpenGL with Nvidia
- 13 Google Chrome
- 14 Adobe Flash
- 15 gPhoto2
- 16 exFAT
- 17 VLC
- 18 Mplayer and ffmpeg
- 19 Simple Screen Recorder
- 20 VirtualBox
- 21 OpenGL
- 22 Zoom not Skype
- 23 Wireless
- 24 Static LAN and dnsmasq
- 25 Proxy
Installation of Tumbleweed as an upgrade to an exisiting system may be done remotely. Please note that the result may be unsuitable for production.
The process has a few simple steps to update the current OS, then change repositories, and perform the update. Following the instructions at these links will result in a new system that should reboot and run immediately.
Because of the very large number of packages involved, it is best to remove latex and texlive first before doing the update, and then if needed re-install at leisure. It can take many hours on a high speed network to get the texlive files.
DHCP networking in Tumbleweed and Leap 15 does not send a pure MAC address even when it supposed to. That is, it transmits a longer identifier that may not be recognized by network DHCP services if a pseudo-static IP based on the MAC has been assigned. While the solution to this is simple, it should be done with yast before rebooting the new system, especially when the system is built remotely for Tumbleweed. If this is not done for networks that require the identifier the system networking will not find the assigned pseudo-static IP.
- Network Settings
- Global Options
- DHCP client identifier
- Paste MAC address of the DHCP network interface card
- Edit the field to insert "01:" before the MAC address
Now when the network is configured it will restart and should receive the assigned IP for this card. Make sure that only one Ethernet connection from the computer is presenting to the network with DHCP.
Check the results with
ip a ethtool eth0 nslookup www
where the latter tests that DNS services are properly provided. The configuration is saved in /etc/sysconfig/network/dhcp .
During the last test of Tumbleweed in 2018, other problems were encountered with compilation of Python from source using the default installations, and with proxy service to the extent that Tumbleweed was not usable without considerable effort. Also, given its cutting edge character, we are concerned that new issues could arise during routine updates. Opensuse Leap has a 18 month development cycle that allows sufficient time between upgrades that it can be a stable solution for production, with the disadvantage that updates require physical presence at the server.
The following instructions apply primarily to Opensuse Leap 15.1, and should also work for a new installation of Tumbleweed for those who like adventure.
If possible, for a new installation of the operating system or a major update to a disk in service, consider installing it on a new disk and copying the important files over from the old one. This is the safest path.
Prepare a DVD or a USB memory stick with the ISO image of the distribution. OpenSuse's imagewriter is a convenient way to create the correct structure on the USB device. Newer hardware will accept a USB memory stick for booting, but older (say prior to 2015) may require a DVD drive.
On a new system not using RAID, deselect RAID in BIOS if it is offered. This will prevent OpenSuse from creating disk partitions with RAID. However, if RAID information has already been written to the disk the OpenSuse installer will assume a RAID configuration even if hardware raid is not enabled. A simple cure is to install the system twice. On the first pass use the Expert Partitioner option and delete the proposed raid configuration. Then in /dev/sda (or equivalent) add a root and a home ext4 partition but intentionally do not add a boot partition. The installer will warn you this will not work. Ignore those warnings and let the installer prepare the disk. Once that is accomplished you can abort the installation, or let it run to the end. The disk will not be bootable but it will be cleaned of RAID and on the next installation pass you will have a proposal to use the full disk with conventional structure and btrfs for the root partition.
For most new machines allow UEFI (custom option, if available) and disable compatibility mode in the BIOS. The installer will identify the system as allowing UEFI and properly select the boot configuration. However, also use the BIOS setup to change the boot priority to the medium reflecting this choice. The boot medium and a UEFI installation must match.
Opensuse will detect and set up a UEFI boot protocol unless this option is turned off in the BIOS. With that selection it will handle and format large disks.
Some recent hardware, notably the Supermicro X10-SRA, may hang on booting with older USB devices attached. While we do not know the cause, the cure in this instance was to enable EHCI-Hand-off in the USB configuration options presented for the BIOS. This may apply only to specific applications, and could be kernel-dependent,. In general, the default BIOS settings are fine for installation and need modification later if specific applications raise issues.
If your computer has more than one network connection, for example for a local subnet and for a global or institutional network, physically disconnect the local one until installation is complete. This will prevent the installation scripts from mis-identifying the network assignments.
Insert the medium, reboot the system, and select Installation from the splash screen. If there is a booting problem, use the keyboard to bring up a boot selection screen (often "Del", F11 or F12), and check the boot order and if needed also the BIOS setup.
