Installing Debian

From MyWiki

Revision as of 03:10, 29 October 2009 by Jbasney (Talk | contribs)
(diff) ← Older revision | Current revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Here are some notes on installing Debian Linux at NCSA. You may prefer a different configuration. Some of this configuration is specific to NCSA. Your best resource for Debian installation documentation is debian.org. In particular, see the Debian Network Install Page.

Network Install

  1. Download the stable netinst CD image from the Debian Stable Installer page or download the testing netinst CD image from the Debian Test Installer page and burn it to a CD. stable uses older, verified package versions suitable for a server environment, while testing uses newer packages more suitable for a development environment.
  2. Boot from the CD. For troubleshooting during the installation, you can type Ctrl-Alt-F2 then Enter to get a terminal.
  3. Press Enter at the boot prompt to install the 2.4 kernel. If you want a 2.6 kernel, type linux26 at the boot: prompt instead.
  4. Choose English, United States, and American English.
  5. On machines with multiple network interfaces, choose the interface that is connected to the internet when prompted.
  6. The installer should now obtain an IP address via DHCP and prompt you to enter a computer name. If not, check your network cable. If the hostname isn't correct, just set it to what you want it to be and proceed.
  7. Set the domain name to ncsa.uiuc.edu.
  8. Choose to erase the entire disk for partitioning unless you want to save something.
  9. Choose "All files in one partition" unless you have a different preference.
  10. Finish partitioning.
  11. Write changes to disks.
  12. Choose to install GRUB boot loader to the MBR.
  13. Remove CD-ROM and continue.
  14. Reboot.
  15. Set hardware clock to GMT. Central Time Zone.
  16. For best performance on the UIUC campus, choose to configure the Debian archive access method manually and enter the following configuration for a stable installation: 
    deb http://debian.cites.uiuc.edu/pub/debian/ stable main contrib non-free
deb-src http://debian.cites.uiuc.edu/pub/debian/ stable main contrib non-free

    or for a testing installation: 

    deb http://debian.cites.uiuc.edu/pub/debian/ testing main contrib non-free
deb-src http://debian.cites.uiuc.edu/pub/debian/ testing main contrib non-free

    (In the nano editor, you can use Ctrl-k (kut) to delete a line and Ctrl-u (unKut) to multiply paste it.) Otherwise, choose HTTP for the Debian archive access method and pick a mirror. Leave HTTP proxy blank.

  17. Choose any desired software to install from the list, such as a Desktop environment. For a custom system, you may not want to choose any software to install at this step.
  18. For Exim configuration, choose "mail sent by smarthost; received via SMTP or fetchmail". System mail name is hostname.ncsa.uiuc.edu. Listen on 127.0.0.1. Outgoing mail to smtp.ncsa.uiuc.edu. Root and postmaster mail recipient: real-root does that work??
  19. Login and su to root.
  20. Update your installed packages:
    apt-get update; apt-get dist-upgrade
    You'll need to run this periodically to keep your system up-to-date.
  21. Subscribe to the debian-security-announce mailing list to be informed of security advisories. See the Debian Security Information Page for more information about Debian security.
  22. Make sure you have a fully-qualified hostname in /etc/hostname.
  23. If you upgraded the kernel, you should reboot:
    /sbin/shutdown -r now

