Diff for "InstallingControlOnCentos6"

You need to install a "minimal install" of CentOS 6.8, using the minimal install CD.

Hostname should be called concare4.  Configure Network for DHCP and to "Connect Automatically"

Partition sizes should be as follows (Create Custom Layout):

/        20-50GB, depending on size of drive, format as EXT4

swap    2-32GB, the same size as physical RAM

/u       with the rest of available space (Fill to maximum available size), formatted as EXT4

Make sure you tell us what the root password is set to.

After install is finished it will restart. Turn off firewall and selinux.

chkconfig iptables off

chkconfig ip6tables off

edit /etc/sysconfig/selinux and make sure the SELINUX line is as follows:

SELINUX=disabled

For linode only:

edit /etc/resolv.conf and add:

nameserver 8.8.8.8

Then make the file immutable

chattr +i /etc/resolv.conf

install wget and ppp:

yum install wget ppp

download the following file into the server:

http://customers.creativecomputing.com.au/concare/vpn.tgz

untar the file into /etc/

cd

wget http://customers.creativecomputing.com.au/concare/vpn.tgz

cd /etc

tar xvzf ~/vpn.tgz

then as root, accept the fingerprint:

# ssh 220.233.135.250

The authenticity of host '220.233.135.250 (220.233.135.250)' can't be established.

RSA key fingerprint is f6:f0:5c:21:74:0e:03:db:fc:71:e6:21:63:b5:c0:43.

Are you sure you want to continue connecting (yes/no)?

Type "yes" and cancel the connection (ctrl-c).

Reboot to connect the vpn

Add epel repository:

# rpm -ivh http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm

use yum to install additional packages

yum groupinstall "Desktop" "General Purpose Desktop" "Print Server" "Web Server" "X Window System" "Internet Browser" "Office Suite and Productivity" "Xfce"

yum install libstdc++.i686 libstdc++ unixODBC.i686 mysql-libs.i686 mysql-libs libcurl-devel.i686 expat.i686 expat glib2.i686 glib2 freetype.i686 libSM.i686 libXrender.i686 fontconfig.i686 libXext-devel.i686 guacd libguac-client-vnc mysql-server tomcat6 system-config-printer libXext.i686 libXext ImageMagick gtk2-devel gtk2-devel.i686

Load the /u partition:

Download the following tar file: http://customers.creativecomputing.com.au/concare/rel15_u_partition2.tgz

untar it into /u

cd

wget http://customers.creativecomputing.com.au/concare/rel15_u_partition2.tgz

cd /u

tar xvzf ~/rel15_u_partition2.tgz

Add "control" group

groupadd -g 3232 control

install turbovnc:

rpm -ivh http://customers.creativecomputing.com.au/concare/turbovnc-2.1-20170405.x86_64.rpm

cd

wget http://customers.creativecomputing.com.au/concare/turbostartup2.tgz

cd /etc

tar xvzf ~/turbostartup2.tgz

cd

wget http://customers.creativecomputing.com.au/concare/vncserver

mv vncserver /opt/TurboVNC/bin/

chmod 755 /opt/TurboVNC/bin/vncserver

Edit /etc/X11/xinit/Xclients and add ". /u/cc/usr/commonx11.sh" below the lines for GSESSION and STARTKDE.  Note there is a space between "." and "/".

Create the ccc user and start up its vnc session

adduser -m ccc

passwd ccc

initctl start turbo VNC=5

Install guacamole:

chkconfig guacd on

cd

wget https://sourceforge.net/projects/guacamole/files/current/binary/guacamole-0.9.12-incubating.war

mv ~/guacamole-0.9.12-incubating.war /var/lib/tomcat6/webapps/guacamole.war

wget http://customers.creativecomputing.com.au/concare/guacdb2.sql

chkconfig mysqld on

service mysqld start

mysql < ~/guacdb2.sql

chkconfig tomcat6 on

Restart once more.  guacadmin password is gu4c4dm1n

Try logging into guacamole on "http://<ip address>:8080/guacamole/" and connect to the pre configured "ccc" session.  If you see a menu on top, go to System->log out ccc, then say "Log out" to the dialog box that comes up.  This will close the session and start it over.  If the screen has been locked out and screen saver has activated, forcibly restart the vnc session:

initctl stop turbo VNC=5

wait a few seconds, then:

initctl start turbo VNC=5

Install cups-cloudprint:

cd

wget http://customers.creativecomputing.com.au/concare/cups.tgz

cd /etc

tar xvzf ~/cups.tgz

yum install cupscloudprint

service cups restart

Prior to running the following, please make sure you have a cloudprint account set up with Google and have at least one A4 printer there. This link will give you some more idea about Google cloud print: https://www.google.com/cloudprint/learn/printers.html .  It is advisable that you create a Google account just for the sole purpose of printing and not use a pre-existing one.

The following command will initiate setting up cups cloudprint.  (This will ask you to enter a URL into a browser and log in to your Google cloud print account) /usr/share/cloudprint-cups/setupcloudprint.py

For now, only add the account and do not add any printers just yet.

Set up chroot sftp

In /etc/ssh/sshd_config change the following near the bottom:

#Subsystem    sftp    /usr/libexec/openssh/sftp-server

Subsystem     sftp    internal-sftp

Match Group sftpusers

• ChrootDirectory /sftp/%u

  ForceCommand internal-sftp

Add a new group sftpusers and create a chroot subdirectory

groupadd -g 3255 sftpusers

mkdir /sftp/

Restart sshd if you want to use it straight away

service sshd restart

Set up OpenVPN

Install the OpenVPN package

yum install openvpn easy-rsa

cd /usr/share/easy-rsa/2.0

source vars

./clean-all

Edit the file "vars" and change the items near the end (this is just an example, you can use your real location details):

export KEY_COUNTRY="AU"

export KEY_PROVINCE="NewSouthWales"

export KEY_CITY="CrowsNest"

export KEY_ORG="Creative-Computing"

export KEY_EMAIL="support@creativecomputing.com.au"

export KEY_OU="Concare"

build the certificate authority (just accept all the defaults and say yes to sign the certificate and commit):

source ./vars

./build-ca

./build-dh

./build-key-server server

wget http://customers.creativecomputing.com.au/concare/openvpn.conf

mv openvpn.conf /etc/openvpn/

chkconfig openvpn on

mkdir /var/log/openvpn

service openvpn start

At this point the OS is installed and a very rudimentary version of Control (based on what's installed in the original test VM) is now installed in the system.  The following instructions are for adding sessions and printers which I will do a live demo for.

To Add a new session:

Add a Linux user and set their password

adduser -m <session_name> -G sftpusers

mkdir -p /sftp/<session_name>/<session_name>

chmod 755 /sftp/<session_name>

passwd <session_name>

Add this to /etc/fstab:

/u/cc/usr/<session_name> /sftp/<session_name>/<session_name>   none bind

Then mount it.

mount -a

Edit the file /u/cc/usr/vncusers.sh and add a line

USER[<USER_NUMBER>]='<session_name>'

RESO[<USER_NUMBER>]='800x600'

<USER_NUMBER> is a vnc session number, for now keep this between 6 and 100.  5 is the screen we use for support.  The 'RESO' line is optional, if you leave it out, it defaults to 1600x900

Start up the vnc session

initctl start turbo VNC=<USER_NUMBER>

Use a VNC client to connect to <ip_address_of_server>:<USER_NUMBER>.  Initial password is set to "123456"

If the menu is on top, go to System->Log out <session_name>, then click OK.  If the screen saver has started, unlock it with the linux password and log out.  This will move the menus to the bottom of the screen and disable the screen saver.

