Difference between revisions of "COSI Linux Build"

From CSLabsWiki
(Pending: added screen)
(net-setup.sh: fixed incorrect gateway ip)
Line 200: Line 200:
 
iface eth0 inet static
 
iface eth0 inet static
 
address $eth0_ip
 
address $eth0_ip
  +
netmask 255.255.255.0
gateway 192.168.144.1
 
netmask 255.255.254.0
 
   
 
auto eth1
 
auto eth1
Line 207: Line 206:
 
address $eth1_ip
 
address $eth1_ip
 
gateway 128.153.144.1
 
gateway 128.153.144.1
netmask 255.255.254.0
+
netmask 255.255.255.0
 
EOF
 
EOF
   

Revision as of 18:21, 28 February 2011

Introduction

This page summarizes how to set up and maintain the COSI Lab Build.

The Lab Build is based off of Ubuntu 10.04 ("lucid lynx"). It employs a `metapackage' repository (currently hosted by web2) to keep track of all packages that should be installed. This way, when a user requests that a new package be installed, it is easy to update all of the machines - just add the requested package to the metapackage, which all lab build computers will update from overnight. Please see the `metapackage' section for more information. The metapackage is combined with periodic cloning via clonezilla, in order to push configuration changes.


Project Members

Current Maintainer

Past Maintainers

Requests

Enter requests for the Lab Build here. If the request is available through apt, it will be added to the metapackage and the package will show up the next day if the machine is left running overnight. If the request is not available as a package, it will be added the next time the lab build is cloned out. Please leave your name when you make a request. Alternatively, you can email the maintainer.

Pending

Please list requests here.

Long-Term Plan

This is a list of features that I might add in the future. If you would really like to see one of these implemented, make a feature request.

  • Set up a clonezilla server (drbl) for ease of cloning (this will depend upon whether or not the COSI and ITL subnets are merged).
  • Configure iptables to block all incoming ports (except for specific allowances, such as ssh and http/https). (Have already set /etc/hosts.{deny,allow} so this isn't critical.)
  • Use the lab machines to test the VDI/Spice Project.

Initial Configuration

Installation

Here are the steps to setting up the lab build. I will assume that the metapackage is already set up and hosted in a repository.

  • Boot a single machine using the x86_64 Ubuntu liveCD. Install to the primary hard drive (WD), creating a 100M /boot partition (I used ext2), 1G of swap, and allocate the rest of the disk as / (I used ext4). The second hard drive will get a single partition (I used xfs). Only the primary drive will be cloned over, the secondary drive acts as persistent storage. Be sure that persistent storage gets mounted at /storage.
  • Create user csadmin. This account will have sudo privileges, so give it a password to be distributed amongst members of COSI. root (password known only to maintainer) and csguest user (standard password) will be set up later.
  • Complete any post-installation administrative tasks as required by the installer, such as setting the timezone. Be sure to specify that csadmin does NOT log in automatically without entering the password. Set the hostname as cosi-<machine number>, like they're labeled. Get to an installed system in ready state at the desktop.
  • Modify the file /etc/apt/sources.list. This is apt's repository configuration file. It is to be changed such that apt downloads packages from Mirror. Perform the following steps:
  • Run
    sudo apt-get update
    to update apt's list of installable packages. You can check for errors in sources.list by looking over the output.
  • Run
    sudo apt-get -y upgrade
    to install the latest version of all default packages. Make sure everything is upgraded to the latest version before continuing.
  • Run
    sudo apt-get -y install cosi-metapackage
    to install all packages specified by the metapackage. This will take a while! Sun Java forces you to accept a license agreement before it's installed, so you'll have to hang around at least until that point. After that, the process should be automatic, so don't bother hanging around waiting for it. The metapackage will also perform limited configuration steps, such as creating the script directory /etc/cosi-scripts/ (see Metapackage->postinst).

Security

  • Explicitly prevent all incoming connections. In /etc/hosts.deny:
ALL: ALL
  • Add exceptions allowing connections from localhost, the cslabs subnet, and the COSI internal network. In /etc/hosts.allow:
ALL: 127.0.0.1 128.153.145. 10.0.0.
  • If ssh is to be left open, install package denyhosts and modify /etc/denyhosts to your satisfaction.

