Vista Ubuntu

From VISTA LAB WIKI

(Difference between revisions)
Jump to: navigation, search
(Created page with "<br>Ubuntu Install on Green: Initial Ubuntu install: Look into using LDXE as opposed to the unity desktop. sudo apt-get install lxde<br> ** don’t do this. sudo apt-get instal...")
Line 1: Line 1:
-
<br>Ubuntu Install on Green:
+
Ubuntu Install on Green:  
-
Initial Ubuntu install:
+
== Initial Ubuntu install ==
-
Look into using LDXE as opposed to the unity desktop. sudo apt-get install lxde<br> ** don’t do this. sudo apt-get install xubuntu-desktop - xfc<br> Create root user after install: sudo passwd<br> * had to edit /etc/hostname to get it to show up right.  
+
Create root user after install:  
 +
  sudo passwd
 +
* Had to edit /etc/hostname and reboot to get the hostname to show up right.  
 +
== Programs to install after the initial install ==
 +
+ ssh, autofs5, git, unzip,
-
Programs to install after the initial install:
+
*Compile a list of other programs needed (e.g., neurodebian)
-
+ ssh, autofs5, git, unzip,
+
sudo apt-get install ssh autofs5 git unzip flashplugin-installer hplip vim samba gnome-panel tcsh subversion sfftw-dev
-
* Compile a list of other programs needed (e.g., neurodebian)
+
sudo add-apt-repository ppa:tualatrix/next<br> sudo apt-get update<br> sudo apt-get install ubuntu-tweak<br> or gnome-tweak-tool<br> Other programs needed for compile and run of mrMesh etc.<br> gcc cmake cmake-curses-gui autoconf libjpeg62-dev libgtk-3-0 libwxgtk2.6-0 libtiff4  
-
 
+
-
sudo apt-get install ssh autofs5 git unzip flashplugin-installer hplip vim samba gnome-panel tcsh subversion sfftw-dev
+
-
 
+
-
sudo add-apt-repository ppa:tualatrix/next<br> sudo apt-get update<br> sudo apt-get install ubuntu-tweak<br> or gnome-tweak-tool<br> Other programs needed for compile and run of mrMesh etc.<br> gcc cmake cmake-curses-gui autoconf libjpeg62-dev libgtk-3-0 libwxgtk2.6-0 libtiff4
+
-
 
