Vista Ubuntu

From VISTA LAB WIKI

(Difference between revisions)
Jump to: navigation, search
 
(11 intermediate revisions not shown)
Line 1: Line 1:
-
Ubuntu Install on Green:  
+
Ubuntu Install Notes:  
== Initial Ubuntu install  ==
== Initial Ubuntu install  ==
-
Create root user after install:  
+
*Ubuntu 12.04LTS x64
 +
 
 +
==== Disk partitions  ====
 +
 
 +
Typically, something like that below is used with at least 16G of swap space:
 +
Filesystem Size Used Avail Use% Mounted on /dev/sda2 29G 6.1G 22G 23% / tmpfs 4.0G 88K 4.0G 1% /dev/shm /dev/sda1 291M 64M 213M 24% /boot /dev/sda6 520G 24G 469G 5% /indigo/scr1 /dev/sda3 29G 172M 28G 1% /indigo/scr2
 +
 
 +
*Create root user after install:
   sudo passwd
   sudo passwd
 +
 +
== Install script  ==
 +
 +
  scp lmperry@white.stanford.edu:/white/u8/lmperry/bin/newsys/installScript /root/
 +
chmod 770 /root/installScript
 +
 +
  ./installScript [install config software] [hostname]
 +
 +
==== Login options  ====
*Had to edit /etc/hostname and reboot to get the hostname to show up right.
*Had to edit /etc/hostname and reboot to get the hostname to show up right.
-
<br>
+
*Enable Login from main screen - requiring username
-
== Programs to install after the initial install ==
+
  echo "greeter-show-manual-login=true" &gt;&gt; /etc/lightdm/lightdm.conf
-
*ssh, autofs5, git, unzip,
+
*You can also hide all users so that you enter whatever name you want by editing /etc/lightdm/lightdm.conf adding&nbsp;:
-
*Compile a list of other programs needed (e.g., neurodebian)
+
  echo "greeter-hide-users=true" &gt;&gt; /etc/lightdm/lightdm.conf
-
  apt-get install ssh autofs5 git unzip flashplugin-installer hplip vim samba gnome-panel tcsh subversion sfftw-dev
+
Then:
-
*For ubuntu-tweak:
+
  service lightdm restart
 +
** Reboot if logged in - don't use while logged in.
-
  add-apt-repository ppa:tualatrix/next
+
== Programs to install after the initial install ==
-
apt-get update
+
 
-
apt-get install ubuntu-tweak
+
This section should be cut down to those programs that are essential and those that are not. Furthermore a script will be written to do these installs automagically.
 +
 
 +
*Install using:
 +
 
 +
  apt-get install ssh autofs5 git zip unzip flashplugin-installer gsfonts-x11 hplip vim samba smbfs system-config-samba gnome-panel tcsh subversion sfftw-dev openjdk-7-jre icedtea-7-plugin
 +
 
 +
''Test Java: http://www.java.com/en/download/testjava.jsp''
*Other programs needed for compile and run of mrMesh etc.
*Other programs needed for compile and run of mrMesh etc.
-
   apt-get install gcc cmake cmake-curses-gui autoconf libjpeg62-dev libgtk-3-0 libwxgtk2.6-0 libtiff4 mesa-common-dev freeglut3-dev libwxgtk2.8-dev libgtk-3-dev libgtk2.0-dev libqt4-opengl libqt4-opengl-dev  
+
   apt-get install gcc cmake cmake-curses-gui autoconf libjpeg-dev libtiff-dev libgtk-3-0 libwxgtk2.6-0 libtiff4 mesa-common-dev freeglut3-dev libwxgtk2.8-dev libgtk-3-dev libgtk2.0-dev libqt4-opengl libqt4-opengl-dev libvtk5.8 libvtk5.8-qt4 libvtk5-dev libvtk5-qt4-dev libjpeg62
-
<br>
+
  # Removed libjpeg62-dev
== AUTOFS  ==
== AUTOFS  ==
 +
 +
In the future the best way to handle this going forward will be to have all of the auto.* files in a location where they can easily copied into the /etc/ directory -- perhaps using rsync or wget...
=== Create the automount files  ===
=== Create the automount files  ===
Line 41: Line 66:
  /home /etc/auto.home -intr --ghost
  /home /etc/auto.home -intr --ghost
  /white /etc/auto.white        --timeout 60000
  /white /etc/auto.white        --timeout 60000
 +
#
 +
echo -e "#\n/biac4        /etc/auto.biac4        --timeout 60000 \n/home          /etc/auto.home          -intr  --ghost \n/white        /etc/auto.white        --timeout 60000 \n/azure        /etc/auto.azure        --timeout 60000 \n/peach        /etc/auto.peach        --timeout 60000\n" &gt;&gt; /etc/auto.master
*auto.home
*auto.home
     * white:/home/&amp;
     * white:/home/&amp;
 +
echo "*    white:/home/&amp;" &gt; /etc/auto.home
*auto.white
*auto.white
-
   *    -wsize=8192,rsize=8192,intr  white:/white/&amp;
+
  *    -wsize=8192,rsize=8192,intr   white:/white/&amp;
 +
echo "*    -wsize=8192,rsize=8192,intr  white:/white/&amp;" &gt; /etc/auto.white
*auto.biac4
*auto.biac4
   *    -wsize=8192,rsize=8192,intr  biac4:/biac4/&amp;
   *    -wsize=8192,rsize=8192,intr  biac4:/biac4/&amp;
 +
echo "*    -wsize=8192,rsize=8192,intr  biac4:/biac4/&amp;" &gt; /etc/auto.biac4
-
*See other auto mount files on the white computers... <br> This will depend on this machine being allowed to automount each of these systems - Martin will have to let new systems into BIAC
+
*auto.azure
 +
  *    -wsize=8192,rsize=8192,intr  azure:/azure/&amp;
 +
echo "*    -wsize=8192,rsize=8192,intr  azure:/azure/&amp;" &gt; /etc/auto.azure
-
<br> AUTOFS
+
*auto.peach
-
https://help.ubuntu.com/community/Autofs/  
+
  *    -wsize=8192,rsize=8192,intr  peach:/peach/&amp;
 +
echo "*    -wsize=8192,rsize=8192,intr  peach:/peach/&amp;" &gt; /etc/auto.peach
-
* Nsswitch
+
*See other auto mount files on the white computers... <br> This will depend on this machine being allowed to automount each of these systems - Gunnar and I will have to let new systems into BIAC
-
  Add the following line to:
+
-
  /etc/nsswitch.conf<br> automount: files<br> Restart the autofs service:<br> service autofs restart
+
-
==HOME DIR==
+
  https://help.ubuntu.com/community/Autofs/
-
This is how we handle the home dir situation
+
=== TO EXPORT A DIRECTORY TO ANOTHER MACHINE ===
-
  root@green:~# mv /home /home.orig
+
'''On white:'''
-
   root@green:~# cd /etc/  
+
 