Applications

  • Install Alloy Analyzer. Go to http://alloy.mit.edu/alloy4/ and download the latest .jar file for Alloy Analyzer. Store this .jar file in /usr/bin/ and add a launcher to the gnome applications list that executes
    java -jar /usr/bin/alloy4.jar
  • Install yices. Go to http://yices.csl.sri.com/download.shtml and download yices. Copy the directory to /usr/bin and create a symlink from the executable (.../yices-directory/bin/yices to /usr/bin. Now yices can be invoked from any command line!
  • Install piVC. Go to http://theory.stanford.edu/~arbrad/pivc/download/index.html and download the tarfile. Extract it and, following the directions on the webpage, run ./configure to generate a binary. Copy over the yices binary and then move the whole thing to /usr/bin. As with yices, make a nice convenient symlink (and also add a nice convenient menu entry).
  • Install the Chromium browser. Add extensions to mimic Firefox browsing experience.
  • Remove all ubuntu ONE and gwibber packages.
  • Install the electricsheep screensaver, it's available in the repositories. Download a copy of the sheep starter pack to persistent storage in the directory /storage/.electricsheep, then create a symlink from /home/csguest/.electricsheep to it. Now, each machine will have its own store of sheep that won't get overwritten when the machines are cloned; each machine can develop differently! Don't forget to set the screensaver to electricsheep.

Users

  • The root user can be enabled from System->Administration->Users and Groups (or do it from the command line). Create standard user csguest (without sudo privileges) and set their account to automatically log in. csguest's password should be "cspassword".

Environment

  • Set up subversion's .config file so that passwords aren't stored:
[auth]
store-passwords = no
store-auth-creds = no
  • Remove the irritating console beep with an even more irritating sudo command
    echo blacklist pcspkr | sudo tee -a /etc/modprobe.d/blacklist.conf > /dev/null
    or if you're not insane root,
    echo blacklist pcspkr >> /etc/modprobe.d/blacklist.conf
  • Set Firefox homepage to http://www.google.com and set it to ask the user to clear their session data when Firefox is closed. Add convenient bookmarks for http://print.cslabs.clarkson.edu and other COSI sites. Install addons where appropriate (I used adblock, download statusbar, extended statusbar, firebug, tab progress bar, tab mix plus, and beef taco).
  • Remove GNOME login sound from Startup Programs and make sure system sounds are disabled. Also, test that sound works properly.
  • Change bootsplash to something more cosi-related ([1], [2])
  • Set up the desktop (widgets, stuff in the taskbars, etc) as you see fit. Make the terminal's default color black, most people prefer that. If you want to be fancy, make a colored bash prompt.

Network

  • Remove all NetworkManager packages.
  • All network settings are controlled by scripts that run when the machines are first booted. See the Scripts section for information on how they are to be used.


Scripts

This section describes all scripts used by the lab build, as well as how they are to be deployed and used.

Configuration Notes

  • In order to easily make changes to the configuration scripts, a "master version" of each script will be stored on web2. Then, each machine fetches the latest version of the script before running it.
  • Naming convention: if "foo.sh" is a master script, then "run_foo.sh" is the script that fetches and executes foo.sh.
  • All "run_*.sh" scripts will be stored in /etc/cosi-scripts. The master scripts they fetch will be placed in /etc/cosi-scripts/tmp and are deleted after use.
  • All master scripts are stored on web2: http://lab-build.cslabs.clarkson.edu/cosi-scripts-store/lucid/.

Preparation

Create directories /etc/cosi-scripts and /etc/cosi-scripts/tmp. In /etc/cosi-scripts, put:

  • firstboot.sh
  • run_net-setup.sh
  • run_cleardesktop.sh
  • prepare_image.sh

The following should be available on web2:

Network

Because all COSI workstations have static IPs, certain configuration files are different from machine to machine. It is the job of these network scripts to re-create the relevant files on a per-machine basis, when the machines are first booted up after having been cloned. When creating an image be certain to run the prepare_image.sh script, to remove the relevant network configuration files. If you don't, networking won't work after cloning!

Though there are two NICs per machine, only the MAC address of motherboard's NIC can be used to reliably identify a machine (since the PCI NICs can be swapped around). Interfaces are identified as follows:

  • eth0 is the motherboard's NIC and should be connected to the COSI internal network (10.0.0.x, the green cord, or grey with green electrical tape).
  • eth1 is the PCI NIC and is connected to the CU network (128.153.144.x, cord without the green tape).

