SysAdmin‎ > ‎

Setting up Firewall/Gateway or Desktop Machine

Setting Up Firewall/Gateway Desktop
0. Requirements before attempting to set up desktop
    MAKE SURE TO BACK UP FILES NEEDED ON YOUR COMPUTER BEFORE SETTING UP IF NOT A BRAND NEW INSTALLATION
    Desktop doesn't need high specs, but must have 2 Ethernet ports and possibly 2+ years of warranty.
    A PCI-E network card would be required to install into desktop if motherboard only has one port, something like Intel Pro 1000.
    Plug in Ethernet cord to access Internet so Ubuntu can update while installing.
    Ask Professor Gallicchio how to setup the partitions and the name of the computer.
    WHEN IN DOUBT, ALWAYS ASK THE PROFESSOR BEFORE DOING SOMETHING

1. Install Ubuntu if not already installed
    1.1 Booting Ubuntu from USB
        Plug in Ubuntu installation USB drive
        Turn on/restart desktop
        Press the key to get to Boot Menu, the start up screen should tell you which key it is
        Boot from USB drive
    1.2 Installing Ubuntu
        When Ubuntu shows up, click "Install Ubuntu"
        On the "Preparing to install Ubuntu" screen, have "download updates while installing" checked and click "continue"
        On the "Installation type" screen choose "something else" and click "continue"
    1.3 Partitioning Hard Drive
        Rule of thumb is to create three partitions(root, swap, and home)
        Size is defined in MB, so 1GB = 1000MB
        The root partition should be at least 20GB, swap should be twice the amount of RAM(so if you have 4GB RAM installed swap should be 8GB), home should have the rest of the free space
        1.3.1 New Hard Drive
            If installing on a new hard drive, it should just show "/dev/sda"
            Click "New Partition Table" to add in your new hard drives free space
            Select the free space and click "+" to add a new partition
            Make the three partitions according to the rule of thumb
            For root, enter size, choose "Primary" type, "Beginning of this space", use as "Ext4 journaling file system", mount point "/" (/ means root), click "OK"
            For swap, enter size, choose "Logical" type, "Beginning of this space", use as "swap area", click "OK"
            For home, enter size, choose "Logical" type, "Beginning of this space", use as "Ext4 journaling file system", mount as "/home", click "OK"
            Device for "boot loader installation" should default to "/dev/sda", click "Install Now"
        1.3.2 Used Hard Drive
            If not installing on a new hard drive but you want to only have Ubuntu and delete everything else, highlight everything besides "/dev/sda" and "free space" and click "-" to turn partition back into free space
            Once you have only "/dev/sda" and free space left, follow steps in 1.3.1 after skipping "New Partition Table" step
    1.4 Final Steps
        Choose location on map and click "continue"
        Select keyboard, default should be "English US" and click "continue"
        Fill in the information to make your first account and click "continue" (username is your login name)
        Wait until you get the "Installation Complete" prompt and click "restart now"
to prevent sleep on 14.04:
edit /usr/share/polkit-1/actions/org.freedesktop.upower.policy and change "yes" to "no" in the <allow_active>yes</allow_active> lines
 to prevent sleep on 16.04:
        sudo systemctl mask sleep.target suspend.target hibernate.target hybrid-sleep.target

2. Configuring to a Firewall/Gateway Desktop
    2.1 Initial configuration
        For every account, make sure power options are set to "Don't suspend" when inactive
        To do this, login to an account, click the gear icon on the top right of the screen, "system settings", and "power"
        Set up the first network interface for now
        To do this, login to an account, click the up down arrow icon on the top right of the screen, "edit connections", click the one being used and click "edit", go to "IPv4 Settings" and have method as "Automatic (DHCP), click "Save"
    2.2 Configure old Firewall/Gateway Desktop to give Internet access to new desktop
        Get MAC address of new Desktop, click up down arrow icon on the top right of the screen, click "Connection information", the MAC address is the Hardware Address (example: 78:45:c5:FE:7B:50)
        On old desktop, open Terminal (Ctrl + Alt + T)
        Edit the file "dnsmasq.conf" to add new desktop information to allow Internet access
        To do this, in terminal type in
            sudo gedit /etc/dnsmasq.conf
        In the "adds domain name" section go to the end of the section and add
            #comptuername
            dhcp-host=MAC/Hardware address,new IP,computername
        It should be exactly the same format as the previous lines, the new IP should be the next number (if last entry was 10.42.0.111 then the new entry should be 10.42.0.112), replace computername with new desktop name, save and close the document
       