-
   root@green:/etc# vim /etc/auto.home
+
*Add client to /etc/netgroup
-
   root@green:/etc# vim auto.master
+
*Add client to /etc/hosts.allow
-
  root@green:/etc# service autofs restart  
+
*Build yp and restart ypserv
 +
 
 +
   make -C /var/yp&nbsp;; service ypserv restart
 +
 
 +
'''On the host:'''
 +
 
 +
*Add the client to /etc/hosts.allow
 +
*Export the file system
 +
 
 +
   exportfs -r
 +
 
 +
'''On the client:'''
 +
 
 +
*Create the autofs files
 +
 
 +
  /etc/auto.host
 +
vim /etc/auto.master
 +
# Add auto.host
 +
 
 +
*Restart autofs
 +
 
 +
   service autofs restart
 +
 
 +
=== Nsswitch  ===
 +
 
 +
Add the following line to: /etc/nsswitch.conf
 +
 
 +
automount: files
 +
echo "automount:      files" &gt;&gt; /etc/nsswitch.conf
 +
 
 +
Restart the autofs service (deal with the homedir first!!!):
 +
 
 +
service autofs restart
 +
 
 +
== NFS  ==
 +
 
 +
*Install the NFS server
 +
 
 +
  apt-get install nfs-kernel-server
 +
 
 +
*Edit /etc/exports to export the /hostname directory to the rest of the nis clients.
 +
 
 +
  vim /etc/exports
 +
/hostname/ @white-clients-all(rw,root_squash,insecure,async)
 +
 
