New CSC Machine: Difference between revisions

From CSCWiki
Jump to navigation Jump to search
No edit summary
No edit summary
Line 16: Line 16:
* Force network boot in the BIOS. This may be called "Legacy LAN" or other such cryptic things. If this doesn't work, boot from CD or USB instead.
* Force network boot in the BIOS. This may be called "Legacy LAN" or other such cryptic things. If this doesn't work, boot from CD or USB instead.


It is preferred to use the "alternate" installer image, based on debian-installer, instead of the Ubiquity installer. This installer supports software RAID and LVM out of the box, and will generally make your life easier. At least in expert mode, you can choose a custom mirror (top of the countries list) and give the path for mirror directly.
It is preferred to use the "alternate" Ubuntu installer image, based on debian-installer, instead of the Ubiquity installer. This installer supports software RAID and LVM out of the box, and will generally make your life easier. If installing Debian, this is the usual installer, so don't sweat it.


= Installing =
= Installing =

== debian-installer ==

At least in expert mode, you can choose a custom mirror (top of the countries list) and give the path for mirror directly. This will make installation super-fast compared to installing from anywhere else.

Please install to LVM volumes, as this is our standard configuration on all machines where possible. It allows more flexible partitioning across available volumes. Since GRUB 2, even /boot may be on LVM; this is the preferred configuration for simplicity, except when legacy partitioning setups make this inconvenient.

You may enable unattended upgrades, but do not enable Canonical's remote management service or any such nonsense. This is mostly a straightforward Debian/Ubuntu install.


== Ubiquity ==
== Ubiquity ==
Line 38: Line 46:
= After Installing =
= After Installing =


== apt ==
Change Ubuntu mirror to mirror.csclub.uwaterloo.ca, and add debian.csclub.uwaterloo.ca via /etc/apt/sources.list.d. apt-key add the key from mirror (TODO: make this easier to find)

If you did not during installation, change all references in <tt>/etc/apt/sources.list</tt> to use <tt>mirror</tt>instead of the usual mirrors.

Also add support for the CSC packages. Add the following to <tt>/etc/apt/sources.list.d/csclub.list</tt> (or copy from another host):

deb http://debian.csclub.uwaterloo.ca/ <distribution> main contrib non-free
deb-src http://debian.csclub.uwaterloo.ca/ <distribution> main contrib non-free

You'll also need the CSC archive signing key (if <tt>curl</tt> is not installed, install it).
curl -s http://debian.csclub.uwaterloo.ca/csclub.asc | apt-key add -

You should now run <tt>apt-get update</tt> to reflect these changes.

Next, install <tt>inapt</tt> (it is in the CSC Debian archive). If it hasn't previously been built for the current platform, clone and build it (TODO: describe how to do this).

Clone <tt>~git/public/packages.git</tt>, update it if necessary (notably updating <tt>nodes.ia</tt> to reflect the distribution and role of the machine), then run:
inapt *.ia

(Due to a bug, if a warning is thrown, this will segfault. Until fixed, just temporarily remove whatever packages it complains about from the list.)

Warning: this will take a long time due to the large number of packages being installed. Some of the below can be done once the relevant packages are installed, but while other packages are still being installed.


Install a bunch of packages from inapt list. Transfer nsswitch, ldap.conf, nslcd.conf, SSL certs, restore SSH key, KRB config, install mod-pam-csc, PAM config (/etc/pam.d/common-account).
Transfer nsswitch, ldap.conf, nslcd.conf, SSL certs, restore SSH key, KRB config, install mod-pam-csc, PAM config (/etc/pam.d/common-account).


Mount /users, /music and /scratch.
Mount /users, /music and /scratch.