If there is a proxy for network access at this point it may be necessary to enter that information before proceedings to the actual installation. At the OpenSuse boot screen press F4 for access to the manual network configuration and enter the information. At Mt. Kent, for example, there is a proxy but it is handled automatically for browsers. For zypper and yast, however, it has to be explicitly configured to http://proxy.usq.edu.au:8000 so that yast will find the repositories. After installation for normal use this would be turned off by deselecting the proxy in the yast configuration screen.
On laptops with Nvidia Quadro graphics and GPU combined with Intel graphics, if the BIOS allows it, deselect options that use the Intel graphics and then enable sole use of Nvidia. This avoids a multitude of booting and configuration issues, and provides a platform for GPU computing. The downside is increased power consumption and loss of battery life. If those are the primary considerations, then it may be best to not use Nvidia at all. Alternatively, it is possible to install Bumblebee to enable switching between video hardware for specific uses. Nvidia Quadro, which provides GPU computing, requires their proprietary driver for full support.
At this point if the system has a recent Nvidia card it also may be best to disable modeset. The symptom this is necessary is that subsequent booting freezes before the installation begins. Edit the boot options if needed by pressing "e" before the system tries to start an installation. This will open a simple boot editing screen with instructions.
At the end of the line for linux add "nouveau.nomodeset=0" . Similarly, a problem with an Intel graphics card that was switching, perhaps to a Displayport interface, was fixed with simply "nomodeset".
Continue with the installation as instructed on this editing screen. The default settings should work with the following additions and exceptions.
Deselect software by taking the checkmark off with a spacebar press. After installation is complete, return to the software menu of YAST and make sure that those items never to be install (pk-update is the worst of them, AppArmor not far behind) are marked "Taboo". Do not install them.
Leap 15.1 installation offers KDE, Gnome (Wayland), and a basic system for customizing. We prefer the customized soluiton, and when selecting software add Xfce for an environment that is lightweight but fully functional. Add their development code for Gnome and KDE (Qt will be present by default).
LaTeX and related content is under the "Technical Writing" group. It is a lengthy download and may be installed later. For an upgrade, if it is already installed, it may also be best to delete it first, then reinstall when it can run overnight if your network connection is is not very fast.
Set the computer system clock to use UTC, check the time zone and the local time.
The gparted and gnome-disks packages are useful to manage disks larger than 2 TB. With new disks the installer will use BTRFS and as of Leap 15.1 it will create a large partition for the entire disk. In the event of a failure, leaving a critical disk formatted in the wrong size or filesystem, add gdisk from a repository and reformat the disk. Reboot, and re-install the operating system on the reformatted disk. Earlier versions of Leap would install the operating system in a small partition that limited the space available, and then allocated the balance to an XFS partition for user space. Check that adequate space is left for your system needs and use the expert mode if needed to allocate space before installing the operating system. Once partitioned, OpenSuse will use existing partitions as a guide and it is difficult to override these choices later.
Deselect and mark "taboo" Apparmor for systems which do not require its access controls. Delete pk-update to avoid nagware about package updates and mark it for non-installation permanently by selecting "taboo"
Turn off firewall (assuming your system is already behind an adequate institutional or local firewall)
Open the port for SSH
Check the boot option for grub2 matches that of your machine (should be UEFI if available)
Complete the installation from the media (either USB or DVD)
Remove the medium, reset the boot priority to the hard disk first, reboot
From OpenSuse using YAST
Start yast from the command line as su with yast --qt or "yast2"
Disable DVD or USB in software repositories
Unless doing GPU development or you have recent nvidia hardware, do not include the repository for nvidia (creates a long term maintenance problem) and use the Nouveau Xorg driver
Perform all updates based on default repositories as needed
Note that in removing packages select Options --> Cleanup when deleting packages to prevent their automatic reinstalling though the pre-selection feature of Yast. Generally it is not necessary to remove packages unless there is something about them that interferes with your use of the system. In most cases they may be disabled in subsequent system configuration.
Remove really annoying pk-update-icon if you missed deleting it initially. You will have to mark it in YAST for permanent deletion.
Add Nvidia public repository if needed and nvidia graphics and gpu drivers. Select the most recent driver unless Nvidia's documentation suggests otherwise for your hardware.
Add texlive if it has not already been selected. This is a very large package with long download time.
Add apache if used as web server
Add php and packages if used as web server
Add gsl and gsl-devel
Add gnome-disk-utility (previously palimpsest)
Add hdf5 (required by Python Pynpoint-exoplanet)
Add liblapack3 (development files)
Add libatlas3 (optional required by astromatic software not in Leap 15)
Add libatlas3-devel (optional required by astromatic software not in Leap 15)
Add nasm (used by openh264)
Add pavucontrol (pulse audio control to work around problems with defaults)
Add plplot-devel (optionally other plplot packages as needed)
Opensuse Leap installs Python 2.7 and Python 3.6. The default system python command in /etc/alternatives points to python 2.7, but the default "pip" points to python 3's pip. The preferred scientific Python solution is to install from source in /usr/local and build a version that is independent of the operating systems Python. This provides for long term maintenance, and few conflicts between dependencies for system code and for cutting edge science code. If that solution is taken, then do not install optional Python 3 packages but instead build the local version and add modules with pip.
