Difference between revisions of "COSI Linux Build"

From CSLabsWiki
m (mac_addresses.csv)
 
(103 intermediate revisions by 10 users not shown)
Line 1: Line 1:
  +
{{services
This page summarizes how to set up the COSI Lab Build, and describes what procedures are in place to maintain it.
 
  +
|contact_person = [[User:xperia64|Xperia64]]
  +
|last_update = Summer 2016
  +
|host_vm =
  +
|vm_host =
  +
|services = Linux Image for COSI
  +
|category = Lab Build
  +
|handoff = no
  +
}}
   
  +
= Introduction =
The Lab Build is based off of Ubuntu 9.10 ("Karmic Koala"). It employs a `metapackage' repository (currently hosted in COSI by web2) to keep track of all packages that should be installed. This way, when a user requests that a new package be installed, it is easy to update all of the machines - just add the requested package to the metapackage, which all lab build computers will update from overnight. Please see the `metapackage' section for more information.
 
  +
This page summarizes how to set up and maintain the '''COSI Linux Build'''.
   
  +
The lab build was once a separate project from the [[ITL Linux Build]], but to reduce maintenance work, the ITL build is now the primary effort, and it serves well enough as the COSI lab build once several minor adjustments are made. The script /root/cosify.sh is stored in the ITL image, which can be run as root to prepare the image for use in COSI as opposed to the ITL. This script is maintained along with the ITL image itself.
''DEPRECATED'':<br>
 
The Lab Build is currently based off of Ubuntu 9.04 (Jaunty Jackalope). It employs a `metapackage' repository hosted in COSI to keep track of all packages that should be installed. This way, when a user requests that a new package be installed, it is easy to update all of the machines - just add the requested package to the metapackage, which all lab build computers will update from overnight. The metapackage will be discussed in more detail later on.
 
   
  +
The ITL image is currently running on Xubuntu 17.04.
==Project Members==
 
  +
===Current===
 
  +
= Project Members =
* [[User:Platekme|Mark Platek]]
 
  +
== Current Maintainer ==
===Past===
 
  +
*[[User:xperia64|Xperia64]]
  +
  +
== Past Maintainers ==
  +
* [[User:lannonbr|Benjamin Lannon]]
  +
* [[User:northug|Graham Northup]]
  +
* [[User: beadleha|Alan Beadle]]
  +
* [[User:cmr|Corey Richardson]]
 
* [[User:Petermcv|Chris Peterman]]
 
* [[User:Petermcv|Chris Peterman]]
 
* [[User:Mckennmj|Michael McKenna-Mattiaccio]]
 
* [[User:Mckennmj|Michael McKenna-Mattiaccio]]
  +
* [[User:kopptr|Tim Kopp]]
  +
* [[User:Platekme|Mark Platek]]
   
==Requests==
+
= Software Requests =
  +
Requests for software for in COSI can go below, but please add requests for software in the ITL on the ITL Linux page.
Enter requests for the Lab Build here. If the request is available through apt, it will be added to the metapackage and the package will show up the next day if the machine is left running overnight. If the request is not available as a package, it will be added the next time the lab build is cloned out. Please leave your name when you make a request. Alternatively, you can email the maintainer.
 
  +
Software that belongs in COSI but not in the ITL can be installed by the "cosify.sh" script.
===Pending===
 
Please list requests here.<br>
 
* Consider using the lab DNS servers (128.153.145.{3,4}) and Clarkson as the fail safe.--[[User:Mccarrms|Matt]] 00:25, 3 March 2010 (EST)
 
* SSH locked down.--[[User:Mccarrms|Matt]] 00:25, 3 March 2010 (EST)
 
* Run iptables to block everything coming into the systems--[[User:Mccarrms|Matt]] 00:25, 3 March 2010 (EST)
 
* Post the static IPs that are going to be used on the wiki. Many of us (that should know) don't know what IPs OIT gave us to use for static IPs on the 144 subnet. If you want *.cslabs.clarkson.edu hostnames, I can provide those. Also, you will need static IPs for the internal network since DHCP is no longer present there. Contact me when you need those.--[[User:Mccarrms|Matt]] 00:25, 3 March 2010 (EST)
 
* Have the search field in <code>/etc/resolv.conf</code> be <code>search cslabs.clarkson.edu clarkson.edu</code>. This allows for shortened urls. Ex. Type <code>docs</code> in the url and you get the wiki.--[[User:Mccarrms|Matt]] 00:25, 3 March 2010 (EST)
 
   
  +
Software needed to be added to a img:
===Finished===
 
Note: items in this category have been added to the metapackage, which the build updates from at 4:00 AM. So, packages listed here might not appear right away.
 
