Skip to main content

Build Rocky8-base VM Image

Setup Base Image

  • Connect to HOST with X-forwarding enabled

    ssh -Y 'HOST'
    sudo dnf module install virt
    sudo dnf install virt-install virt-viewer virt-manager xorg-x11-xauth
    sudo cp -rv /etc/libvirt/libvirt.conf ~/.config/libvirt/
    sudo chown $(id -u):$(id -g) $HOME/.config/libvirt/libvirt.conf
    vi $HOME/.config/libvirt/libvirt.conf
    # uncomment the following
    uri_default = "qemu:///system"
  • Make sure the current user is a member of the libvirt group (Reconnected once the user is added to the group)

  • Upload Rocky-8.6-x86_64-dvd1.iso to /var/lib/libvirt/images/

  • Create virtual machine storage

    sudo qemu-img create -f qcow2 /home/libvirt/rocky8-base.qcow2 200G
    sudo chown qemu:qemu /home/libvirt/rocky8-base.qcow2
    sudo chmod 600 /home/libvirt/rocky8-base.qcow2
  • Create virtual machine

    • Launch virt-manager
    • Click File > New Virtual Machine
    • On the Step 1 of 5 screen, provide the following, then click Forward
      Local install media: <selected>
    • On the Step 2 of 5 screen, provide the following, then click Forward
      Choose ISO or CDROM install media: /var/lib/libvirt/images/Rocky-8.6-x86_64-dvd1.iso
      Automatically detect from the installation media/source: <checked>
    • On the Step 3 of 5 screen, provide the following, then click Forward
      Memory: 4096
      CPUs: 4
    • On the Step 4 of 5 screen, provide the following, then click Forward
      Enable storage for this virtual machine: <checked>
      Select or create custom storage: <selected>
      /home/libvirt/rocky8-base.qcow2
    • On the Step 4 of 5 screen, provide the following, then click Finish
      Name: rocky8-base
      Customize configuration before install: <unchecked>
      Network selection: Bridge br0: Host device eno1
  • Installing the OS

    • The virtual machine will automatically start
    • Select Install Rocky Linux 8
    • Select English, English (United States), then click Continue
    • Click Installation Destination, then click Done
    • Click Software selection, click Minimal Install, then click Done
    • Click Network & Hostname
      • Click Configure
        • Click General
        • Click Automatically connect to this network when it is available
        • Save
      • Turn on Ethernet
      • Set Host name to rocky8, then click Apply, then click Done
    • Click Begin Installation
    • Click Root Password, set the root password to REMOVED, then click Done
    • Click Finish configuration
    • Click Reboot
  • Preparing virtual machine for tiCrypt

    • Login to the virtual machine via the virt-manager console as root, then run ip addr to get the IP address
    • SSH as root to the IP address found above
    • Update OS packages
      dnf install -y epel-release
      dnf update -y
    • Disable sshd
      systemctl disable sshd
    • Setup network
      cp /etc/sysconfig/network-scripts/ifcfg-enp1s0 /etc/sysconfig/network-scripts/ifcfg-enp1s0.orig
      vi /etc/sysconfig/network-scripts/ifcfg-enp1s0
      TYPE=Ethernet
      DEVICE=enp1s0
      NAME=enp1s0
      BOOTPROTO=dhcp
      ONBOOT=yes
    • Install ticrypt packages (https://ticrypt.com/docs/servers/vm-images/install-stub/)
      dnf install bindfs dislocker fuse-dislocker ntfs-3g net-tools strace tar rsync
      dnf group list
      dnf groupinstall "Development Tools"
      yum install -y https://storage.googleapis.com/ticrypt/vm-controller/service/v2.12.3/vm-controller_service_v2.12.3_ticrypt-vm-controller-2.12.3-1.el7.x86_64.rpm
      systemctl enable --now ticrypt-vm-controller.service
      systemctl status ticrypt-vm-controller.service
    • Setup controller.toml (https://ticrypt.com/blogs/config-toml/, https://ticrypt.com/docs/servers/vm-images/configure-ctrl/)
      vi /etc/ticrypt/controller.toml
      [terminal]
      enabled = true
      command = "/bin/bash"
      scrollback = 10000
      [tunnel]
      enabled = true
      serverPort = 22
      allowedPorts = [ 3389 ]
      addGroups = [ ]
      idleTimeout = "15m"
      sftpEnabled = true
      sftpPort = 2022
      sshDirPath = ""
      tunlsLogLevel = 4
      [tunnel.services]
      rdp = 3389
      [tunnel.cert]
      country = "US"
      organization = "Dartmouth College"
      [users]
      changeAdminPassword = false
      managersAsAdmin = false
      createDirs = []
      createHiddenDirs = []
      [commands]
      [commands.rootCommands]
      [commands.rootCommands.runOnlyOnceCommands]
      [commands.rootCommands.runEveryTimeCommands]
      [commands.userCommands]
      [commands.userCommands.runOnlyOnceCommands]
      [commands.userCommands.runEveryTimeCommands]
    • Disable SELinux
      setenforce 0
      vi /etc/selinux/config
      # change
      SELINUX=enforcing
      # to
      SELINUX=disabled
    • Install desktop
      dnf groupinstall -y "Xfce" base-x
    • Set default panel for Xfce
      vi /etc/profile.d/bashrc.sh
      export XFCE_PANEL_MIGRATE_DEFAULT=1
    • Set default desktop (https://docs.fedoraproject.org/en-US/Fedora/13/html/Deployment_Guide/s1-x-runlevels.html)
      vi /etc/sysconfig/desktop
      PREFERRED=$(type -p startxfce4)
    • Install xRDP
      dnf install xrdp
      firewall-cmd --permanent --zone=public --add-port=3389/tcp
      firewall-cmd --reload
      systemctl enable --now xrdp
      systemctl status xrdp
    • Configure xRDP
      vi /etc/xrdp/xrdp.ini
      allow_channels=false
      rdpdr=false
      cliprdr=false
  • Setup Xfce

