Friday, September 27, 2013

Cisco IOS Software Security Advisory Bundled Publication


Cisco IOS Software Security Advisories are released on the fourth Wednesday of the month in March and September of each calendar year. The publication includes eight Security Advisories that all address vulnerabilities in Cisco IOS Software. Exploits of the individual vulnerabilities could result in a denial of service (DoS) condition, interface queue wedge, or a device reload.

Release Date : 25Sept 2013

The 8 Security Advisories release are as follows:         
  1. Cisco IOS Software Multicast Network Time Protocol Denial of Service Vulnerability         
  2. Cisco IOS Software Internet Key Exchange Memory Leak Vulnerability          
  3. Cisco IOS Software IPv6 Virtual Fragmentation Reassembly Denial of Service Vulnerability   
  4. Cisco IOS Software DHCP Denial of Service Vulnerability           
  5. Cisco IOS SoftwareZone-Based Firewall and Content Filtering Vulnerability           
  6. Cisco IOS Software Queue Wedge Denial of Service Vulnerability          
  7. Cisco IOS Software Resource Reservation Protocol Interface Queue Wedge Vulnerability         
  8. Cisco IOS Software Network Address Translation Vulnerabilities
More information regarding the security advisory release and workarounds can be found on the link below: http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep13.html

Compiling VASP 5.3.3 with OpenMPI 1.6.5 and Intel 12.1.5


Compiling VASP can be quite complex and tedious. Do look at Compiling VASP 5.3.3 with OpenMPI 1.6.5 and Intel 12.1.5 from linuxcluster.wordpress.com

References:
  1. How to Compile VASP on NSC’s Triolith
  2. Installing VASP
  3. How to build VASP-4.6.36 and VASP-5.2.8 on Intel Westmere with Infiniband network

Thursday, September 26, 2013

The World's First Hyperscale Server – Based On ARM® Processors


Server that only uses 5 watts of power!

The Boston Viridis uses the ARM® based Calxeda EnergyCore™ SoCs (Server on Chip) to create a
rack mountable 2U server cluster comprising 192 processing cores leading the way towards energy
efƒ cient hyperscale computing.
The Boston Viridis is a self contained, highly extensible, 48 node ultra-low power ARM® cluster with integral high-speed interconnect and storage within a standard single 2U rack mount enclosure.

Each 2U chassis contains a total of 12 Calxeda EnergyCards connected to a common mainboard
sharing power and fabric connectivity. The Calxeda EnergyCard is a single PCB module containing 4
Calxeda EnergyCore™ SoCs; each with 4GB DDR-3 Registered ECC Memory, 4 x SATA connectors and management interfaces.
.......

For more information, see  http://www.boston.co.uk/solutions/viridis/viridis-2u.aspx


Key Features

  • 192 cores per 2U enclosure
  • Ten times the performance at the same power in the same space
  • Cut energy and space by 90%
  • Industry leading low power consumption (<300w li="">
  • 5W Per Node
  • 48 Node Ultra-Low Power Arm Cluster
  • 192 Cores per 2U System

Sunday, September 22, 2013

Compiling GNU 4.7.2 on CentOS 5

Step 1: Download the following prerequistics applications libraries from ftp://gcc.gnu.org/pub/gcc/infrastructure/
  1. gmp-4.3.2.tar.bz2
  2. mpfr-2.4.2.tar.bz2
  3. mpc-0.8.1.tar.gz
1. Install gmp-4.3.2
# bunzip2 gmp-4.3.2.tar.bz2
# tar -zxvf gmp-4.3.2.tar
# cd gmp-4.3.2
# ./configure --prefix=/usr/local/gmp-4.3.2
# make
# make install

2. Install mpfr-2.4.2 (requires gmp-4.3.2 as prerequisites)
# bunzip2 mpfr-2.4.2.tar.bz2
# tar -zxvf mpfr-2.4.2.tar
# cd mpfr-2.4.2
# ./configure --prefix=/usr/local/mpfr-2.4.2 --with-gmp=/usr/local/gmp-4.3.2/
# make
# make install

3. Install mpc-0.8.1 (requires gmp-4.3.2 and mpfr-2.4.2 as prerequisites )
# tar -zxvf mpc-0.8.1.tar.gz
# cd mpc-0.8.1
#./configure --prefix=/usr/local/mpc-0.8.1/ --with-gmp=/usr/local/gmp-4.3.2/ --with-mpfr=/usr/local/mpfr-2.4.2
# make
# make install