Revision as of 15:01, 20 March 2012

Draft of how to set up a new CSC machine

Booting

  • Put the TFTP image in place (if dist-arch pair installed before, you may skip this).

e.g. extract http://mirror.csclub.uwaterloo.ca/ubuntu/dists/oneiric/main/installer-amd64/current/images/netboot/netboot.tar.gz to caffeine:/srv/tftp/oneiric-amd64

  • Configure DHCP server; see caffeine:/etc/dhcp/dhcpd.conf. This allow caffeine to identify the host by its MAC address and give it the correct IP and boot image. e.g.
host bit-shifter {
  hardware ethernet 6C:F0:49:08:49:48;
  fixed-address 129.97.134.111;
  next-server 129.97.134.17;
  filename "precise-amd64/pxelinux.0";
}
  • Force network boot in the BIOS. This may be called "Legacy LAN" or other such cryptic things. If this doesn't work, boot from CD or USB instead.

It is preferred to use the "alternate" Ubuntu installer image, based on debian-installer, instead of the Ubiquity installer. This installer supports software RAID and LVM out of the box, and will generally make your life easier. If installing Debian, this is the usual installer, so don't sweat it.

Installing

debian-installer

At least in expert mode, you can choose a custom mirror (top of the countries list) and give the path for mirror directly. This will make installation super-fast compared to installing from anywhere else.

Please install to LVM volumes, as this is our standard configuration on all machines where possible. It allows more flexible partitioning across available volumes. Since GRUB 2, even /boot may be on LVM; this is the preferred configuration for simplicity, except when legacy partitioning setups make this inconvenient.

You may enable unattended upgrades, but do not enable Canonical's remote management service or any such nonsense. This is mostly a straightforward Debian/Ubuntu install.

Ubiquity

Ubiquity is the Ubuntu GUI installer. For it to have lvm support, run:

apt-get install lvm2

If you still can't see the partitions (even if lvscan sees them, but no devices exist), run vgscan and vgchange -ay as root. Now the partitioner should be able to see them. We prefer to use LVM for partitions. Since GRUB 2, even /boot may be on LVM; this is the preferred configuration for simplicity, except when legacy partitioning setups make this inconvenient.

After installing with Ubiquity, you must also add LVM support to the newly installed system, and in particular its initramfs.

mount /dev/vg0/root /mnt
mount /dev/sda1 /mnt/boot
chroot /mnt
apt-get install lvm2

You should see an update-initramfs update. Reboot.

After Installing

apt

If you did not during installation, change all references in /etc/apt/sources.list to use mirrorinstead of the usual mirrors.

Also add support for the CSC packages. Add the following to /etc/apt/sources.list.d/csclub.list (or copy from another host):

deb http://debian.csclub.uwaterloo.ca/ <distribution> main contrib non-free
deb-src http://debian.csclub.uwaterloo.ca/ <distribution> main contrib non-free

You'll also need the CSC archive signing key (if curl is not installed, install it).

curl -s http://debian.csclub.uwaterloo.ca/csclub.asc | apt-key add -

You should now run apt-get update to reflect these changes.

Next, install inapt (it is in the CSC Debian archive). If it hasn't previously been built for the current platform, clone and build it (TODO: describe how to do this).

Clone ~git/public/packages.git, update it if necessary (notably updating nodes.ia to reflect the distribution and role of the machine), then run:

inapt *.ia

(Due to a bug, if a warning is thrown, this will segfault. Until fixed, just temporarily remove whatever packages it complains about from the list.)

Warning: this will take a long time due to the large number of packages being installed. Some of the below can be done once the relevant packages are installed, but while other packages are still being installed.

Transfer nsswitch, ldap.conf, nslcd.conf, SSL certs, restore SSH key, KRB config, install mod-pam-csc, PAM config (/etc/pam.d/common-account).

Mount /users, /music and /scratch. /etc/default/nfs-common: yes,yes,yes; start gssd

On Ubuntu precise or later: alter LDAP schema in nslcd.conf

# use the uniqueMember attribute for group membership
map group member uniqueMember

krb5.conf: weak crypto

If new host, generate principal in kadmin.local.

If new distribution, create in conf/distributions AND conf/uploaders, and do rrr-update as well as rrr-incoming.