RoboLab VLAB server: Difference between revisions
| (18 intermediate revisions by the same user not shown) | |||
| Line 13: | Line 13: | ||
Edit <code>/etc/X11/xdm/Xaccess</code>:<br>Allow all hosts (uncomment-out appropriate line, though this could be better targeted to allow 127.0.0.1 only) | Edit <code>/etc/X11/xdm/Xaccess</code>:<br>Allow all hosts (uncomment-out appropriate line, though this could be better targeted to allow 127.0.0.1 only) | ||
Note: the default Ubuntu desktop display manager is configured to start up a rich desktop environment with audio, animations, etc. Replacing the display manager with XDM makes the environment much simpler... and this mirrors what we already do with VLAB. | Note 1: the default Ubuntu desktop display manager is configured to start up a rich desktop environment with audio, animations, etc. Replacing the display manager with XDM makes the environment much simpler... and this mirrors what we already do with VLAB. | ||
Note 2: may have to reboot after installing XDM to clean out leftover processes and configurations from the original display manager. | |||
== Install TigerVNC server == | == Install TigerVNC server == | ||
| Line 22: | Line 24: | ||
# Create symlink to <code>tigervnc</code> in same directory | # Create symlink to <code>tigervnc</code> in same directory | ||
== Install xvncrunner == | == Install <code>xvncrunner</code> == | ||
<code>xvncrunner</code> is an eternal service, written in Tcl, which listens on the various 59XX TCP ports and launches TigerVNC server instances to suit incoming connections. | <code>xvncrunner</code> is an eternal, systemd-managed service, written in Tcl, which listens on the various 59XX TCP ports and launches TigerVNC server instances with appropriate command-line parameters to suit the individual incoming connections. | ||
apt-get install tcl tcl-thread | apt-get install tcl tcl-thread | ||
| Line 31: | Line 33: | ||
* <code>/etc/systemd/system/xvncrunner.service</code> | * <code>/etc/systemd/system/xvncrunner.service</code> | ||
* <code>/usr/local/infrastructure/vlab/xvncrunner(|.sh)</code> | * <code>/usr/local/infrastructure/vlab/xvncrunner(|.sh)</code> | ||
Make it go: | |||
systemctl daemon-reload | systemctl daemon-reload | ||
| Line 36: | Line 40: | ||
systemctl start xvncrunner | systemctl start xvncrunner | ||
== Install xfce4 == | == Install <code>xfce4</code> == | ||
apt-get install xfce4 | apt-get install xfce4 | ||
Set up a user <code>.xsession</code> file to start <code>xfce4-session</code> (<code>chmod 755</code>) | Set up a user <code>.xsession</code> file to start <code>xfce4-session</code> (<code>chmod 755</code>) | ||
== Setting up Kerberos for zID/zPass authentication == | |||
Note: Kerberos is solely for authentication (checking that zID/zPass are correct). This has nothing to do with the account or home directory of the user. See below for creating an account on the server which can be used with Kerberos authentication. | |||
apt-get install krb5-user | |||
Answer for "Default Kerberos realm" is "AD.UNSW.EDU.AU". Must be upper-case and without double quotes. | |||
Add to <code><nowiki>[realms]</nowiki></code> in <code>/etc/krb5.conf</code>: | |||
AD.UNSW.EDU.AU = { | |||
kdc = ad.unsw.edu.au | |||
} | |||
Test with <code>kinit</code>, <code>klist</code> and <code>kdestroy</code>: | |||
root@robolab-test:/home/csg# '''kinit ''<span style="color: red;"><zID></span>''''' | |||
Password for ''<span style="color: red;"><zID></span>''@AD.UNSW.EDU.AU: | |||
root@robolab-test:/home/csg# '''klist''' | |||
Ticket cache: FILE:/tmp/krb5cc_0 | |||
Default principal: ''<span style="color: red;"><zID></span>''@AD.UNSW.EDU.AU | |||
Valid starting Expires Service principal | |||
27/06/23 10:08:17 27/06/23 20:08:17 krbtgt/AD.UNSW.EDU.AU@AD.UNSW.EDU.AU | |||
renew until 28/06/23 10:08:13 | |||
root@robolab-test:/home/csg# '''kdestroy''' | |||
root@robolab-test:/home/csg# | |||
=== Tying in to PAM (pluggable authentication modules) === | |||
apt-get install libpam-krb5 | |||
=== Creating a local account to use with zID === | |||
root@robolab-test:~# '''useradd <span style="color: red;"><zID></span>''' | |||
root@robolab-test:~# '''mkdir /home/<span style="color: red;"><zID></span>''' | |||