 +
  # Or something like this without using NIS
 +
/viridian/scr1 white(async,root_squash,insecure,no_subtree_check) khaki(async,root_squash,insecure,no_subtree_check) ecru(async,root_squash,insecure,no_subtree_check) mauve(async,root_squash,insecure,no_subtree_check) tan(async,root_squash,insecure,no_subtree_check) sienna(async,root_squash,insecure,no_subtree_check) buff(async,root_squash,insecure,no_subtree_check) indigo(async,root_squash,insecure,no_subtree_check) slate(async,root_squash,insecure,no_subtree_check) red(rw,async,no_root_squash,insecure,no_subtree_check) scarlet(rw,async,no_root_squash,insecure,no_subtree_check) green(async,root_squash,insecure,no_subtree_check) chroma(async,root_squash,insecure,no_subtree_check) crimson(async,root_squash,insecure,no_subtree_check) sepia(async,root_squash,insecure,no_subtree_check) azure(async,root_squash,insecure,no_subtree_check) viridian(async,root_squash,insecure,no_subtree_check) purple(async,root_squash,insecure,no_subtree_check) peach(async,root_squash,insecure,no_subtree_check) celadon(async,root_squash,insecure,no_subtree_check)
<br>  
<br>  
 +
 +
*Restart the nfsd and autofs
 +
 +
  service autofs restart
 +
exportfs -ra
 +
 +
**See /etc/hosts.allow /etc/netgroup /etc/exports on white for new clients.
 +
 +
  # If you change this (hosts.allow), also change
 +
# /etc/netgroup, /etc/exports, /etc/mail/local-host-names, as well as
 +
# /etc/hosts.allow on moach and azure (at least).
 +
# Don't forget to do 'make -C /var/yp; service ypserv restart'
 +
# and (on white, azure, moach, ...) 'exportfs -r'.
 +
 +
=== /etc/hosts.allow  ===
 +
 +
  cat /home/lmperry/bin/newsys/hosts.allow &gt;&gt; /etc/hosts.allow
 +
 +
== HOME DIR &amp; USR Local ==
 +
 +
This is how we handle the home dir situation
 +
 +
mv /home /home.orig
 +
service autofs restart
 +
 +
This is how I handle the /usr/local situation -- although I'm not sure it's the best way given that certain things are already installed on the machine -- the bash rc file will have to be modified.
 +
 +
  mv /usr/local /usr/local.orig
 +
ln -s /white/local /usr/local
 +
 +
== NIS  ==
 +
 +
*Install packages
 +
 +
  apt-get install portmap nis sysv-rc-conf
 +
 +
*Enter domain name:
 +
 +
  spectrum
 +
 +
*Add a portmap line to /etc/hosts.allow for security reasons:
 +
 +
  echo "portmap&nbsp;: 171.64.204.10" &gt;&gt; /etc/hosts.allow
 +
 +
*Edit /etc/passwd to add a line at the end saying:
 +
 +
  echo "+::::::" &gt;&gt; /etc/passwd
 +
 +
*Edit /etc/group to add a line at the end saying:
 +
 +
  echo "+:::" &gt;&gt; /etc/group
 +
 +
*Edit /etc/shadow to add a line at the end saying:
 +
 +
  echo "+::::::::" &gt;&gt; /etc/shadow
 +
 +
*This sets up those services to include NIS entries if a match isn't found in the file. You could change other services to use NIS by using the NIS service in /etc/nsswitch.conf, but these are the important ones.
 +
 +
*Edit /etc/yp.conf and add the lines:
 +
 +
  echo "domain spectrum server white.stanford.edu" &gt;&gt; /etc/yp.conf
 +
echo "ypserver  171.64.204.10" &gt;&gt; /etc/yp.conf
 +
 +
*Edit /etc/nsswitch.conf
 +
 +
  vi /etc/nsswitch.conf
 +
passwd: compat nis  # line 7: add
 +
group:  compat nis  # add
 +
shadow: compat nis  # add
 +
hosts:  files dns nis  # add
 +
netgroup: files nis
 +
 +
*Then reboot
 +
 +
  reboot
 +
 +
*TEST config:
 +
 +
  ypwhich
 +
ypcat passwd
 +
ypcat hosts
 +
 +
==== PROPAGATE MAPS  ====
 +
 +
*To propagate changes to NIS, such as UID changes and password changes, to all the clients:
 +
 +
  ## On white, as root
 +
make -C /var/yp
 +
service ypserv restart
 +
 +
== Software  ==
 +
 +
==== MATLAB  ====
 +
 +
See: http://www.mathworks.com/support/solutions/en/data/1-F68FSA/index.html?solution=1-F68FSA
 +
 +
  ln -s /lib/x86_64-linux-gnu/libc.so.6 /lib64/libc.so.6
 +
 +
==== Menu Bar  ====
 +
 +
*In 12.04 the menu bar is annyoingly located at the upper left for every program and auto hides.
 +
 +
  To disable this:
 +
apt-get autoremove appmenu-gtk appmenu-gtk3 appmenu-qt
 +
 +
  To re-enable:
 +
sudo apt-get install appmenu-gtk appmenu-gtk3 appmenu-qt
 +
 +
*For Firefox:
 +
 +
  To disable Global Menu for Firefox, open Firefox, then select Tools – Add-ons –&gt; Extensions and disable ‘Global Menu Bar integration’.
 +
 +
Look into using UNSETTINGS for this as well
 +
 +
  add-apt-repository ppa:diesch/testing
 +
apt-get update
 +
apt-get install unsettings
 +
 +
=== NEURODEBIAN  ===
 +
 +
To add the neurodebian repo for Ubuntu 12.04
 +
 +
wget -O- http://neuro.debian.net/lists/precise.us-ca | tee /etc/apt/sources.list.d/neurodebian.sources.list
 +
apt-key adv --recv-keys --keyserver pgp.mit.edu 2649A5A9
 +
 +
*There seems to be some strangeness in the /etc/apt/sources.list.d/neurodebian.sources.list file -- it should be
 +
 +
  deb http://neurodeb.pirsquared.org data main contrib non-free
 +
# deb-src http://neurodeb.pirsquared.org data main contrib non-free
 +
deb http://neurodeb.pirsquared.org precise main contrib non-free
 +
# deb-src http://neurodeb.pirsquared.org precise main contrib non-free
 +
 +
==== Packages to install  ====
 +
 +
  apt-get update&nbsp;; apt-get - y install fsl fslview mrtrix mrtrix-doc ants mricron mriconvert dicomnifti python-nipype python-nibabel afni gifti-bin nifti2dicom  qnifti2dicom
 +
 +
# The following requires some interaction
 +
apt-get -y matlab-spm8
 +
 +
=== Non Essential Software  ===
 +
 +
*Software sources: <br>:Open Ubuntu Software Center and select “Edit” and then select “Software Sources”: Make sure both Canonical Partner repositories have check marks next to them
 +
 +
  apt-get update &amp;&amp; sudo apt-get upgrade
 +
 +
*For Java 7
 +
 +
  add-apt-repository ppa:webupd8team/java
 +
apt-get update
 +
apt-get install oracle-java7-installer
 +
apt-get install icedtea-7-plugin
 +
# Maybe the following - not necessary with chrome
 +
mkdir ~/.mozilla/plugins
 +
ln -s /usr/lib/jvm/jdk1.7.0_04/jre/lib/amd64/libnpjp2.so ~/.mozilla/plugins
 +
 +
<br>
 +
 +
*For ubuntu-tweak:
 +
 +
add-apt-repository ppa:tualatrix/next
 +
apt-get update
 +
apt-get install ubuntu-tweak
 +
 +
*For Mendeley
 +
 +
  cd /tmp
 +
wget http://www.mendeley.com/repositories/ubuntu/stable/amd64/mendeleydesktop-latest
 +
dpkg -i mendeleydesktop_*
 +
 +
*Grin/d
 +
 +
  This requires that /usr/local/ not be /usr/local.orig/ and that /usr/local.white be used to point to /white/local/
 +
apt-get install python-pip
 +
pip install grin
 +
 +
*Dropbox
 +
 +
  apt-get install nautilus-dropbox
 +
 +
*Handbrake
 +
 +
  add-apt-repository ppa:stebbins/handbrake-releases
 +
apt-get update
 +
apt-get install handbrake-cli handbrake-gtk
 +
 +
*Tomboy
 +
 +
  apt-get -y install tomboy
 +
 +
*For Classic Ubuntu Looks:
 +
 +
  apt-get install gnome-session-fallback
 +
apt-get install indicator-applet-appmenu
 +
apt-get install gnome-tweak-tool
 +
 +
*Medibuntu
 +
 +
  sudo wget --output-document=/etc/apt/sources.list.d/medibuntu.list http://www.medibuntu.org/sources.list.d/$(lsb_release -cs).list &amp;&amp; sudo apt-get --quiet update &amp;&amp; sudo apt-get --yes --quiet --allow-unauthenticated install medibuntu-keyring &amp;&amp; sudo apt-get --quiet update
 +
apt-get -y update &amp;&amp; sudo apt-get -y upgrade
 +
apt-get install app-install-data-medibuntu apport-hooks-medibuntu
 +
 +
  apt-get install w64codecs libdvdcss2
 +
apt-get install libdvdnav4
 +
apt-get install libdvdread4
 +
/usr/share/doc/libdvdread4/./install-css.sh
 +
 +
*Essential Build Tools
 +
 +
  apt-get install build-essential checkinstall cdbs devscripts dh-make fakeroot libxml-parser-perl check avahi-daemon
 +
 +
*VLC
 +
 +
  add-apt-repository ppa:videolan/stable-daily
 +
apt-get update
 +
apt-get install vlc mplayer
 +
 +
*Gparted - partition manager
 +
 +
  apt-get install gparted
 +
 +
*Archiving
 +
 +
  apt-get install unace rar unrar p7zip-rar p7zip zip unzip sharutils uudeview mpack lha arj cabextract file-roller
 +
 +
*CHROME - with google talk
 +
 +
  wget -q -O - https://dl-ssl.google.com/linux/linux_signing_key.pub | sudo apt-key add -
 +
sh -c 'echo "deb http://dl.google.com/linux/chrome/deb/ stable main" &gt;&gt; /etc/apt/sources.list.d/google.list'
 +
apt-get update
 +
apt-get install google-chrome-stable
 +
wget -q -O - https://dl-ssl.google.com/linux/linux_signing_key.pub | sudo apt-key add -
 +
sh -c 'echo "deb http://dl.google.com/linux/talkplugin/deb/ stable main" &gt;&gt; /etc/apt/sources.list.d/google.list'
 +
apt-get update
 +
apt-get install google-talkplugin
 +
 +
*Comment out one of the repo lines in /etc/apt/sources.list.d/google-* to prevent the duplicate entry.
 +
 +
*Check Gmail
 +
 +
  apt-get install checkgmail
 +
 +
*READER
 +
 +
  apt-get install acroread acroread-fonts
 +
 +
*Google web office
 +
 +
  add-apt-repository ppa:tombeckmann/ppa
 +
apt-get update &amp;&amp; sudo apt-get install gwoffice
 +
 +
*Inkscape (illustrator)
 +
 +
  apt-get install inkscape
 +
 +
*SPOTIFY
 +
 +
  gpg --keyserver wwwkeys.de.pgp.net --recv-keys 4E9CFF4E
 +
gpg --export 4E9CFF4E |sudo apt-key add -
 +
sudo sh -c 'echo "deb http://repository.spotify.com stable non-free" &gt;&gt; /etc/apt/sources.list.d/spotify.list'
 +
apt-get update
 +
apt-get install spotify-client-qt
 +
 +
*AUDACITY
 +
 +
  add-apt-repository ppa:audacity-team/daily
 +
apt-get update
 +
apt-get install audacity lame libmp3lame0
 +
 +
*iPOD CONTROL
 +
 +
  apt-get install gtkpod
 +
 +
*DVD BURNING
 +
 +
  apt-get install k3b k3b-data libk3b6
 +
 +
*WINff vIDEO CONVERSION
 +
 +
  add-apt-repository ppa:paul-climbing/ppa
 +
apt-get update
 +
apt-get install winff libavcodec-extra-53
 +
 +
*Open Shot - video editor
 +
 +
  add-apt-repository ppa:openshot.developers/ppa
 +
apt-get update
 +
apt-get install openshot
 +
 +
*Flowblade
 +
 +
  http://code.google.com/p/flowblade/downloads/list
 +
 +
*VLMC - video editing from VLC
 +
 +
  add-apt-repository ppa:webupd8team/vlmc
 +
apt-get update
 +
apt-get install vlmc frei0r-plugins
== Create user accounts  ==
== Create user accounts  ==
-
This will be done using the adduser command for each user: the difference will be that we will be using kerberos for authentication NOT white<br> Special care will be needed to ensure that the root account will be present on all systems with the root password.<br> Even more care will be needed to ensure that each user can actually read/write their own files on white.<br> Get userid from white (id username) and use that userid when creating the account. The idea will be to move this UID to the stanford UID for consistency<br> Change group to fmri<br> ldap uses ldapsearch to query stanford for UIDs.<br> use --nopassword option when creating the account and point to /home/* on white - this means that we may need to create these accounts on white first -- or at least create the directory (which may be the way to go)  
+
''Edit: New user accounts can be added simply by editing /etc/passwd and /etc/shadow to add each user's line from the same files on white''<br> This will be done using the adduser command for each user: the difference will be that we will be using kerberos for authentication NOT white  
 +
 
