RoboLab VLAB server: Difference between revisions
No edit summary |
|||
| (28 intermediate revisions by the same user not shown) | |||
| Line 7: | Line 7: | ||
When prompted as by <code>apt-get</code>'s post-install, configure XDM to start as default (instead of <code>lightdm</code>, or any other display managers) | When prompted as by <code>apt-get</code>'s post-install, configure XDM to start as default (instead of <code>lightdm</code>, or any other display managers) | ||
Edit <code>/etc/X11/xdm/Xservers</code>: | Edit <code>/etc/X11/xdm/Xservers</code>:<br>Comment out the line for display ":0..." | ||
Edit <code>/etc/X11/xdm/xdm-config</code>:<br>Comment out: "DisplayManager.requestPort: 0" | |||
<code>/etc/X11/xdm/ | Edit <code>/etc/X11/xdm/Xaccess</code>:<br>Allow all hosts (uncomment-out appropriate line, though this could be better targeted to allow 127.0.0.1 only) | ||
Note 1: the default Ubuntu desktop display manager is configured to start up a rich desktop environment with audio, animations, etc. Replacing the display manager with XDM makes the environment much simpler... and this mirrors what we already do with VLAB. | |||
Note 2: may have to reboot after installing XDM to clean out leftover processes and configurations from the original display manager. | |||
== Install TigerVNC server == | == Install TigerVNC server == | ||
| Line 24: | Line 22: | ||
# Download <code>tigervnc-1.13.1.x86_64.tar.gz</code> | # Download <code>tigervnc-1.13.1.x86_64.tar.gz</code> | ||
# Untar into <code>/usr/local</code> | # Untar into <code>/usr/local</code> | ||
# Create symlink to <code>tigervnc</code> | # Create symlink to <code>tigervnc</code> in same directory | ||
== Install xvncrunner == | == Install <code>xvncrunner</code> == | ||
<code>xvncrunner</code> is an eternal service, written in Tcl, which listens on the various 59XX TCP ports and launches TigerVNC server instances to suit incoming connections. | <code>xvncrunner</code> is an eternal, systemd-managed service, written in Tcl, which listens on the various 59XX TCP ports and launches TigerVNC server instances with appropriate command-line parameters to suit the individual incoming connections. | ||
apt-get install tcl tcl-thread | apt-get install tcl tcl-thread | ||
Copy from New World: | Copy from New World: | ||
| Line 36: | Line 34: | ||
* <code>/usr/local/infrastructure/vlab/xvncrunner(|.sh)</code> | * <code>/usr/local/infrastructure/vlab/xvncrunner(|.sh)</code> | ||
Make it go: | |||
== Install xfce4 == | systemctl daemon-reload | ||
systemctl enable xvncrunner | |||
systemctl start xvncrunner | |||
== Install <code>xfce4</code> == | |||
apt-get install xfce4 | apt-get install xfce4 | ||
Set up a user <code>.xsession</code> file to start <code>xfce4-session</code> (chmod 755) | Set up a user <code>.xsession</code> file to start <code>xfce4-session</code> (<code>chmod 755</code>) | ||
== Setting up Kerberos for zID/zPass authentication == | |||
Note: Kerberos is solely for authentication (checking that zID/zPass are correct). This has nothing to do with the account or home directory of the user. See below for creating an account on the server which can be used with Kerberos authentication. | |||
apt-get install krb5-user | |||
Answer for "Default Kerberos realm" is "AD.UNSW.EDU.AU". Must be upper-case and without double quotes. | |||
Add to <code><nowiki>[realms]</nowiki></code> in <code>/etc/krb5.conf</code>: | |||
AD.UNSW.EDU.AU = { | |||
kdc = ad.unsw.edu.au | |||
} | |||
Test with <code>kinit</code>, <code>klist</code> and <code>kdestroy</code>: | |||
root@robolab-test:/home/csg# '''kinit ''<span style="color: red;"><zID></span>''''' | |||
Password for ''<span style="color: red;"><zID></span>''@AD.UNSW.EDU.AU: | |||
root@robolab-test:/home/csg# '''klist''' | |||
Ticket cache: FILE:/tmp/krb5cc_0 | |||
Default principal: ''<span style="color: red;"><zID></span>''@AD.UNSW.EDU.AU | |||
Valid starting Expires Service principal | |||
27/06/23 10:08:17 27/06/23 20:08:17 krbtgt/AD.UNSW.EDU.AU@AD.UNSW.EDU.AU | |||
renew until 28/06/23 10:08:13 | |||
root@robolab-test:/home/csg# '''kdestroy''' | |||
root@robolab-test:/home/csg# | |||
=== Tying in to PAM (pluggable authentication modules) === | |||
apt-get install libpam-krb5 | |||
=== Creating a local account to use with zID === | |||