4. Update your LD_LIBRARY_PATH at your ~/.bashrc
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/local/mpc-0.8.1:/usr/local/mpfr-2.4.2/lib:/usr/local/gmp-4.3.2/lib

5. Install the glibc-devel.i686. For more information, do look at Error when compiling GCC 4.8.1 (linuxtoolkit.blogspot.com) 6. Finally install GNU CC 4.7.2
# tar -zxvf  gcc-4.7.2.tar.gz
# cd gcc-4.7.2
# mkdir build-gcc
# cd build-gcc
# ../configure --prefix=/usr/local/gcc-4.7.2 \ 
--with-mpfr=/usr/local/mpfr-2.4.2 \ 
--with-mpc=/usr/local/mpc-0.8.1 \
--with-gmp=/usr/local/gmp-4.3.2 \
--with-mpfr-include=/usr/local/mpfr-2.4.2/include \
--with-mpc-include=/usr/local/mpc-0.8.1/include
# make all-gcc
# make install-gcc
# make -j 8
# make -j 8 install

Saturday, September 21, 2013

Compiling OpenMPI 1.6.5 with Intel 12.1.5 on CentOS 6

Step 1: Download the OpenMPI Software from http://www.open-mpi.org/ . The current stable version at point of writing is OpenMPI 1.6.5

Step 2: Download and Install the Intel Compilers from Intel Website. More information can be taken from Free Non-Commercial Intel Compiler Download

 Step 3: Add the Intel Directory Binary Path to the Bash Startup
At my ~/.bash_profile directory, I've added
source /usr/local/intel/composerxe/bin/compilervars.sh intel64
export PATH=$PATH:/usr/local/intel/composerxe/bin
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/local/RH6_apps/intel/composerxe/lib/intel64:/usr/local/intel/composerxe/mkl/lib/intel64
At command prompt
# source .bashrc

Step 4: Configuration Information
# gunzip -c openmpi-1.6.5.tar.gz tar xf -
# cd openmpi-1.6.5
# /configure --prefix=/usr/local/openmpi-1.6.5-intel-v12.1.5 CC=icc CXX=icpc F77=ifort FC=ifort --with-devel-headers --enable-binaries
# make all install
You will need to include --devel-headers --enable-binaries" or you will face the error Cannot open OpenMPI Configuration mpif90-wrapper-data.txt

Step 5: Test the configuration
$ mpicc -v
cc version 12.1.5 (gcc version 4.4.6 compatibility)

Friday, September 20, 2013

Compile and Build FFTW3 wrapper routines on MKL implementation of FFT

Software like VASP uses calling statements of the FFTW3 which differ to the implementation of FFT in MKL. You will need to compile the wrapper routines for MKL

# cd $MKLROOT/interfaces/fftw3xf
# make
After a successful compilation libfftw3xf_intel.a was created in this directory

The information is taken from Installing VASP

Wednesday, September 18, 2013

Cannot open OpenMPI Configuration mpif90-wrapper-data.txt

I was using Intel 12.1.5 to compile OpenMPI 1.6.5 and I have this error which I have not seen before.

If you encounter error
Cannot open configuration file: 
/usr/local/openmpi/openmpi-1.6.5/share/openmpi/mpif90-wrapper-data.txt
Error parsing data file mpif90: Not found 


Solution
# ./configure --prefix=/usr/local CC=icc CXX=icpc F77=ifort FC=ifort \
--with-devel-headers --enable-binaries
Somehow the development headers and binaries are excluded from the later version of OpenMPI.....

C compiler cannot create executables when compiling Openmpi 1.6.5 with Intel 12.1.5

When compiling OpenMPI 1.6.5 with Intel 12.1.5, I encountered this error

configure error: C compiler cannot create executable when compiling 
OpenMPI 1.6.5 with Intel 12.1.5

The solution is very simple. I have assumed that you have PATH and LD_LIBRARY_PATH the binaries and libraries for the intel compilers respectively. Just source the "compilervars.sh" intel64

# source /usr/local/intel/composerxe/bin/compilervars.sh intel64


Tuesday, September 17, 2013

Installing GNU 4.4 of C, C++ and gfortran for CentOS 5

Something I forget the package names of these essential compilers for  CentOS 5

# yum install gcc44 gcc44-c++ gcc44-gfortran

That's all..... One of the shortest blog entry

Friday, September 13, 2013

X Server -- no display in range is available. xrdp_mm_process_login_response: login failed

