Ubuntu 8: Difference between revisions

From CSLLabWiki
Jump to navigation Jump to search
No edit summary
m (moved Ubuntu to Ubuntu 8: Upgraded to 10 / 12 / 14)
 
(24 intermediate revisions by 2 users not shown)
Line 1: Line 1:
= Installation and Configuration =
= Installation =
 
== Installation i386 (32-bit) ==
== Installation i386 (32-bit) ==
# Download and burn the latest Ubuntu Server-Edition LTS ISO for i386 (8.04.3 used for these instructions)
* Download and burn the latest Ubuntu Server-Edition LTS ISO for i386 (8.04.3 used for these instructions)
# Boot from CD
* Boot from CD


== Installation x86_64 (64-bit) ==
== Installation x86_64 (64-bit) ==
# Download and burn the latest Ubuntu Server-Edition LTS ISO for x86_64 (amd64) (8.04.3 used for these instructions)
* Download and burn the latest Ubuntu Server-Edition LTS ISO for x86_64 (amd64) (8.04.3 used for these instructions)
# Boot from CD
* Boot from CD




Line 27: Line 28:


=== Partitioning (Single Disk) ===
=== Partitioning (Single Disk) ===
# Select the "Manual" method
* Select the "Manual" method
# Use the arrow keys to highlight the disk (usually sda) and press enter
* Use the arrow keys to highlight the disk (usually sda) and press enter
# Confirm the dialog to create a new empty partition table.
* Confirm the dialog to create a new empty partition table.
# Select the "FREE SPACE" and press enter.
* Select the "FREE SPACE" and press enter.
# Create the following partitions:
* Create the following partitions:
## (TotalSpace - 2 GB), primary, mountpoint: /, use as: ext3, options: bootable
** (TotalSpace - 2 GB), primary, mountpoint: /, use as: ext3, options: bootable
## 2 GB, logical, use as: swap
** 2 GB, logical, use as: swap
# Select "Finish Partitioning" and write the changes to disk
* Select "Finish Partitioning" and write the changes to disk


=== Partitioning (Software RAID 1) ===
=== Partitioning (Software RAID 1) ===
# Select the "Manual" method
* Select the "Manual" method
# Use the arrow keys to highlight each disk and press enter
* Use the arrow keys to highlight each disk and press enter
# Confirm the dialog to create a new empty partition table on both drives.
* Confirm the dialog to create a new empty partition table on both drives.
# Select the "FREE SPACE" on each drive and create a TotalSize - 2gb primary partition
* Select the "FREE SPACE" on each drive and create a (TotalSize - 2gb) primary partition (at the Beginning)
# Select Use as: Physical volume for RAID
* Select Use as: Physical volume for RAID
# Select "Done setting up partition"
* Select "Done setting up partition"
# Select the "FREE SPACE" below the partition you just created
* Select the "FREE SPACE" below the partition you just created
# Use the remaining space on that first drive for another primary partition
* Use the remaining space on that first drive for another primary partition (at the Beginning)
# Select Use as: Physical volume for RAID
* Select Use as: Physical volume for RAID
# REPEAT for second drive
* REPEAT for second drive
# Select "Configure software RAID" at the top
* Select "Configure software RAID" at the top
# Confirm the changes (which have to be committed before configuring RAID)
* Confirm the changes (which have to be committed before configuring RAID)
# Select "Create MD Device"
* Select "Create MD Device"
# Select "RAID1"
* Select "RAID1"
# Number of active devices: 2
* Number of active devices: 2
# Number of spare devices: 0
* Number of spare devices: 0
# Select /dev/sda1 and /dev/sdb1 then continue
* Select /dev/sda1 and /dev/sdb1 then continue
# Create a second MD Device with /dev/sda2 and /dev/sdb2 just as the previous 5 steps
* Create a second MD Device with /dev/sda2 and /dev/sdb2 just as the previous 5 steps
# Select "Finish"
* Select "Finish"
# In the partitioner, select the first RAID device and Use as: ext3, Mount point: /
* In the partitioner, select the first RAID device and Use as: ext3, Mount point: /
# Lastly, select the second RAID device and Use as: swap area then select "Finish partitioning and write changes" to disk at the bottom.
* Lastly, select the second RAID device and Use as: swap area then select "Finish partitioning and write changes" to disk at the bottom.
 


=== Finish Up ===
=== Finish Up ===
# Full name for new user: lab
* Full name for new user: lab
# Username for your account: lab
* Username for your account: lab
# Password: lab (this user will be deleted later)
* Password: lab (this user will be deleted later)
# Verify Password
* Verify Password
# Leave the HTTP proxy box empty and select "Continue"
* Leave the HTTP proxy box empty and select "Continue"
# Note: If it freezes "Scanning the mirror" unplug and replug the ethernet cable once.
* Note: If it freezes "Scanning the mirror" unplug and replug the ethernet cable once.
# Software to install: Select "OpenSSH server" and select "Continue"
* Software to install: Select "OpenSSH server" and select "Continue"
# The system will finish configuring and ask you to "Continue" before it reboots.
* The system will finish configuring and ask you to "Continue" before it reboots.


== Configuration (via SSH) ==
= Configuration =
* This section is done via SSH as a convenience for installing multiple systems.. but can be done from the keyboard.
* This section is done via SSH as a convenience for installing multiple systems.. but can be done from the keyboard.