root@robolab-test:~# '''useradd <span style="color: red;"><zID></span>''' | |||
root@robolab-test:~# '''mkdir /home/<span style="color: red;"><zID></span>''' | |||
root@robolab-test:~# '''chown <span style="color: red;"><zID></span>:<span style="color: red;"><zID></span> /home/<span style="color: red;"><zID></span>''' | |||
Note: Can probably pass "-m" to <code>useradd</code> and it'll create the home directory itself. | |||
Create <code>/home/<zID>/.xsession</code> owned by user <span style="color: red;"><zID></span> and with permissions 0755: | |||
#!/bin/bash | |||
exec /usr/bin/xfce4-session | |||
Note: Can probably modify the contents of <code>/etc/skel</code> so the <code>.xsession</code> file is created automatically. | |||
== Notes == | == Notes == | ||
For Peter. Other folk can ignore: | |||
* <code>systemctl set-default graphical</code> | * <code>systemctl set-default graphical</code> | ||
* <code>systemctl set-default multi-user</code> | * <code>systemctl set-default multi-user</code> | ||
Latest revision as of 10:46, 27 Haziran 2023
Starting from a Desktop install of Ubuntu 20.04:
Setup XDM as the display manager (the program that displays the login screen)
apt-get install xdm
When prompted as by apt-get's post-install, configure XDM to start as default (instead of lightdm, or any other display managers)
Edit /etc/X11/xdm/Xservers:
Comment out the line for display ":0..."
Edit /etc/X11/xdm/xdm-config:
Comment out: "DisplayManager.requestPort: 0"
Edit /etc/X11/xdm/Xaccess:
Allow all hosts (uncomment-out appropriate line, though this could be better targeted to allow 127.0.0.1 only)
Note 1: the default Ubuntu desktop display manager is configured to start up a rich desktop environment with audio, animations, etc. Replacing the display manager with XDM makes the environment much simpler... and this mirrors what we already do with VLAB.
Note 2: may have to reboot after installing XDM to clean out leftover processes and configurations from the original display manager.
Install TigerVNC server
- Go to www.tigervnc.org navigate to the download pages
- Download
tigervnc-1.13.1.x86_64.tar.gz - Untar into
/usr/local - Create symlink to
tigervncin same directory
Install xvncrunner
xvncrunner is an eternal, systemd-managed service, written in Tcl, which listens on the various 59XX TCP ports and launches TigerVNC server instances with appropriate command-line parameters to suit the individual incoming connections.
apt-get install tcl tcl-thread
Copy from New World:
/etc/systemd/system/xvncrunner.service/usr/local/infrastructure/vlab/xvncrunner(|.sh)
Make it go:
systemctl daemon-reload systemctl enable xvncrunner systemctl start xvncrunner
Install xfce4
apt-get install xfce4
Set up a user .xsession file to start xfce4-session (chmod 755)
Setting up Kerberos for zID/zPass authentication
Note: Kerberos is solely for authentication (checking that zID/zPass are correct). This has nothing to do with the account or home directory of the user. See below for creating an account on the server which can be used with Kerberos authentication.
apt-get install krb5-user
Answer for "Default Kerberos realm" is "AD.UNSW.EDU.AU". Must be upper-case and without double quotes.
Add to [realms] in /etc/krb5.conf:
AD.UNSW.EDU.AU = {
kdc = ad.unsw.edu.au
}
Test with kinit, klist and kdestroy:
root@robolab-test:/home/csg# kinit <zID> Password for <zID>@AD.UNSW.EDU.AU: root@robolab-test:/home/csg# klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: <zID>@AD.UNSW.EDU.AU Valid starting Expires Service principal 27/06/23 10:08:17 27/06/23 20:08:17 krbtgt/AD.UNSW.EDU.AU@AD.UNSW.EDU.AU renew until 28/06/23 10:08:13 root@robolab-test:/home/csg# kdestroy root@robolab-test:/home/csg#
Tying in to PAM (pluggable authentication modules)
apt-get install libpam-krb5
Creating a local account to use with zID
root@robolab-test:~# useradd <zID> root@robolab-test:~# mkdir /home/<zID> root@robolab-test:~# chown <zID>:<zID> /home/<zID>
Note: Can probably pass "-m" to useradd and it'll create the home directory itself.
Create /home/<zID>/.xsession owned by user <zID> and with permissions 0755:
#!/bin/bash exec /usr/bin/xfce4-session
Note: Can probably modify the contents of /etc/skel so the .xsession file is created automatically.
Notes
For Peter. Other folk can ignore:
systemctl set-default graphicalsystemctl set-default multi-user