New CSC Machine
Draft of how to set up a new CSC machine
Booting
- Put the TFTP image in place (if dist-arch pair installed before, you may skip this).
e.g. extract http://mirror.csclub.uwaterloo.ca/ubuntu/dists/oneiric/main/installer-amd64/current/images/netboot/netboot.tar.gz to caffeine:/srv/tftp/oneiric-amd64
- Configure DHCP server; see caffeine:/etc/dhcp/dhcpd.conf. This allow caffeine to identify the host by its MAC address and give it the correct IP and boot image. e.g.
host bit-shifter { hardware ethernet 6C:F0:49:08:49:48; fixed-address 129.97.134.111; next-server 129.97.134.17; filename "precise-amd64/pxelinux.0"; }
- Force network boot in the BIOS. This may be called "Legacy LAN" or other such cryptic things. If this doesn't work, boot from CD or USB instead.
It is preferred to use the "alternate" installer image, based on debian-installer, instead of the Ubiquity installer. This installer supports software RAID and LVM out of the box, and will generally make your life easier. At least in expert mode, you can choose a custom mirror (top of the countries list) and give the path for mirror directly.
Installing
Ubiquity
Ubiquity is the Ubuntu GUI installer. For it to have lvm support, run:
apt-get install lvm2
If you still can't see the partitions (even if lvscan sees them, but no devices exist), run vgscan and vgchange -ay as root. Now the partitioner should be able to see them. We prefer to use LVM for partitions. Since GRUB 2, even /boot may be on LVM; this is the preferred configuration for simplicity, except when legacy partitioning setups make this inconvenient.
After installing with Ubiquity, you must also add LVM support to the newly installed system, and in particular its initramfs.
mount /dev/vg0/root /mnt mount /dev/sda1 /mnt/boot chroot /mnt apt-get install lvm2
You should see an update-initramfs update. Reboot.
After Installing
Change Ubuntu mirror to mirror.csclub.uwaterloo.ca, and add debian.csclub.uwaterloo.ca via /etc/apt/sources.list.d. apt-key add the key from mirror (TODO: make this easier to find)
Install a bunch of packages from inapt list. Transfer nsswitch, ldap.conf, nslcd.conf, SSL certs, restore SSH key, KRB config, install mod-pam-csc, PAM config (/etc/pam.d/common-account).
Mount /users, /music and /scratch. /etc/default/nfs-common: yes,yes,yes; start gssd
On Ubuntu precise or later: alter LDAP schema in nslcd.conf
# use the uniqueMember attribute for group membership map group member uniqueMember
krb5.conf: weak crypto
If new host, generate principal in kadmin.local.
If new distribution, create in conf/distributions AND conf/uploaders, and do rrr-update as well as rrr-incoming.