Set up a new Desktop: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
|||
Line 89: | Line 89: | ||
## In Parameters, click "Override" in "variant" and assign "Desktop" as variable at the bottom. | ## In Parameters, click "Override" in "variant" and assign "Desktop" as variable at the bottom. | ||
## In Puppet class, Choose : | ## In Puppet class, Choose : | ||
* nfs-mounts.* | |||
* ssd* | |||
* ntp | |||
* printer | |||
==== Testing puppet ==== | |||
$ id <user_name> | |||
If failed, try running these commands and try it again: | |||
$ systemctl restart sssd | |||
$ authcofig-tui | |||
This will prompt you to the authcofig-tui screen. User SpaceBar to change setting. | |||
1. Uncheck "User Fingerprint reader" so that it would not raise any fingerprint error later. Click "Next' after. | |||
2. Under "LDAP Settings", make sure it says: | |||
[*] User TLS | |||
Server: ldaps://ds.ucsf.bkslab.org/ | |||
Base DN: dc=bkslab, dc=org | |||
Revision as of 21:22, 10 September 2019
Getting a Bootable USB Stick
You can borrow it from the Sysadmin or DIY one with instruction here
Installing Centos
Boot Menu
Remove Existing Centos installation on computer
- Select the existing installation.
- Click '-' at bottom to remove. It will attempt to remove all the current installation on the machine.
Installation Destination Configuration
- Check "Encrypt my data" (IMPORTANT)
- Select "I will configure partitioning"
There will be a list of directories will be created and default disk spaces /boot <- first thing read by the OS. Helps you load the rest of the OS /swap <- "emergency" disk space for when machine ran out of memory; computer is slow when write/read from here /root /home
Network Configuration
- DNS Server IP (space separated)
169.230.26.93 (lab DNS server IP address) 128.218.254.40 (local USCF DNS server) 128.218.254.40 (local USCF DNS server)
- Search domains (space separated)
The computer will try to connect to these domains desktop.uscf.bkslab.org ucsf.bkslab.org bkslab.org compbio.ucsf.edu ucsf.edu
- Check on "Require IPv4....."
- Change the hostname on the bottom
<name>.desktop.ucsf.bkslab.org
- Something I forgot to Save Changes
DateTime
- Make sure the timezone matched
- Turn on Network Time
Software Selections
Select GNOME Desktop on Left menu Select these on the Right Menu * GNOME Applications * Compatibility Library * Development Tools * Office Suites Hit "Done"; this step will take awhile
Install Puppet and Create Puppet Certificate
Installation
Login as root user
- Update centos packages
$ sudo yum update
- Install EPEL release. EPEL is a repository for enterprise releases. Learn more
$ sudo yum install epel-release This will install access to public repo on Epel. GPG key is provided to provide transaction is valid
- Install Puppet
$ sudo yum install puppet
- Install sssd
$ sudo yum install sssd
- Install nss-pam-ldapd
$ sudo yum install nss-pam-ldapd
Configure Puppet
Issue new Puppet Certificate
In a second terminal, log in as root
$ vi /etc/puppet/puppet.conf Log into another desktop, check for the current puppet.conf on that machine and copy paste into the new desktop's puppet.conf file. Also, making sure that config has server=puppet
- Log into alpha, to create new puppet certificate for the new computer
$ sudo puppet cert list -a | grep <hostname>.desktop.ucsf.bkslab.org //to list all of the current puppet certificates and check if there was an existing certificate for this machine
- To clean out existing certificate
$ sudo puppet cert clean <hostname>.desktop.ucsf.bkslab.org
BEFORE PROCEEDING TO THE NEXT STEP, MAKE SURE that you have 2 terminals on: one logged in as root on the new computer (client) and the other logged in as s_ on alpha (server) 1. On the client side:
$ puppet agent --test --waitforcert=60 "puppet agent --test" command initial integration with puppet for a new computer or reintegrate puppet. Without this command, the machine will not have access to the /mnt/nfs, /nfs/* and /nfs/soft "--waitforcert=60" means "keep calm, wait 60s for DNS server to respond"
2. On server (alpha) side:
Sign the certificate $ sudo puppet cert sign <hostname>.desktop.ucsf.bkslab.org
Edit Puppet configuration on foreman.uscf.bkslab.org
- Search for host with it is existed.
- Edit Puppet setting
- If the desktop is brand new, click on 'New Host', choose 'Testing' as Host Group and replicate the other existing desktop settings.
- In Parameters, click "Override" in "variant" and assign "Desktop" as variable at the bottom.
- In Puppet class, Choose :
* nfs-mounts.* * ssd* * ntp * printer
Testing puppet
$ id <user_name>
If failed, try running these commands and try it again:
$ systemctl restart sssd $ authcofig-tui This will prompt you to the authcofig-tui screen. User SpaceBar to change setting. 1. Uncheck "User Fingerprint reader" so that it would not raise any fingerprint error later. Click "Next' after. 2. Under "LDAP Settings", make sure it says: [*] User TLS Server: ldaps://ds.ucsf.bkslab.org/ Base DN: dc=bkslab, dc=org