Difference between revisions of "BIG Setup"
Line 90: | Line 90: | ||
*Note 1: devices changed from eth* to p1p* with Fedora 17. | *Note 1: devices changed from eth* to p1p* with Fedora 17. | ||
*Note 2: NetworkManager can now be used with devices as long as the ifcfg-rh plugin is used. | *Note 2: NetworkManager can now be used with devices as long as the ifcfg-rh plugin is used. | ||
− | *Note 3: IS must activate switch to accommodate mode=4. | + | *Note 3: IS must activate switch to accommodate mode=4 using Dynamic LAG. |
+ | |||
+ | From [http://support.citrix.com/article/CTX135690 Citrix] | ||
+ | There are two types of LAGs: | ||
+ | *Static LAG: ports have LACP disabled and become automatically active members of the bond. Static LAG is not widely used, as it is often considered obsolete and inferior to dynamic LAG. With static LAG on the switch, the bond mode should be balance-slb rather than lacp. Note that use of static LAG is not supported. | ||
+ | *Dynamic LAG: Link Aggregation Control Protocol (LACP) is used for switch-server communication, in order to negotiate dynamically which links should be active and which should be in stand-by mode. | ||
==== Packages ==== | ==== Packages ==== |
Revision as of 12:33, 14 December 2013
Installation/Settings for new Linux Workstations at University of Massachusett's Medical School.
Our group uses Fedora with KDE as the desktop for our workstations, which is why you will see yum as the package manager.
Repositories
RPMFusion Repositories
rpm -Uvh http://download1.rpmfusion.org/free/fedora/rpmfusion-free-release-stable.noarch.rpm rpm -Uvh http://download1.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-stable.noarch.rpm
Adobe Repository
rpm -Uvh http://linuxdownload.adobe.com/adobe-release/adobe-release-i386-1.0-1.noarch.rpm
And/Or
[adobe-linux-x86_64] name=Adobe Systems Incorporated baseurl=http://linuxdownload.adobe.com/linux/x86_64/ enabled=1 gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-adobe-linux
Skype Repository
vi /etc/yum.repos.d/skype.repo
[skype] name=Skype Repository baseurl=http://download.skype.com/linux/repos/fedora/updates/i586/ gpgkey=http://www.skype.com/products/skype/linux/rpm-public-key.asc enabled=1 gpgcheck=0
Google Repository
vi /etc/yum.repos.d/google.repo
[google] name=Google - i386 baseurl=http://dl.google.com/linux/rpm/stable/i386 enabled=1 gpgcheck=1 gpgkey=https://dl-ssl.google.com/linux/linux_signing_key.pub
vi /etc/yum.repos.d/google64.repo
[google64] name=Google - x86_64 baseurl=http://dl.google.com/linux/rpm/stable/x86_64 enabled=1 gpgcheck=1 gpgkey=https://dl-ssl.google.com/linux/linux_signing_key.pub
VirtualBox Repository
vi /etc/yum.repos.d/virtualbox.repo
[virtualbox] name=Fedora $releasever - $basearch - VirtualBox baseurl=http://download.virtualbox.org/virtualbox/rpm/fedora/$releasever/$basearch enabled=1 gpgcheck=1 gpgkey=http://download.virtualbox.org/virtualbox/debian/oracle_vbox.asc
yum install libXv.rpm.i686 alsa-lib.rpm.i686 libXScrnSaver.rpm.i686 qt.ii686
Networking
ifcfg-p1p1
DEVICE=p1p1 BOOTPROTO=none ONBOOT=yes MASTER=bond0 SLAVE=yes
ifcfg-p1p2
DEVICE=p1p2 BOOTPROTO=none ONBOOT=yes MASTER=bond0 SLAVE=yes
ifcfg-bond0
DEVICE=bond0 IPADDR=146.189.76.* NETMASK=255.255.248.0 DNS1=146.189.192.130 DNS2=146.189.192.131 GATEWAY=146.189.72.1 ONBOOT=yes BOOTPROTO=none USERCTL=no BONDING_OPTS="mode=4 miimon=500"
- Note 1: devices changed from eth* to p1p* with Fedora 17.
- Note 2: NetworkManager can now be used with devices as long as the ifcfg-rh plugin is used.
- Note 3: IS must activate switch to accommodate mode=4 using Dynamic LAG.
From Citrix There are two types of LAGs:
- Static LAG: ports have LACP disabled and become automatically active members of the bond. Static LAG is not widely used, as it is often considered obsolete and inferior to dynamic LAG. With static LAG on the switch, the bond mode should be balance-slb rather than lacp. Note that use of static LAG is not supported.
- Dynamic LAG: Link Aggregation Control Protocol (LACP) is used for switch-server communication, in order to negotiate dynamically which links should be active and which should be in stand-by mode.