Change the VNC password:

Open a terminal inside the session:

/opt/TurboVNC/bin/vncpasswd

Edit the file /etc/init/start-xvncs.conf and add the number to the string ACTIVE_VNCSCREENS

env ACTIVE_VNCSCREENS="5 6 7 8 9 10 11 12"

This is to make sure the session will auto startup if the server was restarted.

create guacamole account:

in the web page http://<ip address>:8080/guacamole, log in as guacadmin

click on the guacadmin on the upper right then click on settings

click on connections

click on New Connection

Name: <session_name>

Maximum number of connections: 5

Maximum number of connections per user: 5

Hostname: localhost

Port: <5900+USER_NUMBER>

Password: <vnc_password>

Enable SFTP: <Tick>

Hostname: localhost

Port: 22

Username: <session_name>

Password: <Linux_password>

Default upload directory: /<session_name>

and then click Save.

Click on Users

Click on Add New User

Username: <session_name>

Password: <set up a password for end user>

Re-enter Password: same as Password

Change own password: <tick>

Connections:

tick on <session_name>

Set up a Printer:

These instructions are mostly just an outline.  I will have to do a live demo of this.

If using a printer that will be hooked up to a windows PC, We will need to make sure that the windows printer driver is installed and a test page can be printed.

If using cloudprint, a google account should be created solely for printing.

If using cloud print (A4 printers):

On native cloudprint printer

set up cloudprint on device (this is device specific)

https://support.google.com/cloudprint/answer/1686197?hl=en

On classic printer

set up cloudprint on attached windows PC and Chrome.

https://support.google.com/cloudprint/answer/1686197?hl=en

for both of the above: set up cups-cloudprint using python script

/usr/share/cloudprint-cups/setupcloudprint.py

If direct printing (40 column thermal receipt printers and label printers)

set up openvpn account on the server:

cd /usr/share/easy-rsa/2.0

source vars

./build-key <session_name>

It will then ask you a series of questions, similar to the ones asked by the ./build-key-server script. You should only need to answer the "Common Name" field, "Sign the certificate?" and "1 out of 1 certificate requests certified, commit?"

In the keys directory under current a configuration file <session_name>.ovpn similar to openvpn.conf must be created.

# Configuration for connecting into Concarce internal network

tls-client

dev tap

proto udp

remote <ip_address_of_server> 1194

resolv-retry infinite

nobind

ifconfig 10.5.0.x 255.255.255.0 # This line is client dependent. (x means choose the ip address to use for client)

ca ca.crt

cert <session_name>.crt

key <session_name>.key

verb 3

mute 10

Then zip all these file you just created ( .crt, .key,.opvn and etc may be 6 or so files)

zip <session_name>.zip <session_name>.* dh2048.pem ca.crt

Load into client machine.  An external method may be needed to load the OpenVPN files into the client computer.

Use the latest stable installer (whether 32 bit or 64 bit) from the following:

https://openvpn.net/index.php/open-source/downloads.html

Unzip all the files into the config directory under where OpenVPN is installed (Usually C:\Program Files\OpenVPN\config).  Create a shortcut to OpenVPN on the desktop if the installer has not done so.

set up windows driver and make sure test page works.

turn on Unix printing for windows and make sure it auto starts the service.

use system-config-printer to set up cups

At this point, you have a cups printer, either to a cloud printer device, or a direct printing device.

run printer management from inside Control:

prnaad (as end user)

cloud print printer use "graphics" printing, the rest choose appropriate printer model.

Go to Control "terminal details" screen to set up printers.

yum install sendmail

chkconfig --levels 235 sendmail on

chmod 755 -R /etc/mail

service sendmail restart

update all the binaries to the latest:

From SAM:

rsync -avz --delete /u/ccr.15/std/{ut,}bin{l,x11} root@<serverIP>:/u/cc/std/

rsync -avz –-delete /u/ccr.15/standard.adm/ root@<server IP>:/u/cc/adm/

scp /u/ccr.15/adm/menu.* /u/ccr.15/adm/*.qss root@<server IP>:/u/cc/adm/

ssh to the server.

Copy the <standard company> to <company name>

chmod a+w -R /u/ccr.15/<company> /u/ccr.15/adm

./contrl =>put address and phone

/u/cc/std/localbin/brarep