Science - Physics - CMS Physics
Space shortcuts
Child pages
  • PCN Self-supported Workstation Installation
Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 26 Next »

Scientific Linux 5 Installation

System Installation

Follow the instructions on http://linux.web.cern.ch/linux/scientific5/docs/install.shtml

  1. Create boot image for 64 bit system
  2. Reboot your computer and press F12 at startup
  3. In the BIOS setup add CD/DVD to boot devices; save BIOS setup and reboot
  4. Select http as installation method
  5. Installation server is: linuxsoft.cern.ch
  6. Installation path is: /cern/slc5X/x86_64/
  7. Keep default partition layout
  8. Set host name to xxx.physics.purdue.edu: e.g. serret.physics.purdue.edu
  9. Enable network time protocol (server: harbor.ecn.purdue.edu)
  10. Set Time Zone to: America/Indianapolis

Customize System

http://www.physics.purdue.edu/PCN/doc/wiki/doku.php?id=wiki:procedures:self_maintained:linux

  1. Create /data 
    mkdir /data
chmod a+rwx /data
    All users should create their own directory in /data (e.g. mkdir /data/norbert) to store their local data.
  2. /etc/sysconfig/network 
    NETWORKING=yes
HOSTNAME=xxxx.physics.purdue.edu
NISDOMAIN=purdue-pcn
  3. /etc/hosts 
    127.0.0.1               localhost.localdomain localhost xxx.physics.purdue.edu
128.210.67.230          newton newton.physics.purdue.edu
128.210.67.227          aristotle aristotle.physics.purdue.edu
  4. /etc/group 
    zh:x:1399:
phys:x:1109:
  5. Install CUPS printers: /etc/cups/client.conf 
    ServerName spool.physics.purdue.edu
  6. yum install am_utils
  7. /etc/amd.conf 
    [ global ]
auto_dir =              /net
log_file =              /var/log/amd.log
pid_file =              /var/run/amd.pid
restart_mounts =        yes
search_path = /etc:/etc/am-utils

# DEFINE AN AMD MOUNT POINT

[/home]
map_name = amd.home
  8. /etc/amd.home 
    #comment: amd.home map
/defaults       fs:=/net/${rhost}/home;\
                opts:=rw,bg,grpid,intr,nosuid,nodevs,quota,proto=udp,vers=3,\
                rsize=8192,wsize=8192,timeo=8,retrans=4;\
                rfs:=/net/${rhost}/home;\
                sublink:=${key};\
                type:=nfsl

nneumeis        rfs:=/net/${rhost}/home/u;fs:=/net/${rhost}/home/u;rhost:=aristotle

#-- Special Entries

motif           type:=error
.htaccess       type:=error
tomb            type:=link;sublink:=.;fs:=/lost+found

#-- This is necessary for amanda(8) to work -- BE CAREFUL IN THE EXTREME --

operator        os==freebsd4;rhost:=aristotle \
                os==freebsd3;rhost:=aristotle \
                os==freebsd5;rhost:=aristotle \
                os==solaris2;rhost:=aristotle \
                rhost:=london

#-- All other accounts

# Everbody else falls back to a * entry
*               rhost:=aristotle
  9. /etc/krb5 
    [libdefaults]
 default_realm = CERN.CH
 ticket_lifetime = 25h
 renew_lifetime = 120h
 forwardable = true
 proxiable = true

[realms]
 CERN.CH = {
  default_domain = cern.ch
  kpasswd_server = afskrb5m.cern.ch
  admin_server = afskrb5m.cern.ch
  kdc = afsdb3.cern.ch
  kdc = afsdb1.cern.ch
  kdc = afsdb2.cern.ch

  v4_name_convert = {
     host = {
         rcmd = host
     }
  }
 }

 FNAL.GOV = {
  default_domain = fnal.gov
  admin_server = krb-fnal-admin.fnal.gov
  kdc = krb-fnal-1.fnal.gov:88
  kdc = krb-fnal-2.fnal.gov:88
  kdc = krb-fnal-3.fnal.gov:88
 }

 CENTRAL.PURDUE.LCL = {
  kdc = 128.210.63.203
  kdc = 1061cendc01.central.purdue.lcl
  admin_server = 1061cendc01.central.purdue.lcl
  default_domain = 1061cendc01.central.purdue.lcl
 }

[domain_realm]
 .cern.ch = CERN.CH
 .fnal.gov = FNAL.GOV
 .central.purdue.lcl = CENTRAL.PURDUE.LCL
 central.purdue.lcl = CENTRAL.PURDUE.LCL