    • Remove Mail Reader from menu

      echo "Hidden=true" >> /usr/share/applications/xfce4-mail-reader.desktop
    • Create Research directory stub

      vi /usr/share/desktop-directories/xfce-research.directory
      [Desktop Entry]
      Version=1.0
      Type=Directory
      Icon=applications-development
      Name=Research
      Comment=Research applications
    • Reference directory in Applications menu

      vi /etc/xdg/menus/xfce-applications.menu
      # Add after Office
      <Menu>
      <Name>Research</Name>
      <Directory>xfce-research.directory</Directory>
      <Include>
      <Category>Research</Category>
      </Include>
      </Menu>
    • Create Databases directory stub

      vi /usr/share/desktop-directories/xfce-databases.directory
      [Desktop Entry]
      Version=1.0
      Type=Directory
      Icon=applications-development
      Name=Databases
      Comment=Databases
    • Reference directory in Applications menu

      vi /etc/xdg/menus/xfce-applications.menu
      # Add after Accessories
      <Menu>
      <Name>Databases</Name>
      <Directory>xfce-databases.directory</Directory>
      <Include>
      <Category>Databases</Category>
      </Include>
      </Menu>
    • Disable Screen Lock

      mkdir -p /etc/skel/.config/xfce4/xfconf/xfce-perchannel-xml/
      vi /etc/skel/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-screensaver.xml
      <?xml version="1.0" encoding="UTF-8"?>

      <channel name="xfce4-screensaver" version="1.0">
      <property name="saver" type="empty">
      <property name="mode" type="int" value="0"/>
      <property name="enabled" type="bool" value="false"/>
      </property>
      <property name="lock" type="empty">
      <property name="enabled" type="bool" value="false"/>
      </property>
      </channel>
  • Setup NFS mountpoints

    • Install packages
      yum install -y nfs-utils telnet bind-utils netcat
    • Setup mount locations
      mkdir /opt/software
    • Edit fstab
      vi /etc/fstab
      local-ticrypt-vm-host:/home/software /opt/software nfs ro 0 0

Install additional software

Random packages

dnf install nano emacs

Atom

curl -LO https://github.com/atom/atom/releases/download/v1.60.0/atom.x86_64.rpm
dnf localinstall atom.x86_64.rpm

PyCharm

  • Install PyCharm
    curl -LO https://download.jetbrains.com/python/pycharm-community-2022.1.3.tar.gz
    tar xzvf pycharm-community-2022.1.3.tar.gz
    mv pycharm-community-2022.1.3 /opt/pycharm
  • Setup Launcher
    mkdir -p /opt/launchers/{bin,icon}
    curl -o /opt/launchers/icon/pycharm.svg https://upload.wikimedia.org/wikipedia/commons/1/1d/PyCharm_Icon.svg
    vi /usr/share/applications/pycharm.desktop
    [Desktop Entry]
    Version=1.0
    Type=Application
    Name=PyCharm
    Comment=
    Exec=/opt/pycharm/bin/pycharm.sh
    Icon=/opt/launchers/icon/pycharm.svg
    Path=$HOME
    Terminal=false
    StartupNotify=false
    Categories=TextEditor;Development;IDE;
    chmod 644 /usr/share/applications/pycharm.desktop