 I was having this error xrdp_mm_process_login_response: login failed. I tried the solution from this blog entry, but the error remain xrdp_mm_process_login_response: login failed

When I look into the /var/log/ xrdp-sesman.log, the error is followed:
[20130913-14:11:00] [INFO ] starting Xvnc session...
[20130913-14:11:00] [ERROR] X server -- no display in range is available

 I managed to solve the issue by changing /etc/xrdp/sesmain.ini - MaxSessions from 10 to 100
[Security]
AllowRootLogin=1
MaxLoginRetry=4
#TerminalServerUsers=tsusers
#TerminalServerAdmins=tsadmins

[Sessions]
X11DisplayOffset=10
MaxSessions=100
KillDisconnected=0
IdleTimeLimit=0
DisconnectedTimeLimit=0

Restart the Service
# service xrdp restart


Thursday, September 12, 2013

Settimg up a new network device in CentOS

If you added a new network device, but upon reboot, CentOS did not represent the card in the /etc/sysconfig/network-scripts/ifcfg-eth*, you may have to manually make aware the device to the OS.

Step 1: Make sure that the OS has detected the new card. From the example below, it detected my 2nd card. If you are unable to detect, you may want to reinstall or check the driver.
# lspci |grep -i ethernet
0b:00.0 Ethernet controller: VMware VMXNET3 Ethernet Controller (rev 01)
13:00.0 Ethernet controller: VMware VMXNET3 Ethernet Controller (rev 01)

Step 2: Launch the system-config-network and fill up the necessary information.
# system-config-network


You will see that the system-config-network create an entry at /etc/sysconfig/network-scripts/ifcfg-eth1.

Restart the network
# service network restart




Wednesday, September 11, 2013

Mellanox OFED 2.0-3.0.0 Linux Driver is now available.

Mellanox OFED 2.0-3.0.0 Linux Driver is now available.
MLNX_OFED 2.0-3.0.0 main features:
  1. SR-IOV for InfiniBand Ethernet         
  2. RoCE Over SR-IOV
  3. Port base QoS for both Ethernet and InfiniBand
  4. eIpoIB
  5. Connect-IB™
  6. Low Latency Socket
  7. 56GbE
  8. XRC
  9. Dynamically Connected Transport ( DCT)  - alpha level
  10. Flow Steering

MLNX_OFED 2.0-3.0.0 Download and Manual Page
MLNX_OFED 2.0-3.0.0 Release notes

 Differences between MLNX_OFED 1.5.3 and MLNX_OFED 2.0:
  1. MLNX_OFED 2.0 is based on Kernel 3.7 which is a huge leap forward from the 2.6.30 Kernel that the 1.5.x is based on.
  2. MLNX_OFED 2.0 supports the operating systems that are based on newer Kernels such as RHEL 6.x and SLES 11 SPx. MLNX_OFED 1.5.x will continue to support OS’s based on older kernels such as RHEL 5.x and SLES 10 SPx.
  3. MLNX_OFED 2.0 includes new functionality, 1.5.x does not.

Full Support Matrix for Both MLNX_OFED Branches 

For more information, do read
  1. Online version of Product and Support Updates Notification

Sunday, September 8, 2013

TORQUE Security Advisory - 6 September 2013


Vulnerability: A non-privileged user who can run jobs or login to a node running pbs_server or pbs_mom can submit an arbitrary job to the cluster; that job can run as root. The user can submit a command directly to a pbs_mom daemon to queue and run a job. A malicious user could use this vulnerability to remotely execute code as root on the cluster.

Versions Affected: All versions of TORQUE

Mitigating Factors:
- The user must be logged in on a node that is already legitimately able to contact pbs_mom daemons or submit jobs.
- If a user submits a job via this defect and pbs_server is running, pbs_server will kill the job unless job syncing is disabled. It may take up to 45 seconds for pbs_server to kill the job.
- There are no known instances of this vulnerability being exploited.

