Set up a new Desktop: Difference between revisions
Jump to navigation
Jump to search
Jgutierrez6 (talk | contribs) |
|||
(8 intermediate revisions by 2 users not shown) | |||
Line 49: | Line 49: | ||
* Office Suites | * Office Suites | ||
Hit "Done"; this step will take awhile | Hit "Done"; this step will take awhile | ||
== Install Ubuntu 20.04 == | |||
=== Instructions === | |||
# Install OS via USB | |||
#* Make sure to pick the Encrypt Data option during installation | |||
# After installation install openssh so you can work on this remotely | |||
#* apt install openssh-server -y | |||
# Grab IP | |||
#* ifconfig | |||
# Add IP into network settings | |||
#* nmtui | |||
#* In ipv4 config | |||
#** add IP from ifconfig | |||
#** Add these to the DNS Servers | |||
#*** 169.230.26.93 | |||
#*** 128.218.254.40 | |||
#*** 128.218.254.10 | |||
#** Add these to the Search Domains | |||
#*** desktop.ucsf.bkslab.org | |||
#*** ucsf.bkslab.org | |||
#*** bkslab.org | |||
#*** compbio.ucsf.edu | |||
#*** ucsf.edu | |||
# Create a foreman entry for the desktop | |||
# Copy a script | |||
#* scp <user>@gimel.compbio.ucsf.edu:/nfs/home/jjg/scripts/ubuntu_20.04_desktop . | |||
# Run the script | |||
#* bash ubuntu_20.04_desktop | |||
# Install sssd ([https://kifarunix.com/configure-sssd-for-ldap-authentication-on-ubuntu-20-04/ Guide]) | |||
#* apt update -y | |||
#* apt install sssd libpam-sss libnss-sss -y | |||
#* scp <user>@gimel.compbio.ucsf.edu:/nfs/home/jjg/sssd.conf /etc/sssd/sssd.conf | |||
#* openssl s_client -connect beta.compbio.ucsf.edu:636 -showcerts < /dev/null | openssl x509 -text | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' | |||
#* vim /etc/ssl/certs/ldapcacert.crt | |||
#* openssl s_client -connect beta.compbio.ucsf.edu:389 -CAfile /etc/ssl/certs/ldapcacert.crt | |||
#* vim /etc/ldap/ldap.conf | |||
#** TLS_CACERT /etc/ssl/certs/ldapcacert.crt | |||
#* chmod 600 -R /etc/sssd | |||
#* systemctl restart sssd | |||
#* vim /etc/pam.d/common-session | |||
#** session required pam_mkhomedir.so skel=/etc/skel/ umask=0022 | |||
#* id s_jjg | |||
#* vim /etc/group | |||
==Install Puppet and Create Puppet Certificate== | ==Install Puppet and Create Puppet Certificate== | ||
===Installation=== | ===Installation=== | ||
Line 59: | Line 103: | ||
* Install Puppet | * Install Puppet | ||
$ sudo yum install puppet | $ sudo yum install puppet | ||
* Install sssd | |||
$ sudo yum install sssd | |||
* Install nss-pam-ldapd | |||
$ sudo yum install nss-pam-ldapd | |||
* Install libGLU | |||
$ sudo yum install libGLU | |||
===Configure Puppet=== | ===Configure Puppet=== | ||
==== Edit Puppet configuration on foreman.uscf.bkslab.org ==== | |||
# Search for host with it is existed. | |||
# Edit Puppet setting | |||
## If the desktop is brand new, click on 'New Host', choose 'Testing' as Host Group and replicate the other existing desktop settings. | |||
## In Parameters, click "Override" in "variant" and assign "Desktop" as variable at the bottom. | |||
## In Puppet class, Choose : | |||
* nfs-mounts.* | |||
* ssd* | |||
* ntp | |||
* printer | |||
====Issue new Puppet Certificate==== | ====Issue new Puppet Certificate==== | ||
In a second terminal, log in as root | In a second terminal, log in as root | ||
Line 79: | Line 141: | ||
$ sudo puppet cert sign <hostname>.desktop.ucsf.bkslab.org | $ sudo puppet cert sign <hostname>.desktop.ucsf.bkslab.org | ||
==== | |||
==== Testing puppet ==== | |||
$ id <user_name> | |||
If failed, try running these commands and try it again: | |||
$ systemctl restart sssd | |||
* | $ authcofig-tui | ||
This will prompt you to the authcofig-tui screen. User SpaceBar to change setting. | |||
1. Uncheck "User Fingerprint reader" so that it would not raise any fingerprint error later. Click "Next' after. | |||
2. Under "LDAP Settings", make sure it says: | |||
[*] User TLS | |||
Server: ldaps://ds.ucsf.bkslab.org/ | |||
Base DN: dc=bkslab, dc=org | |||
Latest revision as of 19:07, 9 February 2022
Getting a Bootable USB Stick
You can borrow it from the Sysadmin or DIY one with instruction here
Installing Centos
Boot Menu
Remove Existing Centos installation on computer
- Select the existing installation.
- Click '-' at bottom to remove. It will attempt to remove all the current installation on the machine.
