Howto for Installing Xhier onto ubuntu

Supplement for Ray's solaris-specific install howto. (http://www.math.uwaterloo.ca/mfcf/internal/procedures/OS/Solaris/xhier.shtml) . Maintained by DanielAllen ; corrections to him, or make them here, directly.

Another related document is SettingUpNewUbuntuArches.

OS Install

See UbuntuInstallSteps for a detailed step-by-step.

Preparation, distribution machine(s):

• on administration master (eg., cscf.cs), (RCS) edit: /software/xhier/data/access-rights , add your host. (eg, a new cscf debian machine might be: mirror.cscf debian31.cscf )
  • Note: you actually have to do this in: cd /.software/admin/xhier/data
  • Note2: newer machines might be: scspc211.cs  ubuntu-i386.cscf

• distribute xhier back to the proper master (in above example: xh-dist2 debian31.cscf xhier )

Preparation, target machine:

• passwordless root rsh login see XhierHowtos#Enabling_passwordless_login_on_U (summary: apt-get install rsh-server rsh-client, modify /etc/securetty, and copy .rhosts to your machine)

• apt-get install csh

• save stuff in /vendor:

      mkdir /vendor
      tar -czvf /vendor.tgz /root/.cshrc /etc/{fstab,group,passwd,ssh} /usr/bin/{apt-get,chfn,chsh,passwd} /usr/sbin/{groupadd,useradd}
      cd /vendor; tar -xzvf /vendor.tgz 

• Put dns before files in /etc/nsswitch.conf.

• Copy /etc/hosts and /etc/networks from distribution machine (eg., ubuntu5-amd64.cscf)

• Copy /etc/passwd from somewhere reasonable, or add the following users and groups manually:

• • by editing /etc/passwd and /etc/group if you're not using SElinux

      # /etc/passwd
      orphan:x:86:301:Nobody:/:

      # /etc/group
      everyone::301:
      orphan::302:
      none::303:

• • Or, adding from command-line: add above users and groups with following format:

      adduser --no-create-home --uid 86 --gid 301 --disabled-password --disabled-login orphan

• mkdirs:

ln -s / /fsys1

mkdir /vendor /xhbin /.software
mkdir /fsys1/.software
mkdir /fsys1/.software/{share,arch,admin,regional,local,spool}
ln -s /fsys1/.software/* /.software

ln -s /.software/share/ /software

• mounting /.software/regional from elsewhere if it's not a regional master

xh-first-time:

• requires that rcp really is rcp (on linux platforms the is sometime scp, so you must install a real rcp command, on recent Ubuntu platforms, this is provided by the rsh-client package)
• xh-first-time from master machine:
  • there will be instructions of things to add and manpages to read; please do that. There are notes of likely specific changes below.

debian31:/etc# xh-first-time [YOUR MACHINE]
xh-first-time warning: The remote host hasn't specified an architecture
xh-first-time warning:    in /software/xhier/config/local/allowed-types.
xh-first-time warning:    Assuming for now that it has the same type as the
xh-first-time warning:    local host, namely "Debian3.1-IA32".
xh-first-time FYI: The target host "ubuntu5-x86-64.cscf" doesn't appear
xh-first-time FYI:   to be configured to receive
xh-first-time FYI:   these packages: os-extras mfcf-basics xhier,
xh-first-time FYI:   so they will be added to:
xh-first-time FYI:   "/software/xhier,dev/data/client-requests/ubuntu5-x86-64.cscf".
xh-set-access-rights FYI: Initializing
xh-set-access-rights FYI:   '/.software/admin/xhier/data/access-rights'
xh-set-access-rights FYI:   to assume NO RECEPTION
xh-set-access-rights FYI:   and NO DISTRIBUTION of software.
xh-set-access-rights FYI: It will either be updated later by a
xh-set-access-rights FYI:   distribution from a machine of your
xh-set-access-rights FYI:   administration, or it means that this is
xh-set-access-rights FYI:   a new administration, so the file MUST
xh-set-access-rights FYI:   be updated to describe where software
xh-set-access-rights FYI:   for this machine comes from.
xh-set-access-rights FYI: See "man xhier-config" and "man xh-dist-hosts"
xh-set-access-rights FYI:   for details.
xh-distribute FYI: "xhier" package maintainer: xhier_maintainer@math.uwaterloo.ca
xh-distribute FYI: rdist output of the "xhier" package from "debian31.cscf" follows:
  updating host ubuntu5-x86-64.cscf
    special: xhier Install warning: Although "hostnames `hostname`"
    special: xhier Install warning:    appeared to use /etc/hosts first,
    special: xhier Install warning:    this host now does appear to be
    special: xhier Install warning:    using DNS name service.
    special: xhier Install warning: We must have run into the problem with
    special: xhier Install warning:    the "hostnames" command, as we
    special: xhier Install warning:    first observed on Solaris 8.
    special: xhier Install warning: To avoid further spurious error diagnostics,
    special: xhier Install warning:    we will assume "hostnames" of
    special: xhier Install warning:    a FQDN will invoke DNS.
    special: xh-set-local-maintainer FYI: creating "/.software/local/xhier/config/local/xhier_maintainer".
    special: xh-set-local-maintainer FYI: please list any local maintainers here.

