Vista Ubuntu

From VISTA LAB WIKI

Revision as of 14:59, 24 April 2013 by Lmperry (Talk | contribs)
Jump to: navigation, search

Ubuntu Install Notes:

Contents

Initial Ubuntu install

  • Ubuntu 12.04LTS x64

Disk partitions

Typically, something like that below is used with at least 16G of swap space: Filesystem Size Used Avail Use% Mounted on /dev/sda2 29G 6.1G 22G 23% / tmpfs 4.0G 88K 4.0G 1% /dev/shm /dev/sda1 291M 64M 213M 24% /boot /dev/sda6 520G 24G 469G 5% /indigo/scr1 /dev/sda3 29G 172M 28G 1% /indigo/scr2

  • Create root user after install:
 sudo passwd

Install script

 scp lmperry@white.stanford.edu:/white/u8/lmperry/bin/newsys/installScript /root/
chmod 770 /root/installScript
 ./installScript [install config software] [hostname]

Login options

  • Had to edit /etc/hostname and reboot to get the hostname to show up right.
  • Enable Login from main screen - requiring username
 echo "greeter-show-manual-login=true"  >> /etc/lightdm/lightdm.conf
  • You can also hide all users so that you enter whatever name you want by editing /etc/lightdm/lightdm.conf adding :
 echo "greeter-hide-users=true" >> /etc/lightdm/lightdm.conf

Then:

 service lightdm restart
** Reboot if logged in - don't use while logged in.

Programs to install after the initial install

This section should be cut down to those programs that are essential and those that are not. Furthermore a script will be written to do these installs automagically.

  • Install using:
 apt-get install ssh autofs5 git zip unzip flashplugin-installer gsfonts-x11 hplip vim samba smbfs system-config-samba gnome-panel tcsh subversion sfftw-dev openjdk-7-jre icedtea-7-plugin

Test Java: http://www.java.com/en/download/testjava.jsp

  • Other programs needed for compile and run of mrMesh etc.
 apt-get install gcc cmake cmake-curses-gui autoconf libjpeg-dev libtiff-dev libgtk-3-0 libwxgtk2.6-0 libtiff4 mesa-common-dev freeglut3-dev libwxgtk2.8-dev libgtk-3-dev libgtk2.0-dev libqt4-opengl libqt4-opengl-dev libvtk5.8 libvtk5.8-qt4 libvtk5-dev libvtk5-qt4-dev libjpeg62
 # Removed libjpeg62-dev

AUTOFS

In the future the best way to handle this going forward will be to have all of the auto.* files in a location where they can easily copied into the /etc/ directory -- perhaps using rsync or wget...

Create the automount files

  • auto.master
 #
/biac4		/etc/auto.biac4		--timeout 60000
/home		/etc/auto.home		-intr	--ghost
/white		/etc/auto.white         --timeout 60000
#
echo -e "#\n/biac4         /etc/auto.biac4         --timeout 60000 \n/home          /etc/auto.home          -intr  --ghost \n/white         /etc/auto.white         --timeout 60000 \n/azure         /etc/auto.azure         --timeout 60000 \n/peach         /etc/auto.peach         --timeout 60000\n" >> /etc/auto.master
  • auto.home
   *	white:/home/&
echo "*     white:/home/&" > /etc/auto.home
  • auto.white
  *    -wsize=8192,rsize=8192,intr   white:/white/&
echo "*    -wsize=8192,rsize=8192,intr   white:/white/&" > /etc/auto.white
  • auto.biac4
 *    -wsize=8192,rsize=8192,intr   biac4:/biac4/&
echo "*    -wsize=8192,rsize=8192,intr   biac4:/biac4/&" > /etc/auto.biac4
  • auto.azure
 *    -wsize=8192,rsize=8192,intr   azure:/azure/&
echo "*    -wsize=8192,rsize=8192,intr   azure:/azure/&" > /etc/auto.azure
  • auto.peach
 *    -wsize=8192,rsize=8192,intr   peach:/peach/&
echo "*    -wsize=8192,rsize=8192,intr   peach:/peach/&" > /etc/auto.peach
  • See other auto mount files on the white computers...
    This will depend on this machine being allowed to automount each of these systems - Gunnar and I will have to let new systems into BIAC
 https://help.ubuntu.com/community/Autofs/

TO EXPORT A DIRECTORY TO ANOTHER MACHINE

On white:

  • Add client to /etc/netgroup
  • Add client to /etc/hosts.allow
  • Build yp and restart ypserv
 make -C /var/yp ; service ypserv restart

