Diff for "InstallingControlOnCentos6"

You need to install a "minimal install" of CentOS 6.8, using the minimal install CD.

Hostname should be called concare4. Configure Network for DHCP and to "Connect Automatically"

Partition sizes should be as follows (Create Custom Layout):

/        20-50GB, depending on size of drive, format as EXT4
swap     2-32GB, the same size as physical RAM
/u       with the rest of available space (Fill to maximum available size), formatted as EXT4

Make sure you tell us what the root password is set to.

After install is finished it will restart. Turn off firewall and selinux.

chkconfig iptables off
chkconfig ip6tables off

edit /etc/sysconfig/selinux and make sure the SELINUX line is as follows:

SELINUX=disabled

For linode only:

edit /etc/resolv.conf and add:

nameserver 8.8.8.8

Then make the file immutable

chattr +i /etc/resolv.conf

install wget and ppp:

yum install wget ppp

download the following file into the server:

http://customers.creativecomputing.com.au/concare/vpn.tgz

untar the file into /etc/

cd
wget
cd /etc
tar xvzf ~/vpn.tgz

then as root, accept the fingerprint:

# ssh 220.233.135.250
The authenticity of host '220.233.135.250 (220.233.135.250)' can't be established.
RSA key fingerprint is f6:f0:5c:21:74:0e:03:db:fc:71:e6:21:63:b5:c0:43.
Are you sure you want to continue connecting (yes/no)?

Type "yes" and cancel the connection (ctrl-c).

Reboot to connect the vpn

Add epel repository:

rpm -ivh http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm

use yum to install additional packages

yum groupinstall "Desktop" "General Purpose Desktop" "Print Server" "Web Server" "X Window System" "Internet Browser" "Office Suite and Productivity" "Xfce"



yum install libstdc++.i686 libstdc++ unixODBC.i686 mysql-libs.i686 mysql-libs libcurl-devel.i686 expat.i686 expat glib2.i686 glib2 freetype.i686 libSM.i686 libXrender.i686 fontconfig.i686 libXext-devel.i686 guacd libguac-client-vnc mysql-server tomcat6 system-config-printer libXext.i686 libXext rxvt mpage unix2dos gtk2-devel gtk2-devel.i686 seamonkey ORBit2-devel

Load the /u partition:

Download the following tar file: http://customers.creativecomputing.com.au/concare/rel15_u_partition2.tgz

untar it into /u

cd
wget
cd /u
tar xvzf ~/rel15_u_partition2.tgz

Add "control" group

groupadd -g 3232 control

install turbovnc:

rpm -ivh
cd
wget
cd /etc
tar xvzf ~/turbostartup2.tgz
cd
wget
mv vncserver /opt/TurboVNC/bin/
chmod 755 /opt/TurboVNC/bin/vncserver

Edit /etc/X11/xinit/Xclients and add ". /u/cc/usr/commonx11.sh" below the lines for GSESSION and STARTKDE. Note there is a space between "." and "/".

Create the ccc user and start up its vnc session

adduser -m ccc
passwd ccc
initctl start turbo VNC=5

edit the ~ccc/.bashrc file:

vi ~ccc/.bashrc

and add the following to the end of the file

. /u/cc/usr/dogorel.sh

Install guacamole:

chkconfig guacd on
cd
wget
mv ~/guacamole-0.9.12-incubating.war /var/lib/tomcat6/webapps/guacamole.war
wget
chkconfig mysqld on
service mysqld start
mysql < ~/guacdb2.sql
chkconfig tomcat6 on

Restart once more. guacadmin password is gu4c4dm1n

Try logging into guacamole on "http://<ip address>:8080/guacamole/" and connect to the pre configured "ccc" session. If you see a menu on top, go to System->log out ccc, then say "Log out" to the dialog box that comes up. This will close the session and start it over. If the screen has been locked out and screen saver has activated, forcibly restart the vnc session:

initctl stop turbo VNC=5

wait a few seconds, then:

initctl start turbo VNC=5

Install cups-cloudprint:

cd
wget http://customers.creativecomputing.com.au/concare/cups.tgz
cd /etc
tar xvzf ~/cups.tgz
yum install cupscloudprint
service cups restart

Prior to running the following, please make sure you have a cloudprint account set up with Google and have at least one A4 printer there. This link will give you some more idea about Google cloud print: https://www.google.com/cloudprint/learn/printers.html . It is advisable that you create a Google account just for the sole purpose of printing and not use a pre-existing one.