# ssh lab@HOST.cs.transy.edu
* ssh lab@HOST.cs.transy.edu
# sudo su -
* sudo su -
# passwd root (set the current root password)
* passwd root (set the current root password)
# exit
* exit
# exit
* exit


# ssh root@HOST.cs.transy.edu
* ssh root@HOST.cs.transy.edu
# userdel lab
* userdel lab
# rm -rf /home/lab
* rm -rf /home/lab
# Transfer or enter the following into /etc/apt/sources.list:
* Transfer or enter the following into /etc/apt/sources.list:


* 32-bit:
* 32-bit:
Line 104: Line 104:
</pre></code>
</pre></code>


# apt-get update
* apt-get update
# apt-get upgrade
* apt-get upgrade
# apt-get dist-upgrade
* apt-get dist-upgrade


=== Switch to Generic Kernel ===
=== Switch to Generic Kernel ===
* Since the Ubuntu kernels have virtualization built in which is not compatible with nvidia drivers. Even after this is resolved, it is still nice to run the official kernel.org generic sources. Very compatible.
* Since the Ubuntu kernels have virtualization built in which is not compatible with nvidia drivers. Even after this is resolved, it is still nice to run the official kernel.org generic sources. Very compatible.
# ls /boot
* ls /boot
# apt-get install linux-image-generic linux-doc-2.6.XX linux-source-2.6.XX (replace XX with the LATEST kernel sub-version output from ls /boot)
* apt-get install linux-image-generic linux-doc-2.6.XX linux-source-2.6.XX (replace XX with the LATEST kernel sub-version output from ls /boot)
# apt-get remove linux-image-2.6.XX-YY-server --purge (again XX from uname)
* apt-get remove linux-image-2.6.XX-YY-server --purge (again XX from ls /boot)


* REBOOT!
* REBOOT!


# ssh root@HOST.cs.transy.edu
* ssh root@HOST.cs.transy.edu


=== Configuring LDAP Authentication ===
=== Configuring LDAP Authentication ===


* First we need to get GDM (the graphical login) and its dependencies installed so..
* First we need to get GDM (the graphical login) and its dependencies installed so..
# apt-get install gdm
* apt-get install gdm
* To enable (graphical) root login:
** Edit /etc/gdm/gdm.conf
*** AllowRoot=true


# apt-get install auth-client-config libpam-ldap libnss-ldap ldap-auth-client ldap-auth-config
* apt-get install auth-client-config libpam-ldap libnss-ldap ldap-auth-client ldap-auth-config
## LDAP server Uniform Resource Identifier: ldap://10.20.3.8
** LDAP server Uniform Resource Identifier: ldap://10.20.3.8
## Distinguished name of the search base: dc=cs,dc=transy,dc=edu
** Distinguished name of the search base: dc=cs,dc=transy,dc=edu
## LDAP version to use: 3
** LDAP version to use: 3
## Make local root Database admin: NO
** Make local root Database admin: NO
## Does the LDAP database require login?: NO
** Does the LDAP database require login?: NO


# Edit /etc/ldap.conf and change the following values:
* Edit /etc/ldap.conf and change the following values:
## host 10.20.3.8
** host 10.20.3.8
## base dc=cs,dc=transy,dc=edu
** base dc=cs,dc=transy,dc=edu
## uri ldap://10.20.3.8
** uri ldap://10.20.3.8
** bind_policy soft


# Edit /etc/ldap/ldap.conf
* Edit /etc/ldap/ldap.conf
## BASE dc=cs,dc=transy,dc=edu
** BASE dc=cs,dc=transy,dc=edu
## URI ldap://10.20.3.8
** URI ldap://10.20.3.8


# Edit /etc/auth-client-config/profile.d/transy
* Edit /etc/auth-client-config/profile.d/transy
<code><pre>
<code><pre>
[openldap]
[transy]
nss_passwd=passwd: ldap files
nss_passwd=passwd: ldap files
nss_group=group: ldap files
nss_group=group: ldap files
Line 161: Line 165:
</pre></code>
</pre></code>


# auth-client-config -a -p transy
* auth-client-config -a -p transy
# Add the following line near the very top of /etc/pam.d/gdm AND /etc/pam.d/login
* Add the following line near the very top of /etc/pam.d/gdm AND /etc/pam.d/login
<code><pre>
<code><pre>
auth    optional        pam_group.so
auth    optional        pam_group.so
</pre></code>
</pre></code>


# Add the following to the BOTTOM of /etc/security/group.conf:
* Add the following to the BOTTOM of /etc/security/group.conf:
<code><pre>
<code><pre>
# This will force all users that logon into these groups
# This will force all users that logon into these groups
Line 175: Line 179:
</pre></code>
</pre></code>


# Test LDAP authentication - if "id USERNAME" returns with info about the user... all is good.
* Test LDAP authentication - if "id USERNAME" returns with info about the user... all is good.
<code><pre>
<code><pre>
root@clarke:~# id kmoorman
root@clarke:~# id kmoorman
Line 182: Line 186:


=== Filesystems ===
=== Filesystems ===
# apt-get install nfs-common
* apt-get install nfs-common
# mkdir /classes
* mkdir /classes
# mkdir /labdata
* mkdir /labdata
# Edit /etc/fstab
* Edit /etc/fstab
==== Single Disk ====
<code><pre>
<code><pre>
# /etc/fstab: static file system information.
# /etc/fstab: static file system information.
Line 201: Line 206:
10.20.3.8:/data/exportfs/labdata        /labdata        nfs    defaults,rw
10.20.3.8:/data/exportfs/labdata        /labdata        nfs    defaults,rw
</pre></code>
</pre></code>
# mount -a
 
# Ensure the NFS filesystems loaded with "ls /home" "ls /classes" "ls /labdata"
==== RAID 1 ====
<code><pre>
# /etc/fstab: static file system information.
#
# <file system> <mount point>  <type>  <options>      <dump>  <pass>
proc            /proc          proc    defaults        0      0
/dev/md0      /              ext3    relatime,errors=remount-ro 0      1
/dev/md1      none            swap    sw              0      0
/dev/scd0      /media/cdrom0  udf,iso9660 user,noauto,exec,utf8 0      0
/dev/fd0        /media/floppy0  auto    rw,user,noauto,exec,utf8 0      0
 
# NFS Filesystems
10.20.3.8:/data/exportfs/home          /home          nfs    defaults,rw
10.20.3.8:/data/exportfs/classes        /classes        nfs    defaults,rw
10.20.3.8:/data/exportfs/labdata        /labdata        nfs    defaults,rw
</pre></code>
 
* mount -a
* Ensure the NFS filesystems loaded with "ls /home" "ls /classes" "ls /labdata"


=== Install Software ===
=== Install Software ===


* scp or download jdk-6u10-docs.zip to /tmp
* scp or download jdk-6u10-docs.zip to /tmp
<code><pre>
<code>
apt-get install amarok mplayer firefox thunderbird blackbox fluxbox gimp blender vim emacs xemacs21 nano gedit nedit jedit gcc php5 perl ruby python audacity pidgin gdb xfce4 vlc openoffice.org hpijs cupsys swi-prolog sun-java6-jdk sun-java6-doc sun-java6-demo htop screen kdm mutt cmucl eclipse libglui-dev libglui2c2 libxi-dev libxmu-dev libglut3-dev libglut3 spim tk make ant xorg k3b kubuntu-desktop ubuntu-desktop mesa-utils nfs-common ffmpeg flashplugin-nonfree sun-java6-plugin mozilla-plugin-vlc alsa-utils lbreakout2 subversion subversion-tools patch libsvn-perl libsvn-ruby python-subversion g++ gcc gcc-4.2-doc libstdc++6-4.2-doc build-essential libglui-dev libglui2c2 libxi-dev libxmu-dev mysql-client lynx
apt-get install amarok mplayer firefox thunderbird blackbox fluxbox gimp blender vim emacs xemacs21 nano gedit nedit jedit gcc php5 perl ruby python audacity pidgin gdb xfce4 vlc openoffice.org hpijs cupsys swi-prolog sun-java6-jdk sun-java6-doc sun-java6-demo htop screen kdm mutt eclipse libglui-dev libglui2c2 libxi-dev libxmu-dev libglut3-dev libglut3 spim tk make ant xorg k3b kubuntu-desktop ubuntu-desktop mesa-utils nfs-common ffmpeg flashplugin-nonfree sun-java6-plugin mozilla-plugin-vlc alsa-utils lbreakout2 subversion subversion-tools patch libsvn-perl libsvn-ruby python-subversion g++ gcc gcc-4.2-doc libstdc++6-4.2-doc build-essential libglui-dev libglui2c2 libxi-dev libxmu-dev mysql-client lynx kompozer kompozer-dev lbreakout2
</pre></code>
</code>


* Dialog from above command:
* Dialog from above command:
** Default display manager: choose "gdm"
** Default display manager: choose "gdm"
** Accept the Java license
** Accept the Java license
==== CMUCL (Lisp) ====
===== 32-bit Arch =====
apt-get install cmucl
===== 64-bit Arch =====
* Presently, CMUCL is a 32bit only Lisp environment (although 64bit is in their development roadmap)
* Thus apt won't install it on an AMD64 machine. Here is a workaround:
* apt-get install common-lisp-controller
* Copy the cmucl_19d-20061116-4.1_i386.deb file from Babbage
* Extract the file to a temp dir:
** dpkg ./cmucl_19d-20061116-4.1_i386.deb -X ./temp
* Copy the usr portion of the package into place
** rsync -a ./temp/usr /
* Remove the temp dir and package file
** rm -rf ./temp
** rm cmucl_19d-20061116-4.1_i386.deb
* Test
** Execute "cmucl" from the terminal
** Exit by typing "(quit)"


