Linux Administration & Maintenance: Difference between revisions
Line 8: | Line 8: | ||
musashi.iat.sfu.ca:/export/gentoo/distfiles on /mnt/distfiles | musashi.iat.sfu.ca:/export/gentoo/distfiles on /mnt/distfiles | ||
and specifying that in your make.conf. The NFS route ensures that downloaded files go back into the mirror." | and specifying that in your make.conf. The NFS route ensures that downloaded files go back into the mirror." | ||
<br | <br> | ||
[[Gentoo Local-Mirror Operation]] | [[Gentoo Local-Mirror Operation]] | ||
Revision as of 17:02, 1 December 2006
Gentoo
On-Campus, we can speed installation/updates by using a local source; in your /etc/make.conf:
GENTOO_MIRRORS="http://mirror.iat.sfu.ca/gentoo/"
An alternative is to use an NFS mount, but if NFS breaks or is unavailable... :-(
Robin: "For best performance, I recommend mounting
musashi.iat.sfu.ca:/export/gentoo/distfiles on /mnt/distfiles
and specifying that in your make.conf. The NFS route ensures that downloaded files go back into the mirror."
Gentoo Local-Mirror Operation
LDAP Authentication, and Home-Directory AutoMounting
First, make sure you have the necessary packages on your system:
hostname ~ # emerge -v pam_ldap nss_ldap autofs
There are five configuration files, and three directories which must be correct:
/etc/ldap.conf /etc/nsswitch.conf /etc/autofs/auto.master /etc/pam.d/system-auth /bin/localshell /home/users/ /home/projects/ /etc/localshell/
Create the necessary directories:
hostname ~ # mkdir /home/users hostname ~ # mkdir /home/projects hostname ~ # mkdir /etc/localshell
Copy over the /etc/localshell/* and /bin/localshell from a working machine.
Example /etc/ldap.conf, with commented-out portions omitted
# Your LDAP server. Must be resolvable without using LDAP. host 209.87.56.238 # The distinguished name of the search base. base dc=iat,dc=sfu,dc=ca # The distinguished name to bind to the server with. binddn cn=Reader,dc=iat,dc=sfu,dc=ca # The credentials to bind with. bindpw <supersecret!!> # RFC2307bis naming contexts nss_base_passwd ou=Users,dc=iat,dc=sfu,dc=ca nss_base_shadow ou=Users,dc=iat,dc=sfu,dc=ca nss_base_group ou=Group,dc=iat,dc=sfu,dc=ca nss_base_hosts ou=Hosts,dc=iat,dc=sfu,dc=ca nss_base_services ou=Services,dc=iat,dc=sfu,dc=ca nss_base_networks ou=Networks,dc=iat,dc=sfu,dc=ca nss_base_protocols ou=Protocols,dc=iat,dc=sfu,dc=ca nss_base_rpc ou=Rpc,dc=iat,dc=sfu,dc=ca nss_base_ethers ou=Ethers,dc=iat,dc=sfu,dc=ca nss_base_netmasks ou=Networks,dc=iat,dc=sfu,dc=ca nss_base_bootparams ou=Ethers,dc=iat,dc=sfu,dc=ca nss_base_aliases ou=Aliases,dc=iat,dc=sfu,dc=ca nss_base_netgroup ou=Netgroup,dc=iat,dc=sfu,dc=ca
Example nsswitch.conf:
passwd: compat ldap shadow: compat ldap group: compat ldap # passwd: db files nis # shadow: db files nis # group: db files nis hosts: files dns networks: files dns services: db files protocols: db files rpc: db files ethers: db files netmasks: files netgroup: files bootparams: files automount: files aliases: files
Example /etc/autofs/auto.master
/home/users ldap:209.87.56.238:ou=home.users,ou=AutoFS,dc=iat,dc=sfu,dc=ca /home/projects ldap:209.87.56.238:ou=home.projects,ou=AutoFS,dc=iat,dc=sfu,dc=ca
Example /etc/pam.d/system-auth
auth required /lib/security/pam_env.so auth sufficient /lib/security/pam_unix.so likeauth nullok auth sufficient /lib/security/pam_ldap.so use_first_pass auth required /lib/security/pam_deny.so account required /lib/security/pam_unix.so account sufficient /lib/security/pam_ldap.so password required /lib/security/pam_cracklib.so retry=3 password sufficient /lib/security/pam_unix.so nullok md5 shadow use_authtok password sufficient /lib/security/pam_ldap.so use_authtok password required /lib/security/pam_deny.so session required /lib/security/pam_limits.so session required /lib/security/pam_unix.so session required /lib/security/pam_ldap.so
Rescuing a Gentoo System
boot from a CD, typically
boot: gentoo
enable swap
livecd root # swapon /dev/sda2
mount the main (root) partition, optionally the boot partition
livecd root # mount /dev/sda3 /mnt/gentoo livecd root # mount /dev/sda1 /mnt/gentoo/boot
get some networking going
livecd root # dhcpcd & livecd root # ifconfig eth0 up livecd root # ifconfig (verify we got an IP)
prepare for chrooting
livecd root # mount -o bind /proc /mnt/gentoo/proc livecd root # mount -o bind /dev /mnt/gentoo/dev livecd root # mount -o bind /sys /mnt/gentoo/sys
set up a new environment root
livecd root # cd /mnt/gentoo livecd gentoo # chroot /mnt/gentoo /bin/bash livecd / # env-update livecd / # source /etc/profile
Now, do your rescue work. Good luck!
To back out of the chroot, and check your fix(es)
livecd / # exit livecd root # cd / livecd root # umount /mnt/gentoo/boot /mnt/gentoo/proc /mnt/gentoo/dev /mnt/gentoo/sys /mnt/gentoo livecd root # reboot
SUSE
On-Campus, we can speed installation/updates by using a local source:
nfs://export/mirror/suse
- TODO: Instructions for install with LDAP working
- TODO: Instructions for auto-update configuration
RedHat/Fedora
- TODO: Instructions for install with LDAP working
FreeBSD
- TODO: Instructions on configuring the firewall on Dreadnought