Vista Ubuntu

From VISTA LAB WIKI

(Difference between revisions)
Jump to: navigation, search
Line 29: Line 29:
   apt-get install gcc cmake cmake-curses-gui autoconf libjpeg62-dev libgtk-3-0 libwxgtk2.6-0 libtiff4 mesa-common-dev freeglut3-dev libwxgtk2.8-dev libgtk-3-dev libgtk2.0-dev libqt4-opengl libqt4-opengl-dev  
   apt-get install gcc cmake cmake-curses-gui autoconf libjpeg62-dev libgtk-3-0 libwxgtk2.6-0 libtiff4 mesa-common-dev freeglut3-dev libwxgtk2.8-dev libgtk-3-dev libgtk2.0-dev libqt4-opengl libqt4-opengl-dev  
-
<br>
+
<br>  
== AUTOFS  ==
== AUTOFS  ==
Line 35: Line 35:
=== Create the automount files  ===
=== Create the automount files  ===
-
*auto.master
+
* auto.master
   #
   #
  /biac4 /etc/auto.biac4 --timeout 60000
  /biac4 /etc/auto.biac4 --timeout 60000
-
  /home /etc/auto.home -intr --ghost
+
  /home /etc/auto.home -intr --ghost
  /white /etc/auto.white        --timeout 60000
  /white /etc/auto.white        --timeout 60000
-
*auto.home
+
* auto.home
     * white:/home/&amp;
     * white:/home/&amp;
-
*auto.white
+
* auto.white
   *    -wsize=8192,rsize=8192,intr  white:/white/&amp;
   *    -wsize=8192,rsize=8192,intr  white:/white/&amp;
-
*auto.biac4
+
* auto.biac4
   *    -wsize=8192,rsize=8192,intr  biac4:/biac4/&amp;
   *    -wsize=8192,rsize=8192,intr  biac4:/biac4/&amp;
-
<br> see other auto mount files on the white computers<br> + biac + azure + etc...<br> This will depend on this machine being allowed to automount each of these systems - Martin will have to let new systems into BIAC<br> FOR WHITE<br> auto.white<br> * -wsize=8192,rsize=8192,intr white:/white/&amp;<br> auto.biac4
+
* See other auto mount files on the white computers... <br> This will depend on this machine being allowed to automount each of these systems - Martin will have to let new systems into BIAC
<br>  
<br>  
-
Create user accounts:
+
== Create user accounts ==
-
This will be done using the adduser command for each user: the difference will be that we will be using kerberos for authentication NOT white<br> Special care will be needed to ensure that the root account will be present on all systems with the root password.<br> Even more care will be needed to ensure that each user can actually read/write their own files on white.<br> Get userid from white (id username) and use that userid when creating the account. The idea will be to move this UID to the stanford UID for consistency<br> Change group to fmri<br> ldap uses ldapsearch to query stanford for UIDs.<br> use --nopassword option when creating the account and point to /home/* on white - this means that we may need to create these accounts on white first -- or at least create the directory (which may be the way to go)<br> adduser --no-create-home --disabled-password --uid $uid_num --gecos “USER_FIRST USER_LAST” USERNAME  
+
This will be done using the adduser command for each user: the difference will be that we will be using kerberos for authentication NOT white<br> Special care will be needed to ensure that the root account will be present on all systems with the root password.<br> Even more care will be needed to ensure that each user can actually read/write their own files on white.<br> Get userid from white (id username) and use that userid when creating the account. The idea will be to move this UID to the stanford UID for consistency<br> Change group to fmri<br> ldap uses ldapsearch to query stanford for UIDs.<br> use --nopassword option when creating the account and point to /home/* on white - this means that we may need to create these accounts on white first -- or at least create the directory (which may be the way to go)
 +
  adduser --no-create-home --disabled-password --uid $uid_num --gecos “USER_FIRST USER_LAST” USERNAME  
-
<br>
+
FOR EACH USER :
-
Kerberizing the system:  
+
Query their UID and GROUPS on white and add them:
 +
  adduser --no-create-home --disabled-password --uid UID --gecos “FIRST_NAME LAST_NAME” USERNAME
-
See the CNI wiki for help with this: http://cni.stanford.edu/wiki/Workstations<br> This will allow the user authentication to be done using kerberos - not white
+
If the user is already created: IE lmperry
 +
  groupadd -g GID GROUPNAME
 +
  groupadd -g 31 fmri
 +
  usermod -g GROUPNAME USERNAME
 +
  usermod -g fmri lmperry
 +
  usermod -u UID USERNAME
 +
  usermod -u 59908 lmperry
-
<br>
+
*Changing permissions for a changed UID:
-
 
