Scientific Linux 5 Installation
System Installation
Follow the instructions on http://linux.web.cern.ch/linux/scientific5/docs/install.shtml
- Create boot image for 64 bit system
- Reboot your computer and press F12 at startup
- In the BIOS setup add CD/DVD to boot devices; save BIOS setup and reboot
- Select http as installation method
- Installation server is: linuxsoft.cern.ch
- Installation path is: /cern/slc5X/x86_64/
- Keep default partition layout
- Set host name to xxx.physics.purdue.edu: e.g. serret.physics.purdue.edu
- Enable network time protocol (server: harbor.ecn.purdue.edu)
- Set Time Zone to: America/Indianapolis
Customize System
http://www.physics.purdue.edu/PCN/doc/wiki/doku.php?id=wiki:procedures:self_maintained:linux
- Create /data
All users should create their own directory in /data (e.g. mkdir /data/norbert) to store their local data.
mkdir /data chmod a+rwx /data
- /etc/sysconfig/network
NETWORKING=yes HOSTNAME=xxxx.physics.purdue.edu NISDOMAIN=purdue-pcn
- /etc/hosts
127.0.0.1 localhost.localdomain localhost xxx.physics.purdue.edu 128.210.67.230 newton newton.physics.purdue.edu 128.210.67.227 aristotle aristotle.physics.purdue.edu
- /etc/group
zh:x:1399: phys:x:1109:
- Install CUPS printers: /etc/cups/client.conf
ServerName spool.physics.purdue.edu
- yum install am_utils
- /etc/amd.conf
[ global ] auto_dir = /net log_file = /var/log/amd.log pid_file = /var/run/amd.pid restart_mounts = yes search_path = /etc:/etc/am-utils # DEFINE AN AMD MOUNT POINT [/home] map_name = amd.home
- /etc/amd.home
#comment: amd.home map /defaults fs:=/net/${rhost}/home;\ opts:=rw,bg,grpid,intr,nosuid,nodevs,quota,proto=udp,vers=3,\ rsize=8192,wsize=8192,timeo=8,retrans=4;\ rfs:=/net/${rhost}/home;\ sublink:=${key};\ type:=nfsl nneumeis rfs:=/net/${rhost}/home/u;fs:=/net/${rhost}/home/u;rhost:=aristotle #-- Special Entries motif type:=error .htaccess type:=error tomb type:=link;sublink:=.;fs:=/lost+found #-- This is necessary for amanda(8) to work -- BE CAREFUL IN THE EXTREME -- operator os==freebsd4;rhost:=aristotle \ os==freebsd3;rhost:=aristotle \ os==freebsd5;rhost:=aristotle \ os==solaris2;rhost:=aristotle \ rhost:=london #-- All other accounts # Everbody else falls back to a * entry * rhost:=aristotle
- /etc/krb5
[libdefaults] default_realm = CERN.CH ticket_lifetime = 25h renew_lifetime = 120h forwardable = true proxiable = true [realms] CERN.CH = { default_domain = cern.ch kpasswd_server = afskrb5m.cern.ch admin_server = afskrb5m.cern.ch kdc = afsdb3.cern.ch kdc = afsdb1.cern.ch kdc = afsdb2.cern.ch v4_name_convert = { host = { rcmd = host } } } FNAL.GOV = { default_domain = fnal.gov admin_server = krb-fnal-admin.fnal.gov kdc = krb-fnal-1.fnal.gov:88 kdc = krb-fnal-2.fnal.gov:88 kdc = krb-fnal-3.fnal.gov:88 } CENTRAL.PURDUE.LCL = { kdc = 128.210.63.203 kdc = 1061cendc01.central.purdue.lcl admin_server = 1061cendc01.central.purdue.lcl default_domain = 1061cendc01.central.purdue.lcl } [domain_realm] .cern.ch = CERN.CH .fnal.gov = FNAL.GOV .central.purdue.lcl = CENTRAL.PURDUE.LCL central.purdue.lcl = CENTRAL.PURDUE.LCL [appdefaults] pam = { external = true krb4_convert = false krb4_convert_524 = false krb4_use_as_req = false ticket_lifetime = 25h }
- /etc/yp.conf
domain purdue-pcn broadcast
- /etc/ldap.conf
host volta.physics.purdue.edu base dc=physics,dc=purdue,dc=edu uri ldaps://volta.physics.purdue.edu ssl start_tls ssl on ldap_version 3 tls_checkpeer yes tls_cacertfile /usr/share/purple/ca-certs/Thawte_Premium_Server_CA.pem tls_cacertdir /etc/openldap/cacerts # you may need to symlink Thawte_Premium_Server_CA.pem in /etc/openldap/cacerts rootbinddn cn=admin,dc=physics,dc=purdue,dc=edu pam_password md5 binddn cn=unsupported,dc=physics,dc=purdue,dc=edu bindpw *********
- ln -s /bin/bash /usr/local/bin/bash/
- ln -s /usr/share/purple/ca-certs/Thawte_Premium_Server_CA.pem /etc/openldap/cacerts/.
