Saturday, April 24, 2010
The Gentoo KIOSK System - part1
In part1 of this guide I will setup the base CLI system. In part2 I will install X, some extras and lock the system down.
To most people reading this article, the following will seem irrelivant. If this is the case, skip to the part on how to build the KIOSK system.
To those that does not understand or choose to ignore the difference between the two words, "cannot" and "refuse", if you would tell the same lie enough to yourself, you will start believing it! I would like to give the following examples:
Quote from the Cambridge Online dictionary:
If you would say: I'll make him an offer he cannot refuse and "cannot" and "refuse" had the same meaning, You would have said: I'll make him an offer he refuse to refuse. Clearly this explains that the word "cannot" and the word "refuse" have two different meanings. In the Afrikaans language the synonym of this would be: Ek maak vir hom 'n aanbod wat hy nie kan weier nie. Cannot="nie kan" or "kan nie" and refuse="weier" If these two words had the same meaning I would have said in Afrikaans: Ek maak vir hom n' aanbod wat hy weier om te weier. This doesn't make sence and change the syntax completely...
Another example: To say "I cannot go to your wedding" and to say "I refuse to go to your wedding" means two different things. In the first example the person is not able to go to the wedding. In the second example the person can go but grossly choose not to go. In the Afrikaans language: "Ek kan nie na jou troue toe gaan nie" and "Ek weier om na jou troue toe te gaan" once again has two different meanings.
In other words, moral of the story... "Cannot" and "Refuse" does indeed have two different meanings.
That being said, here is the guide to setup and configure a completely locked down KIOSK system that can be used in KIOSKs or as in my case as a Super Duper client system for Call Centers with a Web driven backend. Nice thing is that to have your agents work on different systems (Web Backends), you can update all workstations in batch to point to the "URL" (backend system) that they need to work on. Agents can't fiddle with the system and break things... Yeaay...No Microsoft licensing costs... No viruses... Cheap hardware... The list goes on.
Download and burn the minimum installation CD:
http://www.gentoo.org/main/en/where.xml
Boot with minimal live cd
If it hangs at "Scanning... wd7000" reboot and boot with gentoo noload=pata_qdi
See what your IP address is.
Back to your main PC...
Now you're in and can start the install process.
Configuring disk partitions and filesystems:
press w to write the partition table.
Now to apply the filesystems and activate the swop partition:
Set Gentoo mirrors and sync:
replace SYNC="rsync://ftp.leg.uct.ac.za/gentoo-portage"
DNS configuration:
http://www.gentoo.org/doc/en/handbook/handbook-x86.xml?part=1&chap=7#kernel_modules
Creating new fstab and configuring mount points at boot:
Note that mount points must be defined as sda although your harddrive is hda.
The new kernels does not recognize hda anymore.
To most people reading this article, the following will seem irrelivant. If this is the case, skip to the part on how to build the KIOSK system.
To those that does not understand or choose to ignore the difference between the two words, "cannot" and "refuse", if you would tell the same lie enough to yourself, you will start believing it! I would like to give the following examples:
Quote from the Cambridge Online dictionary:
cannot (modal verb)
can not; the negative form of the verb 'can'
can (modal verb) ( ABILITY )
to be able to
Can you drive?
She can speak four languages.
Can you read that sign from this distance?
The doctors are doing all that they can, but she's still not breathing properly.
Do the best you can - I realize the circumstances are not ideal.
If the party is awful, we can always leave (= that would be one possible solution to our problem).
"She's really furious about it." "Can you blame her (= I'm not surprised)?"
refuse (verb)
to say that you will not do or accept something
If you would say: I'll make him an offer he cannot refuse and "cannot" and "refuse" had the same meaning, You would have said: I'll make him an offer he refuse to refuse. Clearly this explains that the word "cannot" and the word "refuse" have two different meanings. In the Afrikaans language the synonym of this would be: Ek maak vir hom 'n aanbod wat hy nie kan weier nie. Cannot="nie kan" or "kan nie" and refuse="weier" If these two words had the same meaning I would have said in Afrikaans: Ek maak vir hom n' aanbod wat hy weier om te weier. This doesn't make sence and change the syntax completely...
Another example: To say "I cannot go to your wedding" and to say "I refuse to go to your wedding" means two different things. In the first example the person is not able to go to the wedding. In the second example the person can go but grossly choose not to go. In the Afrikaans language: "Ek kan nie na jou troue toe gaan nie" and "Ek weier om na jou troue toe te gaan" once again has two different meanings.
