COSI Linux Build

From CSLabsWiki
Jump to: navigation, search
COSI Linux Build
Contact Person: Xperia64
Last Update: Summer 2016
Services: Linux Image for COSI


Introduction

This page summarizes how to set up and maintain the COSI Linux Build.

The lab build was once a separate project from the ITL Linux Build, but to reduce maintenance work, the ITL build is now the primary effort, and it serves well enough as the COSI lab build once several minor adjustments are made. The script /root/cosify.sh is stored in the ITL image, which can be run as root to prepare the image for use in COSI as opposed to the ITL. This script is maintained along with the ITL image itself.

The ITL image is currently running on Xubuntu 17.04.

Project Members

Current Maintainer

Past Maintainers

Software Requests

Requests for software for in COSI can go below, but please add requests for software in the ITL on the ITL Linux page. Software that belongs in COSI but not in the ITL can be installed by the "cosify.sh" script.

Software needed to be added to a img:

libccid pcscd lldb

Needed additions to cosify.sh

These things should be added to the cosify script. At the moment they must be done manually.

  • Reformat swap partition as swap so that it will be swap again (not sure why this is a problem, but it is)
  • Modify /etc/fstab
  • Replace eth1 with eth0 in /etc/network/interfaces

Initial Configuration

Installation

Clone the stock ITL image with clonezilla, install other software, and whatever other changes are in that script at the moment. Presently, this includes:

  • Allowing the "sudo" group to bypass password authentication.
  • Adding "csguest" to "sudo".
  • Changing the root password to the COSI build standard. (Warning: This password is visible to anyone who can read the file; thus, the file is intentionally rwx only to root.)

Note that adding a user to a group does not affect existing sessions; this is a long-standing Linux (and probably *NIX) behavior (in that groups for users are only generated on login). This will cause issues with "sudo" for the logged-in csguest session, assuming it is from there that the script is run for the first time. You may want to use either "su" to root or "su csguest" to log in again with the new group memberships. The problem will be fixed on the next login.

NFS Shenanigans

As of January 16th, 2016, extra steps may be required to ensure the COSI build will connect to our network storage over NFS.

  • All network interfaces must be auto in /etc/network/interfaces. For faster boot times, ensure that the interface is actually connected. Certain computers may need to have their network configuration edited from the image.
  • This systemd service must be added and enabled to ensure that the network is actually online before attempting to mount NFS. It may be included in debian's ifupdown package soon.
  • /etc/default/nfs-common should contain:
NEED_STATD=no
STATDOPTS=
NEED_IDMAPD=no
NEED_GSSD=yes
  • The NFS options should be as follows:
vers=3,sec=krb5i,nolock,x-systemd.automount

Post Install Config

Finally, whenever recloning images, the principle on the image is host/cosi-01.cslabs.clarkson.edu and should be changed to match the computer number by entering the following commands as someone with admin credentials on Kerberos:

$ sudo kadmin -p <username>/admin
kadmin: ktrem host/cosi-01.cslabs.clarkson.edu
kadmin: ktadd host/cosi-0#.cslabs.clarkson.edu
kadmin: q

and reboot to clear the cache and you are all set.


New Lab Build (April 4, 2016)

Start with a Debian Jessie iso, install (xfce and lxde), and then do a dist upgrade

apt-get update
apt dist-upgrade
apt autoremove

and start installing utils:

apt install lxdm

Select lxdm as the default dm.

apt install xfce4-pulseaudio-plugin arandr gparted vim emacs octave virtualbox virtualbox-ext-pack
apt install codeblocks eclipse blender dia gimp openscad wireshark chromium vlc audacity texmaker htop
apt install openjdk-8-jdk software-properties-common
add-apt-repository ppa:webupd8team/java
apt-get update
apt install oracle-java8-installer nmap

Central Auth

How to add Kerberos to a Debian Machine

Also - The COSI Arch Build page can help a bunch in the way of simpler documentation, but be warned, the PAM stacks are very different in file strucutre.