+
-
mesa-common-dev<br> freeglut3-dev
+
-
 
+
-
libwxgtk2.8-dev<br> libgtk-3-dev<br> libgtk2.0-dev<br> libqt4-opengl libqt4-opengl-dev *
+
 +
mesa-common-dev<br> freeglut3-dev
 +
libwxgtk2.8-dev<br> libgtk-3-dev<br> libgtk2.0-dev<br> libqt4-opengl libqt4-opengl-dev *
 +
<br>
 +
<br>
Create the automount files:  
Create the automount files:  
-
auto.home : white:/home<br> see other auto mount files on the white computers<br> + biac + azure + etc...<br> This will depend on this machine being allowed to automount each of these systems - Martin will have to let new systems into BIAC<br> FOR WHITE<br> auto.white<br> * -wsize=8192,rsize=8192,intr white:/white/&amp;<br> auto.biac4
+
auto.home&nbsp;: white:/home<br> see other auto mount files on the white computers<br> + biac + azure + etc...<br> This will depend on this machine being allowed to automount each of these systems - Martin will have to let new systems into BIAC<br> FOR WHITE<br> auto.white<br> * -wsize=8192,rsize=8192,intr white:/white/&amp;<br> auto.biac4  
 +
<br>
 +
Create user accounts:
-
Create user accounts:
+
This will be done using the adduser command for each user: the difference will be that we will be using kerberos for authentication NOT white<br> Special care will be needed to ensure that the root account will be present on all systems with the root password.<br> Even more care will be needed to ensure that each user can actually read/write their own files on white.<br> Get userid from white (id username) and use that userid when creating the account. The idea will be to move this UID to the stanford UID for consistency<br> Change group to fmri<br> ldap uses ldapsearch to query stanford for UIDs.<br> use --nopassword option when creating the account and point to /home/* on white - this means that we may need to create these accounts on white first -- or at least create the directory (which may be the way to go)<br> adduser --no-create-home --disabled-password --uid $uid_num --gecos “USER_FIRST USER_LAST” USERNAME
-
This will be done using the adduser command for each user: the difference will be that we will be using kerberos for authentication NOT white<br> Special care will be needed to ensure that the root account will be present on all systems with the root password.<br> Even more care will be needed to ensure that each user can actually read/write their own files on white.<br> Get userid from white (id username) and use that userid when creating the account. The idea will be to move this UID to the stanford UID for consistency<br> Change group to fmri<br> ldap uses ldapsearch to query stanford for UIDs.<br> use --nopassword option when creating the account and point to /home/* on white - this means that we may need to create these accounts on white first -- or at least create the directory (which may be the way to go)<br> adduser --no-create-home --disabled-password --uid $uid_num --gecos “USER_FIRST USER_LAST” USERNAME
+
<br>  
 +
Kerberizing the system:
 +
See the CNI wiki for help with this: http://cni.stanford.edu/wiki/Workstations<br> This will allow the user authentication to be done using kerberos - not white
-
Kerberizing the system:
+
<br>
-
See the CNI wiki for help with this: http://cni.stanford.edu/wiki/Workstations<br> This will allow the user authentication to be done using kerberos - not white
+
IMPORTANT ISSUES:  
-
 
+
-
 
+
-
 
+
-
IMPORTANT ISSUES:
+
White uses different UIDs from what stanford assigns. This means that if we use Kerberos to authenticate then we have to make sure that we don’t assign the stanford UID to users on new machines - if we don’t use white’s UIDs then each user will not be able to r/w their files on white or biac. This may be an issue to bring up with Martin at some point.<br> See user accounts section - will users need to be created on white as well? so that white will know who each user is? I imagine if we create new users with their stanford UID then this will be fine. What else has to be done when creating new users.<br> Each user will have to know that their password is no longer the same as their white password - it’s their stanford password. But this can be changed on white to be their stanford password. Same goes for samba.<br> New file server --- this can be done relatively soon if we wanted to. The new file server would be freeBSD and use .zfs for a file-system.<br> The idea of sharing one password file that is updated via cron to be the same as one that is centrally kept would reduce the need to update each system’s passowrd file in /etc/shadow or /etc/passwd/ ---- how is this better than using NIS? Perhaps it reduces the need to use ypbind and other services that could stop running or that slow things down....<br> The root account is IMPORTANT if the network ever goes down.  
White uses different UIDs from what stanford assigns. This means that if we use Kerberos to authenticate then we have to make sure that we don’t assign the stanford UID to users on new machines - if we don’t use white’s UIDs then each user will not be able to r/w their files on white or biac. This may be an issue to bring up with Martin at some point.<br> See user accounts section - will users need to be created on white as well? so that white will know who each user is? I imagine if we create new users with their stanford UID then this will be fine. What else has to be done when creating new users.<br> Each user will have to know that their password is no longer the same as their white password - it’s their stanford password. But this can be changed on white to be their stanford password. Same goes for samba.<br> New file server --- this can be done relatively soon if we wanted to. The new file server would be freeBSD and use .zfs for a file-system.<br> The idea of sharing one password file that is updated via cron to be the same as one that is centrally kept would reduce the need to update each system’s passowrd file in /etc/shadow or /etc/passwd/ ---- how is this better than using NIS? Perhaps it reduces the need to use ypbind and other services that could stop running or that slow things down....<br> The root account is IMPORTANT if the network ever goes down.  
 +
<br>
 +
<br>FROM GUNNAR: Used to add new users
-
<br>FROM GUNNAR: Used to add new users
+
ldapuser()<br>{<br> ldapinfo=$(ldapsearch -x -h ldap.stanford.edu uid=$1)<br> uid_num=$(echo "$ldapinfo" | grep uidNumber); uid_num=${uid_num##*: }<br> firstname=$(echo "$ldapinfo" | grep suDisplayNameFirst); firstname=${firstname##*: }<br> lastname=$(echo "$ldapinfo" | grep suDisplayNameLast); lastname=${lastname##*: }<br> echo "adduser --no-create-home --disabled-password --uid $uid_num --gecos \"$firstname $lastname\" $1"<br> echo "mkdir /nimsfs/home/$1; chown $uid_num:$uid_num /nimsfs/home/$1"<br>}  
-
 
