Difference between revisions of "COSI Arch Build"

From CSLabsWiki
(LDAP client)
(LDAP client)
Line 336: Line 336:
 
session optional pam_krb5.so
 
session optional pam_krb5.so
 
session optional pam_permit.so
 
session optional pam_permit.so
  +
</pre>
  +
  +
===SUDO===
  +
  +
<pre>
  +
export EDITOR=nano
  +
visudo
  +
</pre>
  +
  +
and add the following:
  +
  +
<pre>
  +
%admins ALL=(ALL) ALL
  +
%maintainers ALL=(ALL) ALL
  +
%users ALL=(ALL) ALL
 
</pre>
 
</pre>

Revision as of 23:30, 7 April 2016

The COSI Arch Build has been attempted in the past, with failures tending to cause people to resort to other operating systems.

In April 2016, a new lab image has been contemplated and we want to try and see if using Arch will solve the NFS problems.


Installation

Get the Arch Dual ISO CD and start it up.

To start, try pinging google or mirror. You will need to configure the network if that isn't working. That is beyond the scope of where we are now, use the official arch wiki to set that up.

Set HW Clock

Check that the system clock is set up right.

timedatectl set-ntp true

Configure Partitons

Determine what drive you want to use.

lsblk

In this case it was /dev/sda

Start up parted and begin partitioning the disks.

parted /dev/sda
mklabel msdos
mkpart primary ext4 1M 280G
exit

Format the disks. Say yes if it complains to continue to partition.

mkfs.ext4 /dev/sda1

And mount that partition.

mount /dev/sda1 /mnt

Set up Mirrors

If you are running x86 or x64, we run Arch on mirror. Otherwise you will need to find a mirror that does your architecture.

vim /etc/pacman.d/mirrorlist

Add this line:

Server = http://mirror.clarkson.edu/archlinux/$repo/os/$arch

Installation

Pacstrap

Start up pacstrap and install the base system. Make sure that you have mounted the partition to start installing to.

pacstrap /mnt base base-devel vim htop grub nano

Now wait as the system is installed.

Generate FSTAB

genfstab -U /mnt > /mnt/etc/fstab

Change Root

arch-chroot /mnt /bin/bash

Configuration

Set Timezone

Default timezone for COSI

tzselect
2
49
1
1

Set up Grub

If you want to find other os's, use pacman to install os prober:

pacman -S os-prober

Install GRUB to the MBR.

grub-install /dev/sda
grub-mkconfig -o /boot/grub/grub.cfg

Set the Hostname

Set the hostname (ex, cosi-3)

vim /etc/hostname

If you want, you can skip below and set up the network interfaces while you still have access to the live cd, but I'm lazy and do it later.

Set the root password

passwd

Finish

pacman -Syu
exit
reboot

More Fun!

At this point, if you haven't rebooted, you should. If you accidentally derped with the partitioning and such, you would rather know now before you install fancy stuff that takes a while than know after you try rebooting into the system only to discover that GRUB didn't work or something else along those lines and that you lost all of your precious time and effort.

Try not to get frustrated if this didn't work so far. Check out the Arch Linux beginners guide for help and instructions.

Here we go!

Network Stack

Let's make some network! If you try to network right now, you will fail.

ip link

This (above) is a list of the current NIC's

Now, pick one either at random or one that doesn't say NO-CARRIER (and that is not lo) and enable it! (If you only have lo, you have a problem)

systemctl enable dhcpcd@enp2s0
systemctl start dhcpcd@enp2s0

... and you should now have a link.

ip a

... should show you the IP and all that fun stuff. If you have an IP, you are done with the network stack!

CSGUEST user

Let's make a local user for CSGUEST!

useradd csguest
passwd csguest

Install sudo

pacman -S sudo

Edit the sudoers file and remove the comment in front of the %sudo so that the sudo group can sudo.

Add CSGUEST to sudo.

gpasswd -a csguest sudo

If the sudo group doesn't exist, create it.

groupadd sudo

X Server

This is another fun one!

pacman -Syu
pacman -S xfce4 xfce4-goodies lxdm

Select all prerequisites

Enable LXDM

systemctl enable lxdm

Edit the config file to enable capslock, change default session to startxfce4 and disable user listing.

vim /etc/lxdm/lxdm.conf

Get a browser (and arandr)

pacman -S firefox arandr

Important stuff

pacman -S wget

Active Directory

LDAP client

Get the COSI Certs!

Get this:

https://talos.cslabs.clarkson.edu/cosi_ca.crt

and then put it at /etc/ssl/certs and then add that into the nslcd.conf as the ca certificate directory

nss-ldap

pacman -S nss-pam-ldapd
vim /etc/nsswitch.conf

Add "ldap" (without quotes) to the end of the passwd, group, and shadow lines.

vim /etc/nslcd.conf

uri:

uri ldaps://128.153.145.3

base:

base dc=cslabs,dc=clarkson,dc=edu

And now..

systemctl enable nslcd.service
systemctl start nslcd.service

krb5

pacman -S pam-krb5

And edit the configuration file

Add these lines under their respective locations, and replace the default line at the top with CSLABS.

[realms]
	CSLABS.CLARKSON.EDU = {
		kdc = talos.cslabs.clarkson.edu
		admin_server = talos.cslabs.clarkson.edu
		default_domain = cslabs.clarkson.edu
	}
[domain_realm]
	.cslabs.clarkson.edu = CSLABS.CLARKSON.EDU
	cslabs.clarkson.edu = CSLABS.CLARKSON.EDU

[libdefaults]
	default_realm = CSLABS.CLARKSON.EDU

PAM

Modify this file to look somewhat like this.

vim /etc/pam.d/system-auth
#%PAM-1.0

auth      sufficient  pam_unix.so     nullok
auth      sufficient pam_krb5.so      try_first_pass nullok
auth      required pam_ldap.so        try_first_pass nullok
auth      optional  pam_permit.so
auth      required  pam_env.so

account   sufficient  pam_unix.so
account   sufficient  pam_krb5.so
account   required pam_ldap.so
account   optional  pam_permit.so
account   required  pam_time.so

password  optional  pam_unix.so     try_first_pass nullok 
password  optional  pam_krb5.so
password  optional  pam_ldap.so
password  optional  pam_permit.so

session   required  pam_limits.so
session   optional  pam_unix.so
session   optional  pam_krb5.so
session   optional  pam_permit.so

SUDO

export EDITOR=nano
visudo

and add the following:

%admins ALL=(ALL) ALL
%maintainers ALL=(ALL) ALL
%users ALL=(ALL) ALL