Visual Studio Code

rpm --import https://packages.microsoft.com/keys/microsoft.asc
sh -c 'echo -e "[code]\nname=Visual Studio Code\nbaseurl=https://packages.microsoft.com/yumrepos/vscode\nenabled=1\ngpgcheck=1\ngpgkey=https://packages.microsoft.com/keys/microsoft.asc" > /etc/yum.repos.d/vscode.repo'
dnf check-update
dnf install code

Chrome

yum install chromium
echo "export BROWSER=/usr/bin/chromium-browser" >> /etc/profile.d/bashrc.sh
mkdir -p /etc/skel/.local/share/keyrings
echo -n "Default_keyring" > /etc/skel/.local/share/keyrings/default
cat << EOF > /etc/skel/.local/share/keyrings/Default_keyring.keyring
[keyring]
display-name=Default keyring
ctime=1656430203
mtime=0
lock-on-idle=false
lock-after=false
EOF

LibreOffice

#yum install -y libreoffice
curl -LO https://download.documentfoundation.org/libreoffice/stable/7.3.4/rpm/x86_64/LibreOffice_7.3.4_Linux_x86-64_rpm.tar.gz
tar xzvf LibreOffice_7.*.tar.gz
cd LibreOffice_7.*_rpm/RPMS/
dnf localinstall *.rpm
cd ~/
rm -fr LibreOffice_7.*

Docker

dnf config-manager --add-repo=https://download.docker.com/linux/centos/docker-ce.repo
dnf install -y docker-ce docker-compose-plugin
systemctl enable --now docker
mkdir -p /opt/docker/bin/
sudo visudo
%Everybody ALL=(root) NOPASSWD: /opt/docker/bin/*

Singularity

dnf update -y
dnf install -y epel-release
dnf update -y
dnf install -y singularity

Python

  • Setup Environment
    sudo -i
    dnf install "@Development Tools" zlib-devel bzip2 bzip2-devel readline-devel sqlite sqlite-devel openssl-devel xz xz-devel libffi-devel findutils
    mkdir -p /opt/python/src
  • Install Python 3.10
    cd /opt/python/src
    curl -O https://www.python.org/ftp/python/3.10.5/Python-3.10.5.tgz
    tar xzvf Python-3.10.5.tgz
    cd Python-3.10.5
    ./configure --enable-optimizations --prefix /opt/python/3.10
    make install
    ln -s /opt/python/3.10/bin/python3.10 /usr/local/bin/
  • Install Python 3.7
    cd /opt/python/src
    curl -O https://www.python.org/ftp/python/3.7.13/Python-3.7.13.tgz
    tar xzvf Python-3.7.13.tgz
    cd Python-3.7.13
    ./configure --enable-optimizations --prefix /opt/python/3.7
    make install
    ln -s /opt/python/3.7/bin/python3.7 /usr/local/bin/
  • Clean-up all source files
    rm -fr /opt/python/src/*
  • Setup pip
    vi /etc/pip.conf
    [global]
    index-url = file:///opt/software/pypi/simple

Jupyterlab

https://stackoverflow.com/questions/28831854/how-do-i-add-python3-kernel-to-jupyter-ipython https://janakiev.com/blog/jupyter-virtual-envs/

  • Install NodeJS
    dnf install -y nodejs npm
  • Setup Launcher
    mkdir -p /opt/launchers/{bin,icon}
    curl -o /opt/launchers/icon/jupyterlab.svg https://upload.wikimedia.org/wikipedia/commons/3/38/Jupyter_logo.svg
    vi /opt/launchers/bin/jupyterlab.sh
    #!/bin/bash
    echo "# Loading Environment..."
    if [ ! -d "$HOME/jupyterlab-venv" ]; then
    /opt/python/3.10/bin/python3 -m venv $HOME/jupyterlab-venv
    source $HOME/jupyterlab-venv/bin/activate
    pip install --upgrade pip
    pip install jupyterlab ipykernel
    else
    source $HOME/jupyterlab-venv/bin/activate
    fi
    jupyter-lab --KernelSpecManager.ensure_native_kernel=False
    chmod 755 /opt/launchers/bin/jupyterlab.sh
    vi /usr/share/applications/jupyterlab.desktop
    [Desktop Entry]
    Version=1.0
    Type=Application
    Name=JupyterLab
    Comment=
    Exec=/opt/launchers/bin/jupyterlab.sh
    Icon=/opt/launchers/icon/jupyterlab.svg
    Path=$HOME
    Terminal=true
    StartupNotify=false
    Categories=Research;
    chmod 644 /usr/share/applications/jupyterlab.desktop
    rm -f /usr/local/share/applications/jupyter-notebook.desktop
    # https://wiki.xfce.org/howto/customize-menu