Edit hosts file to include new desktop information
        To do this type in terminal
            sudo gedit /etc/hosts
        At the end of the first section, add the computer information similar to
            10.42.0.108    computername.brooklyn.cuny.edu computername
        Change computername to the new desktop computer name, change last IP to what you had in the dnsmasq.conf file, save and close the document
    2.3 Installation of NFS, autofs, LDAP (NEEDS CHECKING)
        On the new desktop, install the first two by typing in terminal
            sudo apt-get install nfs-common nfs-kernel-server autofs
        If any permission request shows up reply with yes or y, whichever it asks for
        Before installing ldap you need to know the root password, ask Professor Gallicchio for it or install ldap when he is around
        Install ldap by typing in terminal
            sudo apt-get install libnss-ldap
        Enter root password if it asks for ldap password
        Configure it to
            ldap://10.42.0.1
            dc=brooklyn,dc=cuny,dc=edu
            cn=admin,dc=brooklyn,dc=cuny,dc=edu
        If you made a mistake you can configure it again using
            sudo dpkg-reconfigure ldap-auth-config
        Results of the dialog can be seen in /etc/ldap.conf and if server requires options not covered in the menu edit this file accordingly.
    2.4 Configuration of LDAP and autofs (NEEDS CHECKING)
        Configure the LDAP profile for NSS by typing in terminal
            sudo auth-client-config -t nss -p lac_ldap
        Configure the system to use LDAP for authentication by typing in terminal
            sudo pam-auth-update
        For next step, don't leave out the dot. Dot means here or this folder
        Also for next step, the line "sudo scp chelsea:/etc/auto.{master,nfs} ." may or may not need a username before chelsea as in "sudo scp tonyz@chelsea:/etc/auto.{master,nfs} ." you should ask Professor Gallicchio for more information on that
        To set up autofs, type in the following in terminal
            cd /etc/
            sudo scp chelsea:/etc/auto.{master,nfs} .
            sudo mkdir -p /home/users
            cd /home/users/
            sudo ln -s /nfs/egallicchio .
            ... (?)
            etc. (?)
            sudo service autofs restart

To change the password of a LDAP user as the admin user:
$ ldappasswd -H ldap://10.42.0.1 -x -D "cn=admin,dc=brooklyn,dc=cuny,dc=edu" -W -S "uid=george,ou=users,dc=brooklyn,dc=cuny,dc=edu"
you'll be asked to enter the admin password.

Users can change their LDAP passwords with: 
$ ldappasswd -H ldap://10.42.0.1 -x -D "uid=george,ou=users,dc=brooklyn,dc=cuny,dc=edu" -W -S
they will be asked to enter their current password as "LDAP password"

NFS EXPORTS SETUP ON UBUNTU
$ cd /export
$ sudo mkdir username
$ sudo mount --bind /home/users/username /export/username
$ (edit /etc/fstab to add:
  /home/users/username /export/username  none  bind 0 0

$ (edit /etc/exports to add:
   /export/username 10.42.0.0/24(rw,nohide,insecure,no_subtree_check,async)
make sure that the entry:
/export 10.42.0.0/24(rw,nohide,insecure,no_subtree_check,async)
exists. Otherwise create it.

Do the same for the 10.24.0.0 subnet

$ sudo service nfs-kernel-server restart

    2.5 NVIDIA (Unsure of NVIDIA steps as I did not use them)
        If you need NVIDIA configuration (ask professor if computer needs it) it is
            scp egallicchio@scilla:~/src/*NVIDIA* .
            scp egallicchio@scilla:~/src/*cuda* .
            In text console:
                sudo service lightdm stop
                sudo sh NVIDIA-..,run
            will complain about nouveau driver. Let it disable then reboot and run again.

            For 14.04:
            Install nvidia-352 driver from repository (maybe unnecessary, installed as a pre-requisite by cuda?)
            sudo apt-get install nvidia-352
            restart
            N.B. If your workstation have Secure UEFI boot enabled, then you will get a notification while installing third-party software, for example, from NVIDIA. The notification asks you to disable the secure UEFI boot and require the user to enter 
            a password. This password request is prompted again during the reboot. Skipping this process or skipping the password step during reboot can result in the third-party hardware, inaccessible to the system, resulting in No Display for                        the nvidia hardware. The password step is a one time process. Keep the password at a safe place and will be required if the user wants to enable Secure UEFI boot.

            For the installation of CUDA:
            sudo dpkg -i cuda-repo-ubuntu1404_7.5-18_amd64.deb
            sudo apt-get update
            sudo apt-get install cuda

            For 12.04
                sudo dpkg -i cuda repo....deb
                sudo apt-get install cuda
    2.6 Final Steps (NEEDS CHECKING)
        Install the following by typing in terminal
            sudo apt-get install openssh-server (?)
            sudo apt-get install ldap-utils (?)
            sudo apt-get install nscd (?)