* jEdit, apcalc, ant, antlr added 2009-10-31 (Sam Payson)
 
* Java runtime in Firefox --[[User:Mccarrms|Matt]] 09:12, 3 February 2010 (EST)
 
* Adblock plus in firefox on csguest account --[[User:Mccarrms|Matt]] 16:57, 8 February 2010 (EST)
 
* Keep history until user logs closes firefox on csguest account --[[User:Mccarrms|Matt]] 16:57, 8 February 2010 (EST)
 
* Install chromium and add extensions such that browsing experience is the same as Firefox. -- [[User:deshantm|Todd]]
 
* Remove all bittorrent clients. We had some problems last year with people downloading illegal items on lab PCs and removing the clients helps to discourage usage.--[[User:Mccarrms|Matt]] 00:25, 3 March 2010 (EST)
 
* Enable headphone jack sense.
 
   
  +
libccid pcscd lldb
===Next Version===
 
Here is a list of features, etc. that I'm going to add to the next lab build. Please add feature requests to the `Requests' section.
 
* update the metapackage
 
** (create .debs for?) extra programs: VMWare player (not open source, shenanigans, etc)
 
** extra packages:
 
* BUG: cleardesktop - directories created are of the correct date, but that looks odd if the script runs after midnight. Maybe just dump everything in a directory and only remove files older than one week?
 
* add kiosckar support (non cosi-vr machines can use spice over the internal network to connect to VMs running on the cosi-vr machines)
 
** SPICE for Windows XP VM
 
** KVM GPL Windows XP Block driver (update) for Windows XP VM
 
* Lots of fun network config
 
** set static IPs for each machine using list of MACs
 
** set up a clonezilla server (drbl) for ease of cloning
 
** configure iptables to block all incoming ports (except for specific allowances, such as ssh and http/https)
 
** configure SSH to only accept incoming messages on the 128.153.144 subnet - if off-campus go through isengard or polairs
 
** /etc/resolv.conf hax (See Matt's requests)
 
   
  +
==Needed additions to cosify.sh==
== Lab Build Configuration ==
 
  +
These things should be added to the cosify script. At the moment they must be done manually.
=== Installation ===
 
  +
* Reformat swap partition as swap so that it will be swap again (not sure why this is a problem, but it is)
  +
* Modify /etc/fstab
  +
* Replace eth1 with eth0 in /etc/network/interfaces
   
  +
= Initial Configuration =
''WARNING'': This guide is partially deprecated. I will remove this warning when all is well once again.
 
  +
== Installation ==
  +
Clone the stock ITL image with clonezilla, install other software, and whatever other changes are in that script at the moment. Presently, this includes:
   
  +
* Allowing the "sudo" group to bypass password authentication.
Here are the steps to setting up the lab build. I will assume that the metapackage is already set up and hosted in a repository.
 
  +
* Adding "csguest" to "sudo".
  +
* Changing the root password to the COSI build standard. ('''Warning:''' This password is visible to anyone who can read the file; thus, the file is intentionally rwx only to root.)
   
  +
Note that adding a user to a group does not affect existing sessions; this is a long-standing Linux (and probably *NIX) behavior (in that groups for users are only generated on login). This will cause issues with "sudo" for the logged-in csguest session, assuming it is from there that the script is run for the first time. You may want to use either "su" to root or "su csguest" to log in again with the new group memberships. The problem will be fixed on the next login.
* Boot a single machine using the standard Ubuntu liveCD. Install to hard drive, creating a 100M /boot partition (I used ext2), 1G of swap, and allocate the rest of the disk as / (I used ext4).
 
* Create user csadmin with a secure password; the root and csguest users will be set up later. Complete any post-installation administrative tasks as required by the installer, such as setting the timezone. Be sure to specify that csadmin does NOT log in automatically without entering the password. Set the hostname as cosi-<machine number>, like they're labeled. Get to an installed system in ready state at the desktop.
 