The following command will initiate setting up cups cloudprint. (This will ask you to enter a URL into a browser and log in to your Google cloud print account) /usr/share/cloudprint-cups/setupcloudprint.py

For now, only add the account and do not add any printers just yet.

Set up chroot sftp

In /etc/ssh/sshd_config change the following near the bottom:

#Subsystem    sftp    /usr/libexec/openssh/sftp-server
Subsystem     sftp    internal-sftp
Match Group sftpusers
        ChrootDirectory /sftp/%u
        ForceCommand internal-sftp

Add a new group sftpusers and create a chroot subdirectory

groupadd -g 3255 sftpusers
mkdir /sftp/

Restart sshd if you want to use it straight away

service sshd restart

Set up OpenVPN

Install the OpenVPN package

yum install openvpn easy-rsa
cd /usr/share/easy-rsa/2.0
source vars
./clean-all

Edit the file "vars" and change the items near the end (this is just an example, you can use your real location details):

export KEY_COUNTRY="AU"
export KEY_PROVINCE="
"
export KEY_CITY="
"
export KEY_ORG="Creative-Computing"
export KEY_EMAIL="
"
export KEY_OU="Concare"

build the certificate authority (just accept all the defaults and say yes to sign the certificate and commit):

source ./vars
./build-ca
./build-dh
./build-key-server server
wget
mv openvpn.conf /etc/openvpn/
chkconfig openvpn on
mkdir /var/log/openvpn
service openvpn start

Reset the vnc password for ccc (vnc session number 5) to control. Do not set a view-only password.

/opt/TurboVNC/bin/vncpasswd ~ccc/.vnc/passwd

At this point the OS is installed and a very rudimentary version of Control (based on what's installed in the original test VM) is now installed in the system. The following instructions are for adding sessions and printers which I will do a live demo for.

To Add a new session:

Add a Linux user and set their password

• Important: do not create <session_name> to be the same as one of the locations. If you need to, add a number at the end. Instead of calling session_name "stafford", call it "stafford1" as there are programs that will automatically create employees with same name as a location.
  

adduser -m <session_name> -G sftpusers
mkdir -p /sftp/<session_name>/<session_name>
chmod 755 /sftp/<session_name>
passwd <session_name>

Add this to /etc/fstab:

/u/cc/usr/<session_name>        /sftp/<session_name>/<session_name>   none bind

Then mount it.

mount -a

Edit the file /u/cc/usr/vncusers.sh and add a line

USER[<USER_NUMBER>]='<session_name>'
RESO[<USER_NUMBER>]='800x600'
HOST[<USER_NUMBER>]='<hostname>'

<USER_NUMBER> is a vnc session number, for now keep this between 6 and 100. 5 is the screen we use for support.

The 'RESO' line is optional, if you leave it out, it defaults to 1600x900

The 'HOST' line is optional, if you specify something it will put this on the session name when they connect via VNC. If not, it leaves it blank. This is so that when binarylane assigns a strange hostname it is easy to hide it from the end users.

Start up the vnc session

initctl start turbo VNC=<USER_NUMBER>

Use a VNC client to connect to <ip_address_of_server>:<USER_NUMBER>. Initial password is set to "123456"

If the menu is on top, go to System->Log out <session_name>, then click OK. If the screen saver has started, unlock it with the linux password and log out. This will move the menus to the bottom of the screen and disable the screen saver.

Change the VNC password:

Open a terminal inside the session:

/opt/TurboVNC/bin/vncpasswd

Edit the file /etc/init/start-xvncs.conf and add the number to the string ACTIVE_VNCSCREENS

env ACTIVE_VNCSCREENS="5 6 7 8 9 10 11 12"

This is to make sure the session will auto startup if the server was restarted.

create guacamole account:

in the web page http://<ip address>:8080/guacamole, log in as guacadmin

click on the guacadmin on the upper right then click on settings

click on connections

click on New Connection

Name: <session_name>
Maximum number of connections: 5
Maximum number of connections per user: 5
Hostname: localhost
Port: <5900+USER_NUMBER>
Password: <vnc_password>
Enable SFTP: <Tick>
Hostname: localhost
Port: 22
Username: <session_name>
Password: <Linux_password>
Default upload directory: /<session_name>

and then click Save.

