Diff for "InstallingControlOnCentos6"

1. You need to install a "minimal install" of CentOS 6.8, using the minimal install CD.

2. Configure Network for DHCP and to "Connect Automatically"(/etc/sysconfig/network-script/ifcfg-eth0)

3. Partition sizes should be as follows (Create Custom Layout): / 20-50GB, depending on size of drive, format as EXT4 swap 2-32GB, the same size as physical RAM /u with the rest of available space (Fill to maximum available size), formatted as EXT4

4. After the OS install is finished it will restart. Turn off firewall and selinux

chkconfig iptables off

chkconfig ip6tables off

edit /etc/sysconfig/selinux and make sure the SELINUX line is as follows: SELINUX=disabled

5. install wget and ppp:

yum install wget ppp

6. download the following file into the server: http://customers.creativecomputing.com.au/concare/vpn.tgz untar the file into /etc/

cd

wget http://customers.creativecomputing.com.au/concare/vpn.tgz

cd /etc

tar xvzf ~/vpn.tgz

7. then as root, accept the fingerprint:

# ssh 220.233.135.250

The authenticity of host '220.233.135.250 (220.233.135.250)' can't be established. RSA key fingerprint is f6:f0:5c:21:74:0e:03:db:fc:71:e6:21:63:b5:c0:43. Are you sure you want to continue connecting (yes/no)?

Type "yes" and cancel the connection (ctrl-c). Reboot to connect the vpn

(if hostname of the server is “li823-33.members.linode.com”, we need to add the “li823-33.members.linode” into the /etc/hosts file for ppp connection)

8. Add epel repository:

# rpm -ivh http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm

use yum to install additional packages

yum groupinstall "Desktop" "General Purpose Desktop" "Print Server" "Web Server" "X Window System" "Internet Browser" "Office Suite and Productivity" "Xfce"

yum install libstdc++.i686 unixODBC.i686 mysql-libs.i686 mysql-libs libcurl-devel.i686 expat.i686 expat glib2.i686 freetype.i686 libSM.i686 libXrender.i686 fontconfig.i686 libXext-devel.i686 guacd

(if the system complaints the i686 version (). You need to use:

yum install libstdc++.i686 unixODBC.i686 mysql-libs.i686 mysql-libs libcurl-devel.i686 expat.i686 expat glib2.i686 freetype.i686 libSM.i686 libXrender.i686 fontconfig.i686 libXext-devel.i686 guacd libstdc++ glib2 )

yum install libguac-client-vnc mysql-server tomcat6 system-config-printer libXext.i686 libXext

9. Load the /u partition: Download the following tar file: http://customers.creativecomputing.com.au/concare/rel15_u_partition.tgz untar it into /u

cd

wget http://customers.creativecomputing.com.au/concare/rel15_u_partition.tgz

cd /u

tar xvzf ~/rel15_u_partition.tgz

10. Add "control" group

groupadd -g 3232 control

11. install turbovnc:

cd

rpm -ivh http://customers.creativecomputing.com.au/concare/turbovnc-2.1.x86_64.rpm

cd

wget http://customers.creativecomputing.com.au/concare/turbostartup.tgz

cd /etc

tar xvzf ~/turbostartup.tgz

cd

wget http://customers.creativecomputing.com.au/concare/vncserver

mv vncserver /opt/TurboVNC/bin/

chmod 755 /opt/TurboVNC/bin/vncserver

12. Edit /etc/X11/xinit/Xclients and add ". /u/cc/usr/commonx11.sh" below the lines for GSESSION and STARTKDE. Note there is a space between "." and "/".