[appdefaults]
 pam = {
   external = true
   krb4_convert = false
   krb4_convert_524 = false
   krb4_use_as_req = false
   ticket_lifetime = 25h
 }
  10. /etc/yp.conf 
    domain purdue-pcn broadcast
  11. /etc/ldap.conf 
    host volta.physics.purdue.edu
base dc=physics,dc=purdue,dc=edu
uri ldaps://volta.physics.purdue.edu
ssl start_tls
ssl on
ldap_version 3
tls_checkpeer yes
tls_cacertfile /usr/share/purple/ca-certs/Thawte_Premium_Server_CA.pem
tls_cacertdir /etc/openldap/cacerts
# you may need to symlink Thawte_Premium_Server_CA.pem in /etc/openldap/cacerts
rootbinddn cn=admin,dc=physics,dc=purdue,dc=edu

pam_password md5

binddn cn=unsupported,dc=physics,dc=purdue,dc=edu
bindpw *********
  12. ln -s /bin/bash /usr/local/bin/bash/
  13. ln -s /usr/share/purple/ca-certs/Thawte_Premium_Server_CA.pem /etc/openldap/cacerts/.
  14. /etc/nsswitch.conf 
    passwd:     files ldap nis
shadow:     files ldap
group:      files nis

hosts:      files nis dns

bootparams: nisplus [NOTFOUND=return] files

ethers:     files
netmasks:   files
networks:   files
protocols:  files
rpc:        files
services:   files

netgroup:   files nis ldap

publickey:  nisplus

automount:  files nis ldap
aliases:    files nisplus
  15. /etc/sysconfig/authconfig 
    USEMD5=no
USECRACKLIB=yes
USEDB=no
USEHESIOD=no
USELDAP=yes
USENIS=yes
USEPASSWDQC=no
USEWINBIND=no
USEAFSKERBEROS=no
USEKERBEROS=no
USELDAPAUTH=yes
USESHADOW=yes
USESMBAUTH=no
USEWINBINDAUTH=no
USELOCAUTHORIZE=yes
PASSWDALGORITHM=md5
  16. /etc/ssh/ssh_config 
    GSSAPIAuthentication yes
GSSAPIDelegateCredentials yes
PubkeyAuthentication no
PasswordAuthentication yes
  17. AFS 
     /usr/sbin/lcm --configure ntpd afsclt
 /usr/sbin/lcm --configure srvtab
 /sbin/chkconfig --add afs
 /sbin/chkconfig --add amd
 /sbin/chkconfig amd on
 /sbin/service amd start
  18. /etc/passwd (This will allow you to login with your CERN afs account and mounts your CERN afs home directory) 
    neumeist:x:11701:1399:Norbert NEUMEISTER:/afs/cern.ch/user/n/neumeist:/bin/tcsh
aeverett:x:8547:1399:Adam EVERETT:/afs/cern.ch/user/a/aeverett:/bin/tcsh
asvyatko:x:24584:1399:Alexey SVYATKOVKIY:/afs/cern.ch/user/a/asvyatko:/bin/tcsh
  19. /etc/pam.d/system-auth 
    auth        required      pam_env.so
auth        sufficient    pam_unix.so likeauth nullok
auth        sufficient    pam_krb5.so try_first_pass minimum_uid=100
auth        sufficient    pam_ldap.so use_first_pass
auth        required      pam_deny.so

account     sufficient    pam_unix.so broken_shadow
account     sufficient    pam_localuser.so
account     sufficient    pam_succeed_if.so uid < 100 quiet
account     [default=bad success=ok user_unknown=ignore] pam_ldap.so
account     required      pam_permit.so

password    requisite     pam_cracklib.so retry=3
password    sufficient    pam_unix.so nullok use_authtok shadow ldap nis debug
password    sufficient    pam_krb5.so try_first_pass
password    sufficient    pam_ldap.so use_authtok
password    required      pam_deny.so

session     required      pam_limits.so
session     required      pam_unix.so
session     required      pam_krb5.so try_first_pass
session     optional      pam_ldap.so
  20. firewall?
  21. Java: Download and install Java SE Runtime Environment JRE 6 https://cds.sun.com/is-bin/INTERSHOP.enfinity/WFS/CDS-CDS_Developer-Site/en_US/-/USD/ViewProductDetail-Start?ProductRef=jre-6u17-oth-JPR@CDS-CDS_Developer
  22. /etc/mime.types 
    type=application/x-java-jnlp-file desc="Java Web Start" exts="jnlp
  • No labels