 +
*Special care will be needed to ensure that the root account will be present on all systems with the root password.  
 +
*Even more care will be needed to ensure that each user can actually read/write their own files on white.  
 +
*Get userid from white (id username) and use that userid when creating the account. The idea will be to move this UID to the stanford UID for consistency<br> Change group to fmri<br> ldap uses ldapsearch to query stanford for UIDs.  
 +
*Use --nopassword option when creating the account and point to /home/* on white - this means that we may need to create these accounts on white first -- or at least create the directory (which may be the way to go)
   adduser --no-create-home --disabled-password --uid $uid_num --gecos “USER_FIRST USER_LAST” USERNAME  
   adduser --no-create-home --disabled-password --uid $uid_num --gecos “USER_FIRST USER_LAST” USERNAME  
-
FOR EACH USER&nbsp;:  
+
*FOR EACH USER: Query their UID and GROUPS on white and add them:
-
 
+
-
Query their UID and GROUPS on white and add them:  
+
   adduser --no-create-home --disabled-password --uid UID --gecos “FIRST_NAME LAST_NAME” USERNAME
   adduser --no-create-home --disabled-password --uid UID --gecos “FIRST_NAME LAST_NAME” USERNAME
-
If the user is already created: IE lmperry  
+
*If the user is already created: IE lmperry
 +
 
  groupadd -g GID GROUPNAME
  groupadd -g GID GROUPNAME
  groupadd -g 31 fmri
  groupadd -g 31 fmri
Line 105: Line 483:
   ldapuser()
   ldapuser()
  {
  {
-
  ldapinfo=$(ldapsearch -x -h ldap.stanford.edu uid=$1)
+
ldapinfo=$(ldapsearch -x -h ldap.stanford.edu uid=$1)
-
  uid_num=$(echo "$ldapinfo" | grep uidNumber); uid_num=${uid_num##*: }
+
uid_num=$(echo "$ldapinfo" | grep uidNumber); uid_num=${uid_num##*: }
-
  firstname=$(echo "$ldapinfo" | grep suDisplayNameFirst); firstname=${firstname##*: }
+
firstname=$(echo "$ldapinfo" | grep suDisplayNameFirst); firstname=${firstname##*: }
-
  lastname=$(echo "$ldapinfo" | grep suDisplayNameLast); lastname=${lastname##*: }
+
lastname=$(echo "$ldapinfo" | grep suDisplayNameLast); lastname=${lastname##*: }
-
  echo "adduser --no-create-home --disabled-password --uid $uid_num --gecos \"$firstname $lastname\" $1"
+
echo "adduser --no-create-home --disabled-password --uid $uid_num --gecos \"$firstname $lastname\" $1"
-
  echo "mkdir /nimsfs/home/$1; chown $uid_num:$uid_num /nimsfs/home/$1"
+
echo "mkdir /nimsfs/home/$1; chown $uid_num:$uid_num /nimsfs/home/$1"
-
  }  
+
  }
-
== Kerberizing the system ==
+
== Kerberizing the system ==
-
See the CNI wiki for help with this: http://cni.stanford.edu/wiki/Workstations<br> This will allow the user authentication to be done using kerberos - not white  
+
See the CNI wiki for help with this: http://cni.stanford.edu/wiki/Workstations<br> This will allow the user authentication to be done using kerberos - not white.
 +
 
 +
== IMPORTANT ISSUES  ==
 +
 
 +
*White uses different UIDs from what stanford assigns. This means that if we use Kerberos to authenticate then we have to make sure that we don’t assign the stanford UID to users on new machines - if we don’t use white’s UIDs then each user will not be able to r/w their files on white or biac. This may be an issue to bring up with Martin at some point.
 +
*See user accounts section - will users need to be created on white as well? so that white will know who each user is? I imagine if we create new users with their stanford UID then this will be fine. What else has to be done when creating new users.<br> Each user will have to know that their password is no longer the same as their white password - it’s their stanford password. But this can be changed on white to be their stanford password. Same goes for samba.
 +
*New file server --- this can be done relatively soon if we wanted to. The new file server would be freeBSD and use .zfs for a file-system.
 +
*The idea of sharing one password file that is updated via cron to be the same as one that is centrally kept would reduce the need to update each system’s passowrd file in /etc/shadow or /etc/passwd/ ---- how is this better than using NIS? Perhaps it reduces the need to use ypbind and other services that could stop running or that slow things down....
 +
*The root account is IMPORTANT if the network ever goes down.
 +
 
 +
== List of users that should be able to login  ==
 +
 
 +
*See document
 +
 
 +
== Ubuntu Welcome [ssh]  ==
 +
 
 +
  vim /etc/motd
<br>  
<br>  
-
== IMPORTANT ISSUES ==
+
== TODO ==
-
White uses different UIDs from what stanford assigns. This means that if we use Kerberos to authenticate then we have to make sure that we don’t assign the stanford UID to users on new machines - if we don’t use white’s UIDs then each user will not be able to r/w their files on white or biac. This may be an issue to bring up with Martin at some point.<br> See user accounts section - will users need to be created on white as well? so that white will know who each user is? I imagine if we create new users with their stanford UID then this will be fine. What else has to be done when creating new users.<br> Each user will have to know that their password is no longer the same as their white password - it’s their stanford password. But this can be changed on white to be their stanford password. Same goes for samba.<br> New file server --- this can be done relatively soon if we wanted to. The new file server would be freeBSD and use .zfs for a file-system.<br> The idea of sharing one password file that is updated via cron to be the same as one that is centrally kept would reduce the need to update each system’s passowrd file in /etc/shadow or /etc/passwd/ ---- how is this better than using NIS? Perhaps it reduces the need to use ypbind and other services that could stop running or that slow things down....<br> The root account is IMPORTANT if the network ever goes down.  
+
*Create an install script that will do all of this automagically
 +
*Create all the auto.* files so they can be copied into the right places
 +
*Root mail
 +
*aliases (/etc/aliases)
 +
*SGE
 +
*mrMeshSrv - compile ** DONE
 +
*Test mesh building, etc. ** DONE
 +
 