In other words, moral of the story... "Cannot" and "Refuse" does indeed have two different meanings.
That being said, here is the guide to setup and configure a completely locked down KIOSK system that can be used in KIOSKs or as in my case as a Super Duper client system for Call Centers with a Web driven backend. Nice thing is that to have your agents work on different systems (Web Backends), you can update all workstations in batch to point to the "URL" (backend system) that they need to work on. Agents can't fiddle with the system and break things... Yeaay...No Microsoft licensing costs... No viruses... Cheap hardware... The list goes on.
Download and burn the minimum installation CD:
http://www.gentoo.org/main/en/where.xml
Boot with minimal live cd
If it hangs at "Scanning... wd7000" reboot and boot with gentoo noload=pata_qdi
passwd root/etc/init.d/sshd start ifconfigSee what your IP address is.
Back to your main PC...
ssh root@gentoo_ip_addressNow you're in and can start the install process.
Configuring disk partitions and filesystems:
fdisk /dev/hda
o
n
p
1
default cylinders
+128M
n
p
2
default cylinders
+2048M
n
p
3
default cylinders
default sizepress w to write the partition table.
Now to apply the filesystems and activate the swop partition:
mke2fs /dev/hda1
mke2fs -j /dev/hda3
mkswap /dev/hda2
swapon /dev/hda2mount /dev/hda3 /mnt/gentoo
mkdir /mnt/gentoo/boot
mount /dev/hda1 /mnt/gentoo/bootcd /mnt/gentoo
wget ftp://ftp.is.co.za/linux/distributions/gentoo/releases/x86/current-stage3/stage3-i486-20100126.tar.bz2
tar xvjpf stage3-*.tar.bz2
wget ftp://ftp.is.co.za/linux/distributions/gentoo/releases/snapshots/current/portage-latest.tar.bz2
tar xvjf /mnt/gentoo/portage-latest.tar.bz2 -C /mnt/gentoo/usrnano -w /mnt/gentoo/etc/make.confFEATURES="ccache distlocks fixpackages parallel-fetch preserve-libs protect-owned sandbox sfperms strict unmerge-orphans userfetch"
INPUT_DEVICES="evdev"mkdir -p /mnt/gentoo/usr/lib/ccache/binSet Gentoo mirrors and sync:
mirrorselect -i -o >> /mnt/gentoo/etc/make.conf
mirrorselect -i -r -o >> /mnt/gentoo/etc/make.confnano -w /mnt/gentoo/etc/make.confreplace SYNC="rsync://ftp.leg.uct.ac.za/gentoo-portage"
DNS configuration:
cp -L /etc/resolv.conf /mnt/gentoo/etc/mount -t proc none /mnt/gentoo/proc
mount -o bind /dev /mnt/gentoo/devchroot /mnt/gentoo /bin/bash
env-update
source /etc/profile
export PS1="(chroot) $PS1"emerge --syncls -FGg /etc/make.profilenano -w /etc/make.confUSE="server zlib nsplugin motif nptl -debug -pic -xcb -gnome -kde -qt3 -qt4 dbus hal nptl X xorg -dmx -ipv6 -kdrive -minimal -sdl -tslib ssl alsa oss midi jpeg png xulrunner nspr nss ntp caps unicode" or what else you want or don't want between quotesemerge portagecp /usr/share/zoneinfo/Africa/Johannesburg /etc/localtimeemerge gentoo-sourcescd /usr/src/linuxmake menuconfigProcessor type and features
[*] Support for old Pentium 5 / WinChip machine checks
File systems
<*> Second extended fs support
[*] Ext2 extended attributes
[*] Ext2 POSIX Access Control Lists
[*] Ext2 Security Labels
[*] Ext2 execute in place support
File systems
CD-ROM/DVD Filesystems --->
<*> UDF file system support
File systems
DOS/FAT/NT Filesystems --->
<*> NTFS file system support
[*] NTFS write support
File systems
Network File Systems --->
<*> CIFS support (advanced network filesystem, SMBFS successor)
[*] CIFS statistics
[*] Extended statistics
[*] Support legacy servers which use weaker LANMAN security
[*] Kerberos/SPNEGO advanced session setup
[*] CIFS extended attributes