* Modify the file <tt>/etc/apt/sources.list</tt>. This is apt's repository configuration file. It is to be changed such that apt downloads packages from [[Mirror]]. Perform the following steps:
 
** Do a search/replace: replace all instances of <tt>http://us.archive.ubuntu.com</tt> with <tt>http://mirror.clarkson.edu</tt>. Also replace <tt>http://security.ubuntu.com</tt> with <tt>http://mirror.clarkson.edu</tt>.
 
** Uncomment the `universe' and `metaverse' repositories if they aren't already uncommented.
 
** Add the line <pre>deb http://lab-build.cslabs.clarkson.edu/apt karmic main</pre>The URL should point the the current location that hosts the metapackage.
 
* Run <pre>sudo apt-get update</pre> to update apt's list of installable packages. You can check for errors in sources.list by looking over the output.
 
* Run <pre>sudo apt-get -y upgrade</pre> to install the latest version of all default packages. Make sure everything is upgraded to the latest version before continuing.
 
* Run <pre>sudo apt-get -y install cosi-metapackage</pre> to install all packages specified by the metapackage. This will take a while! Sun Java forces you to accept a license agreement before it's installed, so you'll have to hang around at least until that point. After that, the process should be automatic, so don't bother hanging around waiting for it. The metapackage will also perform limited configuration steps, such as creating the script directory <tt>/etc/cosi-scripts/</tt> (see Metapackage->postinst).
 
=== Environment Setup ===
 
* Install programs that can't be handled by the metapackage.
 
** Install Alloy Analyzer. Go to <tt>http://alloy.mit.edu/alloy4/</tt> and download the latest .jar file for Alloy Analyzer. Store this .jar file in <tt>/usr/bin/</tt> and add a launcher to the gnome applications list that executes<pre>java -jar /usr/bin/alloy4.jar</pre>
 
** Install yices. Go to <tt>http://yices.csl.sri.com/download.shtml</tt> and download yices. Copy the directory to <tt>/usr/bin</tt> and create a symlink from the executable (<tt>.../yices-directory/bin/yices</tt> to <tt>/usr/bin</tt>. Now yices can be invoked from any command line!
 
** Install piVC. Go to <tt>http://theory.stanford.edu/~arbrad/pivc/download/index.html</tt> and download the tarfile. Extract it and, following the directions on the webpage, run <tt>./configure</tt> to generate a binary. Copy over the yices binary and then move the whole thing to <tt>/usr/bin</tt>. As with yices, make a nice convenient symlink (and also add a nice convenient menu entry).
 
* Make configuration changes that can't be performed by postinst
 
** The root user can be enabled from System->Administration->Users and Groups. Create standard unprivileged user csguest (without sudo privileges) and set their account to automatically log in from System->Administration->Login Window.
 
** Set up <tt>metapackage_update.sh</tt> and <tt>cleardesktop.sh</tt>. Follow the instructions that accompany each script in the `Scripts' section.
 
** Set up subversion's .config file so that passwords aren't stored:
 
<pre>
 
[auth]
 
store-passwords = no
 
store-auth-creds = no</pre>
 
** Remove the irritating console beep with an even more irritating sudo command <pre>echo blacklist pcspkr | sudo tee -a /etc/modprobe.d/blacklist.conf > /dev/null</pre> or if you're <s>not insane</s> root, <pre>echo blacklist pcspkr >> /etc/modprobe.d/blacklist.conf</pre>
 
** Set Firefox homepage to http://www.google.com and set it to ask the user to clear their session data when Firefox is closed. Add convenient bookmark for <tt>http://print.cslabs.clarkson.edu</tt>.
 
** Disable all sounds from System->Preferences->Sound. Also remove GNOME login sound from Startup Programs.
 
** If ssh is to be left open, install package denyhosts and modify <tt>/etc/denyhosts</tt> to your satisfaction.
 
** Install the Chromium browser. It can be downloaded as a .deb from <tt>http://www.google.com/chrome</tt>. Add extensions to mimic Firefox browsing experience.
 
** Finally, set up the desktop (widgets, stuff in the taskbars, etc) as you see fit.
 
* When the build is fully set up and configured, use clonezilla to create an image to clone from. Leave it on a server, then use the clonezilla livecd to clone out, reading from the server. Remove the file <tt>/etc/udev/rules.d/70-persistent-net.rules</tt> before making the initial image that will be cloned from.
 
   
== Scripts ==
+
== NFS Shenanigans ==
  +
As of January 16th, 2016, extra steps may be required to ensure the COSI build will connect to our network storage over NFS.
This section will contain scripts useful to the Lab Build.
 