R-Studio Server

DOCS: https://www.rocker-project.org/use/singularity/ DOCS: https://github.com/nickjer/singularity-rstudio NOTE: Users needed a uid over 1000 for this image to work

  • Pull rstudio image

    mkdir -p /opt/singularity/images
    cd /opt/singularity/images
    singularity pull docker://rocker/rstudio:4.1.2
  • Create /opt/launchers/bin/rstudio-server.sh

    #!/bin/bash
    workdir=$(python -c 'import tempfile; print(tempfile.mkdtemp())')
    mkdir -p -m 700 ${workdir}/run ${workdir}/tmp ${workdir}/var/lib/rstudio-server
    cat > ${workdir}/database.conf <<END
    provider=sqlite
    directory=/var/lib/rstudio-server
    END

    cat > ${workdir}/rsession.sh <<END
    #!/bin/sh
    export OMP_NUM_THREADS=$(nproc --all)
    #export R_LIBS_USER=${HOME}/R/rocker-rstudio/4.0
    exec rsession "\${@}"
    END

    chmod +x ${workdir}/rsession.sh
    export SINGULARITY_BIND="${workdir}/run:/run,${workdir}/tmp:/tmp,${workdir}/database.conf:/etc/rstudio/database.conf,${workdir}/rsession.sh:/etc/rstudio/rsession.sh,${workdir}/var/lib/rstudio-server:/var/lib/rstudio-server,/home:/home,/drives:/drives"
    export SINGULARITYENV_RSTUDIO_SESSION_TIMEOUT=0
    export SINGULARITYENV_USER=$(id -un)
    export SINGULARITYENV_PASSWORD=$(openssl rand -base64 15)
    export SINGULARITYENV_DEFAULT_USER=$(id -un)
    readonly PORT=$(python -c 'import socket; s=socket.socket(); s.bind(("", 0)); print(s.getsockname()[1]); s.close()')

    cat 1>&2 <<END

    1. Open web browser to http://localhost:${PORT}

    2. log in to RStudio Server using the following credentials:

    user: ${SINGULARITYENV_USER}
    password: ${SINGULARITYENV_PASSWORD}

    When done using RStudio Server, terminate the session by:

    1. Exit the RStudio Session ("power" button in the top right corner of the RStudio window)
    2. Close this terminal window

    END

    singularity exec --cleanenv /opt/singularity/images/rstudio_4.1.2.sif \
    rserver --server-user ${USER} \
    --server-working-dir ${HOME} \
    --www-address 127.0.0.1 \
    --www-port ${PORT} \
    --auth-none=0 \
    --auth-pam-helper-path=pam-helper \
    --auth-stay-signed-in-days=30 \
    --auth-timeout-minutes=0 \
    --rsession-path=/etc/rstudio/rsession.sh

    printf 'rserver exited' 1>&2
  • Setup launcher

    chmod 755 /opt/launchers/bin/rstudio-server.sh
    curl -o /opt/launchers/icon/rstudio-server.svg https://raw.githubusercontent.com/rstudio/hex-stickers/master/SVG/RStudio.svg
    vi /usr/share/applications/rstudio-server.desktop
    [Desktop Entry]
    Version=1.0
    Type=Application
    Name=R-Studio Server
    Comment=
    Exec=/opt/launchers/bin/rstudio-server.sh
    Icon=/opt/launchers/icon/rstudio-server.svg
    Path=$HOME
    Terminal=true
    StartupNotify=false
    Categories=Research;
    Hidden=true
    chmod 644 /usr/share/applications/rstudio-server.desktop

R-Studio

https://docs.rstudio.com/resources/install-r/ https://www.rstudio.com/products/rstudio/download-server/redhat-centos/

  • Install R
    dnf install epel-release
    #yum install yum-utils
    dnf config-manager --set-enabled powertools
    export R_VERSION=4.1.2
    curl -O https://cdn.rstudio.com/r/centos-8/pkgs/R-${R_VERSION}-1-1.x86_64.rpm
    dnf install R-${R_VERSION}-1-1.x86_64.rpm
    /opt/R/${R_VERSION}/bin/R --version
    ln -s /opt/R/${R_VERSION}/bin/R /usr/local/bin/R
    ln -s /opt/R/${R_VERSION}/bin/Rscript /usr/local/bin/Rscript
  • Install R-Studio IDE
    curl -O https://download1.rstudio.org/desktop/rhel8/x86_64/rstudio-2022.02.3-492-x86_64.rpm
    dnf install -y rstudio-2022.02.3-492-x86_64.rpm
  • Create launcher for R-Studio IDE
    vi /opt/launchers/bin/rstudio-ide.sh
    /usr/bin/rstudio
    chmod 755 /opt/launchers/bin/rstudio-ide.sh
    curl -o /opt/launchers/icon/rstudio-ide.svg https://raw.githubusercontent.com/rstudio/hex-stickers/master/SVG/RStudio.svg
    vi /usr/share/applications/rstudio-ide.desktop
    [Desktop Entry]
    Version=1.0
    Type=Application
    Name=R-Studio IDE
    Comment=
    Exec=/opt/launchers/bin/rstudio-ide.sh
    Icon=/opt/launchers/icon/rstudio-ide.svg
    Path=$HOME
    Terminal=false
    StartupNotify=false
    Categories=Research;
    chmod 644 /usr/share/applications/rstudio-ide.desktop
    rm -f /usr/share/applications/rstudio.desktop