Installation

Place a copy of run_net-setup.sh and firstboot.sh in /etc/cosi-scripts and make them executable. Add the following line to the file /etc/rc.local:

/etc/cosi-scripts/firstboot.sh

This will cause firstboot.sh to run every time the computer boots. Be aware that it expects internet connectivity.

How it Works

When firstboot.sh runs, it looks for a flag placed in /etc/cosi-scripts by prepare_image.sh. If the flag is not there, it dies. If it finds the flag, it invokes run_net-setup.sh which grabs a copy of net-setup.sh and mac_addresses.csv, then runs net-setup.sh. net-setup.sh looks for the correct network settings in the csv based on the detected mac address. It then overwrites the following files:

  • /etc/network/interfaces
  • /etc/hostname
  • /etc/resolv.conf
  • /etc/hosts
  • /etc/udev/rules.d/70-persistent-net.rules

Finally, firstboot.sh removes the flag.

Scripts

net-setup.sh

<source lang="bash">

  1. !/bin/bash
  1. this script finds the machine's static IPs from a list,
  2. identifying the machine by it's motherboards' NIC
  3. it then configures the machine to use the static IPs

macaddrs="mac_addresses.csv"

system_eth0_mac=`ifconfig | grep eth0 | awk '{print $5}'` echo "detected eth0 as $system_eth0_mac"

system_eth1_mac=`ifconfig | grep eth1 | awk '{print $5}'` echo "detected eth1 as $system_eth1_mac"

hostname=`grep $system_eth0_mac $macaddrs | awk -F, '{print $1}'` eth0_mac="$system_eth0_mac" eth1_mac="$system_eth1_mac"

if [ -z $hostname ]; then hostname=`grep $system_eth1_mac $macaddrs | awk -F, '{print $1}'` eth0_mac="${system_eth1_mac}" eth1_mac="${system_eth0_mac}" fi

echo "detected hostname as $hostname" echo "authoritative eth0 mac is: $eth0_mac" echo "authoritative eth1 mac is: $eth1_mac"

eth0_ip=`grep ^$hostname $macaddrs | awk -F, '{print $4}'` echo "set eth0 ip as $eth0_ip"

eth1_ip=`grep ^$hostname $macaddrs | awk -F, '{print $3}'` echo "set eth1 ip as $eth1_ip"

cat > /etc/hostname <<EOF $hostname EOF

cat > /etc/hosts <<EOF 127.0.0.1 localhost 127.0.1.1 $hostname EOF

cat > /etc/network/interfaces <<EOF auto lo iface lo inet loopback

auto eth0 iface eth0 inet static address $eth0_ip netmask 255.255.255.0

auto eth1 iface eth1 inet static address $eth1_ip gateway 128.153.144.1 netmask 255.255.255.0 EOF

cat > /etc/udev/rules.d/70-persistent-net.rules <<EOF SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="$eth0_mac", ATTR{dev_id}=="0x0", ATTR{type}=="1", KERNEL=="eth*", NAME="eth0"

SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="$eth1_mac", ATTR{dev_id}=="0x0", ATTR{type}=="1", KERNEL=="eth*", NAME="eth1" EOF

cat > /etc/resolv.conf <<EOF search cslabs.clarkson.edu clarkson.edu nameserver 128.153.145.3 nameserver 128.153.145.4 EOF

exit </source>

run_net-setup.sh

<source lang="bash">

  1. !/bin/bash

cd /etc/cosi-scripts/tmp wget http://lab-build.cslabs.clarkson.edu/cosi-scripts-store/lucid/net-setup.sh wget http://lab-build.cslabs.clarkson.edu/cosi-scripts-store/lucid/mac_addresses.csv chmod +x net-setup.sh ./net-setup.sh rm -f net-setup.sh rm -f mac_addresses.csv

exit </source>

firstboot.sh

<source lang="bash">

  1. !/bin/bash

sleep 30

cd /etc/cosi-scripts/ if [ -e FIRSTBOOT_FLAG ]; then # we should have a dynamic IP already chmod +x run_net-setup.sh ./run_net-setup.sh rm FIRSTBOOT_FLAG reboot fi