+
-
ldapuser()<br>{<br> ldapinfo=$(ldapsearch -x -h ldap.stanford.edu uid=$1)<br> uid_num=$(echo "$ldapinfo" | grep uidNumber); uid_num=${uid_num##*: }<br> firstname=$(echo "$ldapinfo" | grep suDisplayNameFirst); firstname=${firstname##*: }<br> lastname=$(echo "$ldapinfo" | grep suDisplayNameLast); lastname=${lastname##*: }<br> echo "adduser --no-create-home --disabled-password --uid $uid_num --gecos \"$firstname $lastname\" $1"<br> echo "mkdir /nimsfs/home/$1; chown $uid_num:$uid_num /nimsfs/home/$1"<br>}
+
<br>FOR EACH USER  
<br>FOR EACH USER  
Line 57: Line 57:
Query their UID and GROUPS on white and add them <br> adduser --no-create-home --disabled-password --uid UID --gecos “FIRST_NAME LAST_NAME” USERNAME<br> If the user is already created: IE pestilli  
Query their UID and GROUPS on white and add them <br> adduser --no-create-home --disabled-password --uid UID --gecos “FIRST_NAME LAST_NAME” USERNAME<br> If the user is already created: IE pestilli  
-
groupadd -g GID GROUPNAME<br> groupadd -g 31 fmri<br> usermod -g GROUPNAME USERNAME<br> usermod -g fmri lmperry<br> usermod -u UID USERNAME.<br> usermod -u 59908 lmperry
+
groupadd -g GID GROUPNAME<br> groupadd -g 31 fmri<br> usermod -g GROUPNAME USERNAME<br> usermod -g fmri lmperry<br> usermod -u UID USERNAME.<br> usermod -u 59908 lmperry  
-
<br>Changing permissions for a changes UID:
+
<br>Changing permissions for a changes UID:  
-
sudo find / -xdev -uid 1000 -exec chown 5000 '{}' \+
+
sudo find / -xdev -uid 1000 -exec chown 5000 '{}' \+  
-
AUTOFS
+
AUTOFS  
-
https://help.ubuntu.com/community/Autofs/
+
https://help.ubuntu.com/community/Autofs/  
-
edit auto.master<br> # Sample auto.master file
+
edit auto.master<br> # Sample auto.master file  
-
# This is an automounter map and it has the following format
+
#This is an automounter map and it has the following format
-
# key [ -mount-options-separated-by-comma ] location
+
#key [ -mount-options-separated-by-comma ] location
-
# For details of the format look at autofs(5).
+
#For details of the format look at autofs(5).
#
#
Line 81: Line 81:
#
#
-
/home /etc/auto.home
+
/home /etc/auto.home  
#<br> /biac4 /etc/auto.biac4 --timeout 60000
#<br> /biac4 /etc/auto.biac4 --timeout 60000
-
# NOTE: mounts done from a hosts map will be mounted with the
+
#NOTE: mounts done from a hosts map will be mounted with the
-
# "nosuid" and "nodev" options unless the "suid" and "dev"
+
#"nosuid" and "nodev" options unless the "suid" and "dev"
-
# options are explicitly given.
+
#options are explicitly given.
#
#
-
/net -hosts
+
/net -hosts  
-
 