The following packages will go to the system Python 3.6. Equivalent packages are available for Python 2 without the "3" in the package name. An end user running python needs to explicitly call python3, or change the alternative link. If our code is to use the system version of Python 3, then the following optional packages would be needed on new systems. For a complete OpenSuse Python3 installation, use the search option in yast for python3-, right click on the field of search results and select all entries. Then deselect any you do not want. This will install packages that have conflicts to resolve. Make your best choice on those. Packages we know we need and are adequately provided by the operating system are .
Add python3-certifi (optional, may cause other issues)
Add python3-numpy or use pip.
Add python3-numpy-devel or use pip.
Add python3-scipy or use pip for this and related packages to get the most recent versions.
You will also need matplotlib and its add-ons.
Leap 15 and Tumbleweed should supply Tk with a consistent matplotlib. If there are issues with it, you may deselect the matplotlib packages marking them "taboo" in yast, and instead, after work with yast is over, use pip and install matplotlib from pip as described below. This will insure the latest version of matplotlib, especially as Leap ages and matplotlib moves forward with new releases. Nevertheless, best to leave all this alone and install an independent Python solution.
Additional packages you will need from YAST are --
Add libffi-devel (for compiling Python 3.7+)
Add fftw3-devel, libfftw3-threads, and fftw3-threads-devel
Add ncurses-devel (for compiling Python 3.7+)
Add python-devel (for compiling Python 3.7+)
Add readline-devel (for compiling Python 3.7+ with readline rather than gnulreadline)
Add gphoto but not gphotofs
Add guvcview or luvcview for webcamera viewing
Add other motif libraries if they are not installed by default
Remove all virtualbox rpm's installed from OpenSuse
Add libpng12-devel (optional)
If using Grace earlier than 5.1.25 deselect libpng16-compat-devel and select libpng12-compat-devel
Add fxload (used by SBIG cameras)
If building Python from source as of version 3.6 in order to get urllib to work add the ghc- packages
Disable modemmanager because it interferes with serial ports used for instruments
Configure dnsmasq if used to run a subnet and start it from yast
Disable avahi as unnecessary in our environment
Edit /etc/sysconfig to set locate default search to root
Use YAST to set NTP servers for your domain rather than Opensuse's defaults. New installations of Leap will use chrony rather than ntp for improved synchronization. With ntp, check the performance using "/usr/sbin/ntpq -p" or with chrony use "/usr/bin/chronyc tracking". As of July 2018, chronyc is a preferred option.
On a longer term, routine updates can be done from the command line with
Add any needed Python3 modules requiring pip, notably matplotlib (see below)
For OpenSuse Leap 15 (current as of November 2018) both Python-2.7 and Python-3.6 are installed. By default /usr/bin/python points to python2, while pip uses /usr/bin/pip3.6 and will update python3. For the most part unless you need a python2 component, leave the 2.7 installation alone and augment the python3 installation for our software. Be aware of which system the pip command you choose belongs to. A better solution is not to bother with the system versions at all, and to install Python 3 from source.
Python - installing the latest from source
Recently a new issue came up with Astropy, the groupware that consolidates many astronomy-related packages and is the maintainer of the essential pyfits and wcsfits for accessing fits-format files. Astropy has a sunset policy on the python it supports, and it currently requires Python 3.6 or greater. While it is not stated whether this aggressive choice will be rolled forward as Python 3.x continues to improve, it suggests that users may need ways to install a version of Python for science that is different from the one a conservative stable server software like OpenSuse may offer. Indeed, Astropy's website urges use of Anaconda, which solves these problems for them and for single users, but can be an additional burden for system managers.
The problem may not persist, depending on how quickly OpenSuse and others update Python 3, but currently the choices are to install Anaconda or Canopy Python distributions in a framework that allows systemwide access, or to install it from source.
Warning: With Leap 15, many Opensuse system applications will call python3 and will be configured to use the system version. You cannot link /usr/bin/python3 to a locally configured Python and expect that the system programs will work as expected. Write your local programs to call your local python explicitly. You can also set your PATH so that it searches /usr/local/bin before /usr/bin.