13. Create the ccc user and start up its vnc session

adduser -m ccc

initctl start turbo VNC=5

14. Install guacamole:

chkconfig guacd on

cd

wget https://sourceforge.net/projects/guacamole/files/current/binary/guacamole-0.9.9.war

mv ~/guacamole-0.9.9.war /var/lib/tomcat6/webapps/guacamole.war

wget http://customers.creativecomputing.com.au/concare/guacdb.sql

chkconfig mysqld on

service mysqld start

mysql < ~/guacdb.sql

chkconfig tomcat6 on

chkconfig httpd on

Guacamole URL: http://104.237.155.33:8080/guacamole/

Restart once more.

guacadmin password is gu4c4dm1n

15. After the last restart, "Text mode setup utility" will run. Just press tab until "quit" is highlighted and press space. Try logging into guacamole on "http://<ip address>:8080/guacamole/" and connect to the pre configured "ccc" session. If you see a menu on top, go to System->log out ccc, then say "Log out" to the dialog box that comes up. This will close the session and start it over. If the screen has been locked out and screen saver has activated, forcibly restart the vnc session:

initctl stop turbo VNC=5

wait a few seconds, then:

initctl start turbo VNC=5.

16. Install cups-cloudprint:

cd

wget http://customers.creativecomputing.com.au/concare/cups.tgz

cd /etc

tar xvzf ~/cups.tgz

yum install cupscloudprint

service cups restart

Prior to running the following, please make sure you have a cloudprint account set up with Google and have at least one A4 printer there. This link will give you some more idea about Google cloud print: https://www.google.com/cloudprint/learn/printers.html . It is advisable that you create a Google account just for the sole purpose of printing and not use a pre-existing one.

17. The following command will initiate setting up cups cloudprint. (This will ask you to enter a URL into a browser and log in to your Google cloud print account) /usr/share/cloudprint-cups/setupcloudprint.py

For now, only add the account and do not add any printers just yet.

18. You need to rsync the binl/ binx11/ utbinl/ utbinx11/ from sam:/u/ccr.15/std/ to your server.

yum install rsync

in your server and then:

in SAM:

cd /u/ccr.15/std/

rsync -avz {ut,}bin{l,x11} root@104.237.155.33:/u/ccr.15/std/

19. Set up chroot sftp

In /etc/ssh/sshd_config change the following near the bottom:

#Subsystem sftp /usr/libexec/openssh/sftp-server

Subsystem sftp internal-sftp

Match Group sftpusers

• ChrootDirectory /sftp/%u

• ForceCommand internal-sftp

Add a new group sftpusers and create a chroot subdirectory

groupadd -g 3255 sftpusers

mkdir /sftp/

20. Set up OpenVPN

Install the OpenVPN package

yum install openvpn easy-rsa

cd /usr/share/easy-rsa/2.0

source vars

./clean-all

Edit the file "vars" and change the items near the end (this is just an example, you can use your real location details):

export KEY_COUNTRY="AU"

export KEY_PROVINCE="NewSouthWales"

export KEY_CITY="CrowsNest"

export KEY_ORG="Creative-Computing"

export KEY_EMAIL="support@creativecomputing.com.au "

export KEY_OU="Concare"

build the certificate authority (just accept all the defaults and say yes to sign the certificate and commit):

source ./vars

./build-ca

./build-dh

./build-key-server server

wget http://customers.creativecomputing.com.au/concare/openvpn.conf

mv openvpn.conf /etc/openvpn/

chkconfig openvpn on

mkdir /var/log/openvpn

service openvpn start

At this point the OS is installed and a very rudimentary version of Control (based on what's installed in the original test VM) is now installed in the system. The following instructions are for adding sessions and printers.

21. To Add a new session:

Add a Linux user and set their password:

adduser -m <session_name> -G sftpusers

mkdir -p /sftp/<session_name>/<session_name>

passwd <session_name>

Add this to /etc/fstab:

/u/cc/usr/<session_name> /sftp/<session_name>/<session_name> none bind

Then mount it.

mount -a

Edit the file /u/cc/usr/vncusers.sh and add a line

USER[<USER_NUMBER>]='<session_name>'

RESO[<USER_NUMBER>]='800x600'

<USER_NUMBER> is a vnc session number, for now keep this between 6 and 100. 5 is the screen we use for support. The 'RESO' line is optional, if you leave it out, it defaults to 1600x900 Start up the vnc session:

initctl start turbo VNC=<USER_NUMBER>

Use a VNC client to connect to <ip_address_of_server>:<USER_NUMBER>. Initial password is set to "123456" If the menu is on top, go to System->Log out <session_name>, then click OK. If the screen saver has started, unlock it with the linux password and log out. This will move the menus to the bottom of the screen and disable the screen saver.

