Difference between revisions of "New CSC Machine"

From CSCWiki
Jump to navigation Jump to search
Line 38: Line 38:
  
 
krb5.conf: weak crypto
 
krb5.conf: weak crypto
 +
 +
If new host, generate principal in kadmin.local.
 +
 +
If new distribution, create in conf/distributions AND conf/uploaders, and do rrr-update as well as rrr-incoming.

Revision as of 17:31, 16 March 2012

Draft of how to set up a new CSC machine

Netboot:

  • Put the TFTP image in place (if dist-arch pair installed before, you may skip this).

e.g. extract http://mirror.csclub.uwaterloo.ca/ubuntu/dists/oneiric/main/installer-amd64/current/images/netboot/netboot.tar.gz to caffeine:/srv/tftp/oneiric-amd64

  • Configure DHCP server; see caffeine:/etc/dhcp/dhcpd.conf

[todo: example]

  • Force network boot

Else boot CD


For Ubuntu installer to have lvm support, apt-get install lvm2. If you still can't see the partitions (even if lvscan sees them, but no devices exist), just rename a logical volume something else and back. This makes LVM tell udev about the device. Now the partitioner should be able to see them. We prefer to use LVM for partitions (except /boot, which GRUB prefers not to be on LVM).

Regenerate the initramfs.

mount /dev/vg0/root /mnt mount /dev/sda1 /mnt/boot chroot /mnt apt-get install lvm2

You should see an update-initramfs update. Reboot.

Change Ubuntu mirror to mirror.csclub.uwaterloo.ca, and add debian.csclub.uwaterloo.ca via /etc/apt/sources.list.d. apt-key add the key from mirror (TODO: make this easier to find)

Install a bunch of packages from inapt list. Transfer nsswitch, ldap.conf, nslcd.conf, SSL certs, restore SSH key, KRB config, install mod-pam-csc, PAM config (/etc/pam.d/common-account).

Mount /users, /music and /scratch. /etc/default/nfs-common: yes,yes,yes; start gssd

On Ubuntu precise or later: alter LDAP schema in nslcd.conf

# use the uniqueMember attribute for group membership
map group member uniqueMember

krb5.conf: weak crypto

If new host, generate principal in kadmin.local.

If new distribution, create in conf/distributions AND conf/uploaders, and do rrr-update as well as rrr-incoming.