 +
= SGE  =
 +
 
 +
*Add sgeadmin to /etc/groups
 +
 
 +
  echo 'sgeadmin...'
 +
 
 +
*Install grid software
 +
 
 +
  apt-get install gridengine-exec gridengine-client gridengine-qmon
 +
 
 +
*Fonts for qmon
 +
 
 +
  apt-get install xfs xfstt t1-xfree86-nonfree ttf-xfree86-nonfree ttf-xfree86-nonfree-syriac xfonts-75dpi xfonts-100dpi
 +
** log out or restart for qmon to work
 +
 
 +
= SAMBA  =
 +
 
 +
  # Configure /etc/samba/smb.conf #
 +
# This might have to be done for each share individually for security purposes.
 +
follow symlinks = yes
 +
wide links = yes
 +
### This must be placed in the [global] section NOT just the [shares] section. ###
 +
unix extensions = no
 +
 
 +
  # Install samba server
 +
apt-get install samba
 +
 
 +
  # This will allow each user to login to the samba service, provided they have an account
 +
# on the machine.  
 +
apt-get install libpam-smbpass
 +
 
 +
  # To restart the samba service
 +
sudo restart smbd
 +
sudo restart nmbd
<br>  
<br>  
 +
= NVIDIA  =
-
== NEURODEBIAN ==
+
*To remove the nvidia driver
 +
 
 +
  apt-get purge nvidia*
 +
dpkg-reconfigure -phigh xserver-xorg
 +
 
 +
= Kerberizing the System  =
 +
 
 +
  apt-get install -y krb5-user libpam-krb5&nbsp;; mv /etc/krb5.conf /etc/krb5.conf.dpkg-dist&nbsp;; wget -O /etc/krb5.conf http://www.stanford.edu/dept/its/support/kerberos/dist/krb5.conf
 +
 
 +
= Letting Your System Send Email  =
 +
 
 +
apt-get install -y ssmtp&nbsp;; <br> cat &lt;&lt; EOF &gt; /etc/ssmtp/ssmtp.conf<br> root=lmperry@stanford.edu<br> mailhub=smtp.stanford.edu<br> usestarttls=yes<br> hostname="$2".stanford.edu<br> EOF<br>
 +
 
 +
= Logwatch Reference  =
 +
 apt-get install -y logwatch ;   mv /usr/share/logwatch/default.conf/logwatch.conf /usr/share/logwatch/default.conf/logwatch.conf.orig ; wget -O /usr/share/logwatch/default.conf/logwatch.conf http://white.stanford.edu/~lmperry/admin/logwatch.conf ; echo "/usr/sbin/logwatch --mailto lmperry@stanford.edu" >> /etc/cron.daily/00logwatch
 +
 +
'''Manual Method'''<br> Edit the configuration File
 +
 
 +
  vim /usr/share/logwatch/default.conf/logwatch.conf
 +
 
 +
  # Output = mail
 +
# Format = html
 +
# MailTo = lmperry@stanford.edu
 +
 
 +
Now edit the 00logwatch file and add the following line:
 +
 
 +
  vim /etc/cron.daily/00logwatch
 +
/usr/sbin/logwatch --mailto lmperr@stanford.edu
 +
 
 +
= Public key  =
 +
 
 +
  echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDQDduPLLXUWQ9ziS0q2SMdqlWv4gmuiilPkNWqQHq26i8AkIZfJ1/tC5LA5yipk16ruP2JeD5EZSp7pBWxOIXuEsbLOKRrsb9sBdM0roLZNkG8Mm6NWZViUb3D+8zCmOjNgvgIhJRWv3982H4DVk5ZCAojgk7jEseooU65yNugZXMhDsiPStQGwNms2Xxtjy/D9+mAbF7lZEc2xDVbvArtx6QVeoX7nSIoiZ29gK7E9doPd7tlFRGE7fIg8keYW04WVsRYjNabHM168DUUWhkz0IVwFLDTzCu7F8ijvWZJfbLcwAekOEnyE/aHWWFdjAB9gPEmZgMQOZBAuMjYmHNH Michael Perry" &gt;&gt; ~/.ssh/authorized_keys
 +
 
 +
<br>
-
  wget -O- http://neuro.debian.net/lists/precise.us-ca | tee etc/apt/sources.list.d/neurodebian.sources.list
+
"End"
-
  apt-key adv --recv-keys --keyserver pgp.mit.edu 2649A5A9
+

Latest revision as of 15:23, 29 April 2013

Ubuntu Install Notes:

Contents

Initial Ubuntu install

  • Ubuntu 12.04LTS x64

Disk partitions

Typically, something like that below is used with at least 16G of swap space: Filesystem Size Used Avail Use% Mounted on /dev/sda2 29G 6.1G 22G 23% / tmpfs 4.0G 88K 4.0G 1% /dev/shm /dev/sda1 291M 64M 213M 24% /boot /dev/sda6 520G 24G 469G 5% /indigo/scr1 /dev/sda3 29G 172M 28G 1% /indigo/scr2

  • Create root user after install:
 sudo passwd

Install script

 scp lmperry@white.stanford.edu:/white/u8/lmperry/bin/newsys/installScript /root/
chmod 770 /root/installScript
 ./installScript [install config software] [hostname]

Login options

  • Had to edit /etc/hostname and reboot to get the hostname to show up right.
  • Enable Login from main screen - requiring username
 echo "greeter-show-manual-login=true"  >> /etc/lightdm/lightdm.conf
  • You can also hide all users so that you enter whatever name you want by editing /etc/lightdm/lightdm.conf adding :
 echo "greeter-hide-users=true" >> /etc/lightdm/lightdm.conf

Then:

 service lightdm restart
** Reboot if logged in - don't use while logged in.

Programs to install after the initial install

This section should be cut down to those programs that are essential and those that are not. Furthermore a script will be written to do these installs automagically.