Installation Destination Configuration
- Check "Encrypt my data" (IMPORTANT)
- Select "I will configure partitioning"
There will be a list of directories will be created and default disk spaces /boot <- first thing read by the OS. Helps you load the rest of the OS /swap <- "emergency" disk space for when machine ran out of memory; computer is slow when write/read from here /root /home
Network Configuration
- DNS Server IP (space separated)
169.230.26.93 (lab DNS server IP address) 128.218.254.40 (local USCF DNS server) 128.218.254.40 (local USCF DNS server)
- Search domains (space separated)
The computer will try to connect to these domains desktop.uscf.bkslab.org ucsf.bkslab.org bkslab.org compbio.ucsf.edu ucsf.edu
- Check on "Require IPv4....."
- Change the hostname on the bottom
<name>.desktop.ucsf.bkslab.org
- Something I forgot to Save Changes
DateTime
- Make sure the timezone matched
- Turn on Network Time
Software Selections
Select GNOME Desktop on Left menu Select these on the Right Menu * GNOME Applications * Compatibility Library * Development Tools * Office Suites Hit "Done"; this step will take awhile
Install Ubuntu 20.04
Instructions
- Install OS via USB
- Make sure to pick the Encrypt Data option during installation
- After installation install openssh so you can work on this remotely
- apt install openssh-server -y
- Grab IP
- ifconfig
- Add IP into network settings
- nmtui
- In ipv4 config
- add IP from ifconfig
- Add these to the DNS Servers
- 169.230.26.93
- 128.218.254.40
- 128.218.254.10
- Add these to the Search Domains
- desktop.ucsf.bkslab.org
- ucsf.bkslab.org
- bkslab.org
- compbio.ucsf.edu
- ucsf.edu
- Create a foreman entry for the desktop
- Copy a script
- scp <user>@gimel.compbio.ucsf.edu:/nfs/home/jjg/scripts/ubuntu_20.04_desktop .
- Run the script
- bash ubuntu_20.04_desktop
- Install sssd (Guide)
- apt update -y
- apt install sssd libpam-sss libnss-sss -y
- scp <user>@gimel.compbio.ucsf.edu:/nfs/home/jjg/sssd.conf /etc/sssd/sssd.conf
- openssl s_client -connect beta.compbio.ucsf.edu:636 -showcerts < /dev/null | openssl x509 -text | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'
- vim /etc/ssl/certs/ldapcacert.crt
- openssl s_client -connect beta.compbio.ucsf.edu:389 -CAfile /etc/ssl/certs/ldapcacert.crt
- vim /etc/ldap/ldap.conf
- TLS_CACERT /etc/ssl/certs/ldapcacert.crt
- chmod 600 -R /etc/sssd
- systemctl restart sssd
- vim /etc/pam.d/common-session
- session required pam_mkhomedir.so skel=/etc/skel/ umask=0022
- id s_jjg
- vim /etc/group
Install Puppet and Create Puppet Certificate
Installation
Login as root user
- Update centos packages
$ sudo yum update
- Install EPEL release. EPEL is a repository for enterprise releases. Learn more
$ sudo yum install epel-release This will install access to public repo on Epel. GPG key is provided to provide transaction is valid
- Install Puppet
$ sudo yum install puppet
- Install sssd
$ sudo yum install sssd
- Install nss-pam-ldapd
$ sudo yum install nss-pam-ldapd
- Install libGLU
$ sudo yum install libGLU
Configure Puppet
Edit Puppet configuration on foreman.uscf.bkslab.org
- Search for host with it is existed.
- Edit Puppet setting
- If the desktop is brand new, click on 'New Host', choose 'Testing' as Host Group and replicate the other existing desktop settings.
- In Parameters, click "Override" in "variant" and assign "Desktop" as variable at the bottom.
- In Puppet class, Choose :
* nfs-mounts.* * ssd* * ntp * printer
Issue new Puppet Certificate
In a second terminal, log in as root
$ vi /etc/puppet/puppet.conf Log into another desktop, check for the current puppet.conf on that machine and copy paste into the new desktop's puppet.conf file. Also, making sure that config has server=puppet
- Log into alpha, to create new puppet certificate for the new computer
$ sudo puppet cert list -a | grep <hostname>.desktop.ucsf.bkslab.org //to list all of the current puppet certificates and check if there was an existing certificate for this machine
- To clean out existing certificate
$ sudo puppet cert clean <hostname>.desktop.ucsf.bkslab.org
BEFORE PROCEEDING TO THE NEXT STEP, MAKE SURE that you have 2 terminals on: one logged in as root on the new computer (client) and the other logged in as s_ on alpha (server) 1. On the client side:
$ puppet agent --test --waitforcert=60 "puppet agent --test" command initial integration with puppet for a new computer or reintegrate puppet. Without this command, the machine will not have access to the /mnt/nfs, /nfs/* and /nfs/soft "--waitforcert=60" means "keep calm, wait 60s for DNS server to respond"
2. On server (alpha) side:
Sign the certificate $ sudo puppet cert sign <hostname>.desktop.ucsf.bkslab.org
Testing puppet
$ id <user_name>
If failed, try running these commands and try it again:
$ systemctl restart sssd $ authcofig-tui This will prompt you to the authcofig-tui screen. User SpaceBar to change setting. 1. Uncheck "User Fingerprint reader" so that it would not raise any fingerprint error later. Click "Next' after. 2. Under "LDAP Settings", make sure it says: [*] User TLS Server: ldaps://ds.ucsf.bkslab.org/ Base DN: dc=bkslab, dc=org