Setting up PLG Lab PCs with Ubuntu

The following assumes that the PC being setup is called "scspc187.cs"

Prepatory steps

We started out with awk.cs and then proceeded slightly differently (server install) with scspc84 aka ir4.

1. Partitioning scheme (some machines may vary!):
   • hda3 / ext3 5gb
   • hda4 /fsys1 ext3 3gb
   • mount but do not format hdc3 as /u (used to be /u1, but changed for LDAP schemes)
2. It will want to know what user to use. We'll try it with asharji and a password that's mutually known. Later we'll worry about the root account.
3. Use the GUI partition editor which sucks for this kind of thing.
4. Interesting, it didn't ask about network info. Need to fix up with the GUI - don't forget about netmasks.
5. Copy sources.list from another machine - awk.
6. apt-get update
7. Install netkit-inetd
8. Install openssh-server after an apt-get update; also install gpm, csh, tcsh, rdate, rsh-server, rsh-client, rcs, xterm, xauth, libpam-ldap, libnss-ldap, ldap-utils, ntp (don't worry about configuring the LDAP stuff)
9. Add entries for hdparm - DMA and 32 bit IO. TODO: this doesn't work on SATA disks. blktool is allegedly the tool, but it doesn't know from DMA either.
10. May have to set the root password to allow rsh from the usual suspects (also set up /root/.rhosts).
11. Do something with /etc/securetty.
12. Copy ssh_known_hosts2 and sshd_config from "somewhere" to /etc/ssh on the new host
13. Fix /etc/inetd.conf by adding ".1000" after each "nowait" statement for the r-services.
14. Sync installed packages with awk.

Xhier steps

Now we're xhiering.

Distribution machine (cscf.cs)

Note: we're following the steps in UbuntuXhierHowto that haven't already been done. (See detailed example in ST#65751 )

1. on administration master (eg., cscf.cs), become root and (RCS) edit: /software/xhier/data/access-rights , add your host, specifying it's distribution master. (eg, scspc187.cs ubuntu-i386.cscf)
   • cd /.software/admin/xhier/data
   • co -l access-rights
   • vi access-rights
   • add the new machines in the section labelled "CS Research - PLG"
   • ci -u access-rights
2. re-distribute the xhier package back to the distribution master from the admin master (cscf.cs)
   • 1>(root)@cscf[118]% xh-dist2 ubuntu-i386.cscf xhier

Client machine

OS preparation

• login to the client machine
  • become root on plg2.math
  • rsh clienthostname
• Ensure the hostname is set correctly - edit /etc/hostname and use the hostname command if necessary
  • it must match the name entered in the access-rights file, above
• ensure necessary pre-requisite software is installed
  • apt-get install rsh-server rsh-client csh
• Create /etc/securetty (if not already there). Contents:

pts/0
pts/1
pts/2
pts/3
pts/4
pts/5
pts/6
pts/7
pts/8
pts/9
pts/10

• # mkdir /vendor
• tar -czvf /vendor.tgz /root/.cshrc /etc/{fstab,group,passwd,ssh} /usr/bin/{apt-get,chfn,chsh,passwd} /usr/sbin/{groupadd,useradd}
• cd /vendor; tar -xzvf /vendor.tgz
• update /etc/nsswitch.conf
  • vi /etc/nsswitch.conf and insure the following lines are as shown:

# cat /etc/nsswitch.conf

# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.

passwd:         compat
group:          compat
shadow:         compat

hosts:          dns files
...

1. check .rhosts - it should be as shown:

# cat .rhosts
cscf.cs root
cscf.cs.uwaterloo.ca root
awk.cs root
awk.cs.uwaterloo.ca root
debian31.cscf.uwaterloo.ca root
debian31.cscf root
plg2.math root
plg2.math.uwaterloo.ca root
plg1.cs.uwaterloo.ca root
plg1.cs root
ubuntu-i386.cscf root
ubuntu-i386.cscf.uwaterloo.ca root

• Update /etc/hosts
  • make sure the current host is listed, eg: 129.97.186.123  scspc187.cs.uwaterloo.ca  scspc187.cs
  • ensure that the line for ubuntu-i386.cs is there: 129.97.15.129   ubuntu-i386.cscf.uwaterloo.ca   ubuntu-i386.cscf
• Update /etc/networks so that it looks like:

# cat /etc/networks
default         0.0.0.0
loopback        127.0.0.0
link-local      169.254.0.0
localnet        129.97.186.0

• copy /etc/passwd and /etc/group from another PLG machine, eg: awk.cs
  • ubuntu-i386.cscf# ssh awk.cs
  • root@awk:~# rcp /etc/passwd scspc187.cs:/etc/passwd
  • root@awk:~# rcp /etc/group scspc187.cs:/etc/group
• copy /etc/ntp.conf from the distribution machine (ubuntu-i386.cscf) and restart ntp:
  • ubuntu-i386.cscf# rcp /etc/ntp.conf scspc187.cs:/etc/ntp.conf
  • or update /etc/ntp.conf and change the "server" line to: server ntp.cs
  • /etc/init.d/ntp restart
• reboot client machine to make sure all configurations above take effect

xhier preparation

• create required directories and links:

mkdir /vendor /xhbin /.software
mkdir /fsys1/.software
mkdir /fsys1/.software/{share,arch,admin,regional,local,spool}
ln -s /fsys1/.software/* /.software
ln -s /.software/share/ /software

