Earthdevruis » History » Version 3
Joseph Foley, 2013-03-15 14:32
AFS/Kerberos instructions and new users
| 1 | 1 | Joseph Foley | h1. Earthdevruis |
|---|---|---|---|
| 2 | |||
| 3 | @earth.dev.ru.is@ is a high-performance linux server owned by the RU Speech Research group under Jón Gúðnason <jg@ru.is>. The machine lives in DevNet (the development network in the RU basement). |
||
| 4 | |||
| 5 | The main DevNet contact is Joe Foley <foley@ru.is>. He also installed th machine machine. |
||
| 6 | |||
| 7 | h2. Installation |
||
| 8 | |||
| 9 | h3. Turn on PXE for network boot/install |
||
| 10 | |||
| 11 | # Reboot |
||
| 12 | # While the machine is rebooting, hit F2 (or F1) so that it goes to BIOS setup |
||
| 13 | ## Click on system options, then networking |
||
| 14 | ## Set the network adapter to have PXE enabled |
||
| 15 | ## Save options |
||
| 16 | # Make sure that the machine is connected to the DevNet switches |
||
| 17 | # Reboot |
||
| 18 | |||
| 19 | h3. Netboot and pick installer |
||
| 20 | |||
| 21 | # After PXE initializes, you should get an installer menu |
||
| 22 | # Choose Ubuntu 12.04.2 64-bit (Alternate) |
||
| 23 | # You'll have to pick region and keyboard. You want to pick the Icelandic keyboard |
||
| 24 | |||
| 25 | h3. Partitioning the hard drive |
||
| 26 | |||
| 27 | It's a good idea to separate the operating system, home directory, and data storage. In addition, you will need a swap file and an AFS cache partition. |
||
| 28 | The AFS cache partition should be ext2 or ext3. To make this easier to manage, you should have all except for a boot partition in LVM (logical volume manager) |
||
| 29 | |||
| 30 | # Choose manual partitioning of hard drive |
||
| 31 | # Create a /boot primary paritition of around 300MB. Make sure it is "bootable" |
||
| 32 | # Go into the LVM manager |
||
| 33 | ## Create a new physical volume with the remaining space on the drive |
||
| 34 | ## Create these logical volumes with these names and sizes. You'll need to remember where they should be mounted also. |
||
| 35 | 2 | Joseph Foley | *** afscache 2GB (for @/var/cache/openafs@) |
| 36 | *** swap 8GB |
||
| 37 | *** slash 60GB (for @/@) |
||
| 38 | *** home 50GB (for @/home@) |
||
| 39 | *** export [Remaining space] (for @/export@) |
||
| 40 | 1 | Joseph Foley | ## Save changes and exit the manager |
| 41 | # In the partition manager, set these options for the partitions |
||
| 42 | 2 | Joseph Foley | ** boot: labeled boot, format as ext2, mounted at /boot, set "bootable" flag |
| 43 | ** afscache: 0% reserved, labeled afscache, format as ext2 or ext3, mounted at @/var/cache/openafs@ |
||
| 44 | ** swap: swapspace |
||
| 45 | ** slash: labeled slash, format as ext4, mounted at @/@ |
||
| 46 | ** home: 0% reserved, labeled home, format as ext4, mounted at @/home@ |
||
| 47 | ** export: 0% reserved, labeled export, format as ext4, mounted at @/export@ |
||
| 48 | 1 | Joseph Foley | # Save changes |
| 49 | # The installation should continue for a while |
||
| 50 | |||
| 51 | h3. Picking server options |
||
| 52 | |||
| 53 | 3 | Joseph Foley | You'll have to pick a user. This is the default devnet user: |
| 54 | * user: devnet |
||
| 55 | * password: hakkavelin |
||
| 56 | |||
| 57 | Once everything is setup, you should delete the user (or change the password). _Avoid logging in as root unless absolutely necessary!_ |
||
| 58 | |||
| 59 | 1 | Joseph Foley | This may vary, but these are probably the settings you want: |
| 60 | * Basic Ubuntu Server |
||
| 61 | * SSH server |
||
| 62 | * Ubuntu Desktop |
||
| 63 | 3 | Joseph Foley | |
| 64 | h3. Kerberos (single sign on) and AFS |
||
| 65 | |||
| 66 | Follow the directions at https://samvinna.ru.is/projects/projects/devnet-documentation/wiki/AFS_Client_Installation |
||
| 67 | |||
| 68 | Very brief synopsis without some details: |
||
| 69 | # Install the packages. Remember that the Kerberos realm is DEV.RU.IS and theAFS cell is dev.ru.is. Case matters! |
||
| 70 | <pre> |
||
| 71 | sudo apt-get install krb5-auth-dialog krb5-user krb5-clients libpam-ccreds libpam-krb5 build-essential dkms linux-headers-`uname -r` openafs-modules-dkms openafs-{client,krb5} |
||
| 72 | </pre> |
||
| 73 | # Get a kerberos administrator (currently foley) to generate a keytab for @/etc/krb5.keytab@ |
||
| 74 | # Add the principals for administrators into @/root/.k5login@ |
||
| 75 | <pre> |
||
| 76 | foley@DEV.RU.IS |
||
| 77 | jg@DEV.RU.IS |
||
| 78 | simonhk@DEV.RU.IS |
||
| 79 | </pre> |
||
| 80 | # Reboot |
||
| 81 | # Adjust the @/etc/ssh/sshd_config@ settings to allow GSSAPI options (set them all to yes) |
||
| 82 | # see if you can ssh in using your DevNet @DEV.RU.IS principal to the root account |
||
| 83 | |||
| 84 | To add users, you need to find out the user's AFS ID. |
||
| 85 | # My AFS id is 7812 as below: |
||
| 86 | <pre> pts examine foley |
||
| 87 | libprot: unable to build security class (getting token) |
||
| 88 | libprot: Could not get afs tokens, running unauthenticated |
||
| 89 | Name: foley, id: 7812, owner: system:administrators, creator: foley.afsadm, |
||
| 90 | membership: 25, flags: S----, group quota: 20.</pre> |
||
| 91 | # sudo adduser --uid 7812 foley |
||
| 92 | ## Hit return when it asks for your password and do not retry |
||
| 93 | ## Fill out the user's information |