Remedy: All TORQUE users should patch their systems using the following instructions:

For 2.5.x versions of TORQUE:
----------------------------
1. Download the patch file:
     $ wget http://www.adaptivecomputing.com/torquepatch/fix_mom_priv_2.5.patch
2. Run the patch command in the root directory of the TORQUE source tree:
     $ patch -p1 < fix_mom_priv_2.5.patch
3. Recompile TORQUE:
     $ make
4. Install TORQUE:
     $ sudo make install
5. Restart pbs_mom (pbs_server is not affected)


For 4.x versions of TORQUE:
----------------------------
1. Download the patch file:
     $ wget http://www.adaptivecomputing.com/torquepatch/fix_mom_priv.patch
2. Run the patch command in the root directory of the TORQUE source tree:
     $ patch -p1 < fix_mom_priv.patch
3. Recompile TORQUE:
     $ make
4. Install TORQUE:
     $ sudo make install
5. Restart pbs_mom (pbs_server is not affected)

What the Patch Does: The patch checks that the connection to the pbs_mom daemon is coming from a privileged port. This follows the security model that only privileged users should be able to submit arbitrary jobs.

Attribution: This vulnerability was discovered by John Fitzpatrick of MWR InfoSecurity. Matt Ezell of Oak Ridge National Laboratory assisted in creating the patch. We thank these individuals for helping to improve TORQUE.

Thursday, September 5, 2013

Encountering __intel_sse2_strlen when compiling OpenMPI with Intel Compilers

I was compiling OpenMPI 1.6.x and Intel Compiler XE 2013, I used the following configuration found in

#./configure --prefix=/usr/local CC=icc CXX=icpc F77=ifort FC=ifort
Do specify CC=icc CXX=icpc F77=ifort FC=ifort as if you miss one of the parameters, it will take the default. For example, if you do not specify CXX=icpc, it will adopt CXX=g++
but when I run
# make -j8

I got this error:
..../openmpi-1.6.2/ompi/contrib/vt/vt/tools/opari/tool/../../../util/util.c:45: 
undefined reference to `__intel_sse2_strlen'
..../openmpi-1.6.2/ompi/contrib/vt/vt/tools/opari/tool/../../../util/util.c:61: 
undefined reference to `__intel_sse2_strlen'
..../openmpi-1.6.2/ompi/contrib/vt/vt/tools/opari/tool/../../../util/util.c:46: 
undefined reference to `__intel_sse2_strlen'
..../openmpi-1.6.2/ompi/contrib/vt/vt/tools/opari/tool/../../../util/util.c:46: 
undefined reference to `__intel_sse2_strlen' 
......
......

The solution is to do the following:

Firstly, make sure you compile with the following
# source /usr/local/intel/composerxe/bin/compilervars.sh
Do it again
#./configure --prefix=/usr/local CC=icc CXX=icpc F77=ifort FC=ifort
Run the make again
# make -j8
# make install

Wednesday, September 4, 2013

error while loading shared libraries: libcurand.so.5.5: cannot open shared object file: No such file or directory

If encountered this error:

....pmemd.cuda.MPI: Error while loading shared libraries:
 libcurand.so.5.5: cannot open shared object file: No such file or directory

It is due to the the LD_LIBRARY_PATH not referring to the CUDA Toolkits libraries. To solve the issue, just update your pathing in your .bashrc
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/local/cuda-5.5/lib64

You may also want to update /etc/ld.so.conf.d/ directories
# touch /etc/ld.so.conf.d/cuda.conf

/usr/local/cuda-5.5/lib64
/usr/local/cuda-5.5/lib


Tuesday, September 3, 2013

Error installing X11 libraries

If you have error installing X11 libraries for CentOS 5 or CentOS 6, you may want to check whether you have already installed the correct group. To do a grouplist,

 Do  yum grouplist
# yum grouplist 
Installed Groups:
   Administration Tools
   Authoring and Publishing
   Development Libraries
   Development Tools
   Editors
   GNOME Desktop Environment
   Graphics
   Legacy Network Server
   Legacy Software Development
   Legacy Software Support
   Mail Server
   MySQL Database
   Network Servers
   Office/Productivity
   OpenFabrics Enterprise Distribution
   Printing Support
   Server Configuration Tools
   System Tools
   X Software Development
   X Window System
Available Groups:
   Cluster Storage
   Clustering
   DNS Name Server
   Engineering and Scientific
   FTP Server
   GNOME Software Development
   Games and Entertainment
   Graphical Internet
   Java Development
   KDE (K Desktop Environment)
   KDE Software Development
   KVM
   News Server
   PostgreSQL Database
   Sound and Video
   Text-based Internet
   Web Server
   Windows File Server
   Xen

Do a yum groupinstall "X Software Development"
 # yum groupinstall "X Software Development"