3. Migration

    3.1 Initial steps
        In terminal type in

            sudo apt-get install slapd ldap-utils

            (Use root password when requested for a ldap password)

            sudo dpkg-reconfigure slapd

        When asked about initial config or database being created say no, and for the next few reply with ok,
ok, ok, no
        Edit /etc/ldap/ldap.conf by typing in terminal

            sudo gedit /etc/ldap/ldap.conf

        At the end of the file, add

            BASE dc=brooklyn,dc=cuny,dc=edu

            URI ldap://computername.brooklyn.cuny.edu ldap://computername.brooklyn.cuny.edu:666

        Change computername to the new desktop name

        Install the following by typing in terminal

            sudo apt-get install apache2 php5 php5-mysql

            sudo apt-get install phpldapadmin

        Edit /etc/phpldapadmin/config.php by typing in terminal

            sudo gedit /etc/phpldapadmin/config.php

        Look through the file and make the following changes

            $servers->setValue('server','name','My LDAP Server'); to
$servers->setValue('server','name','EGLab LDAP Server')
            $servers->setValue('server','host','127.0.0.1'); to
$servers->setValue('server','host','computername.brooklyn.cuny.edu');
            (replace computer name)

            $servers->setValue('server','base',array('dc=example,dc=com')); to
$servers->setValue('server','base',array('dc=brooklyn,dc=cuny,dc=edu'));
            $servers->setValue('login','bind_id','cn=admin,dc=example,dc=com'); to $servers->setValue('login','bind_id','cn=admin,dc=brooklyn,dc=cuny,dc=edu');
        Save and close the file

    3.2 Transfer LDAP
(NEEDS CHECKING)
        exported LDAP database export.ldif from chelsea (?)

        (THE NEXT 2 PART SHOULD BE DONE BY PROFESSOR GALLICCHIO)

        On the old desktop, in terminal type

            sudo /etc/init.d/slapd stop

            sudo slapcat -l /root/ldapdump.raw

            sudo egrep -v '^entryCSN:' < /root/ldapdump.raw > /root/ldapdump

        Transfer this file to the new desktop, you need to stop slapd to transfer the file

        On new desktop remove the top and admin entries from ldap then in terminal type

            sudo slapadd -l ldapdump

        For the client in terminal type (?)

            sudo dpkg-reconfigure ldap-auth-config (?)

        Set ldap://10.42.0.106 (?)

        Copy hosts file to new desktop, edit hosts to replace old desktop name with new desktop name

        Copy hosts to /etc/
    3.3 Changing Network Connection Configuration
        Plug in the internets ethernet cable to the second port (if on policoro this should be the blue one)
        This should be called internet wired by default, edit the connection so IPv4 settings are

            Method: Manual

            Address: 146.245.250.157

            Netmask: 255.255.255.128

            Gateway: 146.245.250.129

            DNS servers: 146.245.9.153

            Search domains: brooklyn.cuny.edu

        
This information should be on the old desktop, edit the connection on old desktop to see how it was
configured
        eth0 settings in IPv4 should change method to Shared to other computers

        Hack dnsmasq with a script

        eth0 sharing is done with dnsmasq, in order to have dnsmasq read the configuration files, in terminal

            mv /usr/sbin/dnsmasq /usr/sbin/dnsmasq.bin

        In /usr/sbin/dnsmasq file should be empty, edit it by typing in

            sudo gedit /usr/sbin/dnsmasq

        Add in

            #!/bin/bash

            exec /usr/sbin/dnsmasq.bin 'echo “$@ “' --conf-file=/etc/dnsmasq.conf

        Check and change permissions by typing in terminal

            sudo chmod ugo+x /usr/sbin/dnsmasq.bin
    3.4 Transfer software (NEEDS CHECKING)
        On new desktop, make software folder on /home by typing in terminal
            sudo mkdir /home/software

        Change ownership of software folder to emilio by typing in terminal

            
cd /home/software

            sudo chown -R username.username username (?)
            sudo chown -R software.software software

        Repeat the steps in a new folder called export by typing in terminal

            (If /export does not exist, make it)

            cd /export

            sudo mkdir software

            sudo mount –bind /home/software /export/software

        Edit /etc/fstab by typing in terminal

            sudo gedit /etc/fstab

        At the end of the file add in

            /home/software /export/software none bind 0 0

        Edit /etc/exports by typing in terminal

            sudo gedit /etc/exports

        At the end of the file add in

            /export/software 10.42.0.0/24(rw,nohide,insecure,no_subtree_check,async)

