Installing a New Desktop

Windows

If it’s going to have windows, install windows first. If you’re installing any games, etc, give windows 200GB? or so, since many are multi-gigabyte. Leave the rest of the disk blank

Install Windows

  • Grab the ISO from .../group/admins/scratch/windows/iso if you need it

  • Grab the various component installers from .../group/admins/scratch/windows/installers, too. (Just both/ and NNbit for your particular NN; probably 64.)

  • Go through the windows install procedure. Use the usual admin password.

  • Set the license server: Run cmd and type

    cscript \windows\system32\slmgr.vbs -skms jhkms1.win.ad.jhu.edu
cscript \windows\system32\slmgr.vbs -dli

    It should indicate “Licensed”.

  • Install some programs

    • Kerberos (kfw-…)
    • Network Identity Manager (netidmgr-…)
    • OpenAFS client (openafs-…)
    • OpenAFS utilities (openafs-…-tools-…; these are 32 bit regardless)
    • SCEP (scepinstall.exe)
    • Firefox
    • VLC

    Kerberos, NIM, and OpenAFS should be installed in that order.

  • Map the Z: drive to /afs/acm.jhu.edu (go to NETWORK/AFS, right click). Choose to map automatically.

  • Create an ACM guest account with the usual password

Debian Linux

Installation

  • Install ssh server (at least)
  • Preeeety much just keep pressing enter until it’s done.
    • For expedience, you may wish to not select any optional software and do that later, when it can be mostly fire-and-forget.
    • Be sure to create a large partition (50G) for /var/cache/openafs
    • You may want to only allocate 50-100G as the root partition and give the rest to a /var/games/steam or the like. This is currently not standard.
  • Reboot into your new world

Configure networking

If you’re behind CS, you want a /etc/network/interfaces file like the below; it is very important to use CS’s resolvers and not ours because various services (like http://isis.jhu.edu) have different internal and external addresses, with the border gateway not properly set up to handle seeing the external addresses from internal hosts.

auto lo
iface lo inet loopback

auto eth0
iface eth0 inet static
    address 128.220.35.177
    netmask 255.255.255.0
    gateway 128.220.35.1
    dns-nameservers 128.220.13.50
    dns-nameservers 10.200.1.1
    dns-nameservers 10.200.2.2
    dns-search acm.jhu.edu

(If this is on the 70. network, substitute s/35/70/ as appropriate).

Install the ACM meta-package

Follow the instructions here to install the jhuacm apt repository (as of August 2015).

You want to install the jhuacm-desktop package. Answer the configuration options as indicated below:

AFS CELL        acm.jhu.edu
KRB REALM       acm.jhu.edu
LDAP SERVER     ldap://ldap.acm.jhu.edu
LDAP BASE       dc=acm,dc=jhu,dc=edu
LDAP tables     passwd, group

It might ask about LDAP bindings for root; I left it blank.
Better would be to answer no if it asks if you want that.

https://www.acm.jhu.edu/~admins.pub/systems/metapackages-and-apt.html#installing-the-repository

Then, once an AFS client is running (check systemctl status openafs-client, note that you may need to restart this service once because of a debian bug), run the desktop-postinstall.sh script located at /afs/acm.jhu.edu/group/admins.pub/scripts/desktop-postinstall.sh. I (bjr) have commented out the “apt-get install” part of this script but the rest still works.

At this point you should be set!

Install desktop environments

The metapackages currently do not pull in any desktop environments. Everyone has different feelings about desktop environments, obviously.

I (bjr) usually install and configure KDE4+kdm as the default when doing a desktop install. This was the state of most desktops before my time, too. jhuacm-desktop should probably (but does not currently) install the full set of DEs/WMs we want to offer: some collection of desktops and tiling window managers.

For the moment, KDE + GNOME + i3 + awesome is probably a good starter set.

What desktop-postinstall does:

You don’t need to do any of this (the script does it for you), but the documentation has been preserved here regardless.

Follow the instructions in SSH to harden the SSH configuration.

Add the following lines via visudo:

%desktopadmins ALL=(ALL:ALL) ALL
%sysadmins ALL=(ALL:ALL) ALL

In /etc/pam.d/common-auth, remove the “pam_afs_session.so” line (or just comment it out). This will prevent AFS tokens from going away when a user runs sudo.

Follow the hard-mount semantics instructions in AFS Client Configuration.

If you skipped task selection before, do so now.