Skip to content

Platforms and Compilers

Introduction

ATLAS software may run on a machine installed with these OS flavors and versions with a few additional installations or configurations as described below.

Run-time Environment

These are for run-time compatibility and not full release build environments which may require development software.

ATLAS supports RedHat Enterprise Linux and its derived flavors (e.g. RockyLinux and AlmaLinux) for both x86_64 and aarch64 architectures. Users of other OS versions and Linux/non-Linux flavors, or who do not have root privileges, should consider running on supported default containers; e.g.

  • setupATLAS -c centos6 for a centos6 container compatible with slc6
  • setupATLAS -c centos7 for a centos7 container
  • setupATLAS -c el9 for an el9 container.

Build Environment

If you are looking for a build environment, the recommendation is to use containers. More information is available from the Containers in the Nightly System documentation where the Dockerfiles are referenced and also instructions on how to build your own containers.

RedHat EL 9 (Current Supported Platform)

This includes derived flavors such as AlmaLinux and RockyLinux as per CERN Recommendations.

Required Packages

Enable the CRB Repo: 

dnf config-manager --set-enabled crb

Install the HEP_OSlibs metarpm: 

dnf install https://linuxsoft.cern.ch/wlcg/el9/`uname -m`/wlcg-repo-1.0.0-1.el9.noarch.rpm
dnf install HEP_OSlibs

Install Kerberos: 

dnf install krb5-workstation
Configure Kerberos; for example a minimal configuration in /etc/krb5.conf should have: 
[libdefaults]
  default_realm = CERN.CH
  ticket_lifetime = 24h
  renew_lifetime = 7d
  forwardable = true
  proxiable = true

[realms]
  CERN.CH = {
    default_domain = cern.ch
    kpasswd_server = afskrb5m.cern.ch
    admin_server = afskrb5m.cern.ch
    kdc = cerndc.cern.ch
  }

[domain_realm]
  cern.ch = CERN.CH
  .cern.ch = CERN.CH

Install CVMFS

Installation of CVMFS is strongly recommended and requires root privileges.

However if that is not possible (e.g. no root privileges), atlas-cvmfsexec can be used.

User namespace

By default user namespace is enabled on EL9. This can be verified by: 

sysctl user.max_user_namespaces

If the resulting user.max_user_namespaces is set to 0, that means that user namespace is disabled and Apptainer container runtimes from CVMFS will not work. There are 2 solutions to this which require root privileges:

  • Either (and highly recommend) that user namespace be enabled on the machine. 
    echo "user.max_user_namespaces = 30561"  > /etc/sysctl.d/90-max_user_namespaces.conf
sysctl -p /etc/sysctl.d/90-max_user_namespaces.conf
  • Or install a local version of Apptainer with suid.

Legacy Crypto Policy Compatibility

By default, older less secure crypto policies are disabled in this OS version. However, there are still some ATLAS sites which use older (SHA-1) grid authority certificates on their computing resources; users will notice this when downloading data from these sites fail.

To alleviate this, as root, the legacy crypto policy can be enabled by doing 

update-crypto-policies --set DEFAULT:SHA1

If the site admin prefers not to enable the legacy policy, users can still run inside containers for data downloads from these affected sites.

Container Runtime

By default, Apptainer from CVMFS will be used if user namespace is enabled. However other runtimes such as Docker, Podman, Shifter and Singularity are also supported. Nested containers (running a container within a container) is only possible with Apptainer from CVMFS which in turn requires user namespace be enabled.