exit </source>

mac_addresses.csv

<source lang="bash"> cosi-00,b8:ac:6f:3b:8a:36,128.153.144.140,10.0.0.50 cosi-01,b8:ac:6f:3b:92:7a,128.153.144.141,10.0.0.51 cosi-02,b8:ac:6f:38:ac:15,128.153.144.142,10.0.0.52 cosi-03,b8:ac:6f:3b:65:b3,128.153.144.143,10.0.0.53 cosi-04,b8:ac:6f:34:32:3c,128.153.144.144,10.0.0.54 cosi-05,b8:ac:6f:38:a4:41,128.153.144.145,10.0.0.54 cosi-06,b8:ac:6f:38:b9:8e,128.153.144.146,10.0.0.55 cosi-07,b8:ac:6f:3b:99:84,128.153.144.147,10.0.0.56 cosi-08,b8:ac:6f:38:ae:d2,128.153.144.148,10.0.0.57 cosi-09,b8:ac:6f:3b:90:31,128.153.144.149,10.0.0.59

vr-cosi-01,00:1a:a0:a9:62:88,128.153.144.151,10.0.0.61 vr-cosi-02,00:1a:a0:a9:f4:f1,128.153.144.152,10.0.0.62 vr-cosi-03,00:1a:a0:a9:f2:81,128.153.144.153,10.0.0.63 vr-cosi-04,00:1a:a0:a9:f5:32,128.153.144.154,10.0.0.64 vr-cosi-05,00:1a:a0:a9:f5:0a,128.153.144.155,10.0.0.65 vr-cosi-06,00:1a:a0:a9:60:e2,128.153.144.156,10.0.0.66 </source>

prepare_image.sh

<source lang="bash">

  1. !/bin/bash

cat > /etc/hostname <<EOF COSI-XX EOF

rm -f /etc/network/interfaces rm -f /etc/udev/rules.d/70-persistent-net.rules rm -f /etc/resolv.conf

touch /etc/cosi-scripts/FIRSTBOOT_FLAG

exit </source>

Desktop Cleaning

It is nice to keep lab machines' desktops tidy - their desktops don't have to reflect the state of the actual desks in the lab :). To that end, a script is used to clean off the desktops overnight, moving all files left there to the persistent storage drive.

Installation

Place a copy of run_cleardesktop.sh in /etc/cosi-scripts. Add the line 0 4 * * * ./etc/cosi-scripts/run_cleardesktop.sh to root's crontab.

How it Works

run_cleardesktop.sh gets cleardesktop.sh from web2. cleardesktop.sh prompts the user to cancel itself (in case someone is still using the machine), and if there is no reaction from the user, copies all files in /etc/csguest/Desktop to a timestamped directory in /storage/Desktop, then rm's all files on the Desktop.

Scripts

run_cleardesktop.sh

<source lang="bash">

  1. !/bin/bash

cd /etc/cosi-scripts/tmp wget http://lab-build.cslabs.clarkson.edu/cosi-scripts-store/lucid/cleardesktop.sh chmod +x cleardesktop.sh ./cleardesktop.sh rm -f cleardesktop.sh

exit </source>

cleardesktop.sh

<source lang="bash">

  1. !/bin/bash
  1. moves everything on the desktop to /storage/Desktop/<ts>

ts=`date --date="1 day ago" --rfc-3339="date"` targetdir="/storage/Desktop/${ts}/"

zenity --question --timeout 60 --title "Danger, Will Robinson!" --text "The desktop cleaning script is scheduled to run now. When it does, all files on the desktop will be moved to $targetdir.\n\nIf you want to STOP the script and leave files on the desktop, hit \'Yes\'. Otherwise, hit \'No\' to dismiss this message."

if [ $? == 0 ]; then

       # somebody's still using the machine
       exit

fi

mkdir $targetdir cd /home/csguest/Desktop mv * $targetdir chown -R csguest.csguest $targetdir

exit </source>

Updates and Metapackage

If machines are able to update themselves and automatically install new packages added to the metapackage, then they only need to be cloned to push out configuration updates. This script set is not yet used, but it will be soon. Scripts listed in this section are OLD and HAVE NOT BEEN TESTED.

Also, keep in mind that the metapackage has a postinst script.

