Africa@Home LinuxServerInstall
From AIMSWiki
Sunday Night Linux Server Install
Dapper LAMP install
Start with Ubuntu (http://www.ubuntu.com) Dapper 6.06.1 LTS Server installation: choosing the LAMP install to automatically install Linux with the Apache web server, the MySQL database (or Postgresq, even though it doesn't have an M in it), and the programming language PHP (or Python).
Dapper is a special release with Long Term Support and security updates, which makes it more appropriate for servers installs. The Ubuntu Dapper Server CDs will be handed out at AIMS. They are Free (http://www.ubuntu.com/community/ubuntustory/philosophy), legal, and you are encouraged to copy and distribute them. They can also be downloaded at releases.ubuntu.com/dapper and you probably want the server CD for the x86 architecture by downloading the ISO image (http://releases.ubuntu.com/dapper/ubuntu-6.06.1-server-i386.iso) or by using bittorrent (http://releases.ubuntu.com/dapper/ubuntu-6.06.1-server-i386.iso.torrent).
See the screenshot tour (http://www.debianadmin.com/ubuntu-lamp-server-installation-with-screenshots.html) but keep in mind the changes or AIMS-specific details below. Make sure you use the LAMP install option.
AIMS specific
The BIOS (which is password protected) is set to boot from CD already.
Normally you would partition with RAID and set up backups on a server; at AIMS the demo servers are really desktops with one hard drive. Partition it as you see fit or take the recommended partitioning which is to erase and use the entire disk
Usually a server might have a static address and run some aspects of DNS, DHCP, and E-mail. For this course you must take a DHCP address, and use the hostname provided, and take the route given out by the AIMS DHCP server as well.
At AIMS you are working behind a squid proxy which you need to enter during the install when prompted
http://proxy.aims.ac.za:3128/
If you later need command line internet access, you have to set a bash variable for this:
export http_proxy=http://proxy.aims.ac.za:3128/
Users
Choose one team member to be the user during installation. You will add the others later.
Adding Software
AIMS specific
AIMS also has an apt-cacher instance. Apt-cacher mirrors all debian-variant (like Ubuntu) packages which are fetched through it. Once your machine is installed, edit /etc/apt/sources.list
sudo vi /etc/apt/sources.list
This is your list of repositories (https://help.ubuntu.com/community/Repositories/CommandLine). Change every line to insert
proxy.aims.ac.za/apt-cacher/
into each resource line, so that they look, for example, like this (this is a complete sources.list file for you):
deb http://proxy.aims.ac.za/apt-cacher/za.archive.ubuntu.com/ubuntu/ dapper main restricted universe deb http://proxy.aims.ac.za/apt-cacher/za.archive.ubuntu.com/ubuntu/ dapper-updates main restricted universe deb http://proxy.aims.ac.za/apt-cacher/security.ubuntu.com/ubuntu/ dapper-security main restricted universe
Note above we enabled the universe repository (specifically for for phpmyadmin). We don't use the sections on backports and multiverse on servers unless we are certain we need it.
You can start entering text by typing 'i', and save and quit the file by pressing Esc and typing ':wq'. This command means ':': enter command 'w': write the file and 'q': quit the editor.
If you don't know how to use the debian-variant command line tools to install and remove software, here is a reference (https://help.ubuntu.com/community/AptGetHowto) and a longer how-to (http://www.debian.org/doc/manuals/apt-howto/). Also read about apt-get vs aptitude (http://www.psychocats.net/ubuntu/aptitude) and an aptitude tutorial (http://web.pdx.edu/~hegbloom/Aptitude/tutorial-intro-aptitude_0.html). Aptitude by default keeps logs and fetches all software recommended by a package being installed, not just direct dependencies. Often this is advantageous, sometimes one needs to fall back to apt, or even dpkg, or manual packaging methods though.
First fetch a list of available packages and upgrade with the latest security upgrades:
sudo aptitude update sudo aptitude dist-upgrade
Since this step fetched a new linux kernel, reboot to use it:
sudo reboot
Install some useful software:
sudo aptitude install vim htop screen iftop
Working via SSH
sudo aptitude install ssh
ssh is a meta-package depending on the openssh-server package, and after this you can create users and work from a more convenient desktop environment by SSH-ing into your server over an secure connection (http://www.openssh.com/).
Now, on your desktop, you can open a terminal and ssh into your server:
ssh jan@<hostname>.aims.ac.za
Sudo and Accounts for Team Members
Note that by default ubuntu (and now many other distributions) disable the root (superuser, administrator) account. The new RootSudo (https://wiki.ubuntu.com/RootSudo) policies allow for a much more fine-grained control over multiple administrators and is more secure than a single, enabled root account. Sudoers, or people allowed to do super user tasks, are listed in /etc/sudoers, which can be edited with visudo. All people in the unix group called admin as defined in the file /etc/group have full sudo rights and this is sufficient for our workshop. You can add a user for each person in your group:
sudo adduser andyr sudo adduser tracey
Now you can use this to add the users to the administrative group:
sudo adduser andyr admin sudo adduser tracey admin
or, alternatively, directly edit the line for the admin group to contain all users in your group of administrators. You can use the command vigr which locks the file /etc/group for editing and then uses the editor vi (or the modern variant called vim), or you can choose an easy to use editor like nano
sudo aptitude install vim # optional sudo vigr
or
sudo nano /etc/group
Then set the line listing the admin group to include your administrators, for example:
admin:x:112:tracey,jan,andyr
Time
Set your server to take the time from our AIMS time server. Rather than run a ntp daemon, we can use ntpdate every so often inside our network.