=== Graphics Drivers ===
=== Graphics Drivers ===
==== Nvidia ====
==== Nvidia ====
# Download the appropriate installer from [http://www.nvidia.com] (based on GPU and architecture)
* mkdir /root/video_driver
# /etc/init.d/gdm stop
* cd /root/video_driver
# chmod +x NVIDIA-Linux-x86-185.18.36-pkg1.run  
* Download the appropriate installer from [http://www.nvidia.com] (based on GPU and architecture)
# ./NVIDIA-Linux-x86-185.18.36-pkg1.run
** Be sure to place (and keep it in case of kernel upgrade) in /root/video_driver
# Accept the license
* /etc/init.d/gdm stop
# Attempt to download a module, but you will most likely have to have it compile one.
* chmod +x NVIDIA-Linux-x86-185.18.36-pkg1.run  
# At the end of installation, allow the installer to run "nvidia-xconfig"
* ./NVIDIA-Linux-x86-185.18.36-pkg1.run
# echo "nvidia" >> /etc/modules
* Accept the license
# modprobe nvidia
* Attempt to download a module, but you will most likely have to have it compile one.
# /etc/init.d/gdm start
* At the end of installation, allow the installer to run "nvidia-xconfig"
* echo "nvidia" >> /etc/modules
* modprobe nvidia
* /etc/init.d/gdm start
Northbridge (A)
Northbridge (A)
<code><pre>
<code><pre>
Which series???
Which series NVidia driver???
GeForce2 MX 100/200 -> 96.43.xx series
GeForce2 MX 100/200 -> 96 series
GeForce4 MX -> 96 series
GeForce FX -> latest
GeForce 6000/7000/8000 -> latest
</pre></code>
</pre></code>


==== ATI ====
* mkdir /root/video_driver
* cd /root/video_driver
* wget appropriate binary driver from ATI.com
* apt-get install dpkg-dev debhelper libstdc++5 dkms build-essential cdbs fakeroot
* chmod +x ./ati*
* ./ati-driver-installer-8.443.1-x86.x86_64.run --buildpkg Ubuntu/<version>
** You can replace <version> in the above with the codename for the version of Ubuntu you are running (gutsy, hardy, intrepid).


* dpkg -i fglrx-kernel-source_<version>.deb
* dpkg -i xorg-driver-fglrx_<version>.deb


==== ATI ====
* aticonfig --initial=dual-head --screen-layout=left
* echo "fglrx" >> /etc/modules
 
* reboot


=== Remove Compiz ===
=== Remove Compiz ===
Line 262: Line 328:
* hp-setup -i -n starkweather starkweather.cs.transy.edu  
* hp-setup -i -n starkweather starkweather.cs.transy.edu  
<code><pre>
<code><pre>
root@clarke:/etc/cups# hp-setup -i -n starkweather starkweather.cs.transy.edu
root@hopper:~# hp-setup -i -n starkweather 10.20.3.6


HP Linux Imaging and Printing System (ver. 2.8.2)
HP Linux Imaging and Printing System (ver. 2.8.2)
Line 272: Line 338:
under certain conditions. See COPYING file for more details.
under certain conditions. See COPYING file for more details.


(Note: Defaults for each question are maked with a '*'. Press <enter> to accept the default.)


HP Linux Imaging and Printing System (ver. 2.8.2)
Services and Status Daemon ver. 9.3


--------------------------
Copyright (c) 2001-7 Hewlett-Packard Development Company, LP
| CHOOSE CONNECTION TYPE |
This software comes with ABSOLUTELY NO WARRANTY.
--------------------------
This is free software, and you are welcome to distribute it
under certain conditions. See COPYING file for more details.


  Num.            Connection Type  Connection Type Description           
(Note: Defaults for each question are maked with a '*'. Press <enter> to accept the default.)
  ---------------  ---------------  ----------------------------------------
  0*              usb              Universal Serial Bus (USB)             
  1                net              Network/Ethernet/Wireless (direct     
                                    connection or JetDirect)               
  2                par              Parallel Port (LPT:)                   
 
Enter number 0...2 for connection type (q=quit, enter=usb*) ? 1
 
Using connection type: net
 
--------------------
| DEVICE DISCOVERY |
--------------------


Using device: hp:/net/HP_Color_LaserJet_4500?ip=10.20.3.6


Setting up device: hp:/net/HP_Color_LaserJet_4500?ip=10.20.3.6
Setting up device: hp:/net/HP_Color_LaserJet_4500?ip=10.20.3.6




-
|
---------------------
---------------------
| PRINT QUEUE SETUP |
| PRINT QUEUE SETUP |
Line 306: Line 360:
Using queue name: starkweather
Using queue name: starkweather


Found a possible PPD file: lsb/usr/openprinting/HP/HP_Color_LaserJet_4500.ppd.gz
warning: Found multiple possible PPD files
Desc: HP Color LaserJet 4500 v2014.200 Postscript (recommended)
 
Choose a PPD file that most closely matches your device:
(Note: The model number may vary slightly from the actual model number on the device.)


Note: The model number may vary slightly from the actual model number on the device.
Num.  PPD Filename                                          Description
----  -----------------------------------------------------  ----------------------------------------
0    lsb/usr/openprinting/HP/HP_Color_LaserJet_4500.ppd.gz  HP Color LaserJet 4500 v2014.200
                                                            Postscript (recommended)
1    lsb/usr/hpijs/HP/HP-Color_LaserJet_4500-hpijs.ppd      HP Color LaserJet 4500 Foomatic/hpijs,
                                                            hpijs 2.8.2.10 - HPLIP 2.8.2
2    drv:///hpijs.drv/hp-color_laserjet_4500-hpijs.ppd      HP Color LaserJet 4500 Foomatic/hpijs
3    (None of the above match)