   
  +
* All network interfaces must be auto in /etc/network/interfaces. For faster boot times, ensure that the interface is actually connected. Certain computers may need to have their network configuration edited from the image.
''WARNING'': These scripts are also partially deprecated. I'll put the most recent ones up when they become stable, and at that point remove this warning.
 
  +
* This [http://unix.stackexchange.com/a/217768 systemd service] must be added and enabled to ensure that the network is actually online before attempting to mount NFS. It may be included in debian's ifupdown package soon.
  +
* /etc/default/nfs-common should contain:
  +
<pre>NEED_STATD=no
  +
STATDOPTS=
  +
NEED_IDMAPD=no
  +
NEED_GSSD=yes</pre>
  +
* The NFS options should be as follows:
  +
<pre>vers=3,sec=krb5i,nolock,x-systemd.automount</pre>
   
==== Notes ====
+
== Post Install Config ==
  +
Finally, whenever recloning images, the principle on the image is host/cosi-01.cslabs.clarkson.edu and should be changed to match the computer number by entering the following commands as someone with admin credentials on Kerberos:
* Unless stated otherwise, all scripts reside in <tt>/etc/cosi-scripts/</tt>.
 
   
==== Desktop Cleaning ====
 
This script moves all files in <tt>/home/csguest/Desktop/</tt> to <tt>/home/csguest/cleandesktop/[date]</tt>. Only files from the last 7 days are kept.
 
 
===== Setup =====
 
To install this, just install the metapackage (or, more specifically, install the package `cleardesktop' present in the COSI respository. Then, add it to csguest's crontab:
 
* Create file <tt>/etc/cron.allow</tt> and add the line <tt>csguest</tt> followed by a carriage return.
 
* As csguest, invoke command `crontab -e'. Add the line
 
<pre>
 
0 4 * * * /etc/cosi-scripts/cleardesktop.sh
 
</pre>
 
to csguest's crontab, then save and exit. This example will run the script at 4:00 AM daily.
 
* Check the permissions. As root or with sudo, run:
 
 
<pre>
 
<pre>
  +
$ sudo kadmin -p <username>/admin
chown csguest.csguest /etc/cosi-scripts/cleardesktop.sh
 
  +
kadmin: ktrem host/cosi-01.cslabs.clarkson.edu
chmod +x /etc/cosi-scripts/cleardesktop.sh
 
  +
kadmin: ktadd host/cosi-0#.cslabs.clarkson.edu
  +
kadmin: q
 
</pre>
 
</pre>
* That's it. If you want to test that the script is executing properly, set it to run every minute.
 
   
  +
and reboot to clear the cache and you are all set.
===== cleardesktop.sh =====
 
<source lang="bash">
 
#!/bin/bash
 
   
  +
[[Category:Lab Builds]]
# should have used regex
 
# but my sed-fu is weak, awk
 
# method is bogus
 
   
# deletes any directory that's older than the 7th oldest directory present (in /home/csguest/cleandesktop)
 
removedirs()
 
{
 
mkdir /home/csguest/cleandesktop_tmp/
 
DIRS=`ls /home/csguest/cleandesktop/ -xr -w 10000 | awk '{print $1 " " $2 " " $3 " " $4 " " $5 " " $6 " " $7}'`
 
for dir in $DIRS
 
do
 
mv /home/csguest/cleandesktop/$dir /home/csguest/cleandesktop_tmp/
 
done
 
   
rm -rf /home/csguest/cleandesktop/*
 
   
  +
=New Lab Build (April 4, 2016)=
for dir in $DIRS
 
do
 
mv /home/csguest/cleandesktop_tmp/$dir /home/csguest/cleandesktop/
 
done
 
   
  +
Start with a Debian Jessie iso, install (xfce and lxde), and then do a dist upgrade
rmdir /home/csguest/cleandesktop_tmp
 
}
 
   
# makes the backup directory containing all files on the Desktop
 
move_desktop_files()
 