    Customization

  24. Login and su to root.
  25. Secure Debian:
    apt-get remove netkit-inetd (No longer installed by default.)
    apt-get install harden harden-doc harden-servers checksecurity
  26. Install some more useful software. For example:
    apt-get install ssh-krb5 emacs21 fetchmail mozilla-firefox tetex-extra xpdf ncftp openafs-client openafs-krb5 openafs-modules-source krb5-user krb5-config krb5-clients openssl libpam-openafs-session libpam-krb5 ntp-server ntpdate ngrep equivs java-common cvs cvsutils sudo sysutils valgrind libkrb5-dev libssl-dev zlib1g-dev zlib1g libpam0g-dev
    • Enter "NCSA.EDU" for the Kerberos realm. Enter "kerberos.ncsa.uiuc.edu kerberos-1.ncsa.uiuc.edu kerberos-2.ncsa.uiuc.edu" for the realm. Enter "kadmin.ncsa.uiuc.edu" for the administrative server. Add ".ncsa.uiuc.edu = NCSA.EDU" in the [domain_realm] section of /etc/krb5.conf.
    • Enter "ncsa.uiuc.edu" for the AFS cell. Set AFS cache size to 2000000 kB (2GB). Choose to dynamically generate the contents of /afs.
  27. Now that mozilla-firefox is installed, open NCSA Network Activation to register this machine on the NCSA network.
  28. Install a kernel optimized for your system. (I found that the default kernel for Debian 4.0 had SMP support. However, the kernel-headers-<version> packages are now called linux-headers-<version> where the version can be found by uname.) For example:
    apt-get install kernel-image-2.4-686-smp
    or
    apt-get install kernel-image-2.6-686-smp
    apt-cache search "^kernel-image" will list your options.
  29. Install the openafs-modules (Seems problematic with 64 bit kernels) (see /usr/share/doc/openafs-client/README.modules):
    apt-get install module-assistant
    module-assistant prepare openafs-modules
    module-assistant build,install openafs-modules
    /etc/init.d/openafs-client start
  30. Add /afs/ncsa alias. Create /etc/openafs/CellAlias containing:
    ncsa.uiuc.edu ncsa
  31. Set X11Forwarding yes and PermitRootLogin no in /etc/ssh/sshd_config.
  32. Set NTP servers in /etc/ntp.conf and /etc/default/ntpdate. For NCSA hosts, use ntp.ncsa.uiuc.edu.
  33. Add /etc/sysprofile.d:
    apt-get install sysprofile
  34. Add the following to the end of /etc/profile to activate sysprofile.d: 
    if [ -f /etc/sysprofile ]; then
  . /etc/sysprofile
fi
  35. In some cases, I don't get an AFS token on login with the above configuration, so I also create /etc/sysprofile.d/aklog.bash containing the following: 
    if [ "$KRB5CCNAME" ]; then
  tokens | grep "tokens for afs@ncsa.uiuc.edu" > /dev/null;
  if [ $? == 1 ]; then
    aklog;
  fi
fi
  36. Add your host to the NCSA Kerberos database.
  37. Install Sun's J2SE SDK (Seems not to work anymore. It may just be that the ftp.tux.org site is down.). Add 
    deb ftp://ftp.tux.org/pub/java/debian stable non-free

    to /etc/apt/sources.list and run:
    apt-get install j2sdk1.4 j2sdk1.4-doc

    Download .doc from http://java.sun.com/j2se/1.4.2/download.html to /tmp directory.

    UPDATE ==>> Since Sun has released java as GPL, it is preferable to use the debian packages:

    To install the java docs, download version 5 from http://java.sun.com/j2se/1.5.0/download.html and version 6 from http://java.sun.com/javase/downloads/index.jsp. The lynx text browser had trouble finding the SSL cert common name, so a regular graphic browser was required. The jdk-1_5_0-doc.zip or jdk-6-doc.zip files should end up in /tmp. 

    apt-get install sun-java5-jdk sun-java5-plugin sun-java5-fonts sun-java5-doc
apt-get install sun-java6-jdk sun-java6-plugin sun-java6-fonts sun-java6-doc

    The installations go to /usr/lib/jvm/[java-1.5.0-sun/|java-6-sun/] instead of the previous /usr/bin/.

  38. Install ant after Sun's SDK
    apt-get install ant
  39. Setup printing (Seems that the printcap file on AFS has been deprecated)
    cp /afs/ncsa/common/etc/printcap /etc/printcap
    apt-get install lprng
  40. Setup PAM for Kerberos logins. Change /etc/pam.d/common-auth to contain only: 
    auth    [success=ok default=1] pam_krb5.so forwardable
auth    [default=done]  pam_openafs_session.so
auth    required        pam_unix.so nullok_secure try_first_pass

    Change /etc/pam.d/common-session to contain: 

    
session    optional     pam_krb5.so
session    optional     pam_openafs_session.so
session    required     pam_unix.so
  41. Add users:
    grep USERNAME /afs/ncsa/common/etc/passwd
    adduser --uid UID --disabled-password USERNAME
  42. Run visudo to setup sudo permissions for yourself and others.
  43. For Dells with ATI (Radeon) graphics chips, to get X-windows to show up in higher than 800x600 resolution, edit /etc/X11/XF86Config-4 as follows. Change the Driver line in Section "Device" from Driver "vesa" to Driver "ati" and change the Modes line in: 
    SubSection "Display"
        Depth     24
        Modes    "800x600" "640x480"
EndSubSection

    to: 

    SubSection "Display"
        Depth     24
        Modes    "1280x1024" "800x600" "640x480"
EndSubSection
  44. If desired, change to using a static IP address rather than DHCP:
    1. apt-get install resolvconf
    2. Edit /etc/network/interfaces. For example: 
      # The primary network interface
auto eth0
#iface eth0 inet dhcp
#       pre-up iptables-restore < /etc/iptables.up.rules
iface eth0 inet static
        address 141.142.234.9
        netmask 255.255.255.0
        gateway 141.142.234.1
        pre-up iptables-restore < /etc/iptables.up.rules
        dns-search ncsa.uiuc.edu
        dns-nameservers 141.142.2.2 141.142.230.144

Retrieved from "http://mywiki.ncsa.uiuc.edu/wiki/Installing_Debian"
Personal tools