CERN Hacks

This Gist is a guide on how to setup your computer at CERN with Ubuntu 14.04 LTS. Last tested by myself on a brand new computer on 18/11/2014, proof tested by @Alea88.

How To Acces AFS

Step 1: install packages

Download the following:

sudo apt-get install openafs-client
sudo apt-get install openafs-modules-dkms
sudo apt-get install openafs-krb5
sudo apt-get install krb5-user
sudo apt-get install krb5-config

Step 2: generate your keytab

Make sure that you don't have any .keytab created yet. If so, erase it. If you want to check whats in your keytab type:

$ ktutil
ktutil: read_kt path_to_keytab/name_of_keytab
ktutil: list

Execute this commands, with your username:

$ ktutil
ktutil: addent -password -p gcampogi@CERN.CH -k 1 -e aes256-cts
ktutil: addent -password -p gcampogi@CERN.CH -k 1 -e arcfour-hmac-md5
ktutil: wkt .keytab
ktutil: q

See if your keytab works:

kinit -kt .keytab gcampogi

If nothing appears in your prompt, it works. Move your .keytab file to /etc/ and rename it krb5.keytab.

Step 3: use "cern.ch" as default AFS cell

Open the file /etc/openafs/ThisCell and add cern.ch

Step 4: setup kerberos5 authentication

Open the file /etc/krb5.conf and replace it by this one

Step 5: avoiding SSH errors

To avoid problems when connecting to lxplus with:

ssh user@lxplus

open the file /etc/ssh/ssh_config and make it look like this:

HOST lxplus*
    ForwardX11 yes
    ForwardX11Trusted no
    GSSAPITrustDNS yes
    HashKnownHosts yes
    GSSAPIAuthentication yes
    GSSAPIDelegateCredentials yes

Step 6: renew your token automatically

Open the file /etc/crontab and add the following line:

@daily ID=afstoken kinit --renew

Step 7: time sync

Kerberos only works if your computer clock is in close sync (certainly within 5 minutes) with CERN time servers.

In a normal computer you can do a one-off clock sync like typing the following:

ntpdate ntp.ubuntu.com

For CERN you'll need to install the ntp daemon, which will continuously keep your clock in accurate sync with the CERN time servers.

apt-get install ntp

Then add the following lines to your /etc/ntp.conf file, and comment or erase the lines for ubuntu time servers:

# CERN Client
                   
server 137.138.18.69 version 4 #IP-TIME-0
server 137.138.16.69 version 4 #IP-TIME-1
server 137.138.17.69 version 4 #IP-TIME-2
                   
# Disable remote access, but trust sources of time restrict default nomodify #noquery
restrict default nomodify noquery

# Allow hosts to query stats and ask for the time.
# eg restrict 123.123.123.123 nomodify

# Allow localhost to do everything.
restrict 127.0.0.1

#logconfig=all

More information here. Then restart the ntp service:

sudo service ntp restart

Step 8: automatize identification

My way of obtaining my credentials is adding the following line in my .bash_aliases file:

alias afs="kdestroy && kinit -kt /etc/krb5.keytab gcampogi -l 7d -r 1d ; aklog CERN.CH"

Like this I can obtain the credentials only by typping "afs" in the console.

What all of this means:

• The "kdestroy" command deletes a Kerberos credentials cache file. More info here

• The "kinit" command is used to get a Kerberos ticket. See "kinit"'s options here. We are using the keytab we just created to obtain the Kerberos ticket.

• The "aklog" command is used to obtain tokens for authentication to AFS. More info here.

Debugging

• Restart the console so your alias will work.
• Restart the AFS client: sudo service openafs-client restart.
• Login with the alias you chose (make sure you get ticket and token).
• Make sure the clocks are synced.

NOTE

With the kernel upgrade from 3.13.0-45-generic to 3.13.0-46-generic AFS stops working: read more

Type this to check your kernel version:

uname -r

To revert the change in your system, type:

sudo apt-get remove 3.13.0-46-generic
sudo update-grub

Then restart your computer.

References

• Ome Gak
• linux.web.cern.ch
• akorneev.web.cern.ch
• Yngve's blog

How To Install a CERN Printer

• Open the printer settings on your local computer.
• Click "Add"
• Select "Network printer" --> "LPD/LPR Host or printer"
• Look for the name of your printer here
• Write name.print.cern.ch in the field "Host" and name in "Queue" and press "Forward"
• Select brand and model of the printer
• Select the duplexer if it can print both sides of the paper
• Change the name of the printer to the original name provided by the CERN page provided above
• Print a test page
• Done!

How to install Spotify

Follow this link to my Evernote snippet about it.

Setting up Git

• Install it sudo apt-get install git
• Activate the colors git config --global color.ui auto
• Create your SSH key following this link

Setting up Python

• Download Python

wget http://python.org/ftp/python/2.7.8/Python-2.7.8.tgz

• Untar it, acces the folder and

./configure
make
sudo make install

• Install important things

sudo apt-get install python-numpy python-scipy python-matplotlib ipython ipython-notebook python-pandas python-sympy python-nose

• Install pip

sudo apt-get install python-pip

• Instal virtual environments (click here to see how it works)

sudo pip install virtualenv

Installing Adobe Reader and setting it as default

Download Adobe Reader (32 bit) from the Adobe site: ftp://ftp.adobe.com/pub/adobe/reader/unix/9.x/9.5.5/enu/AdbeRdr9.5.5-1_i386linux_enu.deb

sudo dpkg -i --force-architecture AdbeRdr9.5.5-1_i386linux_enu.deb
sudo apt-get -f install
sudo apt-get install libxml2:i386 lib32stdc++6

To set it as the default program to open pdfs: mimeopen -d *.pdf

Open a document for the first time: acroread <path>/<MyDocument>.pdf

Things to install

• Chrome
• Dropbox
• Emacs (click here for my emacs configuration)
• Atom (click here)
• Subversion
• Terminator
• Pdflatex

sudo apt-get install texlive-latex-bas

• TexLive https://github.com/scottkosty/install-tl-ubuntu