+
-
IMPORTANT ISSUES:
+
-
 
+
-
White uses different UIDs from what stanford assigns. This means that if we use Kerberos to authenticate then we have to make sure that we don’t assign the stanford UID to users on new machines - if we don’t use white’s UIDs then each user will not be able to r/w their files on white or biac. This may be an issue to bring up with Martin at some point.<br> See user accounts section - will users need to be created on white as well? so that white will know who each user is? I imagine if we create new users with their stanford UID then this will be fine. What else has to be done when creating new users.<br> Each user will have to know that their password is no longer the same as their white password - it’s their stanford password. But this can be changed on white to be their stanford password. Same goes for samba.<br> New file server --- this can be done relatively soon if we wanted to. The new file server would be freeBSD and use .zfs for a file-system.<br> The idea of sharing one password file that is updated via cron to be the same as one that is centrally kept would reduce the need to update each system’s passowrd file in /etc/shadow or /etc/passwd/ ---- how is this better than using NIS? Perhaps it reduces the need to use ypbind and other services that could stop running or that slow things down....<br> The root account is IMPORTANT if the network ever goes down.
+
 +
  sudo find / -xdev -uid 1000 -exec chown 5000 '{}' \+
<br>  
<br>  
 +
FROM GUNNAR: Used to add new users
-
<br>FROM GUNNAR: Used to add new users
+
  ldapuser()<br>{<br> ldapinfo=$(ldapsearch -x -h ldap.stanford.edu uid=$1)<br> uid_num=$(echo "$ldapinfo" | grep uidNumber); uid_num=${uid_num##*: }<br> firstname=$(echo "$ldapinfo" | grep suDisplayNameFirst); firstname=${firstname##*: }<br> lastname=$(echo "$ldapinfo" | grep suDisplayNameLast); lastname=${lastname##*: }<br> echo "adduser --no-create-home --disabled-password --uid $uid_num --gecos \"$firstname $lastname\" $1"<br> echo "mkdir /nimsfs/home/$1; chown $uid_num:$uid_num /nimsfs/home/$1"<br>}
-
ldapuser()<br>{<br> ldapinfo=$(ldapsearch -x -h ldap.stanford.edu uid=$1)<br> uid_num=$(echo "$ldapinfo" | grep uidNumber); uid_num=${uid_num##*: }<br> firstname=$(echo "$ldapinfo" | grep suDisplayNameFirst); firstname=${firstname##*: }<br> lastname=$(echo "$ldapinfo" | grep suDisplayNameLast); lastname=${lastname##*: }<br> echo "adduser --no-create-home --disabled-password --uid $uid_num --gecos \"$firstname $lastname\" $1"<br> echo "mkdir /nimsfs/home/$1; chown $uid_num:$uid_num /nimsfs/home/$1"<br>}
+
==Kerberizing the system==
-
<br>FOR EACH USER
+
See the CNI wiki for help with this: http://cni.stanford.edu/wiki/Workstations<br> This will allow the user authentication to be done using kerberos - not white
-
Query their UID and GROUPS on white and add them <br> adduser --no-create-home --disabled-password --uid UID --gecos “FIRST_NAME LAST_NAME” USERNAME<br> If the user is already created: IE pestilli
+
<br>  
-
groupadd -g GID GROUPNAME<br> groupadd -g 31 fmri<br> usermod -g GROUPNAME USERNAME<br> usermod -g fmri lmperry<br> usermod -u UID USERNAME.<br> usermod -u 59908 lmperry
+
==IMPORTANT ISSUES==
-
<br>Changing permissions for a changes UID:
+
White uses different UIDs from what stanford assigns. This means that if we use Kerberos to authenticate then we have to make sure that we don’t assign the stanford UID to users on new machines - if we don’t use white’s UIDs then each user will not be able to r/w their files on white or biac. This may be an issue to bring up with Martin at some point.<br> See user accounts section - will users need to be created on white as well? so that white will know who each user is? I imagine if we create new users with their stanford UID then this will be fine. What else has to be done when creating new users.<br> Each user will have to know that their password is no longer the same as their white password - it’s their stanford password. But this can be changed on white to be their stanford password. Same goes for samba.<br> New file server --- this can be done relatively soon if we wanted to. The new file server would be freeBSD and use .zfs for a file-system.<br> The idea of sharing one password file that is updated via cron to be the same as one that is centrally kept would reduce the need to update each system’s passowrd file in /etc/shadow or /etc/passwd/ ---- how is this better than using NIS? Perhaps it reduces the need to use ypbind and other services that could stop running or that slow things down....<br> The root account is IMPORTANT if the network ever goes down.
 +
 