Click on Users

Click on Add New User

Username: <session_name>
Password: <set up a password for end user>
Re-enter Password: same as Password
Change own password: <tick>

Connections:

tick on <session_name>

Set up a Printer:

These instructions are mostly just an outline.

If using a printer that will be hooked up to a windows PC, We will need to make sure that the windows printer driver is installed and a test page can be printed.

If using cloudprint, a google account should be created solely for printing.

If using cloud print (A4 printers):

On native cloudprint printer

set up cloudprint on device (this is device specific)

https://support.google.com/cloudprint/answer/1686197?hl=en

On classic printer

set up cloudprint on attached windows PC and Chrome.

https://support.google.com/cloudprint/answer/1686197?hl=en

for both of the above: set up cups-cloudprint using python script

/usr/share/cloudprint-cups/setupcloudprint.py

If direct printing (40 column thermal receipt printers and label printers)

set up openvpn account on the server:

cd /usr/share/easy-rsa/2.0
source vars
./build-key <session_name>

It will then ask you a series of questions, similar to the ones asked by the ./build-key-server script. You should only need to answer the "Common Name" field, "Sign the certificate?" and "1 out of 1 certificate requests certified, commit?"

In the keys directory under current a configuration file <session_name>.ovpn similar to openvpn.conf must be created.

# Configuration for connecting into Concarce internal network
tls-client
dev tap
proto udp
remote <ip_address_of_server> 1194
resolv-retry infinite
nobind
ifconfig 10.5.0.x 255.255.255.0         # This line is client dependent. (x means choose the ip address to use for client)
ca ca.crt
cert <session_name>.crt
key <session_name>.key
verb 3
mute 10

Then zip all these file you just created ( .crt, .key,.opvn and etc may be 6 or so files)

zip <session_name>.zip  <session_name>.* dh2048.pem ca.crt

Load into client machine. An external method may be needed to load the OpenVPN files into the client computer.

Use the latest stable installer (whether 32 bit or 64 bit) from the following:

https://openvpn.net/index.php/open-source/downloads.html

Unzip all the files into the config directory under where OpenVPN is installed (Usually C:\Program Files\OpenVPN\config). Create a shortcut to OpenVPN on the desktop if the installer has not done so.

set up windows driver and make sure test page works.

turn on Unix printing for windows and make sure it auto starts the service.

use system-config-printer to set up cups

At this point, you have a cups printer, either to a cloud printer device, or a direct printing device.

run printer management from inside Control:

prnaad (as end user)

cloud print printer use "graphics" printing, the rest choose appropriate printer model.

Go to Control "terminal details" screen to set up printers.

yum install sendmail

chkconfig --levels 235 sendmail on

chmod 755 -R /etc/mail

service sendmail restart

update all the binaries to the latest:

From SAM:

rsync -avzk --delete /u/ccstandard/ root@<server IP>:/u/cc/

ssh to the server.

Copy the <standard company> to <company name>

chmod a+w -R /u/ccr.15/<company> /u/ccr.15/adm

./contrl =>put address and phone

/u/cc/std/localbin/brarep

Setting up CRON

ln -s /u/cc /cc
crontab -e

* * * * * /u/cc/binl/auto_postal > /u/cc/LOG/auto_postal.out 2>&1
0 1 * * * /u/cc/binl/post_sum > /u/cc/LOG/post_sum.out 2>&1
0 1 1 * * /u/cc/binl/auto_eom > /u/cc/LOG/auto_eom.out 2>&1
su -
<enter root password>
crontab -e
1 2 * * * /usr/bin/linc-cleanup-sockets
30 1 * * * /u/cc/binl/initda > /u/cc/LOG/initda.out

Setting up printers

system-config-printer
prnaad

Makesure /u/cc/std/ have the qtsdk-2010.05/ thing

and "qtx11-4.7.0 -> qtsdk-2010.05/" is placed in /u/cc/std/

cp /u/ccdev/binl/email_pdf to the new server as well.