{
 
DATE=`date +%Y-%m-%d`
 
mkdir /home/csguest/cleandesktop/$DATE
 
mv /home/csguest/Desktop/* /home/csguest/cleandesktop/$DATE/
 
}
 
 
# make cleandesktop dir
 
# for if it does not exist
 
# script fails completely
 
 
if [ ! -d /home/csguest/cleandesktop ]; then
 
mkdir /home/csguest/cleandesktop
 
fi
 
 
# ask the user if they want to stop the script from running
 
export DISPLAY=:0.0
 
zenity --question --timeout 60 --title "Danger, Will Robinson!" --text "The Desktop cleaning script is about to run. When it does, all files on the desktop will be moved to /home/csguest/cleandesktop/[today\'s date]. \n\n If you want to STOP the script and leave files on the desktop, hit \'OK\'. Otherwise, hit \'Cancel\' to dismiss this message."
 
 
if [ $? == 0 ]; then
 
# somebody's still using the machine
 
DATE=`date +%Y-%m-%d`
 
# not strictly necessary to even create this directory, but it will keep things neat, so
 
# there will always be a week's worth of directories even if some are empty
 
# (that is, if this computer is not shut off)
 
mkdir /home/csguest/cleandesktop/$DATE
 
removedirs
 
exit
 
fi
 
 
# nobody home, perform the desktop cleaning
 
move_desktop_files
 
removedirs
 
 
exit
 
</source>
 
 
==== Automatic Updates ====
 
This simple script updates all installed packages, and reinstalls the metapackage so as to pull in any new packages that may have been added. Add this to root's crontab, and make sure it's executable.
 
 
===== metapackage_upgrade.sh =====
 
<source lang="bash">
 
#!/bin/bash
 
 
# this script installs new packages added to the metapackge, and upgrades system packages
 
# purging the metapackage doesn't remove anything but the metapackage!
 
# ...it's necessary to do this in order for the postinst script to run at every update
 
 
/usr/bin/apt-get -y update
 
/usr/bin/apt-get -y purge cosi-metapackage-karmic
 
/usr/bin/apt-get -y --force-yes install cosi-metapackage-karmic
 
/usr/bin/apt-get -y upgrade
 
 
exit
 
</source>
 
 
====net_setup.sh====
 
This sets static IPs based upon a table of known MAC addresses. It also sets the hostname.
 
<source lang="bash">
 
#!/bin/bash
 
 
my_mac=`ifconfig | grep eth0 | awk '{print $5}'`
 
echo "detected mac $my_mac"
 
 
my_hostname=`grep $my_mac mac_addresses.csv | awk -F, '{print $1}'`
 
echo "my hostname should be set to $my_hostname"
 
 
 
my_eth0_ip=`grep ^$my_hostname mac_addresses.csv | awk -F, '{print $4}'`
 
my_eth1_ip=`grep ^$my_hostname mac_addresses.csv | awk -F, '{print $5}'`
 
my_eth0_mac=`grep ^$my_hostname mac_addresses.csv | awk -F, '{print $2}'`
 
my_eth1_mac=`grep ^$my_hostname mac_addresses.csv | awk -F, '{print $3}'`
 
 
 
cat > /etc/hosts <<EOF
 
127.0.0.1 localhost
 
127.0.1.1 $my_hostname
 
EOF
 
 
cat > /etc/hostname <<EOF
 
$my_hostname
 
EOF
 
 
cat > /etc/network/interfaces <<EOF
 
auto lo
 
iface lo inet loopback
 
 
auto eth0
 
iface eth0 inet static
 
address $my_eth0_ip
 
gateway 128.153.144.1
 
netmask 255.255.254.0
 
nameserver 128.153.0.254
 
search clarkson.edu
 
 
auto eth1
 
iface eth1 inet static
 
address $my_eth1_ip
 
gateway 192.168.44.1
 
netmask 255.255.254.0
 
 
EOF
 
 
cat > /etc/udev/rules.d/70-persistent-net.rules <<EOF
 
 
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="$my_eth0_mac", ATTR{type}=="1", KERNEL=="eth*", NAME="eth0"
 
 
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="$my_eth1_mac", ATTR{type}=="1", KERNEL=="eth*", NAME="eth1"
 
 
EOF
 
</source>
 
 
====hostname_setup.sh====
 
This is a subset of the functionality provided by net_setup.sh. It uses DHCP to acquire IPs and sets only the hostname (based on the MAC address).
 