MySQL

  • Pull image
    docker login # Login if there is a rate limiting issue (provide a docker hub credential)
    docker pull mysql:8
    rm -f $HOME/.docker/config.json
  • Create start command
    vi /opt/docker/bin/mysql_start.sh
    #!/bin/bash
    MYSQL_DATA=/drives/drive1/mysql
    if [ ! -d "$MYSQL_DATA" ]; then
    export MYSQL_ROOT_PASSWORD=$(zenity --password --title="Choose MySQL Password")
    if [ $? = 0 ] && [ -n "$MYSQL_ROOT_PASSWORD" ]; then
    echo "User has pressed OK."
    #echo "$MYSQL_ROOT_PASSWORD"
    else
    zenity --error --text "A password must be selected to start the MySQL instance." --width 200 --title "MySQL Start Error"
    exit 1
    fi
    fi
    docker create --name mysql -e MYSQL_ROOT_PASSWORD -v $MYSQL_DATA:/var/lib/mysql -p 127.0.0.1:3306:3306 mysql:8
    docker start mysql
    zenity --info --text "MySQL has been started." --width 200 --title "MySQL Start"
    chmod 755 /opt/docker/bin/mysql_start.sh
  • Create start Launcher
    vi /opt/launchers/bin/mysql_start.sh
    xhost +local:
    sudo /opt/docker/bin/mysql_start.sh
    xhost -
    chmod 755 /opt/launchers/bin/mysql_start.sh
    curl -o /opt/launchers/icon/mysql.svg https://www.vectorlogo.zone/logos/mysql/mysql-ar21.svg
    vi /usr/share/applications/mysql_start.desktop
    [Desktop Entry]
    Version=1.0
    Type=Application
    Name=MySQL Start
    Comment=
    Exec=/opt/launchers/bin/mysql_start.sh
    Icon=/opt/launchers/icon/mysql.svg
    Path=$HOME
    Terminal=false
    StartupNotify=false
    Categories=Databases;
    chmod 644 /usr/share/applications/mysql_start.desktop
  • Create stop command
    vi /opt/docker/bin/mysql_stop.sh
    docker stop mysql
    zenity --info --text "MySQL has been stopped." --width 200 --title "MySQL Stop"
    chmod 755 /opt/docker/bin/mysql_stop.sh
  • Create stop Launcher
    vi /opt/launchers/bin/mysql_stop.sh
    xhost +local:
    sudo /opt/docker/bin/mysql_stop.sh
    xhost -
    chmod 755 /opt/launchers/bin/mysql_stop.sh
    vi /usr/share/applications/mysql_stop.desktop
    [Desktop Entry]
    Version=1.0
    Type=Application
    Name=MySQL Stop
    Comment=
    Exec=/opt/launchers/bin/mysql_stop.sh
    Icon=/opt/launchers/icon/mysql.svg
    Path=$HOME
    Terminal=false
    StartupNotify=false
    Categories=Databases;
    chmod 644 /usr/share/applications/mysql_stop.desktop