Packages
64 Bit Packages
yum install kernel-devel gimp grace mplayer mencoder mplayer-gui freeglut ffmpeg-libs lame-libs kdesdk clusterssh tcsh yum install gstreamer-ffmpeg gstreamer-plugins-good gstreamer-plugins-ugly gcc gpm tcsh pam_mount kdegraphics kdm google-chrome-stable.x86_64
yum install dkms.noarch
yum groupupdate "Administration Tools" "Base" "Design Suite" "Authoring and Publishing" "Dial-up Networking Support" "Directory Server" yum groupupdate "Editors" "Electronic Lab" "Fedora Eclipse" "Fonts" "Graphical Internet" Graphics "Hardware Support" "Java" "Java Development" yum groupupdate "KDE Software Compilation" "KDE Software Development" "Legacy Fonts" "Mail Server" "Milkymist" "MySQL Database" "Network Servers" yum groupupdate "Office/Productivit" "Printing Support" "Robotics" "Ruby" "Server Configuration Tools" "Sound and Video" "System Tools" yum groupupdate "Text-based Internet" "Web Development" "Web Server" "Window Managers" "Windows File Server" "X Window System"
- Flash**
Check here for the latest 64bit flash: [[1]] and then copy it to /usr/lib64/mozilla/plugins/
32 Bit Packages
- Flash**
[[2]]
yum install flash-plugin gtk2-engines.i686 nss_ldap.i686 cp /storage/big1/kdb/linux_setup/libflashplayer.so /usr/lib64/mozilla/plugins/
KDE Settings
yum groupinstall "KDE Software Development" system-switch-displaymanager.noarch
Set default desktop to KDE
echo -e "DESKTOP=\"KDE\"\nDISPLAYMANAGER=\"KDE\"\n" > /etc/sysconfig/desktop
or
system-switch-displaymanager kdm
Change default movie player from Totem to MPlayer, select "System Settings->File Associations", then open video->mpeg. Make sure "MPlayer" is first on the list.
yum install thunderbird
IMAP Settings
incoming mail server: mail.umassmed.edu Port: 993 Security: SSL/TLS
Outgoing mail server: smtp.umassmed.edu Port: 587 Security: starttls
username: Windows Network Login password: Windows Network Password
After setting up Thunderbird, you need to turn on SSL for incoming mail and TSL for outgoing mail.
Global LDAP Address Book
host: people.umassmed.edu port: 50000 DN: ou=people,dc=umassmed,dc=edu
Security
cp /storage/big1/kdb/linux_setup/etc/hosts.allow /etc/ cp /storage/big1/kdb/linux_setup/etc/hosts.deny /etc/
Home directory
vi /etc/default/useradd
Change:
HOME=/storage/big1
Some users are below 1000, so change
vi /etc/login.defs
Biomedical Imaging Group Specific Settings
using nfsvers=3 only on Fedora 16 or less because uid/gid seem to be mapping to nobody when using nfsver=4 edit fstab.
mizar:/mnt/VolGroup01-LogVol00 /mnt/mizar/VolGroup01-LogVol00 nfs bg,defaults mizar:/mnt/VolGroup02-LogVol00 /mnt/mizar/VolGroup02-LogVol00 nfs bg,defaults mizar:/mnt/VolGroup03-LogVol00 /mnt/mizar/VolGroup03-LogVol00 nfs bg,defaults mizar:/mnt/VolGroup04-LogVol00 /mnt/mizar/VolGroup04-LogVol00 nfs bg,defaults
mkdir /storage/; mkdir /mnt/mizar/;mkdir /mnt/mizar/VolGroup01-LogVol00;mkdir /mnt/mizar/VolGroup02-LogVol00 mkdir /mnt/mizar/VolGroup03-LogVol00;mkdir /mnt/mizar/VolGroup04-LogVol00 ln -s /mnt/mizar/VolGroup03-LogVol00 /storage/big1; ln -s /mnt/mizar/VolGroup04-LogVol00 /storage/big2 ln -s /mnt/mizar/VolGroup01-LogVol00 /storage/big3; ln -s /mnt/mizar/VolGroup02-LogVol00 /storage/big4
yum -y install compat-libf2c-34.i386 compat-libf2c-34.x86_64 glib.i386 fftw.i386 fftw.x86_64 libtiff-tools
mkdir /usr/share/fonts/windows/; cp /storage/big1/kdb/NT/Fonts/* /usr/share/fonts/windows/
Misc
sudo cp libforms.so.0.89 /usr/local/lib/
Disable package kit refresh
sudo vi /etc/yum/pluginconf.d/refresh-packagekit.conf
Change enable=1 to enable=0
Play
yum install compat-libf2c-34.i686 libX11.i686 mesa-libGL.i686 mesa-libGLU.i686 libXpm.i686 ffmpeg-libs.i686
DAVE
yum -y install "*8859*" glib glib.i686 libpng.i686 xorg-x11-drv-nvidia-libs.i686
epr_beowulf
sudo iptables -A INPUT -s itchy.umassmed.edu -m state --state NEW -m tcp -p tcp --dport 1022 -j ACCEPT
Network Time
cp /storage/big1/kdb/linux_setup/etc/ntp.conf /etc/ sudo service ntpd start sudo service ntpd enable
64 Bit Settings
Set up paths to include additional directories