<source lang="bash">
 
#!/bin/bash
 
 
macaddrs="/root/bin/mac_addresses.csv"
 
 
my_mac=`/sbin/ifconfig -a | grep eth0 | awk '{print $5}'`
 
echo "detected mac $my_mac"
 
 
my_hostname=`grep $my_mac $macaddrs | awk -F, '{print $1}'`
 
echo "my hostname should be set to $my_hostname"
 
 
cat > /etc/hosts <<EOF
 
127.0.0.1 localhost
 
127.0.1.1 $my_hostname
 
EOF
 
 
cat > /etc/hostname <<EOF
 
$my_hostname
 
EOF
 
 
exit
 
</source>
 
 
====mac_addresses.csv====
 
 
<pre>
 
<pre>
  +
apt-get update
cosi-01,00:11:25:f6:15:22,00:14:6c:2e:49:e0,128.153.144.141,10.0.0.51
 
  +
apt dist-upgrade
cosi-02,00:11:25:f6:5c:13,00:0f:b5:fd:a4:00,128.153.144.142,10.0.0.52
 
  +
apt autoremove
cosi-03,00:11:25:f6:52:95,00:0f:b5:fe:4b:e5,128.153.144.143,10.0.0.53
 
cosi-04,00:11:25:f6:5d:c9,00:0f:b5:fb:77:da,128.153.144.144,10.0.0.54
 
cosi-05,00:11:25:f6:70:7a,00:0f:b5:8f:9d:67,128.153.144.145,10.0.0.55
 
cosi-06,00:11:25:f6:5d:7c,00:0f:b5:fb:9f:81,128.153.144.146,10.0.0.56
 
cosi-07,00:11:25:f6:70:8c,00:0f:b5:f8:75:db,128.153.144.147,10.0.0.57
 
cosi-08,00:11:25:f6:67:9c,00:0f:b5:47:a7:d5,128.153.144.148,10.0.0.58
 
cosi-09,00:11:25:f6:2f:c1,00:14:6c:2e:47:df,128.153.144.149,10.0.0.59
 
cosi-10,00:11:25:f6:5b:2e,00:14:6c:2e:49:e0,128.153.144.150,10.0.0.60
 
vr-cosi-01,00:1a:a0:a9:62:88,00:18:4d:f0:0f:a4,128.153.144.151,10.0.0.61
 
vr-cosi-02,00:1a:a0:a9:f4:f1,00:18:4d:f0:0e:43,128.153.144.152,10.0.0.62
 
vr-cosi-03,00:1a:a0:a9:f2:81,00:18:4d:f0:19:07,128.153.144.153,10.0.0.63
 
vr-cosi-04,00:1a:a0:a9:f5:32,00:18:4d:f0:0a:4a,128.153.144.154,10.0.0.64
 
vr-cosi-05,00:1a:a0:a9:f5:0a,00:18:4d:f0:11:17,128.153.144.155,10.0.0.65
 
vr-cosi-06,00:1a:a0:a9:60:e2,00:18:4d:f0:10:f5,128.153.144.156,10.0.0.66
 
 
</pre>
 
</pre>
   
  +
and start installing utils:
==== Postinst ====
 
This is the postinst for the cosi-metapackage. All it does is check against a file to see if post-installation tasks have been performed yet. It is used when setting up the metapackage.
 
   
<source lang="bash">
 
#!/bin/bash
 
 
# script directory
 
D="/etc/cosi-scripts/"
 
 
# file to check against
 
F="/etc/cosi-scripts/postinst_check"
 
 
# check if these exist
 
if [ ! -d "$D" ]; then
 
mkdir $D
 
fi
 
 
if [ ! -e "$F" ]; then
 
touch $F
 
fi
 
 
# change default jre to sun java
 
S=`/bin/cat $F | grep sun-java6-jdk`
 
if [ "$S" != "sun-java6-jdk" ]; then
 
update-java-alternatives -s java-6-sun
 
echo sun-java6-jdk >> $F
 
fi
 
 
 
# NuSMV requires this symlink
 
S=`/bin/cat $F | grep nusmv`
 
if [ "$S" != "nusmv" ]; then
 
ln -s /usr/lib/libexpat.so /usr/lib/libexpat.so.0
 
echo nusmv >> $F
 
fi
 
 
exit
 
</source>
 
 
==The Metapackage==
 
 
''WARNING'': Code snippets are deprecated, but the procedure is correct. I'll remove this when everything's up to date.
 
 
===Overview===
 
The metapackage is nothing but a Debian package (that is, it's installable with apt-get) that itself installs other packages. The idea is that, rather than expend lots of bandwidth and cause premature wear on hard drives by re-cloning every time packages are added to the lab build, each machine can keep itself up to date by reinstalling the metapackage (which itself can be easily updated to contain the new packages).
 