+
-
Create the auto.* files<br> auto.biac4<br> * -wsize=8192,rsize=8192,intr biac4:/biac4/&amp;<br> auto.white<br> auto.home<br> add the following line to:<br> /etc/nsswitch.conf<br> automount: files<br> Restart the autofs service:<br> service autofs restart
+
-
 
+
-
<br>HOME DIR:
+
-
root@green:~# mv /home /home.orig
+
Create the auto.* files<br> auto.biac4<br> * -wsize=8192,rsize=8192,intr biac4:/biac4/&amp;<br> auto.white<br> auto.home<br> add the following line to:<br> /etc/nsswitch.conf<br> automount: files<br> Restart the autofs service:<br> service autofs restart
-
root@green:~# cd /etc/
+
<br>HOME DIR:  
-
root@green:/etc# vim /etc/auto.home
+
root@green:~# mv /home /home.orig
-
root@green:/etc# vim auto.master
+
root@green:~# cd /etc/
 +
root@green:/etc# vim /etc/auto.home
 +
root@green:/etc# vim auto.master
-
root@green:/etc# service autofs restart
+
<br>
-
autofs stop/waiting
+
root@green:/etc# service autofs restart
-
autofs start/running, process 2194
+
autofs stop/waiting
-
<br>NEURODEBIAN:
+
autofs start/running, process 2194
-
wget -O- http://neuro.debian.net/lists/precise.us-ca | tee etc/apt/sources.list.d/neurodebian.sources.list<br> apt-key adv --recv-keys --keyserver pgp.mit.edu 2649A5A9
+
<br>NEURODEBIAN:
 +
wget -O- http://neuro.debian.net/lists/precise.us-ca | tee etc/apt/sources.list.d/neurodebian.sources.list<br> apt-key adv --recv-keys --keyserver pgp.mit.edu 2649A5A9
 +
<br>
<br>
<br>

Revision as of 17:07, 18 July 2012

Ubuntu Install on Green:

Initial Ubuntu install

Create root user after install:

 sudo passwd
  • Had to edit /etc/hostname and reboot to get the hostname to show up right.

Programs to install after the initial install

+ ssh, autofs5, git, unzip,

  • Compile a list of other programs needed (e.g., neurodebian)

sudo apt-get install ssh autofs5 git unzip flashplugin-installer hplip vim samba gnome-panel tcsh subversion sfftw-dev

sudo add-apt-repository ppa:tualatrix/next
sudo apt-get update
sudo apt-get install ubuntu-tweak
or gnome-tweak-tool
Other programs needed for compile and run of mrMesh etc.
gcc cmake cmake-curses-gui autoconf libjpeg62-dev libgtk-3-0 libwxgtk2.6-0 libtiff4

mesa-common-dev
freeglut3-dev

libwxgtk2.8-dev
libgtk-3-dev
libgtk2.0-dev
libqt4-opengl libqt4-opengl-dev *



Create the automount files:

auto.home : white:/home
see other auto mount files on the white computers
+ biac + azure + etc...
This will depend on this machine being allowed to automount each of these systems - Martin will have to let new systems into BIAC
FOR WHITE
auto.white
* -wsize=8192,rsize=8192,intr white:/white/&
auto.biac4


Create user accounts:

This will be done using the adduser command for each user: the difference will be that we will be using kerberos for authentication NOT white
Special care will be needed to ensure that the root account will be present on all systems with the root password.
Even more care will be needed to ensure that each user can actually read/write their own files on white.
Get userid from white (id username) and use that userid when creating the account. The idea will be to move this UID to the stanford UID for consistency
Change group to fmri
ldap uses ldapsearch to query stanford for UIDs.
use --nopassword option when creating the account and point to /home/* on white - this means that we may need to create these accounts on white first -- or at least create the directory (which may be the way to go)
adduser --no-create-home --disabled-password --uid $uid_num --gecos “USER_FIRST USER_LAST” USERNAME


