This Gist is a guide on how to setup your computer at CERN with Ubuntu 14.04 LTS. Last tested by myself on a brand new computer on 18/11/2014, proof tested by @Alea88.
With the kernel upgrade from 3.13.0-45-generic to 3.13.0-46-generic AFS stops working: https://bugs.launchpad.net/ubuntu/+source/openafs/+bug/1423151
Type this to check your kernel version:
uname -r
To revert the change in your system, type:
sudo apt-get remove 3.13.0-46-generic
sudo update-grub
Then restart your computer.
Download the following:
sudo apt-get install openafs-client
sudo apt-get install openafs-modules-dkms
sudo apt-get install openafs-krb5
sudo apt-get install krb5-user
sudo apt-get install krb5-config
Make sure that you don't have any .keytab created yet. If so, erase it. If you want to check whats in your keytab type:
$ ktutil
ktutil: read_kt path_to_keytab/name_of_keytab
ktutil: list
Execute this commands, with your username:
$ ktutil
ktutil: addent -password -p ansantam@CERN.CH -k 1 -e aes256-cts
ktutil: addent -password -p ansantam@CERN.CH -k 1 -e arcfour-hmac-md5
ktutil: wkt .keytab
ktutil: q
See if your keytab works:
kinit -kt .keytab ansantam
If nothing appears in your prompt, it works. Move your .keytab file to /etc/ and rename it krb5.keytab.
Open the file /etc/openafs/ThisCell and add cern.ch
Open the file /etc/krb5.conf and replace it by this one
To avoid problems when connecting to lxplus with:
ssh user@lxplus
open the file /etc/ssh/ssh_config and make it look like this:
HOST lxplus*
ForwardX11 yes
ForwardX11Trusted no
GSSAPITrustDNS yes
HashKnownHosts yes
GSSAPIAuthentication yes
GSSAPIDelegateCredentials yes
Open the file /etc/crontab and add the following line:
@daily ID=afstoken kinit --renew
Kerberos only works if your computer clock is in close sync (certainly within 5 minutes) with CERN time servers.
In a normal computer you can do a one-off clock sync like typing the following:
ntpdate ntp.ubuntu.com
For CERN you'll need to install the ntp daemon, which will continuously keep your clock in accurate sync with the CERN time servers.
apt-get install ntp
Then add the following lines to your /etc/ntp.conf file, and comment or erase the lines for ubuntu time servers:
# CERN Client
server 137.138.18.69 version 4 #IP-TIME-0
server 137.138.16.69 version 4 #IP-TIME-1
server 137.138.17.69 version 4 #IP-TIME-2
# Disable remote access, but trust sources of time restrict default nomodify #noquery
restrict default nomodify noquery
# Allow hosts to query stats and ask for the time.
# eg restrict 123.123.123.123 nomodify
# Allow localhost to do everything.
restrict 127.0.0.1
#logconfig=all
More information here. Then restart the ntp service:
sudo service ntp restart
My way of obtaining my credentials is adding the following line in my .bash_aliases file:
alias afs="kdestroy && kinit -kt /etc/krb5.keytab ansantam -l 7d -r 1d ; aklog CERN.CH"
Like this I can obtain the credentials only by typping "afs" in the console.
What all of this means:
-
The "kdestroy" command deletes a Kerberos credentials cache file. More info here
-
The "kinit" command is used to get a Kerberos ticket. See "kinit"'s options here. We are using the keytab we just created to obtain the Kerberos ticket.
-
The "aklog" command is used to obtain tokens for authentication to AFS. More info here.
- Restart the console so your alias will work.
- Restart the AFS client:
sudo service openafs-client restart. - Login with the alias you chose (make sure you get ticket and token).
- Make sure the clocks are synced.
- Open the printer settings on your local computer.
- Click "Add"
- Select "Network printer" --> "LPD/LPR Host or printer"
- Look for the name of your printer here
- Write name.print.cern.ch in the field "Host" and name in "Queue" and press "Forward"
- Select brand and model of the printer
- Select the duplexer if it can print both sides of the paper
- Change the name of the printer to the original name provided by the CERN page provided above
- Print a test page
- Done!
Follow this link to my Evernote snippet about it.
- Install it
sudo apt-get install git - Activate the colors
git config --global color.ui auto - Create your SSH key following this link
- Download Python
sudo wget http://python.org/ftp/python/2.7.8/Python-2.7.8.tgz
tar zxf Python-2.7.8.tgz -C ~/software
cd ~/software/Python-2.7.8
./configure
make
sudo make install
- Install important things from source
git clone git://github.com/matplotlib/matplotlib.git
cd matplotlib
sudo python setup.py install
git clone git://github.com/numpy/numpy.git numpy
cd numpy
sudo python setup.py install
sudo wget http://cython.org/release/Cython-0.21.1.tar.gz
tar zxf Cython-0.21.1.tar.gz -C ~/software
cd ~/software/Cython-0.21.1
sudo python setup.py install
sudo apt-get install libblas-dev
sudo apt-get install liblapack-dev
git clone git://github.com/scipy/scipy.git scipy
cd scipy
sudo python setup.py install
git clone git://github.com/pydata/pandas.git
cd pandas
sudo python setup.py install
git clone git://github.com/mwaskom/seaborn.git
cd seaborn
sudo python setup.py install
- Install pip
sudo apt-get install python-pip
WARNING!: sudo apt-get install installs the packages in /usr/lib/python2.7 and pip install in /usr/local/lib/python2.7. If you mix up both installation methods it will give problems, so it's better to use pip only in your virtual environment.
- Instal virtual environments (click here to see how it works)
sudo pip install virtualenv
Download Adobe Reader (32 bit) from the Adobe site: ftp://ftp.adobe.com/pub/adobe/reader/unix/9.x/9.5.5/enu/AdbeRdr9.5.5-1_i386linux_enu.deb
sudo dpkg -i --force-architecture AdbeRdr9.5.5-1_i386linux_enu.deb
sudo apt-get -f install
sudo apt-get install libxml2:i386 lib32stdc++6
To set it as the default program to open pdfs:
mimeopen -d *.pdf
Open a document for the first time:
acroread <path>/<MyDocument>.pdf
- Chrome
- Dropbox
- Emacs (click here for my emacs configuration)
- Atom (click here)
- Subversion
- Terminator
- Pdflatex
sudo apt-get install texlive-latex-bas
- TexLive
https://github.com/scottkosty/install-tl-ubuntu