cp /storage/big1/kdb/linux_setup/etc/big64.sh /etc/profile.d/
32 Bit Settings
Set up paths to include additional directories
cp /storage/big1/kdb/linux_setup/etc/big.sh /etc/profile.d/
User Authentication
cp ~kdb/linux_setup/etc/sssd/sssd.conf /etc/sssd/ cp ~kdb/linux_setup/certs/* /etc/pki/tls/certs/ cp ~kdb/linux_setup/certs/* /etc/openldap/cacerts/ cp ~kdb/linux_setup/etc/nsswitch.conf /etc/ cp ~kdb/linux_setup/etc/ldap.conf /etc/
chkconfig sssd on;service sssd start
SELinux
setsebool -P use_nfs_home_dirs 1 chcon -h system_u:object_r:user_home_dir_t:s0 /storage/big1 echo "/storage/big1 system_u:object_r:user_home_dir_t:s0" >> /etc/selinux/targeted/contexts/files/file_contexts.local
Torque
Server
yum install torque-server.x86_64 torque-scheduler.x86_64 systemctl start pbs_sched.service systemctl start pbs_server.service systemctl enable pbs_sched.service systemctl enable pbs_server.service
pbs_server -t create # configure manager/operator user qmgr -c "set server operators += $USER@$HOST" qmgr -c "set server managers += $USER@$HOST" # scheduling options qmgr -c 'set server scheduling = true' qmgr -c 'set server keep_completed = 300' qmgr -c 'create queue batch' qmgr -c 'set queue batch queue_type = execution' qmgr -c 'set queue batch started = true' qmgr -c 'set queue batch enabled = true' qmgr -c 'set queue batch resources_default.walltime = 72:00:00' qmgr -c 'set queue batch resources_default.nodes = 1' qmgr -c 'set server default_queue = batch' qmgr -c 'set server allow_node_submit = True'
edit /etc/sysconfig/iptables and add (change hostname to reflect client machine)
-A INPUT -s germanium.umassmed.edu -p tcp -m state --state NEW -m tcp --dport 1024:65535 -j ACCEPT
Restart firewall
systemctl restart iptables
Note: Fedora 14 puts everything in /var/lib/torque and not /var/torque
Client
yum install torque torque-mom echo "m13.umassmed.edu" > /etc/torque/server_name systemctl start pbs_mom.service systemctl enable pbs_mom.service
edit /var/lib/torque/mom_priv/config (should be linked to /etc/torque/mom/config)
$pbsserver m13.umassmed.edu $usecp m13.umassmed.edu:/storage /storage $usecp m13.umassmed.edu:/mnt/mizar/VolGroup01-LogVol00 /mnt/mizar/VolGroup01-LogVol00 $usecp m13.umassmed.edu:/mnt/mizar/VolGroup02-LogVol00 /mnt/mizar/VolGroup02-LogVol00 $usecp m13.umassmed.edu:/mnt/mizar/VolGroup03-LogVol00 /mnt/mizar/VolGroup03-LogVol00 $usecp m13.umassmed.edu:/mnt/mizar/VolGroup04-LogVol00 /mnt/mizar/VolGroup04-LogVol00 $restricted *.umassmed.edu
edit /etc/sysconfig/iptables and add
-A INPUT -s m13.umassmed.edu -m state --state NEW -m tcp -p tcp --dport 15001:15004 -j ACCEPT
iptables-save >/etc/sysconfig/iptables
Restart firewall
systemctl restart iptables.service
Note: Fedora 14 puts everything in /var/lib/torque and not /var/torque
Exchange Home Directory
The following interferes with pam_mount
yum erase gvfs-fuse
edit /etc/pam.d/system-auth
The following system-auth file should only mount the Exchange directory if the user id >= 10000
#%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. auth required pam_env.so auth sufficient pam_unix.so nullok try_first_pass auth requisite pam_succeed_if.so uid >= 500 quiet auth [default=1 success=ok] pam_succeed_if.so uid >= 10000 quiet auth optional pam_mount.so auth sufficient pam_sss.so use_first_pass auth required pam_deny.so account required pam_unix.so broken_shadow account sufficient pam_localuser.so account sufficient pam_succeed_if.so uid < 500 quiet account [default=bad success=ok user_unknown=ignore] pam_sss.so account required pam_permit.so password requisite pam_cracklib.so try_first_pass retry=3 type= password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok password sufficient pam_sss.so use_authtok password required pam_deny.so session optional pam_keyinit.so revoke session required pam_limits.so session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session required pam_unix.so session optional pam_sss.so session [default=1 success=ok] pam_succeed_if.so uid >= 10000 quiet session optional pam_mount.so
cp ~kdb/linux_setup/etc/pam_mount.conf.xml /etc/security/