To install from source follow these instructions exactly:
# Add the packages from Opensuse noted above # Download the source tar file currently Python-3.7.1.tar.xz and as superuser or root copy to /usr/local/src # Untar the file and assign ownership of the new directory tree to yourself as an unpriviledged user # As a normal user, cd into the source directory and run ./configure # The defaults will be fine. Your new Python will go into the /usr/local/ directory. Some users prefer /opt, which can be changed as a configuration option. # make # make test # Now as root user -- # make altinstall
If this fails it is probably a missing package. Check the ones that are required, install them, make clean, make, make test, make altinstall again.
# ln -s /usr/local/lib64/python3.7/lib-dynload/ /usr/local/lib/python3.7/lib-dynload
Add readline explicitly as a module that works with our GUI after installation
#/usr/local/bin/pip3.7 install gnureadline
The build process may require adding missing libraries. There may be errors when building on a new installation of Leap 15 with the GNU debugging tests that are in testing only and may be ignored. However, Open SSL support needed for pip as of Python 3.7 requires version 1.1 or higher. Install the libopenssl1_1-devel package. Do not install libressl.
Older Opensuse distributions do not offer an upgrade to a supported OpenSSL version and would need a system software upgrade to use the latest Python without also installing a recent OpenSSL. This solution worked for Opensuse 42.1. Note if you install libopenssl1_1-devel in more recent Opensuse distributions this is not needed.
# Download the OpenSSL source tar file openssl-1.1.1.tar.gz and as superuse or root copy to /usr/local/src # Untar the file and configure it as recommended for Unix-like systems with # ./config --prefix=/usr/local/ssl --openssldir=/usr/local/ssl '-Wl,--enable-new-dtags,-rpath,$(LIBRPATH)' # Run "make", "make test", and "make install" to compile, test, and install the code in /usr/local/ssl # Configure Python with ./configure --with-ssl=/usr/local/ssl and then make it as above. # Confirm that "test_ssl" runs and passes.
The altinstall option is necessary to avoid overwriting or interfering with the system python. The softlink is needed because some llibrary files in lib64 are not found without it. It is not necessary to assign either PYTHONHOME or PYTHONPATH, or to use an environment manager to have this version work independently of the system version. However, be aware that the functions you need are explicity in /usr/local/bin and that they refer to python by its version, that is python3.7 and pip3.7 Therefore if you later update the OS to Leap 15 and it also has these executables, there's a potential conflict that would be resolved by the search path and could be ambiguous. Alternatively, explicity link to python in /usr/local/bin in commandline uses or scripts.
Similarly, if you install Anaconda Python, it will have its own /opt directory tree to navigate, while Canopy Python may use environment variables. To run your own locally built Python echo PYTHONHOME and echo PYTHONPATH should return empty strings.
Modules by pip
Because they are not available as a package in OpenSuse for Python 3, or because you are updating another installation, use explicitly the pip for your Python. That is, for the system python3, /usr/bin/pip points to /etc/alternatives/pip which points to /usr/bin/pip3.6 in Leap 15 . Our separately installed python has /usr/local/bin/pip3 .
If the system is behind a firewall requiring a proxy, possibly pip will see the system proxy configuration. If not, try
where typically the port is 8000 or 8080.
In locally built versions of Python 3.7 or higher without readline-devel previously installed in yast, readline will a missing module. For Opensuse a suitable fix is
/usr/local/bin/pip3.7 install gnureadline
Note this is "gnu" readline, not readline. The latter will segfault reading the history file.
For installing in the system python, if matplotlib for Python 3 was installed with yast it must be removed in a two-step process. First delete it from yast and then and mark it taboo so that it will not re-install. Afterward, remove it from the system python this way.
pip uninstall matplotlib
pip install matplotlib --upgrade --no-cache-dir
Also for the system python you may need to do this
pip uninstall six
pip install six --upgrade --no-cache-dir
Now if you are building a separate Python for science, use the pip for it and add the modules you need. This may include several that were installed on the system using yast, as well the matplotlib ones and these. Start with these since pip will resolve dependencies, probably use cached source unless you tell it not to, and in the process grow the missing branches of your Python tree. Later, if you find something missing, you can add it as needed.