On the host:

  • Add the client to /etc/hosts.allow
  • Export the file system
 exportfs -r

On the client:

  • Create the autofs files
 /etc/auto.host
vim /etc/auto.master
# Add auto.host
  • Restart autofs
 service autofs restart

Nsswitch

Add the following line to: /etc/nsswitch.conf

automount: files
echo "automount:      files" >> /etc/nsswitch.conf 

Restart the autofs service (deal with the homedir first!!!):

service autofs restart

NFS

  • Install the NFS server
 apt-get install nfs-kernel-server
  • Edit /etc/exports to export the /hostname directory to the rest of the nis clients.
 vim /etc/exports
/hostname/ @white-clients-all(rw,root_squash,insecure,async)
 # Or something like this without using NIS
/viridian/scr1 white(async,root_squash,insecure,no_subtree_check) khaki(async,root_squash,insecure,no_subtree_check) ecru(async,root_squash,insecure,no_subtree_check) mauve(async,root_squash,insecure,no_subtree_check) tan(async,root_squash,insecure,no_subtree_check) sienna(async,root_squash,insecure,no_subtree_check) buff(async,root_squash,insecure,no_subtree_check) indigo(async,root_squash,insecure,no_subtree_check) slate(async,root_squash,insecure,no_subtree_check) red(rw,async,no_root_squash,insecure,no_subtree_check) scarlet(rw,async,no_root_squash,insecure,no_subtree_check) green(async,root_squash,insecure,no_subtree_check) chroma(async,root_squash,insecure,no_subtree_check) crimson(async,root_squash,insecure,no_subtree_check) sepia(async,root_squash,insecure,no_subtree_check) azure(async,root_squash,insecure,no_subtree_check) viridian(async,root_squash,insecure,no_subtree_check) purple(async,root_squash,insecure,no_subtree_check) peach(async,root_squash,insecure,no_subtree_check) celadon(async,root_squash,insecure,no_subtree_check)


  • Restart the nfsd and autofs
 service autofs restart
exportfs -ra
    • See /etc/hosts.allow /etc/netgroup /etc/exports on white for new clients.
 # If you change this (hosts.allow), also change 
# /etc/netgroup, /etc/exports, /etc/mail/local-host-names, as well as
# /etc/hosts.allow on moach and azure (at least).
# Don't forget to do 'make -C /var/yp; service ypserv restart'
# and (on white, azure, moach, ...) 'exportfs -r'.

/etc/hosts.allow

 cat /home/lmperry/bin/newsys/hosts.allow >> /etc/hosts.allow

HOME DIR & USR Local

This is how we handle the home dir situation

mv /home /home.orig
service autofs restart

This is how I handle the /usr/local situation -- although I'm not sure it's the best way given that certain things are already installed on the machine -- the bash rc file will have to be modified.

 mv /usr/local /usr/local.orig
ln -s /white/local /usr/local

NIS

  • Install packages
 apt-get install portmap nis sysv-rc-conf 
  • Enter domain name:
 spectrum
  • Add a portmap line to /etc/hosts.allow for security reasons:
 echo "portmap : 171.64.204.10" >> /etc/hosts.allow
  • Edit /etc/passwd to add a line at the end saying:
 echo "+::::::" >> /etc/passwd
  • Edit /etc/group to add a line at the end saying:
 echo "+:::" >> /etc/group
  • Edit /etc/shadow to add a line at the end saying:
 echo "+::::::::" >> /etc/shadow
  • This sets up those services to include NIS entries if a match isn't found in the file. You could change other services to use NIS by using the NIS service in /etc/nsswitch.conf, but these are the important ones.
  • Edit /etc/yp.conf and add the lines:
 echo "domain spectrum server white.stanford.edu" >> /etc/yp.conf
echo "ypserver  171.64.204.10" >> /etc/yp.conf
  • Edit /etc/nsswitch.conf
 vi /etc/nsswitch.conf
passwd: compat nis   # line 7: add
group:  compat nis   # add
shadow: compat nis   # add
hosts:  files dns nis  # add
netgroup: files nis 
  • Then reboot
 reboot
  • TEST config:
 ypwhich 
ypcat passwd 
ypcat hosts

PROPAGATE MAPS

  • To propagate changes to NIS, such as UID changes and password changes, to all the clients:
 ## On white, as root
make -C /var/yp
service ypserv restart

Software

MATLAB

See: http://www.mathworks.com/support/solutions/en/data/1-F68FSA/index.html?solution=1-F68FSA

 ln -s /lib/x86_64-linux-gnu/libc.so.6 /lib64/libc.so.6

Menu Bar

  • In 12.04 the menu bar is annyoingly located at the upper left for every program and auto hides.
 To disable this:
apt-get autoremove appmenu-gtk appmenu-gtk3 appmenu-qt
 To re-enable:
sudo apt-get install appmenu-gtk appmenu-gtk3 appmenu-qt
  • For Firefox:
 To disable Global Menu for Firefox, open Firefox, then select Tools – Add-ons –> Extensions and disable ‘Global Menu Bar integration’.

