There are two methods for installing a new ACL. The first using a software suite called SystemImager (SI) and is largely automated. The second uses a set of custom-made perl scripts to install the latest packages and prep the system for use on our network.

The SI method is highly recommended over the manual method:

• The risk of human-error with the SI method is much less than the manual method
• There is a much greater chance of the newly imaged ACL actually being stable

If the new system has never been on our network before, you will probably need to do the following:

• Add the new host to DHCP:
  • note: you will need the MAC address for the machine. In many cases this can be found somewhere in the BIOS
  • forty-one:/etc/dhcp3/dhcpd.conf
    • host acl<#> { hardware ethernet <mac-address>; fixed-address 159.28.230.<free-IP>;}
• Add the new host to DNS:
  • quark:/etc/named/master/cs.zone and quark:/etc/named/master/159.28.230.zone
    • acl<#>.cs.earlham.edu. IN A 159.28.230.<free-IP> in cs.zone
    • <free-IP> IN PTR acl<#>.cs.earlham.edu. in 159.28.230.zone
    • Be sure after you make a change to the zone files that you change the serial numbers at the top of both files before restarting the service.
    • Charlie will hurt you if you don't add the reverse entries as well as the forward.

1. Follow the above steps for adding the host to DHCP/DNS (if needed)
2. Set the bios to allow PXE booting
3. Boot from "Onboard Network Controller"
4. Get a cup of coffee.

• The ACL must have a DHCP entry and a reverse lookup entry.
• If the ACL is already imaged and just requires an update, as root use:
  • screen -d -m /root/force-update.sh
    • If for whatever reason you don't have screen, do apt-get install screen
• The image's location is /var/lib/systemimager/images/ACL_PROD/ on forty-X.

1. Install debian/ubuntu using your favorite method
2. Download SI's install script (preferably into its own directory):
   1. wget http://download.systemimager.org/pub/sis-install/install
3. Run the install script:
   1. ./install -v --download-only --tag stable --directory . systemconfigurator systemimager-client systemimager-common systemimager-initrd-template-i386
4. Install the .debs:
   1. dpkg -i *.deb
   2. dpkg may complain about not having libappconfig-perl. Install it using apt-get install libappconfig-perl and then re-run the above dpkg command.
5. Run si_updateclient:
   1. si_updateclient --server forty-two.cs.earlham.edu --image ACL_PROD --yes --reboot
   2. You may want to run this in a detached screen if updating remotely. Run screen -d -m si_updateclient ... to do this.

1) Initial machine setup:

• Follow the above steps for adding the host to DHCP/DNS (if needed)
• Boot from any Ubuntu 6.10/7.10/8.10 install CD and run the "Install" shortcut located on the desktop.
• During the initial install:
  • Username: csadmin
  • Pass: insecure password
  • HDD Partitioning: / (25GB), swap (3GB), and the rest (Left as unlabeled for now).

2) Login as root.

3) Run the pkg-install.pl script. It can be found in the subversion repository called "acl". Anyone can checkout this repository by issuing the command: svn checkout file:///clients/users/svn/acl acl -- on Quark -- which will create a new directory "acl" that contains the script and all associated files. Scp the directory to the machine you're imaging.

Run the script. It can take a number of arguments, to see all of them, run ./pkg-install.pl -h. Chances are you're going to just use -r to automagically do a reboot once the script is done (you want to reboot the machine when it's done anyways).

4) Once that's done and you've rebooted, su to root (you won't be able to login as root from here) and remove csadmin from the admin group -- effectively revoking all of its sudo privileges -- and set the root password (by using passwd) to the secure password.

• The packages requiring user input are installed first so waiting for them to come up shouldn't take too long. Just accept the default unless you know something better.
  • The "logwatch" package is a much more interactive configuration step; you'll want to start with option (3) and from there the answers are pretty self explanatory.
• Put answers to questions here, e.g. LDAP configuration.
• Issues with Java
  • Due to licensing issues, the "apt-get install" process requires the jdk-6-doc.zip file to already exist on the system before the java packages can be installed. The pkg-install script has the necessary plumbing to automate this. However, should it fail, download "Java SE 6 Documentation" from here and put it in /tmp on the ACL in question.
• You'll also likely want to copy Quark's root's ssh pubic key to the appropriate location on the now-imaged machine.
• Should you want to add another package to the script, the procedure for doing so is fairly simple:
  • Update your local copy of the ACL svn project
  • Append the desired package to "pkglist" making sure it's in the format package-name,,
  • Commit the pkglist file back into the project
• To specify a custom .deb to install, add a line to "pkglist" that is in the format ,location,
  • location can either be a fully qualified path for a deb on the local machine (e.g. ~/package.deb or /usr/package.deb) or a web address recognizable by wget.
• To have the script run a custom script (for example, to link the necessary files to make a shared library work) add a line to "pkglist" in the format ,,script-name
  • The main script will attempt to execute "script-name" making the assumption that it is both executable and in the current directory. (So you will need to add the script to the svn project).

This experimental procedure should only be followed as a last resort should we find ourselves doing an upgrade of an OS. This was mainly implemented because Ubuntu's apt-get dist-upgrade broke some of the packages required to make a machine an 'ACL'.

• Get package list from current, existing ACL Image using and write it to a file:
  • dpkg --get-selections | awk '{ print $1 }' >> file1
• Import the package list onto the barebones Ubuntu machine and get a new package list file2. Sort the differences between the two package lists and write them to a new file
  • cat file1 file2 file2 | sort | uniq -u >> file3
• The new package list has to be in the format accepted by the pkg-install.pl script mentioned earlier under 'Manual Method'. Brian Purcell was kind enough to write a perl script that automated this process:

  #!/usr/bin/perl
   open(fd, "file3");
   
   while (<fd>)
   {
    chomp $_;
       print "$_,,\n"
   }

• Run the perl script and write the output to the file pkglist
• Run the pkg-install.pl script ut supra