Does this PPD file appear to be the correct one (y=yes*, n=no, q=quit) ? y
Enter number 0...3 for printer (q=quit) ?1
Enter a location description for this printer (q=quit) ?BSC 106
Enter a location description for this printer (q=quit) ?BSC 106
Enter additonal information or notes for this printer (q=quit) ?HP Color LaserJet 4500N
Enter additonal information or notes for this printer (q=quit) ?HP Color LaserJet 4500N
Line 318: Line 381:
Device URI: hp:/net/HP_Color_LaserJet_4500?ip=10.20.3.6
Device URI: hp:/net/HP_Color_LaserJet_4500?ip=10.20.3.6
Queue name: starkweather
Queue name: starkweather
PPD file: lsb/usr/openprinting/HP/HP_Color_LaserJet_4500.ppd.gz
PPD file: lsb/usr/hpijs/HP/HP-Color_LaserJet_4500-hpijs.ppd
Location: BSC 106
Location: BSC 106
Information:  
Information: HP Color LaserJet 4500N
 


---------------------
---------------------
Line 328: Line 391:




Would you like to print a test page (y=yes*, n=no, q=quit) ? y
Would you like to print a test page (y=yes*, n=no, q=quit) ? n
 
HP Linux Imaging and Printing System (ver. 2.8.2)
Testpage Print Utility ver. 5.0
 
Copyright (c) 2001-7 Hewlett-Packard Development Company, LP
This software comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to distribute it
under certain conditions. See COPYING file for more details.
 
 
Printing test page to printer starkweather...
Test page has been sent to printer.
 
note: If an error occured, or the test page failed to print, refer to the HPLIP website
note: at: http://hplip.sourceforge.net for troubleshooting and support.
 
Done.
Done.
Done.
</pre></code>
</pre></code>


Line 396: Line 440:
</pre></code>
</pre></code>


===  
=== Harden ===
==== Disable ctl-alt-del ====
* Edit /etc/event.d/control-alt-delete
** Comment out the only two lines that aren't already


=== At Boot ===
=== At Boot ===
# update-rc.d -f apache2 remove
* update-rc.d -f apache2 remove
* update-rc.d -f apparmor remove
 
= To Be Done =
 
* GDM Greeter w/ pics
* Harden script
* Nagios NRPE
* Syslog-ng -> Splunk
* IPtables
* /LabData ???
 
* Present available software to users
* Proprietary software: maple, renderman

Latest revision as of 17:49, 10 September 2014

Installation[edit]

Installation i386 (32-bit)[edit]

  • Download and burn the latest Ubuntu Server-Edition LTS ISO for i386 (8.04.3 used for these instructions)
  • Boot from CD

Installation x86_64 (64-bit)[edit]

  • Download and burn the latest Ubuntu Server-Edition LTS ISO for x86_64 (amd64) (8.04.3 used for these instructions)
  • Boot from CD


Installation (both 32 and 64 bit)[edit]

  1. Select "English"
  2. Select "Install Ubuntu Server"
  3. Select "English"
  4. Select "United States"
  5. Detect keyboard layout -> NO
  6. Select "USA"
  7. Select "USA"
  8. !!! It will now attempt to use DHCP.. cancel this or select "Go Back" on the following screen
  9. Select "Configure network manually"
    1. Enter the IP address of the workstation. Ex: 10.20.3.15
    2. Enter the Netmask of "255.255.255.0"
    3. Enter the Gateway of "10.20.3.1"
    4. Enter the Nameservers "10.20.70.16 10.20.70.17"
  10. Hostname: Set the FQDN of the machine as the hostname. Ex: clarke.cs.transy.edu
  11. Select "Eastern" time zone

Partitioning (Single Disk)[edit]

  • Select the "Manual" method
  • Use the arrow keys to highlight the disk (usually sda) and press enter
  • Confirm the dialog to create a new empty partition table.
  • Select the "FREE SPACE" and press enter.
  • Create the following partitions:
    • (TotalSpace - 2 GB), primary, mountpoint: /, use as: ext3, options: bootable
    • 2 GB, logical, use as: swap
  • Select "Finish Partitioning" and write the changes to disk

Partitioning (Software RAID 1)[edit]

  • Select the "Manual" method
  • Use the arrow keys to highlight each disk and press enter
  • Confirm the dialog to create a new empty partition table on both drives.
  • Select the "FREE SPACE" on each drive and create a (TotalSize - 2gb) primary partition (at the Beginning)
  • Select Use as: Physical volume for RAID
  • Select "Done setting up partition"
  • Select the "FREE SPACE" below the partition you just created
  • Use the remaining space on that first drive for another primary partition (at the Beginning)
  • Select Use as: Physical volume for RAID
  • REPEAT for second drive
  • Select "Configure software RAID" at the top
  • Confirm the changes (which have to be committed before configuring RAID)
  • Select "Create MD Device"
  • Select "RAID1"
  • Number of active devices: 2
  • Number of spare devices: 0
  • Select /dev/sda1 and /dev/sdb1 then continue
  • Create a second MD Device with /dev/sda2 and /dev/sdb2 just as the previous 5 steps
  • Select "Finish"
  • In the partitioner, select the first RAID device and Use as: ext3, Mount point: /
  • Lastly, select the second RAID device and Use as: swap area then select "Finish partitioning and write changes" to disk at the bottom.

Finish Up[edit]

  • Full name for new user: lab
  • Username for your account: lab
  • Password: lab (this user will be deleted later)
  • Verify Password
  • Leave the HTTP proxy box empty and select "Continue"
  • Note: If it freezes "Scanning the mirror" unplug and replug the ethernet cable once.
  • Software to install: Select "OpenSSH server" and select "Continue"
  • The system will finish configuring and ask you to "Continue" before it reboots.