- /etc/nsswitch.conf
passwd: files ldap nis shadow: files ldap group: files nis hosts: files nis dns bootparams: nisplus [NOTFOUND=return] files ethers: files netmasks: files networks: files protocols: files rpc: files services: files netgroup: files nis ldap publickey: nisplus automount: files nis ldap aliases: files nisplus
- /etc/sysconfig/authconfig
USEMD5=no USECRACKLIB=yes USEDB=no USEHESIOD=no USELDAP=yes USENIS=yes USEPASSWDQC=no USEWINBIND=no USEAFSKERBEROS=no USEKERBEROS=no USELDAPAUTH=yes USESHADOW=yes USESMBAUTH=no USEWINBINDAUTH=no USELOCAUTHORIZE=yes PASSWDALGORITHM=md5
- /etc/ssh/ssh_config
GSSAPIAuthentication yes GSSAPIDelegateCredentials yes PubkeyAuthentication no PasswordAuthentication yes
- AFS
/usr/sbin/lcm --configure ntpd afsclt /usr/sbin/lcm --configure srvtab /sbin/chkconfig --add afs /sbin/chkconfig --add amd /sbin/chkconfig amd on /sbin/service amd start
- /etc/passwd (This will allow you to login with your CERN afs account and mounts your CERN afs home directory)
neumeist:x:11701:1399:Norbert NEUMEISTER:/afs/cern.ch/user/n/neumeist:/bin/tcsh aeverett:x:8547:1399:Adam EVERETT:/afs/cern.ch/user/a/aeverett:/bin/tcsh asvyatko:x:24584:1399:Alexey SVYATKOVKIY:/afs/cern.ch/user/a/asvyatko:/bin/tcsh
- /etc/pam.d/system-auth
auth required pam_env.so auth sufficient pam_unix.so likeauth nullok auth sufficient pam_krb5.so try_first_pass minimum_uid=100 auth sufficient pam_ldap.so use_first_pass auth required pam_deny.so account sufficient pam_unix.so broken_shadow account sufficient pam_localuser.so account sufficient pam_succeed_if.so uid < 100 quiet account [default=bad success=ok user_unknown=ignore] pam_ldap.so account required pam_permit.so password requisite pam_cracklib.so retry=3 password sufficient pam_unix.so nullok use_authtok shadow ldap nis debug password sufficient pam_krb5.so try_first_pass password sufficient pam_ldap.so use_authtok password required pam_deny.so session required pam_limits.so session required pam_unix.so session required pam_krb5.so try_first_pass session optional pam_ldap.so
- firewall?
- Java: Download and install Java SE Runtime Environment JRE 6 https://cds.sun.com/is-bin/INTERSHOP.enfinity/WFS/CDS-CDS_Developer-Site/en_US/-/USD/ViewProductDetail-Start?ProductRef=jre-6u17-oth-JPR@CDS-CDS_Developer
- /etc/mime.types
type=application/x-java-jnlp-file desc="Java Web Start" exts="jnlp