Difference between revisions of "Desktop Setup - Ubuntu 12.04"
(→MADA Related Stuff) |
|||
Line 102: | Line 102: | ||
ln -s /mada/users /soe | ln -s /mada/users /soe | ||
initctl reload autofs | initctl reload autofs | ||
+ | |||
+ | /etc/auto.mada should use nfs4. Something like this: | ||
+ | users -rw,intr,soft,noquota,noatime,fstype=nfs4 mada0.cse.ucsc.edu:/mada/users | ||
+ | software -ro,intr,soft,noquota,noatime,fstype=nfs4 mada0.cse.ucsc.edu:/mada/software | ||
* 7 - awk for cadence | * 7 - awk for cadence |
Revision as of 07:18, 2 February 2013
Currently still testing the distribution, so please report any problems to Ehsan and Jose!!
- 0 - Install Ubuntu 12.04 x86_64
NOTE: ONLY if you have trouble with Step 4 of the installation process, the partition selection, open a terminal in the trial mode and run:
sudo dmraid -r -E /dev/sda
NOTE: When prompted for a username, choose one that is NOT your SOE login! For example "ian_local" rather than my SOE login of "ianlee1521". Otherwise you will not be able to login to your computer after you setup LDAP.
NOTE: When prompted for a machine name, enter the name that machine is supposed to be (mascd1, omelette, quiche, etc)
Installation should complete as normal.
Contents
Plain Ubuntu Installation
- 1 - Enable root account
Login to the GUI with your local login, then open a terminal (Applications -> Accessories -> Terminal):
sudo su - passwd
Enter your new root password for the machine.
Add your local and SOE logins to the sudoers list:
vi /etc/sudoers
- 2 - Install NVIDIA Drivers
Blacklist some kernel modules
vi /etc/modprobe.d/blacklist.conf
Add the following lines to the file
blacklist vga16fb blacklist nouveau blacklist rivafb blacklist nvidiafb blacklist rivatv
Get rid of any installed NVIDIA drivers (you are already root, if not use with sudo):
apt-get --purge remove nvidia-*
apt-get update apt-get install nvidia-current
Reboot the machine and X should start normally. Login at the GUI login as root and open a terminal.
- 3 - Setup the new repo
scp <username>@mada0:/etc/apt/sources.list /etc/apt/sources.list apt-get update -y apt-get dist-upgrade -y
- 4 - Adjust sysctl options
mmap problem for qemu
vi /etc/sysctl.d/10-zeropage.conf
Edit the following value:
vm.mmap_min_addr = 4096
increase (add) the inotify watches in /etc/sysctl.conf
echo -e "\nfs.inotify.max_user_watches = 65535 \nkernel.randomize_va_space = 0" | tee -a /etc/sysctl.conf
- 5 - Replicate the installation on Master machine (mascd12, dhcp-63-154.cse.ucsc.edu)
The current apt-get/dpkg releases have problem. So we need to work around the problems that is going to happen in this process.
ssh <username>@mascd12 dpkg --get-selections > dpkg.list dpkg --set-selections < dpkg.list apt-get update -y
echo "libdb5.1-java:i386 deinstall" | dpkg --set-selections echo "libsensors4:i386 deinstall" | dpkg --set-selections echo "libapt-pkg4.12:i386 deinstall" | dpkg --set-selections
"apt-get dselect-upgrade -y" Will give many options and take a long time for the upgrade (about an hour for me). Select all default options.
apt-get dselect-upgrade -y
It most likely will fail, complaining unable to install libapt-pkg4.12:i386, etc. You might need to repeat this until the apt-get dselect-upgrade finished gracefully. Pay attention to the error message. If it asks you to do 'apt-get install -f', then do so!