  • Install using:
 apt-get install ssh autofs5 git zip unzip flashplugin-installer gsfonts-x11 hplip vim samba smbfs system-config-samba gnome-panel tcsh subversion sfftw-dev openjdk-7-jre icedtea-7-plugin

Test Java: http://www.java.com/en/download/testjava.jsp

  • Other programs needed for compile and run of mrMesh etc.
 apt-get install gcc cmake cmake-curses-gui autoconf libjpeg-dev libtiff-dev libgtk-3-0 libwxgtk2.6-0 libtiff4 mesa-common-dev freeglut3-dev libwxgtk2.8-dev libgtk-3-dev libgtk2.0-dev libqt4-opengl libqt4-opengl-dev libvtk5.8 libvtk5.8-qt4 libvtk5-dev libvtk5-qt4-dev libjpeg62
 # Removed libjpeg62-dev

AUTOFS

In the future the best way to handle this going forward will be to have all of the auto.* files in a location where they can easily copied into the /etc/ directory -- perhaps using rsync or wget...

Create the automount files

  • auto.master
 #
/biac4		/etc/auto.biac4		--timeout 60000
/home		/etc/auto.home		-intr	--ghost
/white		/etc/auto.white         --timeout 60000
#
echo -e "#\n/biac4         /etc/auto.biac4         --timeout 60000 \n/home          /etc/auto.home          -intr  --ghost \n/white         /etc/auto.white         --timeout 60000 \n/azure         /etc/auto.azure         --timeout 60000 \n/peach         /etc/auto.peach         --timeout 60000\n" >> /etc/auto.master
  • auto.home
   *	white:/home/&
echo "*     white:/home/&" > /etc/auto.home
  • auto.white
  *    -wsize=8192,rsize=8192,intr   white:/white/&
echo "*    -wsize=8192,rsize=8192,intr   white:/white/&" > /etc/auto.white
  • auto.biac4
 *    -wsize=8192,rsize=8192,intr   biac4:/biac4/&
echo "*    -wsize=8192,rsize=8192,intr   biac4:/biac4/&" > /etc/auto.biac4
  • auto.azure
 *    -wsize=8192,rsize=8192,intr   azure:/azure/&
echo "*    -wsize=8192,rsize=8192,intr   azure:/azure/&" > /etc/auto.azure
  • auto.peach
 *    -wsize=8192,rsize=8192,intr   peach:/peach/&
echo "*    -wsize=8192,rsize=8192,intr   peach:/peach/&" > /etc/auto.peach
  • See other auto mount files on the white computers...
    This will depend on this machine being allowed to automount each of these systems - Gunnar and I will have to let new systems into BIAC
 https://help.ubuntu.com/community/Autofs/

TO EXPORT A DIRECTORY TO ANOTHER MACHINE

On white:

  • Add client to /etc/netgroup
  • Add client to /etc/hosts.allow
  • Build yp and restart ypserv
 make -C /var/yp ; service ypserv restart

On the host:

  • Add the client to /etc/hosts.allow
  • Export the file system
 exportfs -r

On the client:

  • Create the autofs files
 /etc/auto.host
vim /etc/auto.master
# Add auto.host
  • Restart autofs
 service autofs restart

Nsswitch

Add the following line to: /etc/nsswitch.conf

automount: files
echo "automount:      files" >> /etc/nsswitch.conf 

Restart the autofs service (deal with the homedir first!!!):

service autofs restart

NFS

  • Install the NFS server
 apt-get install nfs-kernel-server
  • Edit /etc/exports to export the /hostname directory to the rest of the nis clients.
 vim /etc/exports
/hostname/ @white-clients-all(rw,root_squash,insecure,async)
 # Or something like this without using NIS
/viridian/scr1 white(async,root_squash,insecure,no_subtree_check) khaki(async,root_squash,insecure,no_subtree_check) ecru(async,root_squash,insecure,no_subtree_check) mauve(async,root_squash,insecure,no_subtree_check) tan(async,root_squash,insecure,no_subtree_check) sienna(async,root_squash,insecure,no_subtree_check) buff(async,root_squash,insecure,no_subtree_check) indigo(async,root_squash,insecure,no_subtree_check) slate(async,root_squash,insecure,no_subtree_check) red(rw,async,no_root_squash,insecure,no_subtree_check) scarlet(rw,async,no_root_squash,insecure,no_subtree_check) green(async,root_squash,insecure,no_subtree_check) chroma(async,root_squash,insecure,no_subtree_check) crimson(async,root_squash,insecure,no_subtree_check) sepia(async,root_squash,insecure,no_subtree_check) azure(async,root_squash,insecure,no_subtree_check) viridian(async,root_squash,insecure,no_subtree_check) purple(async,root_squash,insecure,no_subtree_check) peach(async,root_squash,insecure,no_subtree_check) celadon(async,root_squash,insecure,no_subtree_check)


  • Restart the nfsd and autofs
 service autofs restart
exportfs -ra
    • See /etc/hosts.allow /etc/netgroup /etc/exports on white for new clients.
 # If you change this (hosts.allow), also change 
# /etc/netgroup, /etc/exports, /etc/mail/local-host-names, as well as
# /etc/hosts.allow on moach and azure (at least).
# Don't forget to do 'make -C /var/yp; service ypserv restart'
# and (on white, azure, moach, ...) 'exportfs -r'.

/etc/hosts.allow

 cat /home/lmperry/bin/newsys/hosts.allow >> /etc/hosts.allow

HOME DIR & USR Local

This is how we handle the home dir situation

mv /home /home.orig
service autofs restart

This is how I handle the /usr/local situation -- although I'm not sure it's the best way given that certain things are already installed on the machine -- the bash rc file will have to be modified.

 mv /usr/local /usr/local.orig
ln -s /white/local /usr/local

NIS

  • Install packages
 apt-get install portmap nis sysv-rc-conf 
  • Enter domain name:
 spectrum
  • Add a portmap line to /etc/hosts.allow for security reasons:
 echo "portmap : 171.64.204.10" >> /etc/hosts.allow
  • Edit /etc/passwd to add a line at the end saying:
 echo "+::::::" >> /etc/passwd
  • Edit /etc/group to add a line at the end saying:
 echo "+:::" >> /etc/group
  • Edit /etc/shadow to add a line at the end saying:
 echo "+::::::::" >> /etc/shadow
  • This sets up those services to include NIS entries if a match isn't found in the file. You could change other services to use NIS by using the NIS service in /etc/nsswitch.conf, but these are the important ones.
  • Edit /etc/yp.conf and add the lines:
 echo "domain spectrum server white.stanford.edu" >> /etc/yp.conf
echo "ypserver  171.64.204.10" >> /etc/yp.conf
  • Edit /etc/nsswitch.conf
 vi /etc/nsswitch.conf
passwd: compat nis   # line 7: add
group:  compat nis   # add
shadow: compat nis   # add
hosts:  files dns nis  # add
netgroup: files nis 
  • Then reboot
 reboot
  • TEST config:
 ypwhich 
ypcat passwd 
ypcat hosts

PROPAGATE MAPS

  • To propagate changes to NIS, such as UID changes and password changes, to all the clients:
 ## On white, as root
make -C /var/yp
service ypserv restart

Software

MATLAB

See: http://www.mathworks.com/support/solutions/en/data/1-F68FSA/index.html?solution=1-F68FSA

 ln -s /lib/x86_64-linux-gnu/libc.so.6 /lib64/libc.so.6

Menu Bar

  • In 12.04 the menu bar is annyoingly located at the upper left for every program and auto hides.
 To disable this:
apt-get autoremove appmenu-gtk appmenu-gtk3 appmenu-qt
 To re-enable:
sudo apt-get install appmenu-gtk appmenu-gtk3 appmenu-qt
  • For Firefox:
 To disable Global Menu for Firefox, open Firefox, then select Tools – Add-ons –> Extensions and disable ‘Global Menu Bar integration’.