Configuration[edit]

  • This section is done via SSH as a convenience for installing multiple systems.. but can be done from the keyboard.
  • ssh lab@HOST.cs.transy.edu
  • sudo su -
  • passwd root (set the current root password)
  • exit
  • exit
  • ssh root@HOST.cs.transy.edu
  • userdel lab
  • rm -rf /home/lab
  • Transfer or enter the following into /etc/apt/sources.list:
  • 32-bit:
deb http://babbage.cs.transy.edu/ubuntu-i386/ hardy main restricted universe multiverse
deb http://babbage.cs.transy.edu/ubuntu-i386/ hardy-updates main restricted universe multiverse
deb http://babbage.cs.transy.edu/ubuntu-i386/ hardy-security main restricted universe multiverse

#deb http://babbage.cs.transy.edu/ubuntu-i386/ hardy-backports main restricted universe multiverse
#deb http://babbage.cs.transy.edu/ubuntu-i386/ hardy-proposed main restricted universe multivers
  • 64-bit:
deb http://babbage.cs.transy.edu/ubuntu-amd64/ hardy main restricted universe multiverse
deb http://babbage.cs.transy.edu/ubuntu-amd64/ hardy-updates main restricted universe multiverse
deb http://babbage.cs.transy.edu/ubuntu-amd64/ hardy-security main restricted universe multiverse

#deb http://babbage.cs.transy.edu/ubuntu-amd64/ hardy-backports main restricted universe multiverse
#deb http://babbage.cs.transy.edu/ubuntu-amd64/ hardy-proposed main restricted universe multivers
  • apt-get update
  • apt-get upgrade
  • apt-get dist-upgrade

Switch to Generic Kernel[edit]

  • Since the Ubuntu kernels have virtualization built in which is not compatible with nvidia drivers. Even after this is resolved, it is still nice to run the official kernel.org generic sources. Very compatible.
  • ls /boot
  • apt-get install linux-image-generic linux-doc-2.6.XX linux-source-2.6.XX (replace XX with the LATEST kernel sub-version output from ls /boot)
  • apt-get remove linux-image-2.6.XX-YY-server --purge (again XX from ls /boot)
  • REBOOT!
  • ssh root@HOST.cs.transy.edu

Configuring LDAP Authentication[edit]

  • First we need to get GDM (the graphical login) and its dependencies installed so..
  • apt-get install gdm
  • To enable (graphical) root login:
    • Edit /etc/gdm/gdm.conf
      • AllowRoot=true
  • apt-get install auth-client-config libpam-ldap libnss-ldap ldap-auth-client ldap-auth-config
    • LDAP server Uniform Resource Identifier: ldap://10.20.3.8
    • Distinguished name of the search base: dc=cs,dc=transy,dc=edu
    • LDAP version to use: 3
    • Make local root Database admin: NO
    • Does the LDAP database require login?: NO
  • Edit /etc/ldap.conf and change the following values:
    • host 10.20.3.8
    • base dc=cs,dc=transy,dc=edu
    • uri ldap://10.20.3.8
    • bind_policy soft
  • Edit /etc/ldap/ldap.conf
    • BASE dc=cs,dc=transy,dc=edu
    • URI ldap://10.20.3.8
  • Edit /etc/auth-client-config/profile.d/transy
[transy]
nss_passwd=passwd: ldap files
nss_group=group: ldap files
nss_shadow=shadow: ldap files
pam_auth=auth       required     pam_env.so
        auth       sufficient   pam_unix.so likeauth nullok
        auth       sufficient   pam_ldap.so use_first_pass
        auth       required     pam_deny.so
pam_account=account    sufficient   pam_unix.so
        account    sufficient   pam_ldap.so
        account    required     pam_deny.so
pam_password=password   sufficient   pam_unix.so nullok md5 shadow use_authtok
        password   sufficient   pam_ldap.so use_first_pass
        password   required     pam_deny.so
pam_session=session    required     pam_limits.so
        session    required     pam_unix.so
        session    optional     pam_ldap.so

  • auth-client-config -a -p transy
  • Add the following line near the very top of /etc/pam.d/gdm AND /etc/pam.d/login
auth    optional        pam_group.so
  • Add the following to the BOTTOM of /etc/security/group.conf:
# This will force all users that logon into these groups
login;*;*;Al0000-2400;cdrom,floppy,plugdev,audio,dip
kdm;*;*;Al0000-2400;cdrom,floppy,plugdev,audio,dip,video
gdm;*;*;Al0000-2400;cdrom,floppy,plugdev,audio,dip,video
  • Test LDAP authentication - if "id USERNAME" returns with info about the user... all is good.
root@clarke:~# id kmoorman
uid=1129(kmoorman) gid=110(faculty) groups=110(faculty),800(camp),2100(linux)

Filesystems[edit]

  • apt-get install nfs-common
  • mkdir /classes
  • mkdir /labdata
  • Edit /etc/fstab

Single Disk[edit]

# /etc/fstab: static file system information.
#
# <file system> <mount point>   <type>  <options>       <dump>  <pass>
proc            /proc           proc    defaults        0       0
/dev/sda1       /               ext3    relatime,errors=remount-ro 0       1
/dev/sda5       none            swap    sw              0       0
/dev/scd0       /media/cdrom0   udf,iso9660 user,noauto,exec,utf8 0       0
/dev/fd0        /media/floppy0  auto    rw,user,noauto,exec,utf8 0       0