root@robolab-test:~# '''chown <span style="color: red;"><zID></span>:<span style="color: red;"><zID></span> /home/<span style="color: red;"><zID></span>''' | |||
Note: Can probably pass "-m" to <code>useradd</code> and it'll create the home directory itself. | |||
Create <code>/home/<zID>/.xsession</code> owned by user <span style="color: red;"><zID></span> and with permissions 0755: | |||
#!/bin/bash | |||
exec /usr/bin/xfce4-session | |||
Note: Can probably modify the contents of <code>/etc/skel</code> so the <code>.xsession</code> file is created automatically. | |||
== Notes == | == Notes == | ||
For Peter. Other folk can ignore: | |||
* <code>systemctl set-default graphical</code> | * <code>systemctl set-default graphical</code> | ||
* <code>systemctl set-default multi-user</code> | * <code>systemctl set-default multi-user</code> | ||
Latest revision as of 10:46, 27 Haziran 2023
Starting from a Desktop install of Ubuntu 20.04:
Setup XDM as the display manager (the program that displays the login screen)
apt-get install xdm
When prompted as by apt-get's post-install, configure XDM to start as default (instead of lightdm, or any other display managers)
Edit /etc/X11/xdm/Xservers:
Comment out the line for display ":0..."
Edit /etc/X11/xdm/xdm-config:
Comment out: "DisplayManager.requestPort: 0"
Edit /etc/X11/xdm/Xaccess:
Allow all hosts (uncomment-out appropriate line, though this could be better targeted to allow 127.0.0.1 only)
Note 1: the default Ubuntu desktop display manager is configured to start up a rich desktop environment with audio, animations, etc. Replacing the display manager with XDM makes the environment much simpler... and this mirrors what we already do with VLAB.
Note 2: may have to reboot after installing XDM to clean out leftover processes and configurations from the original display manager.
Install TigerVNC server
- Go to www.tigervnc.org navigate to the download pages
- Download
tigervnc-1.13.1.x86_64.tar.gz - Untar into
/usr/local - Create symlink to
tigervncin same directory
Install xvncrunner
xvncrunner is an eternal, systemd-managed service, written in Tcl, which listens on the various 59XX TCP ports and launches TigerVNC server instances with appropriate command-line parameters to suit the individual incoming connections.
apt-get install tcl tcl-thread
Copy from New World:
/etc/systemd/system/xvncrunner.service/usr/local/infrastructure/vlab/xvncrunner(|.sh)
Make it go:
systemctl daemon-reload systemctl enable xvncrunner systemctl start xvncrunner
Install xfce4
apt-get install xfce4
Set up a user .xsession file to start xfce4-session (chmod 755)
Setting up Kerberos for zID/zPass authentication
Note: Kerberos is solely for authentication (checking that zID/zPass are correct). This has nothing to do with the account or home directory of the user. See below for creating an account on the server which can be used with Kerberos authentication.
apt-get install krb5-user
Answer for "Default Kerberos realm" is "AD.UNSW.EDU.AU". Must be upper-case and without double quotes.
Add to [realms] in /etc/krb5.conf:
AD.UNSW.EDU.AU = {
kdc = ad.unsw.edu.au
}
Test with kinit, klist and kdestroy:
root@robolab-test:/home/csg# kinit <zID> Password for <zID>@AD.UNSW.EDU.AU: root@robolab-test:/home/csg# klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: <zID>@AD.UNSW.EDU.AU Valid starting Expires Service principal 27/06/23 10:08:17 27/06/23 20:08:17 krbtgt/AD.UNSW.EDU.AU@AD.UNSW.EDU.AU renew until 28/06/23 10:08:13 root@robolab-test:/home/csg# kdestroy root@robolab-test:/home/csg#
Tying in to PAM (pluggable authentication modules)
apt-get install libpam-krb5
Creating a local account to use with zID
root@robolab-test:~# useradd <zID> root@robolab-test:~# mkdir /home/<zID> root@robolab-test:~# chown <zID>:<zID> /home/<zID>
Note: Can probably pass "-m" to useradd and it'll create the home directory itself.
Create /home/<zID>/.xsession owned by user <zID> and with permissions 0755:
#!/bin/bash exec /usr/bin/xfce4-session
Note: Can probably modify the contents of /etc/skel so the .xsession file is created automatically.
Notes
For Peter. Other folk can ignore:
systemctl set-default graphicalsystemctl set-default multi-user