[*] CIFS POSIX Extensions
Device Drivers --->
<M> Sound card support --->
<M> Advanced Linux Sound Architecture --->
<M> Sequencer support
<M> Sequencer dummy client
<M> OSS Mixer API
<M> OSS PCM (digital audio) API
[*] OSS PCM (digital audio) API - Include plugin system
[*] OSS Sequencer API
<M> HR-timer backend support
[*] Use HR-timer as default sequencer timer
[ ] Support old ALSA API
PCI sound devices --->
<M> Intel/SiS/nVidia/AMD/ALi AC97 Controller
<M> VIA 82C686A/B, 8233/8235 AC97 Controller
Graphics support --->
<*> /dev/agpgart (AGP Support) --->
<*> ALI chipset support
<*> ATI chipset support
<*> NVIDIA nForce/nForce2 chipset support
<*> VIA chipset support
<*> Direct Rendering Manager (XFree86 4.1.0 and higher DRI support) --->
<*> ATI Radeon
<*> Intel I810
-*- Support for frame buffer devices --->
[*] Enable firmware EDID
[ ] Enable Tile Blitting Support
[*] VESA VGA graphics support
<*> nVidia Framebuffer Support
[*] Enable DDC Support
<*> Intel 810/815 support (EXPERIMENTAL)
<*> Matrox acceleration
<*> ATI Radeon display support
[ ] Bootup logo --->
Network device support --->
[*] Ethernet (10 or 100Mbit) --->
<*> 3c590/3c900 series (592/595/597) "Vortex/Boomerang" support
<*> 3cr990 series "Typhoon" support
<*> Broadcom 440x/47xx ethernet support
[*] Support for older RTL-8129/8130 boards
[*] Ethernet (1000 Mbit) --->
<*> Intel(R) 82575/82576 PCI-Express Gigabit Ethernet support
<*> JMicron(R) PCI-Express Gigabit Ethernet support
<*> Broadcom CNIC support
Bus options (PCI etc.) --->
[*] Enable deprecated pci_find_* API
Kernel hacking --->
[*] Enable unused/obsolete exported symbolsmake && make modules_install
cp arch/i386/boot/bzImage /boot/kernel-2.6.31-gentoo-r6http://www.gentoo.org/doc/en/handbook/handbook-x86.xml?part=1&chap=7#kernel_modules
Creating new fstab and configuring mount points at boot:
Note that mount points must be defined as sda although your harddrive is hda.
The new kernels does not recognize hda anymore.
nano -w /etc/fstab
/dev/sda1 /boot ext2 noauto,noatime 1 2
/dev/sda2 none swap sw 0 0
/dev/sda3 / ext3 noatime 0 1
/dev/cdrom /mnt/cdrom auto noauto,user 0 0
#/dev/fd0 /mnt/floppy auto noauto 0 0
proc /proc proc defaults 0 0
shm /dev/shm tmpfs nodev,nosuid,noexec 0 0nano -w /etc/conf.d/hostname
HOSTNAME="your_preferred_hostname"nano -w /etc/conf.d/net
dns_domain_lo="your_preferred_domain_name"
#config_eth0=( "192.168.0.2 netmask 255.255.255.0 brd 192.168.0.255" )
#routes_eth0=( "default via 192.168.0.1" )
config_eth0=( "dhcp" )rc-update add net.eth0 defaultnano -w /etc/hostspasswd rootnano -w /etc/conf.d/clock
CLOCK="local"
TIMEZONE="Johannesburg"emerge syslog-ng
rc-update add syslog-ng default
emerge logrotate
emerge vixie-cron
rc-update add vixie-cron default
emerge jfsutils
emerge dhcpcd
emerge net-misc/ntp
nano -w /etc/ntp.conf
server ntp.time.za.net
rc-update add ntpd default
rm /etc/adjtimehwclock --local --systohc
cd /
touch currtime
find . -cnewer /currtime -exec touch {} \; (Don't worry about errors)
rm -rf /currtime
rc-update add sshd default
rc-update del netmount
emerge mingetty
emerge sudoemerge grub
nano -w /boot/grub/grub.conf
default 0
timeout 1
#splashimage=(hd0,0)/boot/grub/splash.xpm.gz
title Gentoo Linux 2.6.31-r6
root (hd0,0)
kernel /boot/kernel-2.6.31-gentoo-r6 root=/dev/sda3
grep -v rootfs /proc/mounts > /etc/mtab
grub-install --no-floppy /dev/hdanano -w /etc/rc.conf
CONSOLEFONT="default8x9"exit
cd
umount /mnt/gentoo/boot /mnt/gentoo/dev /mnt/gentoo/proc /mnt/gentoo
reboot