Kerberizing the system:

See the CNI wiki for help with this: http://cni.stanford.edu/wiki/Workstations
This will allow the user authentication to be done using kerberos - not white


IMPORTANT ISSUES:

White uses different UIDs from what stanford assigns. This means that if we use Kerberos to authenticate then we have to make sure that we don’t assign the stanford UID to users on new machines - if we don’t use white’s UIDs then each user will not be able to r/w their files on white or biac. This may be an issue to bring up with Martin at some point.
See user accounts section - will users need to be created on white as well? so that white will know who each user is? I imagine if we create new users with their stanford UID then this will be fine. What else has to be done when creating new users.
Each user will have to know that their password is no longer the same as their white password - it’s their stanford password. But this can be changed on white to be their stanford password. Same goes for samba.
New file server --- this can be done relatively soon if we wanted to. The new file server would be freeBSD and use .zfs for a file-system.
The idea of sharing one password file that is updated via cron to be the same as one that is centrally kept would reduce the need to update each system’s passowrd file in /etc/shadow or /etc/passwd/ ---- how is this better than using NIS? Perhaps it reduces the need to use ypbind and other services that could stop running or that slow things down....
The root account is IMPORTANT if the network ever goes down.



FROM GUNNAR: Used to add new users

ldapuser()
{
ldapinfo=$(ldapsearch -x -h ldap.stanford.edu uid=$1)
uid_num=$(echo "$ldapinfo" | grep uidNumber); uid_num=${uid_num##*: }
firstname=$(echo "$ldapinfo" | grep suDisplayNameFirst); firstname=${firstname##*: }
lastname=$(echo "$ldapinfo" | grep suDisplayNameLast); lastname=${lastname##*: }
echo "adduser --no-create-home --disabled-password --uid $uid_num --gecos \"$firstname $lastname\" $1"
echo "mkdir /nimsfs/home/$1; chown $uid_num:$uid_num /nimsfs/home/$1"
}


FOR EACH USER

Query their UID and GROUPS on white and add them
adduser --no-create-home --disabled-password --uid UID --gecos “FIRST_NAME LAST_NAME” USERNAME
If the user is already created: IE pestilli

groupadd -g GID GROUPNAME
groupadd -g 31 fmri
usermod -g GROUPNAME USERNAME
usermod -g fmri lmperry
usermod -u UID USERNAME.
usermod -u 59908 lmperry


Changing permissions for a changes UID:

sudo find / -xdev -uid 1000 -exec chown 5000 '{}' \+

AUTOFS

https://help.ubuntu.com/community/Autofs/

edit auto.master
# Sample auto.master file

  1. This is an automounter map and it has the following format
  1. key [ -mount-options-separated-by-comma ] location
  1. For details of the format look at autofs(5).
  1. /misc /etc/auto.misc

/home /etc/auto.home


  1. /biac4 /etc/auto.biac4 --timeout 60000
  1. NOTE: mounts done from a hosts map will be mounted with the
  1. "nosuid" and "nodev" options unless the "suid" and "dev"
  1. options are explicitly given.

/net -hosts

Create the auto.* files
auto.biac4
* -wsize=8192,rsize=8192,intr biac4:/biac4/&
auto.white
auto.home
add the following line to:
/etc/nsswitch.conf
automount: files
Restart the autofs service:
service autofs restart


HOME DIR:

root@green:~# mv /home /home.orig

root@green:~# cd /etc/

root@green:/etc# vim /etc/auto.home

root@green:/etc# vim auto.master


root@green:/etc# service autofs restart

autofs stop/waiting

autofs start/running, process 2194


NEURODEBIAN:

wget -O- http://neuro.debian.net/lists/precise.us-ca | tee etc/apt/sources.list.d/neurodebian.sources.list
apt-key adv --recv-keys --keyserver pgp.mit.edu 2649A5A9



Personal tools