Look into using UNSETTINGS for this as well

 add-apt-repository ppa:diesch/testing
apt-get update
apt-get install unsettings

NEURODEBIAN

To add the neurodebian repo for Ubuntu 12.04

wget -O- http://neuro.debian.net/lists/precise.us-ca | tee /etc/apt/sources.list.d/neurodebian.sources.list
apt-key adv --recv-keys --keyserver pgp.mit.edu 2649A5A9
  • There seems to be some strangeness in the /etc/apt/sources.list.d/neurodebian.sources.list file -- it should be
 deb http://neurodeb.pirsquared.org data main contrib non-free
# deb-src http://neurodeb.pirsquared.org data main contrib non-free
deb http://neurodeb.pirsquared.org precise main contrib non-free
# deb-src http://neurodeb.pirsquared.org precise main contrib non-free

Packages to install

 apt-get update ; apt-get - y install fsl fslview mrtrix mrtrix-doc ants mricron mriconvert dicomnifti python-nipype python-nibabel afni gifti-bin nifti2dicom  qnifti2dicom

# The following requires some interaction
apt-get -y matlab-spm8

Non Essential Software

  • Software sources:
    :Open Ubuntu Software Center and select “Edit” and then select “Software Sources”: Make sure both Canonical Partner repositories have check marks next to them
 apt-get update && sudo apt-get upgrade
  • For Java 7
 add-apt-repository ppa:webupd8team/java
apt-get update
apt-get install oracle-java7-installer
apt-get install icedtea-7-plugin
# Maybe the following - not necessary with chrome
mkdir ~/.mozilla/plugins
ln -s /usr/lib/jvm/jdk1.7.0_04/jre/lib/amd64/libnpjp2.so ~/.mozilla/plugins


  • For ubuntu-tweak:
add-apt-repository ppa:tualatrix/next
apt-get update
apt-get install ubuntu-tweak
  • For Mendeley
 cd /tmp
wget http://www.mendeley.com/repositories/ubuntu/stable/amd64/mendeleydesktop-latest 
dpkg -i mendeleydesktop_*
  • Grin/d
 This requires that /usr/local/ not be /usr/local.orig/ and that /usr/local.white be used to point to /white/local/
apt-get install python-pip
pip install grin
  • Dropbox
 apt-get install nautilus-dropbox
  • Handbrake
 add-apt-repository ppa:stebbins/handbrake-releases
apt-get update
apt-get install handbrake-cli handbrake-gtk
  • Tomboy
 apt-get -y install tomboy
  • For Classic Ubuntu Looks:
 apt-get install gnome-session-fallback
apt-get install indicator-applet-appmenu
apt-get install gnome-tweak-tool
  • Medibuntu
 sudo wget --output-document=/etc/apt/sources.list.d/medibuntu.list http://www.medibuntu.org/sources.list.d/$(lsb_release -cs).list && sudo apt-get --quiet update && sudo apt-get --yes --quiet --allow-unauthenticated install medibuntu-keyring && sudo apt-get --quiet update
apt-get -y update && sudo apt-get -y upgrade
apt-get install app-install-data-medibuntu apport-hooks-medibuntu
 apt-get install w64codecs libdvdcss2
apt-get install libdvdnav4
apt-get install libdvdread4
/usr/share/doc/libdvdread4/./install-css.sh
  • Essential Build Tools
 apt-get install build-essential checkinstall cdbs devscripts dh-make fakeroot libxml-parser-perl check avahi-daemon
  • VLC
 add-apt-repository ppa:videolan/stable-daily
apt-get update
apt-get install vlc mplayer
  • Gparted - partition manager
 apt-get install gparted
  • Archiving
 apt-get install unace rar unrar p7zip-rar p7zip zip unzip sharutils uudeview mpack lha arj cabextract file-roller
  • CHROME - with google talk
 wget -q -O - https://dl-ssl.google.com/linux/linux_signing_key.pub | sudo apt-key add -
sh -c 'echo "deb http://dl.google.com/linux/chrome/deb/ stable main" >> /etc/apt/sources.list.d/google.list'
apt-get update
apt-get install google-chrome-stable
wget -q -O - https://dl-ssl.google.com/linux/linux_signing_key.pub | sudo apt-key add -
sh -c 'echo "deb http://dl.google.com/linux/talkplugin/deb/ stable main" >> /etc/apt/sources.list.d/google.list'
apt-get update
apt-get install google-talkplugin
  • Comment out one of the repo lines in /etc/apt/sources.list.d/google-* to prevent the duplicate entry.
  • Check Gmail
 apt-get install checkgmail
  • READER
 apt-get install acroread acroread-fonts
  • Google web office
 add-apt-repository ppa:tombeckmann/ppa
apt-get update && sudo apt-get install gwoffice
  • Inkscape (illustrator)
 apt-get install inkscape
  • SPOTIFY
 gpg --keyserver wwwkeys.de.pgp.net --recv-keys 4E9CFF4E
gpg --export 4E9CFF4E |sudo apt-key add -
sudo sh -c 'echo "deb http://repository.spotify.com stable non-free" >> /etc/apt/sources.list.d/spotify.list'
apt-get update
apt-get install spotify-client-qt
  • AUDACITY
 add-apt-repository ppa:audacity-team/daily
apt-get update
apt-get install audacity lame libmp3lame0
  • iPOD CONTROL
 apt-get install gtkpod
  • DVD BURNING
 apt-get install k3b k3b-data libk3b6
  • WINff vIDEO CONVERSION
 add-apt-repository ppa:paul-climbing/ppa
apt-get update
apt-get install winff libavcodec-extra-53
  • Open Shot - video editor
 add-apt-repository ppa:openshot.developers/ppa
apt-get update
apt-get install openshot
  • Flowblade
 http://code.google.com/p/flowblade/downloads/list
  • VLMC - video editing from VLC
 add-apt-repository ppa:webupd8team/vlmc
apt-get update
apt-get install vlmc frei0r-plugins

Create user accounts

Edit: New user accounts can be added simply by editing /etc/passwd and /etc/shadow to add each user's line from the same files on white
This will be done using the adduser command for each user: the difference will be that we will be using kerberos for authentication NOT white