 +
<br>
-
sudo find / -xdev -uid 1000 -exec chown 5000 '{}' \+
 
AUTOFS  
AUTOFS  

Revision as of 17:25, 18 July 2012

Ubuntu Install on Green:

Contents

Initial Ubuntu install

Create root user after install:

 sudo passwd
  • Had to edit /etc/hostname and reboot to get the hostname to show up right.


Programs to install after the initial install

  • ssh, autofs5, git, unzip,
  • Compile a list of other programs needed (e.g., neurodebian)
 apt-get install ssh autofs5 git unzip flashplugin-installer hplip vim samba gnome-panel tcsh subversion sfftw-dev 
  • For ubuntu-tweak:
 add-apt-repository ppa:tualatrix/next
apt-get update
apt-get install ubuntu-tweak
  • Other programs needed for compile and run of mrMesh etc.
 apt-get install gcc cmake cmake-curses-gui autoconf libjpeg62-dev libgtk-3-0 libwxgtk2.6-0 libtiff4 mesa-common-dev freeglut3-dev libwxgtk2.8-dev libgtk-3-dev libgtk2.0-dev libqt4-opengl libqt4-opengl-dev 


AUTOFS

Create the automount files

  • auto.master
 #
/biac4		/etc/auto.biac4		--timeout 60000
/home		/etc/auto.home		-intr	--ghost
/white		/etc/auto.white         --timeout 60000
  • auto.home
   *	white:/home/&
  • auto.white
 *    -wsize=8192,rsize=8192,intr   white:/white/&
  • auto.biac4
 *    -wsize=8192,rsize=8192,intr   biac4:/biac4/&
  • See other auto mount files on the white computers...
    This will depend on this machine being allowed to automount each of these systems - Martin will have to let new systems into BIAC


Create user accounts

This will be done using the adduser command for each user: the difference will be that we will be using kerberos for authentication NOT white
Special care will be needed to ensure that the root account will be present on all systems with the root password.
Even more care will be needed to ensure that each user can actually read/write their own files on white.
Get userid from white (id username) and use that userid when creating the account. The idea will be to move this UID to the stanford UID for consistency
Change group to fmri
ldap uses ldapsearch to query stanford for UIDs.
use --nopassword option when creating the account and point to /home/* on white - this means that we may need to create these accounts on white first -- or at least create the directory (which may be the way to go)

 adduser --no-create-home --disabled-password --uid $uid_num --gecos “USER_FIRST USER_LAST” USERNAME 