Install matplotlib will install numpy (pip install matplotlib)
Install scipy (pip install scipy)
Install cython (pip install cython)
Install scikit-image which will install pillow (pip install scikit-image)
Install astropy (pip install astropy)
Install skyfield (pip install skyfield) replaces deprecated pyphem
Install healpy (pip install healpy)
Install reproject (pip install reproject)
Install quantities (pip install quantities) to have physical constants
Install emcee (pip install emcee) to have an MCMC library
Install pyastronomy (pip install pyastronomy) or from source on github pyastronomy
Install bokeh for browser-based graphics (pip install bokeh)
Install pycurl for remotely communicating with a server (pip install pycurl)
If there is an error from the SSL library, use these two commands to resolve the dependency:
pip install --upgrade --force-reinstall pycurl
Dowloading files from Google drive requires two modules
pip install --upgrade google-api-python-client pip install oauth2client
The first of these provides the module "apiclient" and the other provides tools for authorization which would be imported this way
from apiclient import discovery from oauth2client import client from oauth2client import tools from oauth2client.file import Storage
as described by the official google download api respository here
Lastly, install the software chain for data visualization with Python using pip rather than the system package because Pandas is developing rapidly
Install pandas (pip install pandas)
Install scrapy (pip install scrapy)
Install requests (pip install requests)
Install flask (pip install flask)
Astropy is a collaboration to provide a consistent and comprehensive distribution of astronomical software to the research community. For systems running Python 3.5 and above it can be installed as other packages
Install astropy (pip install astropy)
The recent restriction excluding Python 3.4 means that new installations on older operating systems cannot add astropy without some work around solution such as described above.
Astropy resolves dependencies on pyfits, originally developed at the Space Telescope Science Institute. Code requiring pyfits will work by adding
import astropy.io.fits as pyfits
to the Python 3 source.
From source in /usr/local
For rpm packages use
zypper --non-interactive install package.rpm
or add --no-gpg-checks if necessary. For java routines. install the source in /usr/local and provide a softlink through a startup script in /usr/localbin. Larger packages such as alternative python builds would also go in /usr/local in preference to /opt. The entire /usr/local tree should not be in the root partition, but linked to it from a user partitiion that will not be lost in system re-installation.
Install nedit from updated source to /usr/local/bin with a link in /usr/bin/
Add lame and lame library packages for mp3 audio
Install AstroImageJ and update to the latest daily build. Copy the current best practice configuration from a working system.
Install Alsvid updated for Python3
Install ds9 using a recent version from http://ds9.si.edu/site/Download.html. For OpenSuse, ds9 presents a library problem because of its dependency on OpenSSL 1.0. Old versions of OpenSuse had that library, and copies of it are still available, but it is not part of the latest distribution. The two are libcrypto.so.1.0.0 and libssl.so.1.0.0 which may be copied to /usr/local/lib64 followed by "ldconfig". The problem persists with ds9 8.0 as of July 1, 2019.
Install cfitsio with make, make shared, and make install. Then manually copy lib64 and include installation directories to /usr/local/lib64 and /usr/local/include, and run ldconfig.
Install grace (build from source with local FFT modifications for normalization)
Install xephem -
Copy the XEphem source from the licensed archive to a temporary directory. Install each disk by default in /usr/local. Remove all the ._ files which are created on a Mac OS and remove the execute permissions on many files that come from the source. Copy the xephem.sites list with augmented sites into the auxil directory. Update the Soft* catalogs. Copy XEphem to the /etc directory for global defaults to the home observatory. Optionally, recompile the source code and copy it to /usr/local/bin/, removing the default pre-compiled version in /usr/bin/ . Copy xephem.man (not xephem.1) to /usr/local/man/man1.
Download the latest from the astrometry.net website
which will be a recent stable version ready to compile. The cutting edge is on the git repository
and it will not compile with editing and is not recommended.
Astrometry.net uses the system default Python unless you chose otherwise. In Opensuse Leap 15.1 with Python 2.7 as the system default, compilation of astrometry.net still falls back on having some 2.7 packages present. Before building astrometry.net from source, check that they system has
python-devel python2-numpy-devel swig git libnetpbm-devel
to avoid errors on the first attempt.
Other python utilities may use a locally installed Python, say /usr/local/bin/python3.7, if you are compiling with a library path that will find it. That is, echo $LD_LIBRARY_PATH should show /usr/local/lib and /usr/local/lib64. The environment variables are not preserved when compiling after "su". Two simple solutions are either to change ownership of Astrometry.net and compile as a normal user, or connect directly as root user and compile. Either way, check the environment first. Once that is done, edit util/makefile.common so that it reads this way
# don't change this one -- it must match what is in the bin/* scripts PYTHON_SCRIPT_DEFAULT := /usr/bin/env python
# change this if you want to set exactly which python program gets run to # execute the python scripts in bin/ (image2pnm and friends). # Note that this must be a full path (this is a bash requirement). #PYTHON_SCRIPT ?= $(PYTHON_SCRIPT_DEFAULT) # eg, PYTHON_SCRIPT ?= /usr/local/bin/python3.7
The only change required is to point specifically to the python you need. Opensuse Leap 15 also installs Python 3.6, which is one release behind the current one (at this writing) of 3.7. The simplest solution to this and staying up with the requirements of astropy is to install Python from source in /lusr/local and then link to it here and elsewhere as needed. However astrometry.net will have a dependence on the systems Python 2.7.