 
====Benefits====
 
* Cloning takes time and puts strain on the hardware if performed frequently. Using a metapackage, each machine will only perform the minimum amount of work necessary to stay updated, and need not be taken out of commission while cloning occurs.
 
* The metapackage itself is a convenient list of the software composing the lab build.
 
* A lab build VM need not exist to clone from. This leaves more room free for other projects requiring VMs.
 
 
====Drawbacks====
 
* The machines will still have to be cloned if there are non-trivial configuration changes.
 
* Some software is not distributed as a Debian package and cannot be included in the metapackage. Such software must be handled on an individual basis and cloned out if a .deb cannot be created.
 
 
====The Current Metapackage====
 
Right now, the metapackage is hosted on web2: <tt>http://lab-build.cslabs.clarkson.edu/apt/</tt>. The directory is: <tt>/var/lab_build-www/apt</tt>.
 
 
===Setup===
 
There are two main components of the metapackage system. First is the metapackage itself, which will be created with <tt>dpkg</tt>. Second is the repository, which will be created and managed with <tt>reprepro</tt>.
 
 
====Creating a Metapackage====
 
The general idea is to create a directory structure that can be understood by dpkg, then to write the <tt>control</tt> (and <tt>postinst</tt>) files to describe the metapackage. Finally, <tt>dpkg</tt> will be used to create a .deb file.
 
* Create the following directory structure: <pre>../cosi-metapackage-<version>/DEBIAN</pre>
 
* Inside the DEBIAN directory, create file <tt>control</tt>. This textfile will describe the metapackage. A sample control file is given below:
 
 
<pre>
 
<pre>
  +
apt install lxdm
Package: cosi-metapackage
 
Version: <version number>
 
Section: main
 
Priority: optional
 
Architecture: i386
 
Depends: list, of, packages, to, install, here
 
Conflicts: packages, to, be, removed
 
Replaces: packages, to, be, removed
 
Maintainer: <name>
 
Description: Text describing the package
 
 
</pre>
 
</pre>
  +
Select lxdm as the default dm.
* To add packages to the metapackage, list them under `Depends'. To ensure that certain packages are not installed, or to remove them, add the package name to BOTH `Conflicts' and `Replaces'.
 
* Create file (<tt>postinst</tt>) in the DEBIAN directory. This file will be executed as a script after all of the packages in `Depends' have been installed. It will be used to configure packages that might not be ready-to-run right after being installed. If any packages need this extra step, add the relevant bash commands to this script. A copy of the current postinst can be found in the scripts section.
 
* Return to the directory two levels above DEBIAN. If you don't, <tt>dpkg</tt> will still work if you give it the relative pathname to directory <tt>cosi-metapackage-<version>/</tt>.
 
* Run <pre>dpkg --build cosi-metapackage-<version>/ cosi-metapackage-<version>.deb</pre>which will create in the working directory the .deb file to added to the repository.
 
   
====Creating a Repository====
 
* Create a directory for the repository to use. Inside it, create directory <tt>conf</tt>. Inside that, create file <tt>distributions</tt>.
 
* Fill out the <tt>distributions</tt> file with information defining the repository. A sample (the current distributions file) is given below:
 
 
<pre>
 
<pre>
  +
apt install xfce4-pulseaudio-plugin arandr gparted vim emacs octave virtualbox virtualbox-ext-pack
Origin: <maintainer name>
 
  +
apt install codeblocks eclipse blender dia gimp openscad wireshark chromium vlc audacity texmaker htop
Label: COSI Lab Build repository
 
  +
apt install openjdk-8-jdk software-properties-common
Suite: stable
 
  +
add-apt-repository ppa:webupd8team/java
Codename: karmic
 
  +
apt-get update
Version: 9.10
 
  +
apt install oracle-java8-installer nmap
Architectures: i386
 
Components: main
 
Description: Text description
 
 
</pre>
 
</pre>
* The `Components' field must match the metapackage .deb's control file, otherwise you won't be able to add it to the repository.
 
* From the base repository directory, run <pre>sudo reprepro includedeb <version> /path/to/cosi-metapackage-<version>.deb</pre>
 
* If all goes well, you can now point the <tt>sources.list</tt> file to the base repository directory, and be able to install the metapackage using apt.
 
