Difference between revisions of "Set up a new Desktop"

Jump to: navigation, search
Line 63: Line 63:
* Install nss-pam-ldapd
* Install nss-pam-ldapd
  $ sudo yum install nss-pam-ldapd
  $ sudo yum install nss-pam-ldapd
* Install libGLU
$ sudo yum install libGLU
===Configure Puppet===
===Configure Puppet===
====Issue new Puppet Certificate====
====Issue new Puppet Certificate====

Revision as of 12:35, 21 February 2020

Getting a Bootable USB Stick

You can borrow it from the Sysadmin or DIY one with instruction here

Installing Centos

Boot Menu

Remove Existing Centos installation on computer

  1. Select the existing installation.
  2. Click '-' at bottom to remove. It will attempt to remove all the current installation on the machine.

Installation Destination Configuration

  1. Check "Encrypt my data" (IMPORTANT)
  2. Select "I will configure partitioning"
There will be a list of directories will be created and default disk spaces
/boot <- first thing read by the OS. Helps you load the rest of the OS
/swap <- "emergency" disk space for when machine ran out of memory; computer is slow when write/read from here

Network Configuration

  1. DNS Server IP (space separated) (lab DNS server IP address) (local USCF DNS server) (local USCF DNS server)
  1. Search domains (space separated)
The computer will try to connect to these domains
  1. Check on "Require IPv4....."
  1. Change the hostname on the bottom

- Something I forgot to Save Changes


  1. Make sure the timezone matched
  2. Turn on Network Time

Software Selections

Select GNOME Desktop on Left menu
Select these on the Right Menu
* GNOME Applications
* Compatibility Library
* Development Tools
* Office Suites
Hit "Done"; this step will take awhile

Install Puppet and Create Puppet Certificate


Login as root user

  • Update centos packages
$ sudo yum update
  • Install EPEL release. EPEL is a repository for enterprise releases. Learn more
$ sudo yum install epel-release
This will install access to public repo on Epel. GPG key is provided to provide transaction is valid
  • Install Puppet
$ sudo yum install puppet
  • Install sssd
$ sudo yum install sssd
  • Install nss-pam-ldapd
$ sudo yum install nss-pam-ldapd
  • Install libGLU
$ sudo yum install libGLU

Configure Puppet

Issue new Puppet Certificate

In a second terminal, log in as root

$ vi /etc/puppet/puppet.conf
Log into another desktop, check for the current puppet.conf on that machine and copy paste into the new desktop's puppet.conf file. Also, making sure that config has server=puppet
  • Log into alpha, to create new puppet certificate for the new computer
$ sudo puppet cert list -a | grep <hostname>.desktop.ucsf.bkslab.org //to list all of the current puppet certificates and check if there was an existing certificate for this machine
  • To clean out existing certificate
$ sudo puppet cert clean <hostname>.desktop.ucsf.bkslab.org

BEFORE PROCEEDING TO THE NEXT STEP, MAKE SURE that you have 2 terminals on: one logged in as root on the new computer (client) and the other logged in as s_ on alpha (server) 1. On the client side:

$ puppet agent --test --waitforcert=60
"puppet agent --test" command initial integration with puppet for a new computer or reintegrate puppet. Without this command, the machine will not have access to the /mnt/nfs, /nfs/* and /nfs/soft 
"--waitforcert=60" means "keep calm, wait 60s for DNS server to respond"

2. On server (alpha) side:

Sign the certificate
$ sudo puppet cert sign <hostname>.desktop.ucsf.bkslab.org

Edit Puppet configuration on foreman.uscf.bkslab.org

  1. Search for host with it is existed.
  2. Edit Puppet setting
    1. If the desktop is brand new, click on 'New Host', choose 'Testing' as Host Group and replicate the other existing desktop settings.
    2. In Parameters, click "Override" in "variant" and assign "Desktop" as variable at the bottom.
    3. In Puppet class, Choose :
           * nfs-mounts.*
           * ssd*
           * ntp
           * printer

Testing puppet

$ id <user_name>

If failed, try running these commands and try it again:

$ systemctl restart sssd

$ authcofig-tui
This will prompt you to the authcofig-tui screen. User SpaceBar to change setting.
1. Uncheck "User Fingerprint reader" so that it would not raise any fingerprint error later. Click "Next' after.
2. Under "LDAP Settings", make sure it says:
   [*] User TLS
   Server: ldaps://ds.ucsf.bkslab.org/
   Base DN: dc=bkslab, dc=org