In OpenSuse Leap you will also have edit util/makefile.netpbm if compilation does not find the library. You may later change the #! lines in the scripts in the installed bin directory if another Python on the system is preferred.
If netpbm is not be found, edit the file util/makefile.netpbm to point it to the correct place:
NETPBM_INC ?= -I/usr/include/netpbm NETPBM_LIB ?= -L/usr/lib64 -lnetpbm
Astrometry.net by default installs in /usr/local/astrometry. Add /usr/local/astrometry/bin to the $PATH in /etc/profile.local. Replace the data directory with a soft link to the system archive of astrometry data files, currently the 4200 series. On systems witih limited root disk space, install astrometry on another disk and link it to /usr/local for consistency with scripts.
Install psfex (current release does not build in Opensuse Leap due to cblas package incompatibility)
Install moodle (depends on mysql, apache, and php) on educational servers
Install mediawiki (on servers as needed)
Install xmtel (if needed)
Install xmccd (if needed, also provides libcfitsio and xpa)
Add entries to /etc/rc.d/boot.local
Edit /etc/dnsmasq.conf as needed
Settings for the network
Configure network as needed for additional cards defined for internal zone
Configure dnsmasq as needed to service one or more cards
Add masquerade to firewall settings if internal zone present (required for dnsmasq ip forwarding)
Start the firewall if using dnsmasq or needing the security it provides
Run services manager and turn off unused services
Run lsof -i to confirm there are no insecure open ports
Reboot the system
With Opensuse's use of the wicked network daemon, a configured network device will not show its IP until it is physically connected to an active network. The yast configuration option "at boot time" for network configuration means that these ports must see a live connection when the system is booted to find their configuration. This is not a bug, it is a "feature". The alternative option "on cable connection" is not useful for a fixed instrument controller. If a device is physically connected and does not show its IP in ifconfig, try "systemctl restart network.service" or a reboot.
The OpenSuse network monitoring daemon xinetd provides tcpd wrapper service within the systemd framework. This enables use of hosts.allow and hosts.deny to filter access in a simple way. By default, xinetd will not be started with a new installation. Enable it in the system configuration on YAST and start it on boot. In hosts.deny put "ALL: ALL" to close the network for everything the software is aware of, and then allow specific IP addresses to access the services with entries in hosts.allow. Insure that xinetd is running, and check journalctl for failed login attempts routinely as a basic security front line, usually behind a more secure institutional firewall.
Run nvidia-settings to set display for a system with Nvidia hardware if the Nvidia drivers are installed. The latest community Nvidia support is adequate for most purposes without installing the proprietary Nvidia driver and kernel module. The system is more easily maintained if it runs using the community supported package which is improving quickly.
The default desktop is set this way
- update-alternatives --config default-xsession.desktop
and respond to the options. The WM system configuration is not read by most managers. Set xfce.deskop or else it will default to gnome and make remote starting of VNC with xfce impossible.
OpenGL with Nvidia
Users should be members of the video group to have access to opengl applications. If they are not, the application may run slowly (glxgears) or crash (celestia). For some applications with older hardware the Nouveau open source driver will suffice and be less likely to interfere with system updates later. This driver is compatible with randr and allows command line setting of multiple displays. For example if there are two displays on the graphics card, a command line such as
- xrandr -q
will list the available displays and their capabilities, while one such as
- xrandr --output DVI-I-2 --right-of DVI-I-1
will configure them as one screen providing acceleration across the desktop.
Newer Nvidia cards and all of the Quadro family require loading the lastest nvidia driver and the kernel modification. Add Nvidia as a repository and use YAST to manage the updates. Reboot the system afterwards. Run nvidia-settings to configure the desktop. If needed, save the xorg.conf file and copy it to /etc/X11 so that it applies on the next restart of the X server.
Install the Chrome public keys
- wget https://dl.google.com/linux/linux_signing_key.pub
- sudo rpm --import linux_signing_key.pub
and then with the Firefox browser retrieve the latest 64-bit rpm package of Chrome and install it
- zypper --non-interactive install google-chrome-stable_current_x86_64.rpm
Installation of Google Earth is similar
- zypper --non-interactive install google-earth-stable_current_x86_64.rpm
Until late 2016 Adobe had stopped supporting Flash on Linux. While Adobe now has resumed security updates for Flash that will work with Firefox, a better solution is to install Google Chrome. This provides full support for the remaining Flash websites and reliable security plus DRM management when needed. Both Chrome and Firefox block Flash content when HTML5 alternatives are available.