• edit /.software/local/xhier/config/local/xhier_maintainer :
  • possibly should be an alias, such as: debian_support (You can hand-edit /etc/aliases to add that alias with a good initial value):
    • debian_support: cscf-adm

    special: Assuming that this host is its own "regional server".
    special:   If it isn't, please put the hostname of
    special:   the regional server of this region into
    special:   "/software/xhier/data/hosts/regional_server".
    special:   See "man xhier-config" for details.
    special:
    special: Assuming this is not a 'standalone' host.
    special:   If that's an incorrect assumption,
    special:   use "xh-is-standalone on".
    special:   See "man xhier-config" for details.
    special:
    special: FYI: initializing /software/xhier/config/regional/options
    special: FYI: initializing /software/xhier/config/local/options
    special: xhier Install FYI: Creating "/root/.cshrc".
    special: xhier Install: The "/root/.cshrc" is fixed
    special: xhier Install: to include xhier search rules.
    special: xhier Install: Do a "rm /root/.cshrc" to unfix.
    special: xhier Install: Remember to change "/software/xhier/data/config.d"
    special: xhier Install: as well if you undo this fix.
    special: xhier Install FYI: Assuming this host is the
    special: xhier Install FYI:   "Debian3.1-IA32" architecture,
    special: xhier Install FYI:   so will set "arch=Debian3.1-IA32"
    special: xhier Install FYI:   in "/software/xhier/config/local/allowed-types".

    special: xhier Install FYI: Assuming this host is in the
    special: xhier Install FYI:   "cs.uwaterloo.ca" administration,
    special: xhier Install FYI:   so will set "admin=cs.uwaterloo.ca"
    special: xhier Install FYI:   in "/software/xhier/config/local/allowed-types".

    special: xhier Install FYI: Assuming this machine is its own region, so initializing

    special: xhier Install FYI:
      "/.software/regional/xhier/data/default-allowed-types/regional"
    special: xhier Install FYI:   to "ubuntu5-x86-64.cscf.uwaterloo.ca".
    special: xhier Install FYI: Assuming this host is in the
    special: xhier Install FYI:   "ubuntu5-x86-64.cscf.uwaterloo.ca" region,
    special: xhier Install FYI:   so will set "regional=ubuntu5-x86-64.cscf.uwaterloo.ca"

    special: xhier Install FYI:   in "/software/xhier/config/local/allowed-types".

    special: xh-make-xhier-aliases FYI: updating /.software/local/xhier/export/aliases

    special: xh-add-rc FYI: creating "/etc/init.d/xhier".
    special: xh-add-rc FYI: doing: ln -s /etc/init.d/xhier /etc/rc2.d/S99xhier
    special: xh-add-rc FYI: doing: ln -s /etc/init.d/xhier /etc/rc3.d/S99xhier
    special: xh-add-rc FYI: doing: ln -s /etc/init.d/xhier /etc/rc4.d/S99xhier
    special: xh-add-rc FYI: doing: ln -s /etc/init.d/xhier /etc/rc5.d/S99xhier
    special: xh-add-rc FYI: doing: ln -s /etc/init.d/xhier /etc/rc0.d/K21xhier
    special: setogm: new mode "544" for "/etc/init.d/xhier", instead of "644"

[paste more likely output here]

Cleanup and adding new packages

• on the destination machine, run xh-local-maintenance and keep fixing error messages until there are none left.

