Scientific Linux 5 Installation
System Installation
Follow the instructions on
http://linux.web.cern.ch/linux/scientific5/docs/install.shtml
- Create Boot image for 64 bit system
- Select http as installation method
- Installation server is: linuxsoft.cern.ch
- Installation path is: /cern/slc5X/x86_64/
- keep default partition layout
- set host name to xxx.physics.purdue.edu : e.g. serret.physics.purdue.edu
Customize System
http://www.physics.purdue.edu/PCN/doc/wiki/doku.php?id=wiki:procedures:self_maintained:linux
- Create /data
All users should create their own directory in /data (e.g. mkdir /data/norbert) to store their local data.
mkdir /data chmod a+rwx /data
- yum install am_utils
- /etc/amd.conf
[ global ] auto_dir = /net log_file = /var/log/amd.log pid_file = /var/run/amd.pid restart_mounts = yes search_path = /etc:/etc/am-utils # DEFINE AN AMD MOUNT POINT [/home] map_name = amd.home
- /etc/amd.home
#comment: amd.home map /defaults fs:=/net/${rhost}/home;\ opts:=rw,bg,grpid,intr,nosuid,nodevs,quota,proto=udp,vers=3,\ rsize=8192,wsize=8192,timeo=8,retrans=4;\ rfs:=/net/${rhost}/home;\ sublink:=${key};\ type:=nfsl nneumeis rfs:=/net/${rhost}/home/u;fs:=/net/${rhost}/home/u;rhost:=aristotle #-- Special Entries motif type:=error .htaccess type:=error tomb type:=link;sublink:=.;fs:=/lost+found #-- This is necessary for amanda(8) to work -- BE CAREFUL IN THE EXTREME -- operator os==freebsd4;rhost:=aristotle \ os==freebsd3;rhost:=aristotle \ os==freebsd5;rhost:=aristotle \ os==solaris2;rhost:=aristotle \ rhost:=london #-- All other accounts # Everbody else falls back to a * entry * rhost:=aristotle - /etc/hosts
127.0.0.1 localhost.localdomain localhost xxx.physics.purdue.edu 128.210.67.230 newton newton.physics.purdue.edu 128.210.67.227 aristotle aristotle.physics.purdue.edu
- /etc/group
zh:x:1399: phys:x:1109:
- Install CUPS printers:
#/etc/cups/client.conf ServerName spool.physics.purdue.edu
- /etc/krb5
[libdefaults] default_realm = CERN.CH ticket_lifetime = 25h renew_lifetime = 120h forwardable = true proxiable = true [realms] CERN.CH = { default_domain = cern.ch kpasswd_server = afskrb5m.cern.ch admin_server = afskrb5m.cern.ch kdc = afsdb3.cern.ch kdc = afsdb1.cern.ch kdc = afsdb2.cern.ch v4_name_convert = { host = { rcmd = host } } } FNAL.GOV = { default_domain = fnal.gov admin_server = krb-fnal-admin.fnal.gov kdc = krb-fnal-1.fnal.gov:88 kdc = krb-fnal-2.fnal.gov:88 kdc = krb-fnal-3.fnal.gov:88 } CENTRAL.PURDUE.LCL = { kdc = 128.210.63.203 kdc = 1061cendc01.central.purdue.lcl admin_server = 1061cendc01.central.purdue.lcl default_domain = 1061cendc01.central.purdue.lcl } [domain_realm] .cern.ch = CERN.CH .fnal.gov = FNAL.GOV .central.purdue.lcl = CENTRAL.PURDUE.LCL central.purdue.lcl = CENTRAL.PURDUE.LCL [appdefaults] pam = { external = true krb4_convert = false krb4_convert_524 = false krb4_use_as_req = false ticket_lifetime = 25h } - /etc/yp.conf
domain purdue-pcn broadcast
- /etc/ldap.conf
host volta.physics.purdue.edu base dc=physics,dc=purdue,dc=edu uri ldaps://volta.physics.purdue.edu ssl start_tls ssl on ldap_version 3 tls_checkpeer yes tls_cacertfile /usr/share/purple/ca-certs/Thawte_Premium_Server_CA.pem tls_cacertdir /etc/openldap/cacerts # you may need to symlink Thawte_Premium_Server_CA.pem in /etc/openldap/cacerts rootbinddn cn=admin,dc=physics,dc=purdue,dc=edu pam_password md5 binddn cn=unsupported,dc=physics,dc=purdue,dc=edu bindpw *********
- ln -s /bin/bash /usr/local/bin/bash/
- ln -s /usr/share/purple/ca-certs/Thawte_Premium_Server_CA.pem /etc/openldap/cacerts/.
- nsswitch
- /etc/sysconfig/authconfig
USEMD5=no USECRACKLIB=yes USEDB=no USEHESIOD=no USELDAP=yes USENIS=yes USEPASSWDQC=no USEWINBIND=no USEAFSKERBEROS=no USEKERBEROS=no USELDAPAUTH=yes USESHADOW=yes USESMBAUTH=no USEWINBINDAUTH=no USELOCAUTHORIZE=yes PASSWDALGORITHM=md5
- /etc/ssh/ssh_config
GSSAPIAuthentication yes GSSAPIDelegateCredentials yes GSSAPITrustDNS yes PubkeyAuthentication no PasswordAuthentication yes
- AFS
/usr/sbin/lcm --configure ntpd afsclt /usr/sbin/lcm --configure srvtab /sbin/chkconfig --add afs /sbin/chkconfig --add amd /sbin/chkconfig amd on /sbin/service amd start
- /etc/passwd
nneumeis:x:139702:1109:Norbert Neumeister,PHYSICS 374,767 494 5198,:/home/u/nneumeis:/bin/tcsh
- /etc/pam.d/system-auth
auth required /lib/security/$ISA/pam_env.so auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok # next line added by NCM-afsclt auth sufficient /lib/security/$ISA/pam_krb5afs.so try_first_pass minimum_uid=100 auth sufficient /lib/security/$ISA/pam_ldap.so use_first_pass auth required /lib/security/$ISA/pam_deny.so account sufficient /lib/security/$ISA/pam_unix.so broken_shadow account sufficient /lib/security/$ISA/pam_localuser.so account sufficient /lib/security/$ISA/pam_succeed_if.so uid < 100 quiet account [default=bad success=ok user_unknown=ignore] /lib/security/$ISA/pam_ldap.so account required /lib/security/$ISA/pam_permit.so password requisite /lib/security/$ISA/pam_cracklib.so retry=3 password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok shadow ldap nis debug # next line added by NCM-afsclt password sufficient /lib/security/$ISA/pam_krb5afs.so try_first_pass password sufficient /lib/security/$ISA/pam_ldap.so use_authtok password required /lib/security/$ISA/pam_deny.so session required /lib/security/$ISA/pam_limits.so session required /lib/security/$ISA/pam_unix.so # next line added by NCM-afsclt session required /lib/security/$ISA/pam_krb5afs.so try_first_pass session optional /lib/security/$ISA/pam_ldap.so
- /etc/sysconfig/network
NETWORKING=yes HOSTNAME=xxxx.physics.purdue.edu NISDOMAIN=purdue-pcn
- firewall?
- Java: Download and install Java SE Runtime Environment JRE 6 https://cds.sun.com/is-bin/INTERSHOP.enfinity/WFS/CDS-CDS_Developer-Site/en_US/-/USD/ViewProductDetail-Start?ProductRef=jre-6u17-oth-JPR@CDS-CDS_Developer
- /etc/mime.types
type=application/x-java-jnlp-file desc="Java Web Start" exts="jnlp