Postgres

  • Pull image
    docker login # Login if there is a rate limiting issue (provide a docker hub credential)
    docker pull postgres:14
    rm -f $HOME/.docker/config.json
  • Create start command
    vi /opt/docker/bin/postgres_start.sh
    #!/bin/bash
    POSTGRES_DATA=/drives/drive1/postgres
    if [ ! -d "$POSTGRES_DATA" ]; then
    export POSTGRES_PASSWORD=$(zenity --password --title="Choose Postgres Password")
    if [ $? = 0 ] && [ -n "$POSTGRES_PASSWORD" ]; then
    echo "User has pressed OK"
    #echo "$POSTGRES_PASSWORD"
    else
    zenity --error --text "A password must be selected to start the Postgres instance." --width 200 --title "Postgres Start Error"
    exit 1
    fi
    fi
    docker create --name postgres -e POSTGRES_PASSWORD -v $POSTGRES_DATA:/var/lib/postgresql/data -p 127.0.0.1:5432:5432 postgres:14
    docker start postgres
    zenity --info --text "Postgres has been started." --width 200 --title "Postgres Start"
    chmod 755 /opt/docker/bin/postgres_start.sh
  • Create start Launcher
    vi /opt/launchers/bin/postgres_start.sh
    xhost +local:
    sudo /opt/docker/bin/postgres_start.sh
    xhost -
    chmod 755 /opt/launchers/bin/postgres_start.sh
    curl -o /opt/launchers/icon/postgres.svg https://upload.wikimedia.org/wikipedia/commons/2/29/Postgresql_elephant.svg
    vi /usr/share/applications/postgres_start.desktop
    [Desktop Entry]
    Version=1.0
    Type=Application
    Name=Postgres Start
    Comment=
    Exec=/opt/launchers/bin/postgres_start.sh
    Icon=/opt/launchers/icon/postgres.svg
    Path=$HOME
    Terminal=false
    StartupNotify=false
    Categories=Databases;
    chmod 644 /usr/share/applications/postgres_start.desktop
  • Create stop command
    vi /opt/docker/bin/postgres_stop.sh
    docker stop postgres
    zenity --info --text "Postgres has been stopped." --width 200 --title "Postgres Stop"
    chmod 755 /opt/docker/bin/postgres_stop.sh
  • Create stop Launcher
    vi /opt/launchers/bin/postgres_stop.sh
    xhost +local:
    sudo /opt/docker/bin/postgres_stop.sh
    xhost -
    chmod 755 /opt/launchers/bin/postgres_stop.sh
    vi /usr/share/applications/postgres_stop.desktop
    [Desktop Entry]
    Version=1.0
    Type=Application
    Name=Postgres Stop
    Comment=
    Exec=/opt/launchers/bin/postgres_stop.sh
    Icon=/opt/launchers/icon/postgres.svg
    Path=$HOME
    Terminal=false
    StartupNotify=false
    Categories=Databases;
    chmod 644 /usr/share/applications/postgres_stop.desktop

Stata (License Required)

  • [DONE] If /home/libvirt/installers.qcow2 dosn't already exist
    • Create temp qcow2 file
      sudo qemu-img create -f qcow2 /home/libvirt/installers.qcow2 200G
      sudo chown qemu:qemu /home/libvirt/installers.qcow2
      sudo chmod 600 /home/libvirt/installers.qcow2
    • Update VM configuration to add temp qcow2 storage
    • Start VM
    • Mount temp storage into VM
      lsblk
      mkfs.xfs /dev/vdb # If not already done
  • Mount installers
    mount /dev/vdb /mnt
  • [DONE] Copy installer from discovery
    cd /dartfs-hpc/rc/lab/R/RCStaff/KeyServer_Projects/Stata/Stata17/Unmodified-installers
    scp Stata17Linux64.tar.gz root@10.232.142.243:/mnt/
  • Install Stata 17
    yum install ncurses-compat-libs
    cd /mnt/
    mkdir Stata17Linux64
    cd Stata17Linux64
    tar xzvf ../Stata17Linux64.tar.gz
    mkdir -p /opt/stata/17
    cd /opt/stata/17
    /mnt/Stata17Linux64/install
    ./stinit
    # Serial number: <CyberArk files>
    # Authorization: <CyberArk files>
    # Code: <CyberArk files>
    # Enter what you would like the first line to say:
    # Dartmouth College
    # Enter what you would like the second line to say:
    # Research Computing
    ./stata # Test CLI and update Stata
    update query
    update all
    ./xstata # Test GUI
  • Create Stata CLI Launcher
    vi /usr/local/bin/stata
    #!/bin/bash
    export STATATMP=$HOME/.statatmp/$BASHPID
    mkdir -p -m 700 $STATATMP
    # Clean-up old STATATMP directories
    for TMPDIR in $(ls $HOME/.statatmp/)
    do
    ps -p $TMPDIR > /dev/null || ( echo "Deleting $HOME/.statatmp/$TMPDIR"; rm -fr $HOME/.statatmp/$TMPDIR)
    done
    # Launch stata
    echo "Using \"$STATATMP\" for temporary files"
    /opt/stata/17/stata "$@"
    # Cleanup STATATMP directory
    rm -fr $STATATMP
    chmod 755 /usr/local/bin/stata
    vi /opt/launchers/bin/stata-cli.sh
    /usr/local/bin/stata
    chmod 755 /opt/launchers/bin/stata-cli.sh
    curl -o /opt/launchers/icon/stata-cli.svg https://iconape.com/wp-content/files/bl/345993/svg/345993.svg
    vi /usr/share/applications/stata-cli.desktop
    [Desktop Entry]
    Version=1.0
    Type=Application
    Name=Stata CLI
    Comment=
    Exec=/opt/launchers/bin/stata-cli.sh
    Icon=/opt/launchers/icon/stata-cli.svg
    Path=$HOME
    Terminal=true
    StartupNotify=false
    Categories=Research;
    chmod 644 /usr/share/applications/stata-cli.desktop
  • Create Stata GUI Launcher
    vi /usr/local/bin/xstata
    #!/bin/bash
    export STATATMP=$HOME/.statatmp/$BASHPID
    export STATAWAIT=$HOME/.statawait/$BASHPID
    mkdir -p -m 700 $STATATMP $HOME/.statawait/
    # Clean-up old STATATMP directories
    for TMPDIR in $(ls $HOME/.statatmp/)
    do
    ps -p $TMPDIR > /dev/null || ( echo "Deleting $HOME/.statatmp/$TMPDIR"; rm -fr $HOME/.statatmp/$TMPDIR)
    done
    # Clean-up old STATAWAIT files
    for WAITFILE in $(ls $HOME/.statawait/)
    do
    ps -p $WAITFILE > /dev/null || ( echo "Deleting $HOME/.statawait/$WAITFILE"; rm -f $HOME/.statawait/$WAITFILE)
    done
    # Launch stata
    echo "Using \"$STATATMP\" for temporary files"
    fifo=$STATAWAIT
    mkfifo $fifo
    ( read < $fifo junk ) &
    waitpid=$!
    /opt/stata/17/xstata "$@" > $fifo &
    wait $waitpid
    rm -f $fifo
    # Cleanup STATATMP directory
    rm -fr $STATATMP
    chmod 755 /usr/local/bin/xstata
    vi /opt/launchers/bin/stata-ide.sh
    /usr/local/bin/xstata
    chmod 755 /opt/launchers/bin/stata-ide.sh
    curl -o /opt/launchers/icon/stata-ide.svg https://iconape.com/wp-content/files/bl/345993/svg/345993.svg
    vi /usr/share/applications/stata-ide.desktop
    [Desktop Entry]
    Version=1.0
    Type=Application
    Name=Stata IDE
    Comment=
    Exec=/opt/launchers/bin/stata-ide.sh
    Icon=/opt/launchers/icon/stata-ide.svg
    Path=$HOME
    Terminal=false
    StartupNotify=false
    Categories=Research;
    chmod 644 /usr/share/applications/stata-ide.desktop