Look into using UNSETTINGS for this as well

 add-apt-repository ppa:diesch/testing
apt-get update
apt-get install unsettings

NEURODEBIAN

To add the neurodebian repo for Ubuntu 12.04

wget -O- http://neuro.debian.net/lists/precise.us-ca | tee /etc/apt/sources.list.d/neurodebian.sources.list
apt-key adv --recv-keys --keyserver pgp.mit.edu 2649A5A9
  • There seems to be some strangeness in the /etc/apt/sources.list.d/neurodebian.sources.list file -- it should be
 deb http://neurodeb.pirsquared.org data main contrib non-free
# deb-src http://neurodeb.pirsquared.org data main contrib non-free
deb http://neurodeb.pirsquared.org precise main contrib non-free
# deb-src http://neurodeb.pirsquared.org precise main contrib non-free

Packages to install

 apt-get update ; apt-get - y install fsl fslview mrtrix mrtrix-doc ants mricron mriconvert dicomnifti python-nipype python-nibabel afni gifti-bin nifti2dicom  qnifti2dicom

# The following requires some interaction
apt-get -y matlab-spm8

Non Essential Software

  • Software sources:
    :Open Ubuntu Software Center and select “Edit” and then select “Software Sources”: Make sure both Canonical Partner repositories have check marks next to them
 apt-get update && sudo apt-get upgrade
  • For Java 7
 add-apt-repository ppa:webupd8team/java
apt-get update
apt-get install oracle-java7-installer
apt-get install icedtea-7-plugin
# Maybe the following - not necessary with chrome
mkdir ~/.mozilla/plugins
ln -s /usr/lib/jvm/jdk1.7.0_04/jre/lib/amd64/libnpjp2.so ~/.mozilla/plugins


  • For ubuntu-tweak:
add-apt-repository ppa:tualatrix/next
apt-get update
apt-get install ubuntu-tweak
  • For Mendeley
 cd /tmp
wget http://www.mendeley.com/repositories/ubuntu/stable/amd64/mendeleydesktop-latest 
dpkg -i mendeleydesktop_*
  • Grin/d
 This requires that /usr/local/ not be /usr/local.orig/ and that /usr/local.white be used to point to /white/local/
apt-get install python-pip
pip install grin
  • Dropbox
 apt-get install nautilus-dropbox
  • Handbrake
 add-apt-repository ppa:stebbins/handbrake-releases
apt-get update
apt-get install handbrake-cli handbrake-gtk
  • Tomboy
 apt-get -y install tomboy
  • For Classic Ubuntu Looks:
 apt-get install gnome-session-fallback
apt-get install indicator-applet-appmenu
apt-get install gnome-tweak-tool
  • Medibuntu
 sudo wget --output-document=/etc/apt/sources.list.d/medibuntu.list http://www.medibuntu.org/sources.list.d/$(lsb_release -cs).list && sudo apt-get --quiet update && sudo apt-get --yes --quiet --allow-unauthenticated install medibuntu-keyring && sudo apt-get --quiet update
apt-get -y update && sudo apt-get -y upgrade
apt-get install app-install-data-medibuntu apport-hooks-medibuntu
 apt-get install w64codecs libdvdcss2
apt-get install libdvdnav4
apt-get install libdvdread4
/usr/share/doc/libdvdread4/./install-css.sh
  • Essential Build Tools
 apt-get install build-essential checkinstall cdbs devscripts dh-make fakeroot libxml-parser-perl check avahi-daemon
  • VLC
 add-apt-repository ppa:videolan/stable-daily
apt-get update
apt-get install vlc mplayer
  • Gparted - partition manager
 apt-get install gparted
  • Archiving
 apt-get install unace rar unrar p7zip-rar p7zip zip unzip sharutils uudeview mpack lha arj cabextract file-roller
  • CHROME - with google talk
 wget -q -O - https://dl-ssl.google.com/linux/linux_signing_key.pub | sudo apt-key add -
sh -c 'echo "deb http://dl.google.com/linux/chrome/deb/ stable main" >> /etc/apt/sources.list.d/google.list'
apt-get update
apt-get install google-chrome-stable
wget -q -O - https://dl-ssl.google.com/linux/linux_signing_key.pub | sudo apt-key add -
sh -c 'echo "deb http://dl.google.com/linux/talkplugin/deb/ stable main" >> /etc/apt/sources.list.d/google.list'
apt-get update
apt-get install google-talkplugin
  • Comment out one of the repo lines in /etc/apt/sources.list.d/google-* to prevent the duplicate entry.
  • Check Gmail
 apt-get install checkgmail
  • READER
 apt-get install acroread acroread-fonts
  • Google web office
 add-apt-repository ppa:tombeckmann/ppa
apt-get update && sudo apt-get install gwoffice
  • Inkscape (illustrator)
 apt-get install inkscape
  • SPOTIFY
 gpg --keyserver wwwkeys.de.pgp.net --recv-keys 4E9CFF4E
gpg --export 4E9CFF4E |sudo apt-key add -
sudo sh -c 'echo "deb http://repository.spotify.com stable non-free" >> /etc/apt/sources.list.d/spotify.list'
apt-get update
apt-get install spotify-client-qt
  • AUDACITY
 add-apt-repository ppa:audacity-team/daily
apt-get update
apt-get install audacity lame libmp3lame0
  • iPOD CONTROL
 apt-get install gtkpod
  • DVD BURNING
 apt-get install k3b k3b-data libk3b6
  • WINff vIDEO CONVERSION
 add-apt-repository ppa:paul-climbing/ppa
apt-get update
apt-get install winff libavcodec-extra-53
  • Open Shot - video editor
 add-apt-repository ppa:openshot.developers/ppa
apt-get update
apt-get install openshot
  • Flowblade
 http://code.google.com/p/flowblade/downloads/list
  • VLMC - video editing from VLC
 add-apt-repository ppa:webupd8team/vlmc
apt-get update
apt-get install vlmc frei0r-plugins