Change the VNC password:

Open a terminal inside the session:

/opt/TurboVNC/bin/vncpasswd

22. create guacamole account:

in the web page http://<ip address>:8080/guacamole, log in as guacadmin

click on the guacadmin on the upper right then click on settings

click on connections

click on New Connection

Name: <session_name>

Maximum number of connections: 5

Maximum number of connections per user: 5

Hostname: localhost

Port: <5900+USER_NUMBER>

Password: <vnc_password>

Enable SFTP: <Tick>

Hostname: localhost

Port: 22

Username: <session_name>

Password: <Linux_password>

Default upload directory: /u/cc/usr/<session_name>

and then click Save.

Click on Users

Click on Add New User:

Username: <session_name>

Password: <set up a password for end user>

Re-enter Password: same as Password

Change own password: <tick>

Connections:

tick on <session_name>

log in to the guacmole session. And use gnome-control-center to turn off the screensaver.

23. Install the gtk2 package which is required by the control for the system theme:

yum install gtk2-devel-2.24.23-9.el6.i686

and add

export GTK2_RC_FILES="/etc/gtk-2.0/gtkrc"

into the .vnc/xstartup.turbovnc file in your home directory.

24. Set up a Printer:

yum install ImageMagick

rsync -av sam:/u/ccr.15/std/qtsdk-2010.05/ to the same locate of your server.

Add the crontab auto post task (please check the crontab in concare server)

These instructions are mostly just an outline.

If using a printer that will be hooked up to a windows PC, We will need to make sure that the windows printer driver is installed and a test page can be printed.

If using cloudprint, a google account should be created solely for printing.

If using cloud print (A4 printers):

On native cloudprint printer

set up cloudprint on device (this is device specific)

https://support.google.com/cloudprint/answer/1686197?hl=en

On classic printer

set up cloudprint on attached windows PC and Chrome.

https://support.google.com/cloudprint/answer/1686197?hl=en

for both of the above: set up cups-cloudprint using python script

/usr/share/cloudprint-cups/setupcloudprint.py

If direct printing (40 column thermal receipt printers and label printers)

set up openvpn account on the server:

cd /usr/share/easy-rsa/2.0

source vars

./build-key <session_name>

It will then ask you a series of questions, similar to the ones asked by the ./build-key-server script. You should only need to answer the "Common Name" field, "Sign the certificate?" and "1 out of 1 certificate requests certified, commit?"

In the keys directory under current a configuration file <session_name>.ovpn similar to openvpn.conf must be created:

# Configuration for connecting into Concarce internal network

tls-client

dev tap

proto udp

remote <ip_address_of_server> 1194

resolv-retry infinite

nobind

ifconfig 10.5.0.x 255.255.255.0 # This line is client dependent. (x means choose the ip address to use for client)

ca ca.crt

cert <session_name>.crt

key <session_name>.key

verb 3

mute 10

Then zip all these file you just created ( .crt, .key,.opvn and etc may be 6 or so files)

zip <session_name>.zip <session_name>.* dh2048.pem ca.crt

Load into client machine. An external method may be needed to load the OpenVPN files into the client computer.

Use the latest stable installer (whether 32 bit or 64 bit) from the following:

https://openvpn.net/index.php/open-source/downloads.html

Unzip all the files into the config directory under where OpenVPN is installed (Usually C:\Program Files\OpenVPN\config).

Create a shortcut to OpenVPN on the desktop if the installer has not done so.

set up windows driver and make sure test page works.

turn on Unix printing for windows and make sure it auto starts the service.

use system-config-printer to set up cups

At this point, you have a cups printer, either to a cloud printer device, or a direct printing device.

run printer management from inside Control: prnaad (as end user)

cloud print printer use "graphics" printing, the rest choose appropriate printer model.

Go to Control "terminal details" screen to set up printers.