Edit /etc/default/ntpdate
sudo vim /etc/default/ntpdate
and change this line to comment out the default and add our local timeserver:
#NTPSERVERS="ntp.ubuntu.com" NTPSERVERS="192.168.42.4"
Then set ntpdate to run hourly, the same way it does when a network interface comes up:
sudo ln -s /etc/network/if-up.d/ntpdate /etc/cron.hourly/ntpdate
Run it once to see it works, and look in daemon.log:
sudo /etc/cron.hourly/ntpdate sudo grep offset /var/log/daemon.log
My output initially looked like this:
May 19 12:07:32 localhost ntpdate[27122]: step time server 192.168.42.4 offset 0.921564 sec
Some Development Tools
To fetch common compilation and build tools, there is a convenient meta-lacakge on ubuntu
sudo aptitude install build-essential
which will pull gcc, g++, make, and dpkg-dev.
Miscellaneous Configuration
In the file /etc/bash.bashrc you can set some preferences permanently, since each bash shell you open sources this file:
sudo aptitude install vim sudo vim /etc/bash.bashrc
Add these lines to set your default editor to vim and to set the AIMS proxy permanently:
export EDITOR=/usr/bin/vim export http_proxy=http://proxy.aims.ac.za:3128/
You have to log out to test that the above takes effect by default.
Edit the vim configuration file:
sudo vim /etc/vim/vimrc
and add uncomment this lines:
syntax on
Eye Candy
Add these to /etc/bash.bashrc:
# more history lines remembered on the server terminals export HISTFILESIZE=4096 # color for grep alias grep='grep --color' alias egrep='egrep --color' # color in man pages export LESS_TERMCAP_mb=$'\E[01;31m' export LESS_TERMCAP_md=$'\E[01;31m' export LESS_TERMCAP_me=$'\E[0m' export LESS_TERMCAP_se=$'\E[0m' export LESS_TERMCAP_so=$'\E[01;44;33m' export LESS_TERMCAP_ue=$'\E[0m' export LESS_TERMCAP_us=$'\E[01;32m' # color prompt in the terminal export PS1='$? \[\e[31;1m\]\u\[\e[0m\]@\[\e[33;4m\]\h\[\e[0m\]:\[\e[34;1m\]\w\[\e[31;1m\]#\[\e[0m\]'
Graphical Applications
To run a graphical application on another machinem, you have to add the -X (allow forwarding of X-Windows connections) flag to the ssh command:
ssh -X jan@<hostname>.aims.ac.za
In fact the server won't be able to launch graphical applications for you until you install the xauth package:
sudo aptitude install xauth
Command line cut and paste
Sometimes your network is down or you are for some reason stuck in a refrigerated server room typing on the keyboard actually connected to your server. To be able to use a mouse to cut and paste install the General Purpose Mouse Interface:
sudo aptitude install gpm
A BOINC server would need email to contact all the people who created accounts. Postfix is one easy-to-configure E-mail server for Linux:
sudo aptitude --without-recommends install postfix mutt
Here I say --without-recommends because I think postfix recommends unneeded software.
You will be prompted to configure an email server. In your university network you would choose the local mail server as a relay and it would forward mail for you. At AIMS, choose Satellite System. When prompted, send mail for root to the user created during installation. Use smtp.aims.ac.za as a relay host. IMPORTANT: Take the defaults on all other settings.
To send the messages for root to all the administrators (your team members) change the root alias to email all of them:
sudo vim /etc/aliases
Change this line to go to all users:
root: jan,andyr,tracey
To receive the messages from root via your user on the linux server, but to receive it on your webmail, add the address .forward file
vim ~/.forward
and in this file put only one line containing your webmail address where you want to read email:
notreal@aims.ac.za
Automatic Update Notification
This section is optional and not necessary for the Africa@Home workshop. Although there are many different ways and frontends to either cron or apt, I find this somewhat manual method the best, which emails me the changelog of of any upgradeable packages and which downloads them in preparation of an install. It assumes a working email server:
sudo aptitude install apt-listchanges
pt's configuration file is at:
/etc/apt/apt.conf
Append these two lines, where the integer indicates number of days before repeating the action:
APT::Periodic::Update-Package-Lists=1; APT::Periodic::Download-Upgradeable-Packages=1;
The script /etc/cron.daily/apt which runs every midnight will honour the variables set above. This line prevents the debs of installed packages being removed by the /etc/cron.daily/apt script even if they are no longer availble:
APT::Clean-Installed="off";
There are two more settings in the script /etc/cron.daily/apt itself, I have yet to figure out the apt.conf equivalents. Find the lines and change the value from 0 to 1:
UpdateInterval=1 DownloadUpgradeableInterval=1
In addition set up apt-listchanges to run nightly at an appropriate interval after above downloads would have finished. Do this using cron, a standard package to run jobs periodically. Edit your cron table with this command; to have this sent to root do it with sudo:
sudo crontab -e
A blank crontab will open if you have never edited it, and it consists of lines giving the time and then the command to run at that time. The first five columns indicate minute, hour, day-of-month, month, and day-of-week (1 indicates Monday). The commented line (starting with #) is just to help you remember this, it is not executed. For instance, to run the apt-listchanges at 0 minutes past 7 on every day, add these lines:
# m h dom mon dow(mon=1) command 0 7 * * * debs=`ls /var/cache/apt/archives/*deb 2>/dev/null`; [ -n '$debs' ] && apt-listchanges --save_seen=/root/.apt-listchanges.seen -f text $debs 2>/dev/null;