Create user accounts

Edit: New user accounts can be added simply by editing /etc/passwd and /etc/shadow to add each user's line from the same files on white
This will be done using the adduser command for each user: the difference will be that we will be using kerberos for authentication NOT white

  • Special care will be needed to ensure that the root account will be present on all systems with the root password.
  • Even more care will be needed to ensure that each user can actually read/write their own files on white.
  • Get userid from white (id username) and use that userid when creating the account. The idea will be to move this UID to the stanford UID for consistency
    Change group to fmri
    ldap uses ldapsearch to query stanford for UIDs.
  • Use --nopassword option when creating the account and point to /home/* on white - this means that we may need to create these accounts on white first -- or at least create the directory (which may be the way to go)
 adduser --no-create-home --disabled-password --uid $uid_num --gecos “USER_FIRST USER_LAST” USERNAME 
  • FOR EACH USER: Query their UID and GROUPS on white and add them:
 adduser --no-create-home --disabled-password --uid UID --gecos “FIRST_NAME LAST_NAME” USERNAME
  • If the user is already created: IE lmperry
groupadd -g GID GROUPNAME
groupadd -g 31 fmri
usermod -g GROUPNAME USERNAME
usermod -g fmri lmperry
usermod -u UID USERNAME
usermod -u 59908 lmperry 
  • Changing permissions for a changed UID:
 sudo find / -xdev -uid 1000 -exec chown 5000 '{}' \+ 


FROM GUNNAR: Used to add new users

 ldapuser()
{
ldapinfo=$(ldapsearch -x -h ldap.stanford.edu uid=$1)
uid_num=$(echo "$ldapinfo" | grep uidNumber); uid_num=${uid_num##*: }
firstname=$(echo "$ldapinfo" | grep suDisplayNameFirst); firstname=${firstname##*: }
lastname=$(echo "$ldapinfo" | grep suDisplayNameLast); lastname=${lastname##*: }
echo "adduser --no-create-home --disabled-password --uid $uid_num --gecos \"$firstname $lastname\" $1"
echo "mkdir /nimsfs/home/$1; chown $uid_num:$uid_num /nimsfs/home/$1"
}

Kerberizing the system

See the CNI wiki for help with this: http://cni.stanford.edu/wiki/Workstations
This will allow the user authentication to be done using kerberos - not white.

