CC7 - Installation instructions

Before you start
Check that your machine is properly registered (in case it is on the CERN network) Check that CERN Domain Name Service is updated for your machine (in case it is in the CERN network):   host yourmachine command should return an answer. Check that your machine meets minimum system requirements Memory: Minimum 2 GB (system will run with 1 GB but performance will be affected) Disk space: 10 GB (including 1 GB user data) for default setup ( 1 GB for minimal setup) Please see Network/PXE installation procedure at: Linux Installation, if you use it you may skip following points up to system installation. Prepare boot media (you will need a single recordable CD or USB memory key). ( Check the boot media preparation page for instructions how to prepare (and check) your boot media.) Available boot media - boot CD/USB image: http://linuxsoft.cern.ch/cern/centos/7/os/x86_64/images/boot.iso Installation method - http: use: http://linuxsoft.cern.ch/cern/centos/7/os/x86_64/ as installation path. Note: use CD/USB image installation method ONLY if Network/PXE installation is not possible.
System installation
	Installation language and keyboard selection
	Select 'Installation Destination', 'Date & Time', 'Installation Source' and 'Software Selection' are already preselected.
	Select the device to be used for the installation.
	If selected device has been already used for previous version of operating system use 'Reclaim space'
	Select 'Begin installation'
	Set 'root' (administrative account) password. Note: 'User creation' option creates only local user accounts, NOT CERN accounts.
	Installation complete.
Firstboot configuration adjustment
Warning On certain hardware, you may see the following license screen for a short while and then it will disapear. You can press CTRL+ALT+F1 to continue the installation. This bug is being investigated by Linux support team. On first system boot, following configuration screens, allowing customization your system for use in CERN computing environment, will be shown.
	License information.
	CERN customization screen will allow setup of system updates mode and if AFS / CVMFS / EOS client should start on system boot. Site configuration defaults will be applied for Kerberos 5, sendmail etc... Note As of CERN CentOS 7.3 EOS and CVMFS clients are provided as a TEST to encourage users migration from AFS. Note We recommend to accept default settings which should be correct for most of CERN users.
Logging in
	Login screen (note: no user list is shown since no local user accounts have been created)
Manual post-install configuration adjustment
If you have selected not to run X graphical environment on your machine, or you have installed system using kickstart and you want to apply site configuration settings, here is a short recipe: AFS client Run /usr/bin/locmap --configure afs Run /usr/bin/locmap --configure ntp to preconfigure AFS client for CERN site (and AFS logins) Automatic update system (can also be set for machines outside CERN network)   Edit /etc/sysconfig/yum-autoupdate and set: YUMUPDATE=0 to be informed about available updates (by e-mail to root) YUMUPDATE=1 for the automatic updates to be applied   Next configure automatic update system: /usr/bin/systemctl enable yum-autoupdate Apply CERN site configuration defaults run /usr/bin/locmap --configure all to configure all enabled modules in your system, defaults are sudo, sendmail, afs, ntp, kerberos, nscd, ssh and lpadmin    You can use /usr/bin/locmap --list to check all the available puppet modules with their current state. Configure CVMFS filesystem run /usr/bin/locmap --enable cvmfs to enable the cvmfs puppet module and then run /usr/bin/locmap --configure cvmfs to setup CVMFS filesystem Configure EOS Fuse client run /usr/bin/locmap --enable eosclient to enable the eosclient puppet module and then run /usr/bin/locmap --configure eosclient to configure EOSclient Check currently running/enabled services via /usr/bin/systemctl list-units turn off those services you don't need: /usr/bin/systemctl stop servicename; /usr/bin/systemctl disable servicename turn on other services (once you configured them) via /usr/bin/systemctl enable servicename, To immediately start the service, use /usr/bin/systemctl start servicename
Locmap default puppet modules will configure user accounts, root access, printers
After the successfull installation and initial configuration of the system, if the computer is on the CERN network and you chose the default options locmap script should have already create user accounts, provide root access, add printers, ... based on the Xldap information of the device. Otherwise as root, run: # /usr/bin/locmap --configure all This will: Forward root e-mails to the LANdb responsible by updating /root/.forward Configure /root/.k5login to allow Kerberized root access for the LANdb responsible Configure /ets/sudoers to allow sudo root access for the LANdb responsible Add AFS accounts for the LANdb responsible and main users. Add printers in the building(s) where the machine resides and where the LANdb responsible and main users have their offices. Note that this tool expands E-groups. Alternatively, you can (as root): run /usr/sbin/addusercern my_login_id to add AFS user accounts edit /root/.forward to forward e-mails sent to the root account, and make sure the SElinux context is correct. Example: # cat /root/.forward User.Name@cern.ch # restorecon /root/.forward # ls -Z /root/.forward -rw-r--r--. root root system_u:object_r:mail_home_t:s0 /root/.forward edit /root/.k5login to allow kerberized root logins, and make sure the SElinux context is correct. Example: # cat /root/.k5login my_login_id@CERN.CH # restorecon /root/.k5login # ls -Z /root/.k5login -rw-r--r--. root root system_u:object_r:krb5_home_t:s0 /root/.k5login add centrally managed printers with /usr/sbin/lpadmincern printername --add A list of all printers available at CERN in given building can be obtained using: # /usr/sbin/lpadmincern --building XXXX --list
Applying software updates
You should update your system immediately after its installation: Eventual security errata and bug fixes will be applied this way before you start using it. As root run: # /usr/bin/yum -y update to apply all available updates.
Linux.support@cern.ch