FOR EACH USER :

Query their UID and GROUPS on white and add them:

 adduser --no-create-home --disabled-password --uid UID --gecos “FIRST_NAME LAST_NAME” USERNAME

If the user is already created: IE lmperry

 groupadd -g GID GROUPNAME
 groupadd -g 31 fmri
 usermod -g GROUPNAME USERNAME
 usermod -g fmri lmperry
 usermod -u UID USERNAME
 usermod -u 59908 lmperry 
  • Changing permissions for a changed UID:
 sudo find / -xdev -uid 1000 -exec chown 5000 '{}' \+ 


FROM GUNNAR: Used to add new users

 ldapuser()
{
ldapinfo=$(ldapsearch -x -h ldap.stanford.edu uid=$1)
uid_num=$(echo "$ldapinfo" | grep uidNumber); uid_num=${uid_num##*: }
firstname=$(echo "$ldapinfo" | grep suDisplayNameFirst); firstname=${firstname##*: }
lastname=$(echo "$ldapinfo" | grep suDisplayNameLast); lastname=${lastname##*: }
echo "adduser --no-create-home --disabled-password --uid $uid_num --gecos \"$firstname $lastname\" $1"
echo "mkdir /nimsfs/home/$1; chown $uid_num:$uid_num /nimsfs/home/$1"
}

Kerberizing the system

See the CNI wiki for help with this: http://cni.stanford.edu/wiki/Workstations
This will allow the user authentication to be done using kerberos - not white


IMPORTANT ISSUES

White uses different UIDs from what stanford assigns. This means that if we use Kerberos to authenticate then we have to make sure that we don’t assign the stanford UID to users on new machines - if we don’t use white’s UIDs then each user will not be able to r/w their files on white or biac. This may be an issue to bring up with Martin at some point.
See user accounts section - will users need to be created on white as well? so that white will know who each user is? I imagine if we create new users with their stanford UID then this will be fine. What else has to be done when creating new users.
Each user will have to know that their password is no longer the same as their white password - it’s their stanford password. But this can be changed on white to be their stanford password. Same goes for samba.
New file server --- this can be done relatively soon if we wanted to. The new file server would be freeBSD and use .zfs for a file-system.
The idea of sharing one password file that is updated via cron to be the same as one that is centrally kept would reduce the need to update each system’s passowrd file in /etc/shadow or /etc/passwd/ ---- how is this better than using NIS? Perhaps it reduces the need to use ypbind and other services that could stop running or that slow things down....
The root account is IMPORTANT if the network ever goes down.



AUTOFS

https://help.ubuntu.com/community/Autofs/

edit auto.master
# Sample auto.master file

  1. This is an automounter map and it has the following format
  1. key [ -mount-options-separated-by-comma ] location
  1. For details of the format look at autofs(5).
  1. /misc /etc/auto.misc

/home /etc/auto.home


  1. /biac4 /etc/auto.biac4 --timeout 60000
  1. NOTE: mounts done from a hosts map will be mounted with the
  1. "nosuid" and "nodev" options unless the "suid" and "dev"
  1. options are explicitly given.

/net -hosts

Create the auto.* files
auto.biac4
* -wsize=8192,rsize=8192,intr biac4:/biac4/&
auto.white
auto.home
add the following line to:
/etc/nsswitch.conf
automount: files
Restart the autofs service:
service autofs restart


HOME DIR:

root@green:~# mv /home /home.orig

root@green:~# cd /etc/

root@green:/etc# vim /etc/auto.home

root@green:/etc# vim auto.master


root@green:/etc# service autofs restart

autofs stop/waiting

autofs start/running, process 2194


NEURODEBIAN:

wget -O- http://neuro.debian.net/lists/precise.us-ca | tee etc/apt/sources.list.d/neurodebian.sources.list
apt-key adv --recv-keys --keyserver pgp.mit.edu 2649A5A9



Personal tools