• after that is done, add additional packages, as suggested by other similar machines.
  • from the distribution machine, such as debian31, run: xh-dist2 [your machine] [package]

Additional debian/ubuntu fixes

GDM

• /etc/gdm/Xsession should be cloned from mef-fe02.student.cs because the vendor version has interactions with our /termcap_progs/setterm . This is clearly a bug in ubuntu's Xsession, which hopefully they will fix. See https://launchpad.net/distros/ubuntu/+source/gdm/+bug/61726 and ST#54117.

The problem is diagnosed by noticing the following warning when logging into Gnome: "Xsession: unable to launch "noglob" X session --- "noglob" not found; falling back to default session."

The workaround:

The two line additions from Dapper default are marked with '<----' below:

echo "$0: Beginning session setup..."

PREVIOUSPARAM=$1 # <----

# First read /etc/profile and .profile
test -f /etc/profile && . /etc/profile
test -f "$HOME/.profile" && . "$HOME/.profile"
# Second read /etc/xprofile and .xprofile for X specific setup
test -f /etc/xprofile && . /etc/xprofile
test -f "$HOME/.xprofile" && . "$HOME/.xprofile"

if [ -n $PREVIOUSPARAM ] ; then set $PREVIOUSPARAM ; fi  # <----

Other fixes

• Before adding new deb packages, figure out if they're going to create new users or groups, and add them manually before-hand. Ideally, these users and groups can become part of debian-1/export/passwd and group.

A few xhier gotchas can be fixed manually, if they're not handled automatically yet:

• apt-get install rdate (should be handled automatically).
• edit /etc/init.d/sysklogd to replace SYSLOGD="-u syslog" with SYSLOGD=""
• check permissions of 'slocate'. changes from vendor group ID to xhier ID sometimes causes problems:

root@lws001:/u5/drallen # ls -la /var/lib/slocate
total 1912
drwxr-x---   2 root documentation    4096 2006-07-12 07:35 .
drwxr-xr-x  40 root root             4096 2006-07-06 07:45 ..
-rw-r-----   1 root slocate       1943089 2006-07-12 07:35 slocate.db
slocate has an xhier-assigned group id:
root@mef-fe02:/u5/drallen# grep slocate /etc/group
slocate::19752:

...so repairing the group owner (and the g+s for the binary) will fix this.

root@mef-fe02:/u5/drallen# chgrp slocate /usr/bin/slocate /var/lib/slocate
/var/lib/slocate/slocate.db

root@mef-fe02:/u5/drallen# ls -la /usr/bin/slocate
-rwxr-xr-x  1 root slocate 30216 Sep 23  2004 /usr/bin/slocate
root@mef-fe02:/u5/drallen# chmod g+s /usr/bin/slocate
root@mef-fe02:/u5/drallen# ls -la /usr/bin/slocate
-rwxr-sr-x  1 root slocate 30216 Sep 23  2004 /usr/bin/slocate

• /etc/shadow must be group shadow. Also, /sbin/unix_chkpasswd must be group shadow and setgid. If a machine has changed users/groups, there's a chance that xhier will come along and make either or both files group orphan. In that case, the screen-lock will fail for both 'lock' and 'xscreensaver' (testable by running kcheckpass and if that fails, screen lock will fail too). Fixed via: chgrp shadow /sbin/unix_chkpwd ; chmod g+s /sbin/unix_chkpwd ; chgrp shadow /etc/shadow More details: https://launchpad.net/distros/ubuntu/+source/gnome-screensaver/+bug/45368

• /etc/X11/Xsession.options should comment out: "#allow-user-xsession" to ignore users' ~/.xsession file. Any customizations there which cause errors from the command-line will cause login to fail, and be annoying to debug.