finalized the installed packages so far:
dpkg --configure -a
then remove the problematic packages from the package selecting list, and run the apt-get dselect-upgrade again :
echo "libdb5.1-java:i386 deinstall" | dpkg --set-selections echo "libsensors4:i386 deinstall" | dpkg --set-selections echo "libapt-pkg4.12:i386 deinstall" | dpkg --set-selection apt-get dselect-upgrade -y
MADA Related Stuff
- 6 - Install autofs
Create mada directory
mkdir /mada
Get autofs files from another machine
apt-get install -y autofs scp <username>@mascd12:/etc/auto.* /etc/ ln -s /mada/users /soe initctl reload autofs
/etc/auto.mada should use nfs4. Something like this:
users -rw,intr,soft,noquota,noatime,fstype=nfs4 mada0.cse.ucsc.edu:/mada/users software -ro,intr,soft,noquota,noatime,fstype=nfs4 mada0.cse.ucsc.edu:/mada/software
- 7 - awk for cadence
apt-get install -y ksh csh original-awk ln -s /usr/bin/awk /bin/awk
- 8 - Set the firewall
ufw enable ufw default deny ufw reject auth ufw limit ssh/tcp
- 9 - Get tempcap from another ubuntu machine (mascd1, mascd12, ...), and some lib preparation:
mkdir /usr/lib64 scp <username>@mascd12:/usr/lib64/libtermcap.so.2.0.8 /usr/lib64/ ln -s /usr/lib64/libtermcap.so.2.0.8 /usr/lib64/libtermcap.so.2
ln -sf /usr/lib/x86_64-linux-gnu/libtiff.so.4.3.4 /usr/lib/libtiff.so.3
- 10 - LDAP
Install
apt-get install -y ldap-auth-client libpam-krb5 krb5-user libsasl2-modules-gssapi-mit
Leave the kerberos config entry blank. You will copy it in the next step.
Create /ect/krb5.conf
scp <username>@mascd1:/etc/krb5.conf /etc/
Copy the ldap certificate
scp <username>@mascd1:/etc/ssl/certs/* /etc/ssl/certs/
Create "/etc/auth-client-config/profile.d/krb-ldap-config"
scp <username>@mascd1:/etc/auth-client-config/profile.d/krb-ldap-config /etc/auth-client-config/profile.d/krb-ldap-config auth-client-config -a -p krb_ldap
Update ldap.conf
scp <username>@mascd1:/etc/ldap.conf /etc/ldap.conf scp <username>@mascd1:/etc/ldap/ldap.conf /etc/ldap/ldap.conf
Now you should be able to execute:
ldapsearch -x LLL
- 11 - Lock SOE people out of your machine :)
scp <username>@mascd12:/etc/security/access.conf /etc/security/access.conf
You will need to add your local login to the machine, or you will lock yourself out:
vim /etc/security/access.conf
Go to very bottom of file and add your local user account to the list below root Example of the last lines of my file (Replace "ian_local" with your local login):
+ : root : ALL + : nx : ALL + : ian_local : ALL + : (masc) : ALL + : (vlsi) : ALL -:ALL :ALL
Now, you should see people with "getent passwd" but, calling "su - cormac" should say "permission denied", but, calling "su - renau" should work.
- 12 - Since the LDAP has timeouts, setup the local backup
apt-get install nss-updatedb nss_updatedb ldap cd /etc/cron.hourly/ scp <username>@mada1:/etc/cron.hourly/nss_updatedb_ldap . scp <username>@mada1:/etc/nsswitch.conf /etc
- 13 - Edit lines passwd and group in /etc/nsswitch.conf so that they are as follows (involves adding db before ldap)
sudo vi /etc/nsswitch.conf passwd: files db ldap group: files db ldap
- 14 - Allow other accounts to be shown at the login screen, and disable Guest user.
sudo vi /etc/lightdm/lightdm.conf
add the following lines to lightdm.conf
greeter-show-manual-login=true allow-guest=false
- 15 - Restart your computer:
shutdown -r now
- 16 - Login to the GUI with your SOE login information. If you get a prompt asking for an "LDAP Password" this means that you typed your password incorrectly.
- 17 - Remove old desktop configuration files (KDE / GNOME / browser)
NOTE: Removing ".config" will delete any saved passwords in your browser, but will fix other problems. NOTE: You can use kubuntu(KDE), gnome, unity, or awesome as desktop/windows manager.