  • Special care will be needed to ensure that the root account will be present on all systems with the root password.
  • Even more care will be needed to ensure that each user can actually read/write their own files on white.
  • Get userid from white (id username) and use that userid when creating the account. The idea will be to move this UID to the stanford UID for consistency
    Change group to fmri
    ldap uses ldapsearch to query stanford for UIDs.
  • Use --nopassword option when creating the account and point to /home/* on white - this means that we may need to create these accounts on white first -- or at least create the directory (which may be the way to go)
 adduser --no-create-home --disabled-password --uid $uid_num --gecos “USER_FIRST USER_LAST” USERNAME 
  • FOR EACH USER: Query their UID and GROUPS on white and add them:
 adduser --no-create-home --disabled-password --uid UID --gecos “FIRST_NAME LAST_NAME” USERNAME
  • If the user is already created: IE lmperry
groupadd -g GID GROUPNAME
groupadd -g 31 fmri
usermod -g GROUPNAME USERNAME
usermod -g fmri lmperry
usermod -u UID USERNAME
usermod -u 59908 lmperry 
  • Changing permissions for a changed UID:
 sudo find / -xdev -uid 1000 -exec chown 5000 '{}' \+ 


FROM GUNNAR: Used to add new users

 ldapuser()
{
ldapinfo=$(ldapsearch -x -h ldap.stanford.edu uid=$1)
uid_num=$(echo "$ldapinfo" | grep uidNumber); uid_num=${uid_num##*: }
firstname=$(echo "$ldapinfo" | grep suDisplayNameFirst); firstname=${firstname##*: }
lastname=$(echo "$ldapinfo" | grep suDisplayNameLast); lastname=${lastname##*: }
echo "adduser --no-create-home --disabled-password --uid $uid_num --gecos \"$firstname $lastname\" $1"
echo "mkdir /nimsfs/home/$1; chown $uid_num:$uid_num /nimsfs/home/$1"
}

Kerberizing the system

See the CNI wiki for help with this: http://cni.stanford.edu/wiki/Workstations
This will allow the user authentication to be done using kerberos - not white.

IMPORTANT ISSUES

  • White uses different UIDs from what stanford assigns. This means that if we use Kerberos to authenticate then we have to make sure that we don’t assign the stanford UID to users on new machines - if we don’t use white’s UIDs then each user will not be able to r/w their files on white or biac. This may be an issue to bring up with Martin at some point.
  • See user accounts section - will users need to be created on white as well? so that white will know who each user is? I imagine if we create new users with their stanford UID then this will be fine. What else has to be done when creating new users.
    Each user will have to know that their password is no longer the same as their white password - it’s their stanford password. But this can be changed on white to be their stanford password. Same goes for samba.
  • New file server --- this can be done relatively soon if we wanted to. The new file server would be freeBSD and use .zfs for a file-system.
  • The idea of sharing one password file that is updated via cron to be the same as one that is centrally kept would reduce the need to update each system’s passowrd file in /etc/shadow or /etc/passwd/ ---- how is this better than using NIS? Perhaps it reduces the need to use ypbind and other services that could stop running or that slow things down....
  • The root account is IMPORTANT if the network ever goes down.

List of users that should be able to login

  • See document

Ubuntu Welcome [ssh]

 vim /etc/motd


TODO

  • Create an install script that will do all of this automagically
  • Create all the auto.* files so they can be copied into the right places
  • Root mail
  • aliases (/etc/aliases)
  • SGE
  • mrMeshSrv - compile ** DONE
  • Test mesh building, etc. ** DONE

SGE

  • Add sgeadmin to /etc/groups
 echo 'sgeadmin...'
  • Install grid software
 apt-get install gridengine-exec gridengine-client gridengine-qmon
  • Fonts for qmon
 apt-get install xfs xfstt t1-xfree86-nonfree ttf-xfree86-nonfree ttf-xfree86-nonfree-syriac xfonts-75dpi xfonts-100dpi
** log out or restart for qmon to work

SAMBA

 # Configure /etc/samba/smb.conf #
# This might have to be done for each share individually for security purposes.  
follow symlinks = yes
wide links = yes
### This must be placed in the [global] section NOT just the [shares] section. ###
unix extensions = no
 # Install samba server
apt-get install samba
 # This will allow each user to login to the samba service, provided they have an account
# on the machine. 
apt-get install libpam-smbpass
 # To restart the samba service
sudo restart smbd
sudo restart nmbd


NVIDIA

  • To remove the nvidia driver
 apt-get purge nvidia*
dpkg-reconfigure -phigh xserver-xorg

Kerberizing the System

 apt-get install -y krb5-user libpam-krb5 ; mv /etc/krb5.conf /etc/krb5.conf.dpkg-dist ; wget -O /etc/krb5.conf http://www.stanford.edu/dept/its/support/kerberos/dist/krb5.conf

Letting Your System Send Email

apt-get install -y ssmtp ;
cat << EOF > /etc/ssmtp/ssmtp.conf
root=lmperry@stanford.edu
mailhub=smtp.stanford.edu
usestarttls=yes
hostname="$2".stanford.edu
EOF

Logwatch Reference

 apt-get install -y logwatch ;   mv /usr/share/logwatch/default.conf/logwatch.conf /usr/share/logwatch/default.conf/logwatch.conf.orig ; wget -O /usr/share/logwatch/default.conf/logwatch.conf http://white.stanford.edu/~lmperry/admin/logwatch.conf ; echo "/usr/sbin/logwatch --mailto lmperry@stanford.edu" >> /etc/cron.daily/00logwatch

Manual Method
Edit the configuration File

 vim /usr/share/logwatch/default.conf/logwatch.conf
 # Output = mail
# Format = html
# MailTo = lmperry@stanford.edu

Now edit the 00logwatch file and add the following line:

 vim /etc/cron.daily/00logwatch
/usr/sbin/logwatch --mailto lmperr@stanford.edu

Public key

 echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDQDduPLLXUWQ9ziS0q2SMdqlWv4gmuiilPkNWqQHq26i8AkIZfJ1/tC5LA5yipk16ruP2JeD5EZSp7pBWxOIXuEsbLOKRrsb9sBdM0roLZNkG8Mm6NWZViUb3D+8zCmOjNgvgIhJRWv3982H4DVk5ZCAojgk7jEseooU65yNugZXMhDsiPStQGwNms2Xxtjy/D9+mAbF7lZEc2xDVbvArtx6QVeoX7nSIoiZ29gK7E9doPd7tlFRGE7fIg8keYW04WVsRYjNabHM168DUUWhkz0IVwFLDTzCu7F8ijvWZJfbLcwAekOEnyE/aHWWFdjAB9gPEmZgMQOZBAuMjYmHNH Michael Perry" >> ~/.ssh/authorized_keys


"End"

Personal tools