The gphoto2 application runs Nikon DSLR cameras for real-time observing, scripted imaging, and called by cgi routines from a web server. To give the USB device the proper permissions without invoking unwanted software (the default for a Gnome installation in OpenSuse), we make sure that libgphoto2 is installed, but not the file system. In OpenSuse there will not be a udev rules file installed by default.
As root user,
/usr/lib64/libgphoto2/print-camera-list udev-rules version 175 group video mode 0666 > 90-gphoto.rules
where the version given has to be high enough to work with udev and still be recognized by libgphoto2.
Add the video group to users who will be observers, and to the user wwwrun by editing /etc/group or by using YAST.
When a camera is connected or turned on, it will accessible by any user in the video group, including the cgi applications used for remote operations.
Add fuse-exfat from OpenSuse package search, currently version 1.2.4
- zypper --non-interactive install fuse-exfat-1.2.4-2.1.x86_64.rpm
This provides support where needed for SDXC memory cards through the Microsoft exfat filesystem.
The version of VLC that can be installed with Yast lacks all proprietary codecs necessary for many common uses. The OpenSuse version should not be installed. To build from source --
- Install lua and lua-devel if not already installed
- Download the latest source tarball from VLC (currently 2.2.1)
- Use the latest x264 source also from VLC, compile, and install
- Use the latest ffmpeg source tar file best taken from mplayer, compile, and install
- Untar ffmpeg
- ./configure --enable-pic --libdir=/usr/local/lib64 --enable-libmp3lame --enable-libx264 -enable-gpl
- make install
- Untar vlc
- ./configure --disable-mad --disable-a52
- make install
Mplayer and ffmpeg
- Install the source code in /usr/local/src/ --
- svn checkout svn://svn.mplayerhq.hu/mplayer/trunk mplayer
- Untar the codecs and skin files into /usr/local . We use a collection saved in mplayer_codecs.tar.gz that installs into share/mplayer and lib/codecs
- In the source directory, ./configure --enable-gui then make, make install
If ffmpeg is needed elsewhere (as it would be for Blender and other video editing applications), copy the internal version of ffmpeg from mplayer into its own /usr/local/src/ directory, compile the executables, and install system-wide. In this use it can be reconfigured to add x264, so do that as well with these steps:
Remove the obsolete Opensuse NASM package if it has been installed, and get the most recent NASM from http://www.nasm.us/pub/nasm/ . This is currently version 2.13 and is required to build x264. Build and install it with the defaults. It will go into /usr/ rather than /usr/local if you forget to select "local" explicitly. This will not matter until you rebuild the system with updated Opensuse files.
Get x264 (it may be better than openH264, which currently does not compile on Opensuse) with git clone http://git.videolan.org/git/x264.git . Build it using the configuration options for creating static and shared libraries, and install it.
Lastly, in the cloned copy of ffmpeg from mplayer, ./configure --enable-libx264 --enable-gpl, make, and make install.
Simple Screen Recorder
This very effective tool for making on-line instructional videos and lecture content is included in the Opensuse distribution. However, the distributed version lacks many useful codecs. Retrieve the source code, probably best from Packman where it will have been prepared for Opensuse. Compile it as an unprivileged user with the configuration flags ./configure --without-jack --oldincludedir=/usr/local/include that currently make it work without jack and with x264 on Opensuse. Install it as root with "make install". This version will have the codecs of ffmpeg and be broadly useful without needing subsequent file conversions.
VirtualBox as supplied by OpenSuse cannot be updated using the Oracle site. Instead of installing their version, we use the latest Oracle RPM which is currently version 6.0.8.
- Set the BIOS to allow virtualization technology and to allow advanced I/O for sharing resources.
- Retrieve the packages from https://www.virtualbox.org/wiki/Linux_Downloads .
- Retrieve the repo file f
- Retrieve the public key from https://www.virtualbox.org/download/
- Install the public key with rpm --import public_key.asc
- Install the repository with zypper ar -f ./file.repo
- zypper --non-interactive install VirtualBox-xxx-.rpm
- Retrieve the extension pack from Oracle's download site.
- VBoxManage extpack install .Oracle_VM_VirtualBox_Extension_Pack-xxx.vbox-extpack
- In Opensuse YAST, add the Virtualbox guest kernel modules and guest tools, or use the guest additions from Oracle.
- Add the virtualbox group to the user(s) who will run it .
- Start the qt interface from the command line with virtualbox .
- Create a directory that will be shared with the guest OS and set this up in virtualbox when building a virtual machine .
- Once the guest OS is installed, add the guest additions to it also, to enable the shared directory and mouse/pointer integration .
- Lastly, read the Virtualbox on-line manual .
For access to the USB system the guest OS must have a driver installed. Virtualbox presents a virtual xHCI USB3 device to the guest. The driver provided by Intel has worked for us in a Windows 7 installation.