IMPORTANT ISSUES

  • White uses different UIDs from what stanford assigns. This means that if we use Kerberos to authenticate then we have to make sure that we don’t assign the stanford UID to users on new machines - if we don’t use white’s UIDs then each user will not be able to r/w their files on white or biac. This may be an issue to bring up with Martin at some point.
  • See user accounts section - will users need to be created on white as well? so that white will know who each user is? I imagine if we create new users with their stanford UID then this will be fine. What else has to be done when creating new users.
    Each user will have to know that their password is no longer the same as their white password - it’s their stanford password. But this can be changed on white to be their stanford password. Same goes for samba.
  • New file server --- this can be done relatively soon if we wanted to. The new file server would be freeBSD and use .zfs for a file-system.
  • The idea of sharing one password file that is updated via cron to be the same as one that is centrally kept would reduce the need to update each system’s passowrd file in /etc/shadow or /etc/passwd/ ---- how is this better than using NIS? Perhaps it reduces the need to use ypbind and other services that could stop running or that slow things down....
  • The root account is IMPORTANT if the network ever goes down.

List of users that should be able to login

  • See document

Ubuntu Welcome [ssh]

 vim /etc/motd


TODO

  • Create an install script that will do all of this automagically
  • Create all the auto.* files so they can be copied into the right places
  • Root mail
  • aliases (/etc/aliases)
  • SGE
  • mrMeshSrv - compile ** DONE
  • Test mesh building, etc. ** DONE

SGE

  • Add sgeadmin to /etc/groups
 echo 'sgeadmin...'
  • Install grid software
 apt-get install gridengine-exec gridengine-client gridengine-qmon
  • Fonts for qmon
 apt-get install xfs xfstt t1-xfree86-nonfree ttf-xfree86-nonfree ttf-xfree86-nonfree-syriac xfonts-75dpi xfonts-100dpi
** log out or restart for qmon to work

SAMBA

 # Configure /etc/samba/smb.conf #
# This might have to be done for each share individually for security purposes.  
follow symlinks = yes
wide links = yes
### This must be placed in the [global] section NOT just the [shares] section. ###
unix extensions = no
 # Install samba server
apt-get install samba
 # This will allow each user to login to the samba service, provided they have an account
# on the machine. 
apt-get install libpam-smbpass
 # To restart the samba service
sudo restart smbd
sudo restart nmbd


NVIDIA

  • To remove the nvidia driver
 apt-get purge nvidia*
dpkg-reconfigure -phigh xserver-xorg

Kerberizing the System

 apt-get install -y krb5-user libpam-krb5 ; mv /etc/krb5.conf /etc/krb5.conf.dpkg-dist ; wget -O /etc/krb5.conf http://www.stanford.edu/dept/its/support/kerberos/dist/krb5.conf

Letting Your System Send Email

apt-get install -y ssmtp ;
cat << EOF > /etc/ssmtp/ssmtp.conf
root=lmperry@stanford.edu
mailhub=smtp.stanford.edu
usestarttls=yes
hostname="$2".stanford.edu
EOF

Logwatch Reference

 apt-get install -y logwatch ;   mv /usr/share/logwatch/default.conf/logwatch.conf /usr/share/logwatch/default.conf/logwatch.conf.orig ; wget -O /usr/share/logwatch/default.conf/logwatch.conf http://white.stanford.edu/~lmperry/admin/logwatch.conf&nbsp;; echo "/usr/sbin/logwatch --mailto lmperry@stanford.edu" >> /etc/cron.daily/00logwatch

Manual Method
Edit the configuration File

 vim /usr/share/logwatch/default.conf/logwatch.conf
 # Output = mail
# Format = html
# MailTo = lmperry@stanford.edu

Now edit the 00logwatch file and add the following line:

 vim /etc/cron.daily/00logwatch
/usr/sbin/logwatch --mailto lmperr@stanford.edu

Public key

 echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDQDduPLLXUWQ9ziS0q2SMdqlWv4gmuiilPkNWqQHq26i8AkIZfJ1/tC5LA5yipk16ruP2JeD5EZSp7pBWxOIXuEsbLOKRrsb9sBdM0roLZNkG8Mm6NWZViUb3D+8zCmOjNgvgIhJRWv3982H4DVk5ZCAojgk7jEseooU65yNugZXMhDsiPStQGwNms2Xxtjy/D9+mAbF7lZEc2xDVbvArtx6QVeoX7nSIoiZ29gK7E9doPd7tlFRGE7fIg8keYW04WVsRYjNabHM168DUUWhkz0IVwFLDTzCu7F8ijvWZJfbLcwAekOEnyE/aHWWFdjAB9gPEmZgMQOZBAuMjYmHNH Michael Perry" >> ~/.ssh/authorized_keys


"End"

Personal tools