# NFS Filesystems
10.20.3.8:/data/exportfs/home           /home           nfs     defaults,rw
10.20.3.8:/data/exportfs/classes        /classes        nfs     defaults,rw
10.20.3.8:/data/exportfs/labdata        /labdata        nfs     defaults,rw

RAID 1[edit]

# /etc/fstab: static file system information.
#
# <file system> <mount point>   <type>  <options>       <dump>  <pass>
proc            /proc           proc    defaults        0       0
/dev/md0       /               ext3    relatime,errors=remount-ro 0       1
/dev/md1       none            swap    sw              0       0
/dev/scd0       /media/cdrom0   udf,iso9660 user,noauto,exec,utf8 0       0
/dev/fd0        /media/floppy0  auto    rw,user,noauto,exec,utf8 0       0

# NFS Filesystems
10.20.3.8:/data/exportfs/home           /home           nfs     defaults,rw
10.20.3.8:/data/exportfs/classes        /classes        nfs     defaults,rw
10.20.3.8:/data/exportfs/labdata        /labdata        nfs     defaults,rw
  • mount -a
  • Ensure the NFS filesystems loaded with "ls /home" "ls /classes" "ls /labdata"

Install Software[edit]

  • scp or download jdk-6u10-docs.zip to /tmp

apt-get install amarok mplayer firefox thunderbird blackbox fluxbox gimp blender vim emacs xemacs21 nano gedit nedit jedit gcc php5 perl ruby python audacity pidgin gdb xfce4 vlc openoffice.org hpijs cupsys swi-prolog sun-java6-jdk sun-java6-doc sun-java6-demo htop screen kdm mutt eclipse libglui-dev libglui2c2 libxi-dev libxmu-dev libglut3-dev libglut3 spim tk make ant xorg k3b kubuntu-desktop ubuntu-desktop mesa-utils nfs-common ffmpeg flashplugin-nonfree sun-java6-plugin mozilla-plugin-vlc alsa-utils lbreakout2 subversion subversion-tools patch libsvn-perl libsvn-ruby python-subversion g++ gcc gcc-4.2-doc libstdc++6-4.2-doc build-essential libglui-dev libglui2c2 libxi-dev libxmu-dev mysql-client lynx kompozer kompozer-dev lbreakout2

  • Dialog from above command:
    • Default display manager: choose "gdm"
    • Accept the Java license

CMUCL (Lisp)[edit]

32-bit Arch[edit]

apt-get install cmucl

64-bit Arch[edit]
  • Presently, CMUCL is a 32bit only Lisp environment (although 64bit is in their development roadmap)
  • Thus apt won't install it on an AMD64 machine. Here is a workaround:


  • apt-get install common-lisp-controller
  • Copy the cmucl_19d-20061116-4.1_i386.deb file from Babbage
  • Extract the file to a temp dir:
    • dpkg ./cmucl_19d-20061116-4.1_i386.deb -X ./temp
  • Copy the usr portion of the package into place
    • rsync -a ./temp/usr /
  • Remove the temp dir and package file
    • rm -rf ./temp
    • rm cmucl_19d-20061116-4.1_i386.deb
  • Test
    • Execute "cmucl" from the terminal
    • Exit by typing "(quit)"

Graphics Drivers[edit]

Nvidia[edit]

  • mkdir /root/video_driver
  • cd /root/video_driver
  • Download the appropriate installer from [1] (based on GPU and architecture)
    • Be sure to place (and keep it in case of kernel upgrade) in /root/video_driver
  • /etc/init.d/gdm stop
  • chmod +x NVIDIA-Linux-x86-185.18.36-pkg1.run
  • ./NVIDIA-Linux-x86-185.18.36-pkg1.run
  • Accept the license
  • Attempt to download a module, but you will most likely have to have it compile one.
  • At the end of installation, allow the installer to run "nvidia-xconfig"
  • echo "nvidia" >> /etc/modules
  • modprobe nvidia
  • /etc/init.d/gdm start

Northbridge (A)

Which series NVidia driver???
GeForce2 MX 100/200 -> 96 series
GeForce4 MX -> 96 series
GeForce FX -> latest
GeForce 6000/7000/8000 -> latest

ATI[edit]

  • mkdir /root/video_driver
  • cd /root/video_driver
  • wget appropriate binary driver from ATI.com
  • apt-get install dpkg-dev debhelper libstdc++5 dkms build-essential cdbs fakeroot
  • chmod +x ./ati*
  • ./ati-driver-installer-8.443.1-x86.x86_64.run --buildpkg Ubuntu/<version>
    • You can replace <version> in the above with the codename for the version of Ubuntu you are running (gutsy, hardy, intrepid).
  • dpkg -i fglrx-kernel-source_<version>.deb
  • dpkg -i xorg-driver-fglrx_<version>.deb
  • aticonfig --initial=dual-head --screen-layout=left
  • echo "fglrx" >> /etc/modules
  • reboot

Remove Compiz[edit]

  • apt-get remove --purge compiz compiz-core compiz-fusion-plugins-extra compiz-fusion-plugins-main compiz-gnome compiz-plugins compizconfig-backend-gconf libcompizconfig0 libdecoration0 libx11-xcb1 mesa-utils

