Setting up Gentoo at CMU

A guide by Jim McCann.

Introduction

I like to be able to use custom kernels, and I don't really like redhat (err, fedora), and so I decided -- after three years of working with the facilities install of fedora core 3 -- to move to my own install of Gentoo. At this point, everything appears to be working just fine -- but there were some tricky bits to the install. I hope these notes help you out. Feel free to contact me with questions or if you want specific config files. Of course, installing your own OS is a declaration of your willingness to go it alone!

Watch Out

I use static copies of many globally-synchronized configure files in this process; this means that inevitably they will get out of date at some point (like when printers are added or removed). Keep this in mind!

If you happen to come up with a quick shell script or otherwise that can sync them from their sources in depot/wherever let me know.

Install Medium

I used install-amd64-minimal-2008.0.iso as the install image, as this was the most up-to-date at the time.

I had some problems with install cds being various shades of flaky, and I figured I'd save some plastic trees, so I went with a LiveUSB install. The gentoo docs tutorial was quite out of date, so I ended up using part of this guide and the method of this post to actually make the stick bootable.

Thinking back now, I wonder if you could just boot the install kernel from a grub prompt without actually putting grub on the usb stick. (I.e. use the already-installed-on-hard-disk grub.)

Installation

I proceeded as per the handbook. Notes per section follow.

Preparing the disks

Disk shows up as /dev/hda (unexpected, as it's a SATA drive). This was probably because my SATA controller was not set to native mode in the BIOS. The partition layout from facilities is:

Thus, I wipe hda[1-3], which gives me enough for a standard /boot, swap, /, layout. (Saving redhat means I don't lose all my precious research results and I can pull config files over as needed.)

Installing Files

Waterloo looks like a good mirror (at least for the portage snapshot) as I was pulling something like 8 meg/sec. Skipping '-v' might be a good idea if using an svga terminal as scrolling seems to be the most intensive part of the process of un-tarring.

Even if /proc/cpuinfo says 'pentium4' setting '-march=pentium4' in the use flags is a bad idea (because gcc doesn't want to generate 64-bit code for this architecture).

For reference: I set USE="svg alsa mmx sse sse2 unicode acpi lm_sensors vim-syntax gtk X -cups png truetype type1 opengl spell xinerama latex jpeg tiff nls cjk". (I brought back 'cups' later.)

Installing the base system

I don't like interactive mode much, so I use:

mirrorselect -o -s 3

(Which for some reaon doesn't select Waterloo!)

mirrorselect -o -D -s 3

I used the 'desktop' profile and the en_US.UTF-8 locale.

Configuring the Kernel

Note: don't run /etc/init.d/clock from the chroot. (Not sure why I have this note.)

Configuring the bootloader

Rebooting works; ethernet needs Broadcom Tigon3.

Setting up X

USE 'fam' causes circular deps, so '-fam' in make.conf .

LVM

The redhat partitions are on LVM volumes. So:

emerge lvm2

Then various vg* commands to learn about the volume group. (Eventually added to fstab.)

baselayout-2

I moved over to baselayout-2 for the newer lvm init scripts. Had to unmask baselayout-2.0.0 and openrc-2.5.

Kerberos (so you can use your SCS password to login)

Using reference http://kb.iu.edu/data/aqjc.html to update /etc/pam.d/system-auth.

First:

emerge -v mit-krb5 pam_krb5

Looks like the krb5.conf we have is super-big! I can copy it directly...

cp /mnt/redhad/etc/krb5.conf /etc/

This is kept up-to-date by depot, so it might be worth syncing every-so-often yourself.

At this point kinit jmccann@CS.CMU.EDU seems to work! However pam_krb5 doesn't work for login yet. With some debugging I realize that you need to set the hostname in /etc/conf.d/hostname to your fully qualified host name (in my case, gs5015.sp.cs.cmu.edu). Setting debug mode on pam_krb5 was quite useful for this part.

AFS (so you can access your files; depot; ...)

Installing

emerge -v openafs

Note: openafs-kernel failed for me, so I had to use the newer version (added to /etc/portage/package.keywords).

confguring

cd /etc/openafs
cp /mnt/redhat/etc/openafs/CellServDB .
cp /mnt/redhat/etc/openafs/CellAlias .
echo 'cs.cmu.edu' > ThisCell

rc-update add openafs-client default

(Again, the lazy copy-everything approach.)

Note: Also had to install ntp-* here, as afs complained about clock skew.

token-on-login

At this point afs works, but I don't get a token on login. To fix that I added:

auth       sufficient   pam_afs.so.1 use_first_pass ignore_root

...to /etc/pam.d/system-auth.

Problems!

Now graphics!

At this point you are a high-functioning member of the SCS computing society; however, the graphics lab has some special needs:

Graphics NIS

The graphics NIS keeps graphics users in sync for things like NFS access and login.

emerge ypbind

Change in /etc/conf.d/net:

nis_domain_eth0="scs.graphics"
nis_servers_eth0="score.graphics.cs.cmu.edu"

Add 'nis' to /etc/nsswitch.conf in the proper spots.

Graphics NFS

The graphics lab keeps some big disks around on NFS for extra shared space.

emerge nfs-utils (not sure if needed)
emerge autofs

Add 'nis' to 'automount' line in nsswitch.conf (as in file linked earlier).

Recompile kernel with NFS (was module, no good autoload...)

Add autofs and portmap to default runlevel.

Now Other Stuff!

Here's a few other things you might want.

Matlab

...because ugly glue code is at its best in matlab.

Simply emulate the action of depot (walk over to afs, and copy the proper files). Or, just symlink -- which is what depot would have done for you anyway.

Printing

...otherwise you won't have anything to bring to your advisor meetings.

emerge cups

Turn off browsing in /etc/cups/cupsd.conf.

Copy /etc/cups/printers.conf from redhat or, um, depot or something. (Note: I'm not actually sure where printers.conf comes from. I do know that printcap is generated by dosupdepot; either it is converted, or maybe cups itself is in depot somewhere.)

Put cups in the proper runlevel; hope.

Backup

Talk to help desk first on this one. They know how they want things set up. For reference, they told me:

/afs/cs.cmu.edu/project/operations/Backup-Client/TiBs-Install/tibs2106
server: tibs3.srv.cs.cmu.edu

Had to run with -R:

./install.sh -R GLIBC_2.4 (because 2.6 doesn't show up....)

Got some warnings + errors.

emerge xinetd //needed to run terad, it appears.
rc-update add xinitd default
/etc/services and /etc/xinet.d/terad seem 'ok'

running /usr/tibs/tibs with -A clears the:

ERROR: Cannot authenticate MY_HOST_NAME gs5015.sp.cs.cmu.edu for host localhost without -A flag
ERROR: Connect to tibs3.srv.cs.cmu.edu failed

Edited /etc/xinet.d/terad to add only_from = 128.2.0.0

Worried a bit about how secure terad is, but I'll live with it for now.

Note: you can check /usr/tibs/teralog.txt to make sure things are rolling along properly.

The End

Hope this helps someone before the information (as information tends to do) becomes stale and useless.