From Grid5000
Jump to: navigation, search

etch-x64-nfs-1.0 is derived from Etch-x64-base-1.0 to provide a minimal debian environment, which allows LDAP account connections and NFS homedir.


Identification sheet


Kernel version 2.6.18-6-amd64 from Debian for amd64/em64t


  • Remote console: enabled on ttyS0 at 34800 bps
  • Services: ldap:yes, nfs:yes
  • Accounts: root:grid5000




Here are explanations on how the system was installed and tuned starting from the content of the Etch-x64-base-1.0 environment. A script available from the svn do the work for us. This script is available from : [grid5000]/admin/trunk/images/build/


The ldap packages are needed.

apt-get update
apt-get install libnss-ldap libpam-ldap nfs-common nscd libldap2 ldap-utils libsasl2-modules libsasl2-modules-ldap


The g5k account is deleted.

userdel --remove g5k


The motd is updated to reflect the new image.

cat > /etc/motd.tail <<EOF
Etch-x64-nfs-1.0 (image based on Debian version Etch for AMD64/EM64T)
Maintained by Cyril Constantin <>
Valid on Dell {PE1855, PE1950}, HP {DL140G3, DL145G2, DL385G2}, 
        IBM {e325, e326, e326m}, Sun {V20z, X2200 M2, X4100},
        Altix Xe 310
 * Text: Vim, XEmacs, JED, nano, JOE
 * Script: Perl, Python, Ruby
   (Type "dpkg -l" to see complete installed package list)
 * i386 shared libraries are available
 * SSH has X11 forwarding enabled
 * Max open files: 8192
 * TCP bandwidth: for 1Gbs
More details:

LDAP configuration files

Some files need to be updated.

nsswitch.conf is needed for the Name Service Switch service.

cat > /etc/nsswitch.conf <<EOF
passwd:         files ldap
group:          files ldap
shadow:         files ldap
hosts:          files dns mdns
networks:       files
protocols:      db files
services:       db files
ethers:         db files
rpc:            db files
netgroup:       nis

pam files contains the rights and the restrictions of new users.

cat > /etc/pam.d/common-account <<EOF 
account sufficient
account sufficient
account required
cat > /etc/pam.d/common-auth <<EOF
auth    sufficient nullok
auth    sufficient use_first_pass
auth    required
cat > /etc/pam.d/common-password <<EOF
password sufficient
password sufficient nullok md5 obscure min=6 max=8
password required
cat > /etc/pam.d/common-session <<EOF
session required

nscd.conf is the name service cache daemon.

cat > /etc/nscd.conf <<EOF
enable-cache            passwd          yes
positive-time-to-live   passwd          600
negative-time-to-live   passwd          20
suggested-size          passwd          211
check-files             passwd          no
persistent              passwd          no
shared                  passwd          yes
enable-cache            group           yes
positive-time-to-live   group           3600
negative-time-to-live   group           60
suggested-size          group           211
check-files             passwd          no
persistent              passwd          no
shared                  passwd          yes
enable-cache            hosts           yes
positive-time-to-live   hosts           3600
negative-time-to-live   hosts           20
suggested-size          hosts           211
check-files             passwd          no
persistent              passwd          no
shared                  passwd          yescat pam

Some services use different files. One for all is sufficient.

ln -sf /etc/ldap/ldap.conf /etc/ldap.conf
ln -sf /etc/ldap/ldap.conf /etc/libnss-ldap.conf
ln -sf /etc/ldap/ldap.conf /etc/pam_ldap.conf


Image is ready. We can keep a trace of the last update.

date > /root/release


Creating image's archive

As for Etch-x64-base-1.0, system archive creation and retrieving is done with TGZ-G5K:

tgz-g5k cconstantin@frontale:images/etch-x64-nfs-1.0.tgz

Creating postinstall's archive

The postinstall etch-x64-nfs-1.0-post is based on etch-x64-base-1.0-post. It takes advantage from prepost mechanisms and so it is site-independent.

Following template files are put inside etch-x64-nfs-1.0-post in addition to those already put inside etch-x64-base-1.0-post:


Note: /etc/fstab does not match the version inside etch-x64-base-1.0-post, because it uses prepost tricks to configure the NFS shares

Orsay site particularities

The orsay site use for now a specific way to configure nfs. So you have to use the specific orsay postinstall available at orsay. This situation will be resolved. You can follow the bug on .

cd /home/
mkdir {bordeaux,grenoble,lille,lyon,orsay,nancy,rennes,sophia,toulouse}

Recording environment

Recording environment can be done from a description file. So we create etch-x64-nfs-1.0.dsc:

name = etch-x64-nfs-1.0
description =
author =
filebase = file:///grid5000/images/etch-x64-nfs-1.0.tgz
filesite = file:///grid5000/postinstalls/etch-x64-nfs-1.0-post.tgz
size = 1000
initrdpath = /boot/initrd.img-2.6.18-6-amd64
kernelpath = /boot/vmlinuz-2.6.18-6-amd64
fdisktype = 83
filesystem = ext2

With karecordenv, the new environment can be known by Kadeploy:

karecordenv -fe etch-x64-nfs-1.0.dsc
Personal tools

Public Portal
Users Portal
Admin portal
Wiki special pages