Logout of / kill any open X sessions. Switch to tty1 (CTRL + ALT + F1), and login with your SOE account.
rm -rf .config .kde* .gconf* .gnome* .awesome*
- 18 - Some Minor Patches for things that don't work properly
Disable apparmor
sudo invoke-rc.d apparmor stop sudo update-rc.d -f apparmor remove
- 19 - Add bash as default shell
cd /bin sudo ln -sf bash sh
- 20 - Using QEMU and ARM in 32 bit mode. We need to install 32 bit libraries for this (as root).
sudo apt-get install g++-multilib libxext-dev:i386 -y
- 21 - Ruby Gems
sudo apt-get install ruby rubygems sudo gem install --remote builder colored cucumber diff-lcs gherkim nanoc2 polyglot rake rgl rspec stream treetop sudo gem install cri --version 1.0.1
- 22 - Install some fonts
sudo apt-get install libtiff4 t1-xfree86-nonfree ttf-xfree86-nonfree ttf-xfree86-nonfree-syriac xfonts-75dpi xfonts-100dpi
- 23 - Make sure that there is no file indexing (beagle)
sudo apt-get purge beagle
- 24 - Add to /etc/crontab to maintain same time (13:13 use any other random time)
echo -e "13 13 * * * root /usr/sbin/ntpdate ntp.ucsc.edu" | sudo tee -a /etc/crontab
- 25 - Add a freenx server to your desktop
sudo apt-get install python-software-properties sudo add-apt-repository ppa:freenx-team sudo apt-get update sudo apt-get install freenx-server
- 26 - Add sendmail (no external forwarding)
sudo apt-get purge exim4 sudo apt-get install sendmail cd /etc/mail/ sudo scp <username>@mada0:/etc/mail/alias* . sudo scp <username>@mada0:/etc/mail/sendmail.* . sudo scp <username>@mada0:/etc/mail/generi* . sudo chmod 777 /var/spool/mqueue sudo /etc/init.d/sendmail restart
- 27- Install extra tools (should have been installed through dpkg --set-selection)
sudo apt-get install -y git-core libjpeg62 sudo apt-get install -y libglib2.0-dev sudo apt-get install -y bison flex sudo apt-get install -y libboost-dev sudo apt-get install -y ack-grep sudo apt-get install -y cmake sudo apt-get install -y gridengine-client libtool mutrace sudo apt-get install -y texlive-latex-base texlive-latex-extra texlive-latex-recommended preview-latex-style latex-xcolor latex-beamer texlive-science texlive-fonts-recommended
sudo apt-get install -y okular
- 28 - Copy libtermcap needed by some synopsys aps
sudo scp <username>@mada0:/usr/lib/libtermcap.so.2.0.8 /usr/lib/. sudo ln -s libtermcap.so.2.0.8 libtermcap.so.2
- 29 - Manually install glib for i386, and get some more 32 bit libs.
cd /lib/i386-linux-gnu sudo tar zxvf /mada/software/libg.tar
Upgrade from Ubuntu 10.04
- 1- sudo apt-get dist-upgrade -y
- 2- Upgrade to Ubuntu 1.10:
https://help.ubuntu.com/community/MaverickUpgrades
Installing grid-engine (server)
- Firewall
ufw allow in 6444 ufw allow in 6445
- packages
apt-get purge gridengine-exec apt-get install gridengine-exec gridengine-client
- Set SGE master
echo "mada0.cse.ucsc.edu" >/var/lib/gridengine/default/common/act_qmaster
- Start daemon (do not wait for the next reboot)
/etc/init.d/gridengine-exec restart
Setting up CUPS for Printing
- 1. Make sure cups and cups-bsd are installed:
sudo apt-get install cups
- 2. Go to /etc/cups directory:
cd /etc/cups
- 3. Add file called "client.conf" with this in it (you may need sudo access to create new file):
ServerName cups-01.cse.ucsc.edu ServerName spooler4.cse.ucsc.edu spooler4.cse.ucsc.edu
- 4. Save the client.conf file and restart the cups server:
/etc/init.d/cups restart
- You should now be able to print. If you are not seeing a list of printer or are getting an error saying something like "client error: forbidden", then your machine does not have access to the VLAN printer network. Contact the IT tech staff and this issue should be resolved (Eric Shell helped with this).