* If a package must be removed from the repository, run<pre>sudo reprepro remove <version> <packagename></pre>
 
   
  +
==Central Auth==
   
  +
[[How to add Kerberos to a Debian Machine]]
[[Category:Lab Builds]]
 
  +
  +
Also - The [[COSI Arch Build]] page can help a bunch in the way of simpler documentation, but be warned, the PAM stacks are very different in file strucutre.

Latest revision as of 08:50, 8 September 2017

COSI Linux Build
Contact Person: Xperia64
Last Update: Summer 2016
Services: Linux Image for COSI


Introduction

This page summarizes how to set up and maintain the COSI Linux Build.

The lab build was once a separate project from the ITL Linux Build, but to reduce maintenance work, the ITL build is now the primary effort, and it serves well enough as the COSI lab build once several minor adjustments are made. The script /root/cosify.sh is stored in the ITL image, which can be run as root to prepare the image for use in COSI as opposed to the ITL. This script is maintained along with the ITL image itself.

The ITL image is currently running on Xubuntu 17.04.

Project Members

Current Maintainer

Past Maintainers

Software Requests

Requests for software for in COSI can go below, but please add requests for software in the ITL on the ITL Linux page. Software that belongs in COSI but not in the ITL can be installed by the "cosify.sh" script.

Software needed to be added to a img:

libccid pcscd lldb

Needed additions to cosify.sh

These things should be added to the cosify script. At the moment they must be done manually.

  • Reformat swap partition as swap so that it will be swap again (not sure why this is a problem, but it is)
  • Modify /etc/fstab
  • Replace eth1 with eth0 in /etc/network/interfaces

Initial Configuration

Installation

Clone the stock ITL image with clonezilla, install other software, and whatever other changes are in that script at the moment. Presently, this includes:

  • Allowing the "sudo" group to bypass password authentication.
  • Adding "csguest" to "sudo".
  • Changing the root password to the COSI build standard. (Warning: This password is visible to anyone who can read the file; thus, the file is intentionally rwx only to root.)

Note that adding a user to a group does not affect existing sessions; this is a long-standing Linux (and probably *NIX) behavior (in that groups for users are only generated on login). This will cause issues with "sudo" for the logged-in csguest session, assuming it is from there that the script is run for the first time. You may want to use either "su" to root or "su csguest" to log in again with the new group memberships. The problem will be fixed on the next login.

NFS Shenanigans

As of January 16th, 2016, extra steps may be required to ensure the COSI build will connect to our network storage over NFS.

  • All network interfaces must be auto in /etc/network/interfaces. For faster boot times, ensure that the interface is actually connected. Certain computers may need to have their network configuration edited from the image.
  • This systemd service must be added and enabled to ensure that the network is actually online before attempting to mount NFS. It may be included in debian's ifupdown package soon.
  • /etc/default/nfs-common should contain:
NEED_STATD=no
STATDOPTS=
NEED_IDMAPD=no
NEED_GSSD=yes
  • The NFS options should be as follows:
vers=3,sec=krb5i,nolock,x-systemd.automount

Post Install Config

Finally, whenever recloning images, the principle on the image is host/cosi-01.cslabs.clarkson.edu and should be changed to match the computer number by entering the following commands as someone with admin credentials on Kerberos:

$ sudo kadmin -p <username>/admin
kadmin: ktrem host/cosi-01.cslabs.clarkson.edu
kadmin: ktadd host/cosi-0#.cslabs.clarkson.edu
kadmin: q

and reboot to clear the cache and you are all set.


New Lab Build (April 4, 2016)

Start with a Debian Jessie iso, install (xfce and lxde), and then do a dist upgrade

apt-get update
apt dist-upgrade
apt autoremove

and start installing utils:

apt install lxdm

Select lxdm as the default dm.

apt install xfce4-pulseaudio-plugin arandr gparted vim emacs octave virtualbox virtualbox-ext-pack
apt install codeblocks eclipse blender dia gimp openscad wireshark chromium vlc audacity texmaker htop
apt install openjdk-8-jdk software-properties-common
add-apt-repository ppa:webupd8team/java
apt-get update
apt install oracle-java8-installer nmap

Central Auth

How to add Kerberos to a Debian Machine

Also - The COSI Arch Build page can help a bunch in the way of simpler documentation, but be warned, the PAM stacks are very different in file strucutre.