• • (/vendor probably already exists from steps above)
• Run xh-first-time from distribution master
  • root@ubuntu-i386:~# xh-first-time scspc187.cs
  • from what I've been told, you can pretty much ignore most errors...
• xh-dist2 scspc187.cs debian-1
• xh-dist2 scspc187.cs plglab-1
  • this will do things like patch /etc/gdm/Xsession and the default kwinrc files. It will also remind you if /etc/nsswitch.conf needs updating and check for various LDAP configuration files if necessary.
• xh-dist2 scspc187.cs termcap_progs to get setprompt

Add xhier packages

xh-dist2 scspc187.cs config-files
xh-dist2 scspc187.cs filetools
xh-dist2 scspc187.cs graveyard
xh-dist2 scspc187.cs lockfile
xh-dist2 scspc187.cs login
xh-dist2 scspc187.cs man
xh-dist2 scspc187.cs maple-11.0
xh-dist2 scspc187.cs openssl-0.9.8_runtime
xh-dist2 scspc187.cs pam-config
xh-dist2 scspc187.cs perl-cover
xh-dist2 scspc187.cs processes
xh-dist2 scspc187.cs security
xh-dist2 scspc187.cs setpw

or possibly:

for i in config-files filetools graveyard lockfile login man maple-11.0 openssl-0.9.8_runtime pam-config perl-cover processes security setpw
do
echo xh-dist2 scspc187.cs $i
xh-dist2 scspc187.cs $i
done

Add other required Ubuntu packages

apt-get install libnet-ldap-perl libio-socket-ssl-perl libauthen-sasl-perl

Add machine(s) to plglab-1 package on capo

• login to capo
• cd /software/plglab-1/data
• suw

co -l plg_pcs ldap_pcs ubuntu_pcs
echo "scspc187.cs" >> plg_pcs
echo "scspc187.cs" >> ldap_pcs
echo "scspc187.cs" >> ubuntu_pcs
ci -u plg_pcs ldap_pcs ubuntu_pcs

• add machine(s) to sync-plg-804 script

cd /software/plglab-1/maintenance
co -l sync-plg-804
vi sync-plg-804
  ... update CLIENT_HOSTS="scspc187"   (Note: this can be a space-delimited list if doing more than one machine)
ci -u sync-plg-804

• push it out to the distribution machine from capo: xh-dist2 ubuntu-i386.cscf plglab-1
• push it out from the distribution machine to the client machine: xh-dist2 scspc187.cs plglab-1

Update debian packages

Copy common pam auth files to the new client

• the following files in /etc/pam.d need to be copied from another client

common-account
common-auth
common-password
common-session

• The following copies a tar file currently on scspc215 to the target client machine:

root@ubuntu-i386:/etc/pam.d# cd /tmp
root@ubuntu-i386:/tmp#  scp scspc215.cs:/etc/pam.d/scspc211-pam.tar .
root@ubuntu-i386:/tmp# rcp scspc211-pam.tar scspc187.cs:/etc/pam.d/

• make a backup of the original files and then extract the new files

root@scspc032:/software# cd /etc/pam.d
root@scspc032:/etc/pam.d# mkdir backup
root@scspc032:/etc/pam.d# mv common* backup
root@scspc032:/etc/pam.d# tar -xvf scspc211-pam.tar 
common-account
common-auth
common-password
common-session

Update packages based on awk.cs

For this process, we need the script in /software/plglab-1/maintenance called "sync-plg-804". It will grab all of the debian packages on awk.cs and get them installed on the specified client machines (scspc134.cs and scspc215.cs in this case). It needs to be run as root from a machine with the script and with .shosts access to the client machine - we'll use the arch-master, ubuntu-i386.cscf for this purpose.

• setup .shosts access
  • generate ssh key on ubuntu-i386: # ssh-keygen -t dsa
  • copy id_dsa.pub into authorized keys onto the client machine(s)

root@ubuntu-i386:~/tmp# cd
root@ubuntu-i386:~# cd .ssh
root@ubuntu-i386:~/.ssh# rcp id_dsa.pub scspc187.cs:.ssh/authorized_keys

• Run the sync-plg-804 script as root on ubuntu-i386.cscf
  • root@ubuntu-i386:~# sync-plg-804
  • (Assumptions: sync-plg-804 should already be in the path, there should be an ssh key for ubuntu-i386.cscf on awk.cs)
• The above doesn't seem to do everything it is supposed to, so run the following on the client machine(s) as root:
  • /software/debian-1/maintenance/apt-get -uf --fix-missing dselect-upgrade
    • You will be prompted for a number of configuration options, choose:

Display Manager: gdm
Postfix: No Configuration
Sun Java license: Ok, Yes
Ion3: Yes
uswsusp: Yes

• reboot

Disable backup

• cd /.software/local/os-extras/config/local
• vi config.d
  • add to the end: CheckDumpDates=no
• xh-install os-extras

Setup printing

• Follow steps here as root: CupsOnLinux
• vi /etc/cups/cupsd.conf to look like:

      Browsing On
      BrowsePoll print.cs.uwaterloo.ca
      BrowseInterval 3600
      BrowseTimeout 3700

• /etc/init.d/cupsys restart

Still to resolve

• video driver seems very slow
• su access for owner of the machine

Mike's other notes

Once the machine is xhiered, some tex stuff will break because the stupid scripts assume they can call access without a path. Attached is a script to fix these stupid scripts. My own script is stupid too, but it works. Don't run it twice.

Other hints:

• /etc/resolv.conf
• /etc/securetty
• /etc/ssh/known_hosts2
• /etc/ssh/sshd_config
• /etc/ssh/ssh_config