Difference between revisions of "Set up a new Desktop"

From DISI
Jump to: navigation, search
 
(5 intermediate revisions by one user not shown)
Line 59: Line 59:
 
* Install Puppet
 
* Install Puppet
 
  $ sudo yum install puppet
 
  $ sudo yum install puppet
 +
* Install sssd
 +
$ sudo yum install sssd
 +
* Install nss-pam-ldapd
 +
$ sudo yum install nss-pam-ldapd
 
===Configure Puppet===
 
===Configure Puppet===
 
====Issue new Puppet Certificate====
 
====Issue new Puppet Certificate====
Line 80: Line 84:
  
 
==== Edit Puppet configuration on foreman.uscf.bkslab.org ====
 
==== Edit Puppet configuration on foreman.uscf.bkslab.org ====
1. Click on Hosts
+
# Search for host with it is existed.
2. Puppet setting
+
# Edit Puppet setting
- If the desktop is brand new, click on 'New Host', choose 'Testing' as Host Group and replicate the other existing desktop settings.
+
## If the desktop is brand new, click on 'New Host', choose 'Testing' as Host Group and replicate the other existing desktop settings.
- Else, edit the existing settings.
+
## In Parameters, click "Override" in "variant" and assign "Desktop" as variable at the bottom.
 +
## In Puppet class, Choose :
 +
            * nfs-mounts.*
 +
            * ssd*
 +
            * ntp
 +
            * printer
 +
 
 +
==== Testing puppet ====
 +
$ id <user_name>
 +
If failed, try running these commands and try it again:
 +
$ systemctl restart sssd
 +
 +
$ authcofig-tui
 +
This will prompt you to the authcofig-tui screen. User SpaceBar to change setting.
 +
1. Uncheck "User Fingerprint reader" so that it would not raise any fingerprint error later. Click "Next' after.
 +
2. Under "LDAP Settings", make sure it says:
 +
    [*] User TLS
 +
    Server: ldaps://ds.ucsf.bkslab.org/
 +
    Base DN: dc=bkslab, dc=org
 +
 +
 
 +
 
 +
 
 +
 
 +
 
 +
             
 
    
 
    
  
 
[[ Category: Ben ]] [[ Category : Sysadmin ]]
 
[[ Category: Ben ]] [[ Category : Sysadmin ]]

Latest revision as of 14:22, 10 September 2019

Getting a Bootable USB Stick

You can borrow it from the Sysadmin or DIY one with instruction here

Installing Centos

Boot Menu

Remove Existing Centos installation on computer

  1. Select the existing installation.
  2. Click '-' at bottom to remove. It will attempt to remove all the current installation on the machine.

Installation Destination Configuration

  1. Check "Encrypt my data" (IMPORTANT)
  2. Select "I will configure partitioning"
There will be a list of directories will be created and default disk spaces
/boot <- first thing read by the OS. Helps you load the rest of the OS
/swap <- "emergency" disk space for when machine ran out of memory; computer is slow when write/read from here
/root
/home

Network Configuration

  1. DNS Server IP (space separated)
169.230.26.93 (lab DNS server IP address)
128.218.254.40 (local USCF DNS server)
128.218.254.40 (local USCF DNS server)
  1. Search domains (space separated)
The computer will try to connect to these domains
desktop.uscf.bkslab.org
ucsf.bkslab.org
bkslab.org
compbio.ucsf.edu
ucsf.edu
  1. Check on "Require IPv4....."
  1. Change the hostname on the bottom
<name>.desktop.ucsf.bkslab.org

- Something I forgot to Save Changes

DateTime

  1. Make sure the timezone matched
  2. Turn on Network Time

Software Selections

Select GNOME Desktop on Left menu
Select these on the Right Menu
* GNOME Applications
* Compatibility Library
* Development Tools
* Office Suites
Hit "Done"; this step will take awhile

Install Puppet and Create Puppet Certificate

Installation

Login as root user

  • Update centos packages
$ sudo yum update
  • Install EPEL release. EPEL is a repository for enterprise releases. Learn more
$ sudo yum install epel-release
This will install access to public repo on Epel. GPG key is provided to provide transaction is valid
  • Install Puppet
$ sudo yum install puppet
  • Install sssd
$ sudo yum install sssd
  • Install nss-pam-ldapd
$ sudo yum install nss-pam-ldapd

Configure Puppet

Issue new Puppet Certificate

In a second terminal, log in as root

$ vi /etc/puppet/puppet.conf
Log into another desktop, check for the current puppet.conf on that machine and copy paste into the new desktop's puppet.conf file. Also, making sure that config has server=puppet
  • Log into alpha, to create new puppet certificate for the new computer
$ sudo puppet cert list -a | grep <hostname>.desktop.ucsf.bkslab.org //to list all of the current puppet certificates and check if there was an existing certificate for this machine
  • To clean out existing certificate
$ sudo puppet cert clean <hostname>.desktop.ucsf.bkslab.org

BEFORE PROCEEDING TO THE NEXT STEP, MAKE SURE that you have 2 terminals on: one logged in as root on the new computer (client) and the other logged in as s_ on alpha (server) 1. On the client side:

$ puppet agent --test --waitforcert=60
"puppet agent --test" command initial integration with puppet for a new computer or reintegrate puppet. Without this command, the machine will not have access to the /mnt/nfs, /nfs/* and /nfs/soft 
"--waitforcert=60" means "keep calm, wait 60s for DNS server to respond"

2. On server (alpha) side:

Sign the certificate
$ sudo puppet cert sign <hostname>.desktop.ucsf.bkslab.org

Edit Puppet configuration on foreman.uscf.bkslab.org

  1. Search for host with it is existed.
  2. Edit Puppet setting
    1. If the desktop is brand new, click on 'New Host', choose 'Testing' as Host Group and replicate the other existing desktop settings.
    2. In Parameters, click "Override" in "variant" and assign "Desktop" as variable at the bottom.
    3. In Puppet class, Choose :
           * nfs-mounts.*
           * ssd*
           * ntp
           * printer

Testing puppet

$ id <user_name>

If failed, try running these commands and try it again:

$ systemctl restart sssd

$ authcofig-tui
This will prompt you to the authcofig-tui screen. User SpaceBar to change setting.
1. Uncheck "User Fingerprint reader" so that it would not raise any fingerprint error later. Click "Next' after.
2. Under "LDAP Settings", make sure it says:
   [*] User TLS
   Server: ldaps://ds.ucsf.bkslab.org/
   Base DN: dc=bkslab, dc=org