SAS (Site License)

  • [DONE] If /home/libvirt/installers.qcow2 dosn't already exist
    • Create temp qcow2 file
      sudo qemu-img create -f qcow2 /home/libvirt/installers.qcow2 200G
      sudo chown qemu:qemu /home/libvirt/installers.qcow2
      sudo chmod 600 /home/libvirt/installers.qcow2
    • Update VM configuration to add temp qcow2 storage
    • Start VM
    • Mount temp storage into VM
      lsblk
      mkfs.xfs /dev/vdb # If not already done
  • Mount installers
    mount /dev/vdb /mnt
  • [DONE] On discovery as rci* account
    • Copy SAS installer
      cd /dartfs/rc/lab/S/Software/public/SAS
      rsync -av Software_Depot_94_TS1M7 root@10.232.142.243:/mnt/
    • Copy license file
      scp /dartfs/rc/lab/S/Software/sid_files_9.4/2022/SAS94_9CKND7_70103572_LINUX_X86-64.txt root@10.232.142.243:/mnt/
  • Install SAS
    yum install libpng12
    cd /mnt/Software_Depot_94_TS1M7
    ./setup.sh
    # * Install SAS software
    # SAS Home: /opt/sas/94ts1m7
    # * Install SAS Foundation and Related Software
    # Options:
    # * SAS Drivers for JDBC
    # SAS installation data file: /mnt/SAS94_9CKND7_70103572_LINUX_X86-64.txt
    # [*] English
  • Configure SAS
    vi /opt/sas/94ts1m7/SASFoundation/9.4/sasv9_local.cfg
    -cpucount ACTUAL
    -memsize MAX
    -sortsize 10G
  • Create SAS GUI Launcher
    vi /usr/local/bin/sas
    #!/bin/bash
    export SASTMP=$HOME/.sastmp/$BASHPID
    mkdir -p -m 700 $SASTMP
    # Clean-up old SASTMP directories
    for TMPDIR in $(ls $HOME/.sastmp/)
    do
    ps -p $TMPDIR > /dev/null || ( echo "Deleting $HOME/.sastmp/$TMPDIR"; rm -fr $HOME/.sastmp/$TMPDIR)
    done
    # Launch sas
    /opt/sas/94ts1m7/SASFoundation/9.4/sas -work $SASTMP "$@"
    # Cleanup SASTMP directory
    rm -fr $SASTMP
    chmod 755 /usr/local/bin/sas
    vi /opt/launchers/bin/sas.sh
    /usr/local/bin/sas
    chmod 755 /opt/launchers/bin/sas.sh
    curl -od https://upload.wikimedia.org/wikipedia/commons/1/10/SAS_logo_horiz.svg
    vi /usr/share/applications/sas.desktop
    [Desktop Entry]
    Version=1.0
    Type=Application
    Name=SAS
    Comment=
    Exec=/opt/launchers/bin/sas.sh
    Icon=/opt/launchers/icon/sas.svg
    Path=$HOME
    Terminal=true
    StartupNotify=false
    Categories=Research;
    Hidden=true
    chmod 644 /usr/share/applications/sas.desktop
  • Unmount /mnt
  • Shutdown the VM
  • Remove the temp qcow2 from the VM configuration

