| 1 | | Sandbox is a ubuntu machine |
| | 1 | = How to build a SandBox console = |
| | 2 | |
| | 3 | == New Instructions as of 8/22/2011 == |
| | 4 | |
| | 5 | === Base system === |
| | 6 | 1. Boot Ubuntu 10.10 Server installation medium (you may need a usb-cdrom). |
| | 7 | 1. preform a standard installation using the installation defaults, with noted devations: |
| | 8 | 1. Partition - Choose "Guided use entire disk" (No LVM) |
| | 9 | 1. User Name / Password - Use the well known orbit default |
| | 10 | 1. Roles - Add the ssh server role |
| | 11 | 1. Check that the network interfaces get the correct address from the correct networks: |
| | 12 | 1. eth0 - DMZ |
| | 13 | 1. eth1 - Control |
| | 14 | |
| | 15 | === NFS Mounting === |
| | 16 | We no longer do AutoFS/auto.home since there is a long standing lag bug with the daemon that is not fixable. We've now move to direct mounting of the /home mount point. |
| | 17 | 1. Install the nfs common libraries |
| | 18 | {{{ |
| | 19 | apt-get install nfs-common |
| | 20 | }}} |
| | 21 | 1. add the follow line to /etc/fstab |
| | 22 | {{{ |
| | 23 | home:/export/home /home nfs _netdev,auto 0 0 |
| | 24 | }}} |
| | 25 | |
| | 26 | === LDAP Authentication === |
| | 27 | Since Autofs is not use this process is some what simpler. |
| | 28 | 1. Install ldap libraries. This process will ask you a bunch of ldap related questions that will be used to prime the ldap.confs (there are 2). It's not critical to get them correct as we're just going to replace those conf's any way. (Accepting the defaults is ok). |
| | 29 | {{{ |
| | 30 | apt-get install libpam-ldap libnss-ldap |
| | 31 | }}} |
| | 32 | 1. The /etc/ldap.conf is one of two files that configures the ldap client. The non-comment lines in this file are as follows: |
| | 33 | {{{ |
| | 34 | base dc=orbit-lab,dc=org |
| | 35 | uri ldap://ldap.orbit-lab.org/ |
| | 36 | ldap_version 3 |
| | 37 | binddn |
| | 38 | rootbinddn cn=admin,dc=orbit-lab,dc=org |
| | 39 | pam_password md5 |
| | 40 | nss_initgroups_ignoreusers backup,bin,daemon,games,gnats,irc,libuuid,libvirt-qemu,list,lp,mail,man,messagebus,news,ntp,postfix,proxy,root,sshd,statd,sync,sys,syslog,usbmux,uucp,www-data |
| | 41 | }}} |
| | 42 | You could edit this file and change all the values to reflect this (leaveing the rest as comments) or simply replace the one you have with this one.[[wiki:ldap.conf]] |
| | 43 | 1. The /etc/ldap/ldap.conf is the second file that guides the client. It have very few actual lines: |
| | 44 | {{{ |
| | 45 | BASE dc=orbit-lab,dc=org |
| | 46 | URI ldap://ldap.orbit-lab.org |
| | 47 | }}} |
| | 48 | Again you can edit it directly or copy this version. |
| | 49 | 1. The /etc/nsswitch.conf file should have the follow non comment lines: |
| | 50 | {{{ |
| | 51 | passwd: files ldap compat |
| | 52 | group: files ldap compat |
| | 53 | shadow: files compat |
| | 54 | |
| | 55 | hosts: files dns |
| | 56 | networks: files |
| | 57 | |
| | 58 | protocols: db files |
| | 59 | services: db files |
| | 60 | ethers: db files |
| | 61 | rpc: db files |
| | 62 | |
| | 63 | netgroup: nis |
| | 64 | }}} |
| | 65 | Again you can edit it directly or copy this version. |
| | 66 | 1. Finally add the follow line to the /etc/sudoers file (note this is done with the visudo command). |
| | 67 | {{{ |
| | 68 | %admin ALL=(ALL) ALL |
| | 69 | %sysadmin ALL=NOPASSWD: ALL |
| | 70 | }}} |
| | 71 | This has to be done manually. |
| | 72 | |
| | 73 | === OMF === |
| | 74 | |
| | 75 | |
| | 76 | |
| | 77 | == Old instructions as of 5/xx/2011 == |