Printing (CUPS)[edit]

Printer Info:

Name: Starkweather
Host: starkweather.cs.transy.edu
IP: 10.20.3.6
Model: HP Color Laserjet 4500N
Trays: 1

Name: Watson
Host: watson.cs.transy.edu
IP: 10.20.3.7
Model: Lexmark T642 (B&W)
Trays: 1

starkweather[edit]

  • apt-get install hplip libcupsys2-dev cupsys-bsd openssl libjpeg62-dev libsnmp-dev libtool libusb-dev libsane-dev sane-utils
  • hp-setup -i -n starkweather starkweather.cs.transy.edu
root@hopper:~# hp-setup -i -n starkweather 10.20.3.6

HP Linux Imaging and Printing System (ver. 2.8.2)
Printer/Fax Setup Utility ver. 7.0

Copyright (c) 2001-7 Hewlett-Packard Development Company, LP
This software comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to distribute it
under certain conditions. See COPYING file for more details.


HP Linux Imaging and Printing System (ver. 2.8.2)
Services and Status Daemon ver. 9.3

Copyright (c) 2001-7 Hewlett-Packard Development Company, LP
This software comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to distribute it
under certain conditions. See COPYING file for more details.

(Note: Defaults for each question are maked with a '*'. Press <enter> to accept the default.)


Setting up device: hp:/net/HP_Color_LaserJet_4500?ip=10.20.3.6


|
---------------------
| PRINT QUEUE SETUP |
---------------------

Using queue name: starkweather

warning: Found multiple possible PPD files

Choose a PPD file that most closely matches your device:
(Note: The model number may vary slightly from the actual model number on the device.)

Num.  PPD Filename                                           Description
----  -----------------------------------------------------  ----------------------------------------
0     lsb/usr/openprinting/HP/HP_Color_LaserJet_4500.ppd.gz  HP Color LaserJet 4500 v2014.200
                                                             Postscript (recommended)
1     lsb/usr/hpijs/HP/HP-Color_LaserJet_4500-hpijs.ppd      HP Color LaserJet 4500 Foomatic/hpijs,
                                                             hpijs 2.8.2.10 - HPLIP 2.8.2
2     drv:///hpijs.drv/hp-color_laserjet_4500-hpijs.ppd      HP Color LaserJet 4500 Foomatic/hpijs
3     (None of the above match)

Enter number 0...3 for printer (q=quit) ?1
Enter a location description for this printer (q=quit) ?BSC 106
Enter additonal information or notes for this printer (q=quit) ?HP Color LaserJet 4500N

Adding print queue to CUPS:
Device URI: hp:/net/HP_Color_LaserJet_4500?ip=10.20.3.6
Queue name: starkweather
PPD file: lsb/usr/hpijs/HP/HP-Color_LaserJet_4500-hpijs.ppd
Location: BSC 106
Information: HP Color LaserJet 4500N


---------------------
| PRINTER TEST PAGE |
---------------------


Would you like to print a test page (y=yes*, n=no, q=quit) ? n
Done.

watson[edit]

  • lpadmin -p watson -v socket://10.20.3.7:9100 -L "BSC 106" -D "Lexmark T642" -P ./Lexmark-T642-Postscript.ppd -E
  • Set watson as default printer
    • lpadmin -d watson

Hosts[edit]

  • Add these entries to /etc/hosts
    • Be sure to remove the original line in /etc/hosts for that host (no duplicates, please)
# Servers
10.20.3.4       hollerith.cs.transy.edu hollerith
10.20.3.9       kay.cs.transy.edu       kay
10.20.3.8       babbage.cs.transy.edu   babbage

# Workstations
## SGI
10.20.3.3       calvin.cs.transy.edu    calvin
10.20.3.13      holberton.cs.transy.edu holberton
10.20.3.5       sammett.cs.transy.edu   sammett
10.20.3.30      morello.cs.transy.edu   morello
10.20.3.19      hoover.cs.transy.edu    hoover
10.20.3.26      forsythe.cs.transy.edu  forsythe

## Linux
10.20.3.29      bartik.cs.transy.edu    bartik
10.20.3.15      burks.cs.transy.edu     burks
10.20.3.14      clarke.cs.transy.edu    clarke
10.20.3.25      fox.cs.transy.edu       fox
10.20.3.23      garrett.cs.transy.edu   garrett
10.20.3.21      granville.cs.transy.edu granville
10.20.3.11      hopper.cs.transy.edu    hopper
10.20.3.12      lovelace.cs.transy.edu  lovelace
10.20.3.28      winters.cs.transy.edu   winters

## Mac
10.20.3.31      wozniak.cs.transy.edu   wozniak

# Color HP Laser Printer
10.20.3.6       starkweather.cs.transy.edu starkweather

# B&W Lexmark Laser Printer
10.20.3.7       watson.cs.transy.edu watson

Harden[edit]

Disable ctl-alt-del[edit]

  • Edit /etc/event.d/control-alt-delete
    • Comment out the only two lines that aren't already

At Boot[edit]

  • update-rc.d -f apache2 remove
  • update-rc.d -f apparmor remove

To Be Done[edit]

  • GDM Greeter w/ pics
  • Harden script
  • Nagios NRPE
  • Syslog-ng -> Splunk
  • IPtables
  • /LabData ???
  • Present available software to users
  • Proprietary software: maple, renderman