DBeaver

  • Install DBeaver
    curl -LO https://dbeaver.io/files/dbeaver-ce-latest-stable.x86_64.rpm
    dnf localinstall dbeaver-ce-latest-stable.x86_64.rpm
  • Launch DBeaver and download JBDC drivers for Postgres/MySQL
    dbeaver
    # Database > Driver Manager
    # Select Driver from the list
    # Click Edit button
    # Click Libraries tab
    # Click Download/Update
  • Copy /root/.local/share/DBeaverData to /etc/skel/.local/share/DBeaverData

Transfer image to VM Hosts

  • Shutdown Virtual Machine
    halt -p
  • Transfer image from acl05 to acl03
    sudo scp /home/libvirt/rocky8-base.qcow2 root@acl03:/opt/ticrypt/libvirt/ticrypt-bricks/
  • Fix image permissions on acl03
    ssh root@acl03
    chown ticrypt:qemu /opt/ticrypt/libvirt/ticrypt-bricks/rocky8-base.qcow2
    chmod 644 /opt/ticrypt/libvirt/ticrypt-bricks/rocky8-base.qcow2

Setup virtual machine in tiCrypt

  • Login to tiCrypt Connect for ticrypt-demo.dartmouth.edu
  • Click Management from the top menu
  • Create the VM Image
    • Click VM Images from the menu to the left, then click the add button
    • On the Realm screen, provide the following, then click Next
      Realm: Libvirt
    • On the Volume screen, provide the following, then click Next
      rocky8-base.qcow2: <selected>
    • On the Description screen, provide the following, then click Create
      Name: rocky8-base
      Operating System: Linux
      Description: rocky8-base
  • Create the VM Hardware Setup
    • Click VM Hardware Setup from the menu to the left, then click the add button
    • On the Image screen, provide the following, then click Next
      rocky8-base: <selected>
    • On the Hardware screen, provide the following, then click Next
      Do not apply quotas to this hardware setup: <unchecked>
      Cores: 2
      Max Memory: 4
      Video: None
      Pty: False
    • On the Info screen, provide the following, then click Next
      Name: rocky8-base-2cpu-4g
      Description: rocky8-base-2c-4g
      This VM hardware setup should be available to everyone in the system: <checked>
    • On the Usage Instructions screen, provide the following, then click Next
      Template: Windows VM with RDP access: <selected>
    • For debugging, click the triple-dots next to the new VM Hareware Setup from the list.
    • Click Edit Image/Info
    • Update Video to VNC, then click Update
  • Testing the image in tiCrypt
    • Click Virtual Machines from the top menu
    • Click Drives from the sub-menu
    • Click the add button under Drives
    • Provide the following, then click `Create
      Name: rocky8-base-test-drive
      Type: EXT4
      Drive Size: 10GB
      Never backup: <checked>
      Project: <blank>
      Team: Admins
      Realm: Libvirt
    • Click Virtual Machines from the sub-menu
    • Click the add button under Virtual Machines
    • On the Basic info screen, provide the following, then click Next
      Name: rocky8-base-test
      Team: Admins
      Project: <blank>
    • On the VM image screen, provide the following, then click Next
      rocky8-base-2cpu-4g: <selected>
    • On the Drives screen, provide the following, then click Next
      Home drive: rocky8-base-test-drive
      Additional read-write drives: <blank>
      Additional read-only drives: <blank>
    • On the Confirm screen, provide the following, then click Create
      Launch a VM from this template immediately: <checked>
    • When prompted for New drive formatting, click Yes
    • Once the virtual machine starts, you should be able to
      • Open Terminal
      • Open Application
      • Open debugging remote desktop