Users must belong to the video group to have access to OpenGL when NVidia drivers are in use.
Zoom not Skype
While Skype is supported again on Linux through its newer version, it was not working well with Opensuse 42.3 has not been tested with Leap 15. Alternatives include Google Hangouts and conferencing software Zoom, which is the recommended solution.
Laptops by default will have networkmanager running their hardware and wireless connections. Desktops will not. To enable desktop wireless with minimal need for configuration, use Yast, Network Settings, and Global Settings to select networkmanager rather than wickedd. With that change, there will be a desktop icon in the system tray and the interface may be selected by the user.
Few USB network adapters work with the Linux kernel in OpenSuse . Only one we have found readily available new is the Buffalo Nfinity Wireless-N compact USB 2.0 adapter. It is recognized immediately and requires no additional configuration, other than the selection of networkmanager, and the user's choice of connection.
When configuring a laptop that will need flexible control of the network, consider changing the default /etc/sysconfig/network/config entry from "no" to
This change will insure that if you change networks the resolv.conf file will be rewritten, and it may affect other files that get modified in some way. The downside is that you will need to use the root password when restarting the network.
Static LAN and dnsmasq
We use dnsmasq to manage local area networks (LAN) from a second network device on telescope computers. Typically the device address is set to 192.168.0.1/24, or to 1.1/24 if there is another LAN operating. The configuration file for dnsmasq is set to point to the device, i.e. eth1, to which the switch is attached.
This works well if (a) there is a switch attached and turned on, and (b) the computer is running the wickedd manager which is the default in current Opensuse releases based on systemd. It is seeming not possible, or certainly not straightforward, to run a lan from a laptop which is configured with networkmanager.
To attach a networked instrument such as a camera to a laptop that by default is configured with network manager the options are
- Attach the device to a switch which itself is integrated into a LAN with DHCP provided by another computer system.
- Custom configure the wired network interface using nmcli.
- Change the laptop networking to run wickedd instead of networkmanager.
The second method using the powerful console command line interface for Network Manager is the best solution but requires specific commands for each situation. A common problem has been network management when a device is to be attached to an Ethernet adapter on a USB3 connection. For example, we use a StarTech adapter that runs on a powered laptop port to provide both ethernet and additional USB3 connections to a camera and environmental sensors. The network connection has to be associated with dnsmasq to enable DHCP connections from cameras. With networkmanager on opensuse, this new device is not configurable through the YAST tools. The solution is
1. Boot the computer with the device installed so that it is recognized without an issue
2. As root create the connection and bring it up
nmcli con add con-name "usb-ethernet" ifname eth1 type ethernet ip4 192.168.1.1/24 nmcli con up usb-ethernet
3. Check that it is present
ifconfig eth1 Link encap:Ethernet HWaddr 00:05:1B:D0:88:E3 inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255. UP BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
4. Configure dnsmasq.conf with lines such as
5. Enable and start dnsmasq in sysconfigure
These changes should remain in effect until removed, and a camera attached to the new network connection will be seen on the local "usb-ethernet",
The third option is the default for a desktop system. The disadvantage to the third option in the laptop world is that wickedd does not have the end-user support for wireless networking that networkmanager provides. Further, when switching from one system to another, there are inevitable configuration issues, particularly with the management of host resolution and the file /etc/resolv.conf.
The basic process is to use yast or yast2, select network device configuration, and change the manager to wickedd. This will allow editing the individual network devices. Set the static ip address for the device that will handle the LAN, edit the device entry, change it to "internal", and set it to activate on boot through the setting in the Global tab. Shutdown and reboot the system. The ethernet adapter must be inserted at boot time.
As superuser use "wicked show all" to see the status of the devices, or "wicked ifstatus eth1" to see the status of one network device. Each device has a configuration file in /etc/sysconfig/network/, such as ifcfg-eth1 for eth1. Within that file there should be a line which says
As of Opensuse 42.3, this line is not inserted by the yast2 configurator, and consequently the network device will stall and wickedd will report "setup-in-progress". The simple solution is to enter this by hand if you see this error and need a second network active on power up.
The system proxy settings are set globally in /etc/sysconfig/proxy . It is best to use yast to configure them. At USQ for normal use these fields are blank. However for installation through yast and zypper and for updates the fields have to be populated with http://proxy.usq.edu.au:8000. Also for use of curl where there is a proxy, it can be set in .curlrc for that user by adding a line such as
proxy = proxy.usq.edu.au:8080
without the "http" prefix. Alternatively, if there is a system proxy, then curl can be run with a command line that over rides it for specific addresses or for everything with a wildcard
curl --no-proxy *
Both Firefox and Chrome browsers will negotiate an automatic proxy server while curl, zypper, and yast will not.