Etch-x64-nfs-1.1

From Grid5000
Jump to: navigation, search

etch-x64-nfs-1.1 is derived from Etch-x64-base-1.1 to provide a minimal debian environment, which allows LDAP account connections and NFS homedir.

Contents

Identification sheet

Etch-x64-nfs-1.1

Kernel version 2.6.18-6-amd64 from Debian for amd64/em64t

Authentication

  • Remote console: enabled on ttyS0 at 34800 bps
  • Services: ldap:yes, nfs:yes
  • Accounts: root:grid5000

Applications

Misc

Build

Here are explanations on how the system was installed and tuned starting from the content of the Etch-x64-base-1.1 environment. A script available from the svn do the work for us. This script is available from : [grid5000]/admin/trunk/images/build/base2nfs.sh

Packages

The ldap packages are needed.

apt-get update
apt-get install libnss-ldap libpam-ldap nfs-common libldap2 ldap-utils libsasl2-modules libsasl2-modules-ldap

Account

The g5k account is deleted.

userdel --remove g5k

Motd

The motd is updated to reflect the new image.

cat > /etc/motd.tail <<EOF
Etch-x64-nfs-1.1 (image based on Debian version Etch for AMD64/EM64T)
Maintained by Cyril Constantin <cyril.constantin@loria.fr>
Valid on Dell {PE1855, PE1950}, HP {DL140G3, DL145G2, DL385G2}, 
        IBM {e325, e326, e326m}, Sun {V20z, X2200 M2, X4100},
        Altix Xe 310
Applications
 * Text: Vim, XEmacs, JED, nano, JOE
 * Script: Perl, Python, Ruby
   (Type "dpkg -l" to see complete installed package list)
Misc
 * i386 shared libraries are available
 * SSH has X11 forwarding enabled
 * Max open files: 8192
 * TCP bandwidth: for 1Gbs
More details: https://www.grid5000.fr/index.php/Etch-x64-nfs-1.1
EOF

LDAP configuration files

Some files need to be updated.

nsswitch.conf is needed for the Name Service Switch service.

cat > /etc/nsswitch.conf <<EOF
passwd:         files ldap
group:          files ldap
shadow:         files ldap
hosts:          files dns mdns
networks:       files
protocols:      db files
services:       db files
ethers:         db files
rpc:            db files
netgroup:       nis
EOF

pam files contains the rights and the restrictions of new users.

cat > /etc/pam.d/common-account <<EOF 
account sufficient      pam_unix.so
account sufficient      pam_ldap.so
account required        pam_deny.so
EOF
cat > /etc/pam.d/common-auth <<EOF
auth    sufficient      pam_unix.so nullok
auth    sufficient      pam_ldap.so use_first_pass
auth    required        pam_deny.so
EOF
cat > /etc/pam.d/common-password <<EOF
password sufficient     pam_ldap.so
password sufficient     pam_unix.so nullok md5 obscure min=6 max=8
password required       pam_deny.so
EOF
cat > /etc/pam.d/common-session <<EOF
session required        pam_unix.so
EOF

Some services use different files. One for all is sufficient.

ln -sf /etc/ldap/ldap.conf /etc/ldap.conf
ln -sf /etc/ldap/ldap.conf /etc/libnss-ldap.conf
ln -sf /etc/ldap/ldap.conf /etc/pam_ldap.conf

Ending

Image is ready. We can keep a trace of the last update.

date > /root/release

Environment

Creating image's archive

As for Etch-x64-base-1.1, system archive creation and retrieving is done with TGZ-G5K:

tgz-g5k cconstantin@frontale:images/etch-x64-nfs-1.1.tgz

Creating postinstall's archive

The postinstall etch-x64-nfs-1.1-post is the etch-x64-nfs-1.0-post postinstall.

Recording environment

Recording environment can be done from a description file. So we create etch-x64-nfs-1.0.dsc:

name = etch-x64-nfs-1.1
description = https://www.grid5000.fr/index.php/Etch-x64-nfs-1.1
author = cyril.constantin@loria.fr
filebase = file:///grid5000/images/etch-x64-nfs-1.1.tgz
filesite = file:///grid5000/postinstalls/etch-x64-nfs-1.0-post.tgz
size = 1000
initrdpath = /boot/initrd.img-2.6.18-6-amd64
kernelpath = /boot/vmlinuz-2.6.18-6-amd64
fdisktype = 83
filesystem = ext2

With karecordenv, the new environment can be known by Kadeploy:

karecordenv -fe etch-x64-nfs-1.1.dsc
Personal tools
Namespaces

Variants
Actions
Public Portal
Users Portal
Admin portal
Wiki special pages
Toolbox