Set up a new Desktop: Difference between revisions

Getting a Bootable USB Stick

You can borrow it from the Sysadmin or DIY one with instruction here

Installing Centos

Boot Menu

Remove Existing Centos installation on computer

1. Select the existing installation.
2. Click '-' at bottom to remove. It will attempt to remove all the current installation on the machine.

Installation Destination Configuration

1. Check "Encrypt my data" (IMPORTANT)
2. Select "I will configure partitioning"

There will be a list of directories will be created and default disk spaces
/boot <- first thing read by the OS. Helps you load the rest of the OS
/swap <- "emergency" disk space for when machine ran out of memory; computer is slow when write/read from here
/root
/home

Network Configuration

1. DNS Server IP (space separated)

169.230.26.93 (lab DNS server IP address)
128.218.254.40 (local USCF DNS server)
128.218.254.40 (local USCF DNS server)

1. Search domains (space separated)

The computer will try to connect to these domains
desktop.uscf.bkslab.org
ucsf.bkslab.org
bkslab.org
compbio.ucsf.edu
ucsf.edu

1. Check on "Require IPv4....."

1. Change the hostname on the bottom

<name>.desktop.ucsf.bkslab.org

- Something I forgot to Save Changes

DateTime

1. Make sure the timezone matched
2. Turn on Network Time

Software Selections

Select GNOME Desktop on Left menu
Select these on the Right Menu
* GNOME Applications
* Compatibility Library
* Development Tools
* Office Suites
Hit "Done"; this step will take awhile

Install Ubuntu 20.04

Instructions

1. Install OS via USB
   • Make sure to pick the Encrypt Data option during installation
2. After installation install openssh so you can work on this remotely
   • apt install openssh-server -y
3. Grab IP
   • ifconfig
4. Add IP into network settings
   • nmtui
   • In ipv4 config
     • add IP from ifconfig
     • Add these to the DNS Servers
       • 169.230.26.93
       • 128.218.254.40
       • 128.218.254.10
     • Add these to the Search Domains
       • desktop.ucsf.bkslab.org
       • ucsf.bkslab.org
       • bkslab.org
       • compbio.ucsf.edu
       • ucsf.edu
5. Create a foreman entry for the desktop
6. Copy a script
   • scp <user>@gimel.compbio.ucsf.edu:/nfs/home/jjg/scripts/ubuntu_20.04_desktop .
7. Run the script
   • bash ubuntu_20.04_desktop
8. Install sssd (Guide)
   • apt update -y
   • apt install sssd libpam-sss libnss-sss -y
   • scp <user>@gimel.compbio.ucsf.edu:/nfs/home/jjg/sssd.conf /etc/sssd/sssd.conf
   • openssl s_client -connect beta.compbio.ucsf.edu:636 -showcerts < /dev/null | openssl x509 -text | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'
   • vim /etc/ssl/certs/ldapcacert.crt
   • openssl s_client -connect beta.compbio.ucsf.edu:389 -CAfile /etc/ssl/certs/ldapcacert.crt
   • vim /etc/ldap/ldap.conf
     • TLS_CACERT /etc/ssl/certs/ldapcacert.crt
   • chmod 600 -R /etc/sssd
   • systemctl restart sssd
   • vim /etc/pam.d/common-session
     • session required pam_mkhomedir.so skel=/etc/skel/ umask=0022
   • id s_jjg
   • vim /etc/group

Install Puppet and Create Puppet Certificate

Installation

Login as root user

• Update centos packages

$ sudo yum update

• Install EPEL release. EPEL is a repository for enterprise releases. Learn more

$ sudo yum install epel-release
This will install access to public repo on Epel. GPG key is provided to provide transaction is valid

• Install Puppet

$ sudo yum install puppet

• Install sssd

$ sudo yum install sssd

• Install nss-pam-ldapd

$ sudo yum install nss-pam-ldapd

• Install libGLU

$ sudo yum install libGLU

Configure Puppet

Edit Puppet configuration on foreman.uscf.bkslab.org

1. Search for host with it is existed.
2. Edit Puppet setting
   1. If the desktop is brand new, click on 'New Host', choose 'Testing' as Host Group and replicate the other existing desktop settings.
   2. In Parameters, click "Override" in "variant" and assign "Desktop" as variable at the bottom.
   3. In Puppet class, Choose :

           * nfs-mounts.*
           * ssd*
           * ntp
           * printer

Issue new Puppet Certificate

In a second terminal, log in as root

$ vi /etc/puppet/puppet.conf
Log into another desktop, check for the current puppet.conf on that machine and copy paste into the new desktop's puppet.conf file. Also, making sure that config has server=puppet

• Log into alpha, to create new puppet certificate for the new computer

$ sudo puppet cert list -a | grep <hostname>.desktop.ucsf.bkslab.org //to list all of the current puppet certificates and check if there was an existing certificate for this machine

• To clean out existing certificate

$ sudo puppet cert clean <hostname>.desktop.ucsf.bkslab.org

BEFORE PROCEEDING TO THE NEXT STEP, MAKE SURE that you have 2 terminals on: one logged in as root on the new computer (client) and the other logged in as s_ on alpha (server) 1. On the client side:

$ puppet agent --test --waitforcert=60
"puppet agent --test" command initial integration with puppet for a new computer or reintegrate puppet. Without this command, the machine will not have access to the /mnt/nfs, /nfs/* and /nfs/soft 
"--waitforcert=60" means "keep calm, wait 60s for DNS server to respond"

2. On server (alpha) side:

Sign the certificate
$ sudo puppet cert sign <hostname>.desktop.ucsf.bkslab.org

Testing puppet

$ id <user_name>

If failed, try running these commands and try it again:

$ systemctl restart sssd

$ authcofig-tui
This will prompt you to the authcofig-tui screen. User SpaceBar to change setting.
1. Uncheck "User Fingerprint reader" so that it would not raise any fingerprint error later. Click "Next' after.
2. Under "LDAP Settings", make sure it says:
   [*] User TLS
   Server: ldaps://ds.ucsf.bkslab.org/
   Base DN: dc=bkslab, dc=org