        Restart nfs-kernel-server by typing in terminal

            sudo service nfs-kernel-server restart

        (The next step should be done by Professor Gallicchio)

        On old desktop, back up/transfer software to new desktop by typing in terminal

            rsync -av openmm-6.01 schrodinger 10.42.0.1:/home/software
    
3.5 License Configuration
        The license for Schrodinger is in /home/software/schrodinger/Suites_2014-4 and /home/software/schrodinger/Suites_2013-3 called license
        If new license is available, make a back up of the 2014 license with todays date by typing in terminal

            cd /home/software/schrodinger/Suites_2014-4/

            mv license license-2-25-2015

        Then copy over the new license to this folder, this should be done by Professor Gallicchio

        If there is a new license, you also have to back up the 2013 license the same way as before, and then
copy over the new license in the 2014 folder to the 2013 folder.
        
Edit the start up file to include the license, to do this type in terminal

            sudo gedit /etc/rc.local

        At the end of the last comment and before the exit 0, add in the following

            #start Schrodinger license server

            SCHRODINGER=/home/software/schrodinger/Suites_2014-4

            export SCHRODINGER

            $SCHRODINGER/licadmin SERVERUP -l $SCHRODINGER/`date +%m_%d_%Y_%H_%M_%S`.lmgrd.log

        (The lines with $SCHRODINGER and ending in lmgrd.log is one line only) Save and close

        Test to see if the license is working for both 2014 and 2013 on the new desktop and at least one other
computer in the room. To test, type in terminal
            /home/software/schrodinger/Suites_2014-4/utilities/lictest -l IMPACT_MAIN -v

            /home/software/schrodinger/Suites_2013-3/utilities/lictest -l IMPACT_MAIN -v

        Both tests should return success. If they fail, the software folder may be linked wrong. If it fails on
another computer, it may be that you have to update the link to the software folder or someone is using a program that was mounted to the old software folder location and they need to stop running that program for software folder link to update correctly
    3.6 Final Steps

        On every computer in the lab, update auto.nfs and restart it by typing the following

            sudo scp yourlocalaccount@newdesktopname:/etc/auto.nfs .

            sudo service autofs restart

        Replace yourlocalaccount with the name of your admin account on the new desktop, and replace
newdesktopname with the actual new desktops name

For more information, the emails with the old guide of how to set desktop up are called
ubuntu 14.04 setup”
“migration hack fix”

“eglab ldap notes, users, NFS, home directories” (typo in this mail, the section with on homemachine:
the line cd /exports should be cd /export)
“more settings for policoro”


CentOS notes

LDAP

Followed: https://www.centos.org/docs/5/html/Deployment_Guide-en-US/s1-ldap-quickstart.html

yum install openldap openldap-clients pam_ldap nss-pam-ldapd
nano /etc/openldap/ldap.conf:

#
# LDAP Defaults
#

# See ldap.conf(5) for details
# This file should be world readable but not world writable.

#BASE dc=example,dc=com
#URI ldap://ldap.example.com ldap://ldap-master.example.com:666

#SIZELIMIT 12
#TIMELIMIT 15
#DEREF never

#TLS_CACERTDIR /etc/openldap/certs
URI ldap://10.42.0.1
BASE dc=brooklyn,dc=cuny,dc=edu



ldapsearch -D "cn=admin,dc=brooklyn,dc=cuny,dc=edu" -w <root_password> -h policoro.brooklyn.cuny.edu -b "dc=brooklyn,dc=cuny,dc=edu" -s sub "(objectclass=*)"

returned data

nano /etc/nsswitch.conf 

passwd:     files ldap
shadow:     files ldap
group:      files ldap

nano /etc/nslcd.conf
uri ldap://10.42.0.1
base dc=brooklyn,dc=cuny,dc=edu
ssl no

/etc/init.d/nslcd start
chkconfig --level 345 nslcd on


# in /etc/ edit pam_ldap.conf to have:
base dc=brooklyn,dc=cuny,dc=edu
uri ldap://10.24.0.1
rootbinddn cn=admin,dc=brooklyn,dc=cuny,dc=edu
pam_password md5

#create /etc/pam_ldap.secret with root password, root-only rw

#edit password-auth and system-auth in /etc/pam.d to replace all pam_sss entries to pam_ldap

#notice the dot at the end
scp 'emilio@policoro:/etc/auto.{master,nfs}' .
/etc/init.d/autofs restart
cd /home
mkdir users
cd users
for i in bfzhang dkilburg egallicchio htancredi laurenw rajat  ; do ln -s /nfs/$i $i ; done
cd /home
ln -s /nfs/software software

Ubuntu Printing

install hplip
#install M276nw printer and scanner
sudo hp-setup -i 10.42.0.103

Comments