• /etc/environment should change: LANG=en_US.UTF-8 to LANG=posix because most non-linux hosts expect posix display (causes non-ascii characters to display, instead of spaces).

• you will want to adjust xhier exempt-users:

man updatepw

DESCRIPTION
     The updatepw command builds a new password file.

     First it reads a standard passwd file from the standard
     input.  If it is a AIX machine, it also reads the shadow
     password file since the real password is stored there, along
     with various other things.  A exemption list of users (1 per
     line) is also read if the exemption file
     /software/setpw/data/config/exempt-users exists.

So on one host this might look like:

root@gl:/# cat /software/setpw/data/config/exempt-users
messageb*
haldaemo*

xinetd versus inetd

xinetd on Feisty has an option that can be added to /etc/default/xinetd, namely, if one puts

XINETD_OPTS="-stayalive -inetd_compat"

tells xinetd to look at /etc/inetd.conf with the proviso that one may prefer to have greater control by configuring the service in terms of xinetd's more refined configuration options. NOTE. xinetd uses tcp wrappers.

Possible useful notes

Xhier setup

Make the usual directories /vendor /xhbin /.software and NFS mount points like home directories, mail, and the regional xhier mount. Specifically I made a large enough root directory and no other partitions other than swap.

To allow for xhier distribution we need to allow for in.rshd service via some inetd server entry and protected by tcp wrappers.

Install an inetd server, we choose the openbsd version since it is has fewer bugs than the netkit-inetd package:

# apt-get install openbsd-inetd
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following extra packages will be installed:
  tcpd
The following NEW packages will be installed:
  openbsd-inetd tcpd

We then make use of the fact that openbsd-inetd installed tcp wrappers package, tcpd which allows us to edit /etc/hosts.{allow,deny}.

We next install rsh server, a requirement for xhier distribution. We choose the rsh-redone-server package because it has been rewritten from the ground up to avoid bugs that exist in other versions.

Once this is done we make sure the inetd server is running and one should confirm that shell service is available

inetd     9754     root    4u  IPv4  66744       TCP *:shell (LISTEN)

When running xh-first-time you need to have csh installed. Preferably classic bsd csh which is provided by csh package. Indeed if you do not you will see the following failure on the arch master:

 xh-first-time -v mef-fe12.student.cs
xh-first-time FYI: checking to see if "mef-fe12.student.cs" is accessible.
xh-first-time FYI: Checking the architecture claimed by "mef-fe12.student.cs".
xh-first-time warning: The remote host hasn't specified an architecture
xh-first-time warning:    in /software/xhier/config/local/allowed-types.
xh-first-time warning:    Assuming for now that it has the same type as the
xh-first-time warning:    local host, namely "Ubuntu-amd64".
xh-first-time FYI: Checking the basic "/software" structure.
xh-first-time: Unrecognized status "bash: csh: command not found"
xh-first-time:   obtained from an attempt to
xh-first-time:     rsh mef-fe12.student.cs -n csh -c ...
xh-first-time:   the basic structure check.
xh-first-time:   Check the login configuration on "mef-fe12.student.cs".

Next, edit /.software/local/xhier/config/local/requests and make sure it has the following uncommented text:

# Too many of the packages listed in admin and regional requests are
# # provided by the Linux distribution. So until we have updated xhier to
# # deal with vendor's supplying the same (or newer versions of) these
# # packages,  lets setup xhier/config/local/requests to disable them.
-/software/xhier/config/admin/requests
-/software/xhier/config/regional/requests
#
# # Tools needed on all machines for the xhier installation and maintenance
# # of software packages.
xhier
# dependencies
  mfcf-basics
  os-extras

Next install the debian-1 package using xh-dist2, namely, run xh-dist2 host debian-1, where host is replaced with the hostname of the machine you are installing.

If the host you are installing belongs to an xhier region you'll likely be mounting home directories via NFS and so you will need the xhier package setpw.

Backups?

If the machine is not needed to be backed up by Legato NetWorker, please add CheckDumpDates=no to /.software/share/os-extras/config/local/config.d and run xh-install os-extras.