Installation

Foo.

How it Works

Bar.

Scripts

metapackage-upgrade.sh

<source lang="bash">

  1. !/bin/bash
  1. this script installs new packages added to the metapackge, and upgrades system packages

/usr/bin/aptitude -y update /usr/bin/aptitude -y --allow-untrusted upgrade

exit </source>

run_metapackage-upgrade.sh

<source lang="bash">

  1. !/bin/bash

wget http://lab-build.cslabs.clarkson.edu/cosi-scripts-store/metapackage-upgrade.sh chmod +x metapackage-upgrade.sh ./metapackage-upgrade.sh rm -f metapackage-upgrade.sh

wget http://lab-build.cslabs.clarkson.edu/cosi-scripts-store/metapackage-postinst.sh chmod +x metapackage-postinst.sh ./metapackage-postinst.sh rm -f metapackage-postinst.sh

exit </source>

The Metapackage

Overview

The metapackage is nothing but a Debian package (that is, it's installable with apt-get) that itself installs other packages. The idea is that, rather than expend lots of bandwidth and cause premature wear on hard drives by re-cloning every time packages are added to the lab build, each machine can keep itself up to date by reinstalling the metapackage (which itself can be easily updated to contain the new packages).

Benefits

  • Cloning takes time and puts strain on the hardware if performed frequently. Using a metapackage, each machine will only perform the minimum amount of work necessary to stay updated, and need not be taken out of commission while cloning occurs.
  • The metapackage itself is a convenient list of the software composing the lab build.

Drawbacks

  • The machines will still have to be cloned if there are non-trivial configuration changes.
  • Some software is not distributed as a Debian package and cannot be included in the metapackage. Such software must be handled on an individual basis and cloned out if a .deb cannot be created.

Metapackage Configuration

Right now, the metapackage is hosted on web2: http://lab-build.cslabs.clarkson.edu/apt/. The directory is: /var/lab_build-www/apt.

Setup

There are two main components of the metapackage system. First is the metapackage itself, which will be created with dpkg. Second is the repository, which will be created and managed with reprepro.

Creating a Metapackage

The general idea is to create a directory structure that can be understood by dpkg, then to write the control (and postinst) files to describe the metapackage. Finally, dpkg will be used to create a .deb file.

  • Create the following directory structure:
    ../cosi-metapackage-<version>/DEBIAN
  • Inside the DEBIAN directory, create file control. This textfile will describe the metapackage. A sample control file is given below:
Package: cosi-metapackage
Version: <version number>
Section: main
Priority: optional
Architecture: amd64
Depends: list, of, packages, to, install, here
Conflicts: packages, to, be, removed
Replaces: packages, to, be, removed
Maintainer: <name>
Description: Text describing the package
  • To add packages to the metapackage, list them under `Depends'. To ensure that certain packages are not installed, or to remove them, add the package name to BOTH `Conflicts' and `Replaces'.
  • Create file (postinst) in the DEBIAN directory. This file will be executed as a script after all of the packages in `Depends' have been installed. It will be used to configure packages that might not be ready-to-run right after being installed. If any packages need this extra step, add the relevant bash commands to this script. A copy of the current postinst can be found in the scripts section.
  • Return to the directory two levels above DEBIAN. If you don't, dpkg will still work if you give it the relative pathname to directory cosi-metapackage-<version>/.
  • Run
    dpkg --build cosi-metapackage-<version>/ cosi-metapackage-<version>.deb
    which will create in the working directory the .deb file to added to the repository.

Creating a Repository

  • Create a directory for the repository to use. Inside it, create directory conf. Inside that, create file distributions.
  • Fill out the distributions file with information defining the repository. A sample (the current distributions file) is given below:
Origin: <maintainer name>
Label: COSI Lab Build repository
Suite: stable
Codename: lucid
Version: 10.10
Architectures: amd64
Components: main
Description: Text description
  • The `Components' field must match the metapackage .deb's control file, otherwise you won't be able to add it to the repository.
  • From the base repository directory, run
    sudo reprepro includedeb <version> /path/to/cosi-metapackage-<version>.deb
  • If all goes well, you can now point the sources.list file to the base repository directory, and be able to install the metapackage using apt.
  • If a package must be removed from the repository, run
    sudo reprepro remove <version> <packagename>