You need to install a "minimal install" of CentOS 6.8, using the minimal install CD.
Hostname should be called concare4. Configure Network for DHCP and to "Connect Automatically"
Partition sizes should be as follows (Create Custom Layout):
/ 20-50GB, depending on size of drive, format as EXT4
swap 2-32GB, the same size as physical RAM
/u with the rest of available space (Fill to maximum available size), formatted as EXT4
Make sure you tell us what the root password is set to.
After install is finished it will restart. Turn off firewall and selinux.
chkconfig iptables off
chkconfig ip6tables off
edit /etc/sysconfig/selinux and make sure the SELINUX line is as follows:
SELINUX=disabled
For linode only:
edit /etc/resolv.conf and add:
nameserver 8.8.8.8
Then make the file immutable
chattr +i /etc/resolv.conf
install wget and ppp:
yum install wget ppp
download the following file into the server:
http://customers.creativecomputing.com.au/concare/vpn.tgz
untar the file into /etc/
cd
wget http://customers.creativecomputing.com.au/concare/vpn.tgz
cd /etc
tar xvzf ~/vpn.tgz
then as root, accept the fingerprint:
# ssh 220.233.135.250
The authenticity of host '220.233.135.250 (220.233.135.250)' can't be established.
RSA key fingerprint is f6:f0:5c:21:74:0e:03:db:fc:71:e6:21:63:b5:c0:43.
Are you sure you want to continue connecting (yes/no)?
Type "yes" and cancel the connection (ctrl-c).
Reboot to connect the vpn
Add epel repository:
# rpm -ivh http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
use yum to install additional packages
yum groupinstall "Desktop" "General Purpose Desktop" "Print Server" "Web Server" "X Window System" "Internet Browser" "Office Suite and Productivity" "Xfce"
yum install libstdc++.i686 libstdc++ unixODBC.i686 mysql-libs.i686 mysql-libs libcurl-devel.i686 expat.i686 expat glib2.i686 glib2 freetype.i686 libSM.i686 libXrender.i686 fontconfig.i686 libXext-devel.i686 guacd libguac-client-vnc mysql-server tomcat6 system-config-printer libXext.i686 libXext ImageMagick gtk2-devel gtk2-devel.i686
Load the /u partition:
Download the following tar file: http://customers.creativecomputing.com.au/concare/rel15_u_partition2.tgz
untar it into /u
cd
wget http://customers.creativecomputing.com.au/concare/rel15_u_partition2.tgz
cd /u
tar xvzf ~/rel15_u_partition2.tgz
Add "control" group
groupadd -g 3232 control
install turbovnc:
rpm -ivh http://customers.creativecomputing.com.au/concare/turbovnc-2.1-20170405.x86_64.rpm
cd
wget http://customers.creativecomputing.com.au/concare/turbostartup2.tgz
cd /etc
tar xvzf ~/turbostartup2.tgz
cd
wget http://customers.creativecomputing.com.au/concare/vncserver
mv vncserver /opt/TurboVNC/bin/
chmod 755 /opt/TurboVNC/bin/vncserver
Edit /etc/X11/xinit/Xclients and add ". /u/cc/usr/commonx11.sh" below the lines for GSESSION and STARTKDE. Note there is a space between "." and "/".
Create the ccc user and start up its vnc session
adduser -m ccc
passwd ccc
initctl start turbo VNC=5
Install guacamole:
chkconfig guacd on
cd
wget https://sourceforge.net/projects/guacamole/files/current/binary/guacamole-0.9.12-incubating.war
mv ~/guacamole-0.9.12-incubating.war /var/lib/tomcat6/webapps/guacamole.war
wget http://customers.creativecomputing.com.au/concare/guacdb2.sql
chkconfig mysqld on
service mysqld start
mysql < ~/guacdb2.sql
chkconfig tomcat6 on
Restart once more. guacadmin password is gu4c4dm1n
Try logging into guacamole on "http://<ip address>:8080/guacamole/" and connect to the pre configured "ccc" session. If you see a menu on top, go to System->log out ccc, then say "Log out" to the dialog box that comes up. This will close the session and start it over. If the screen has been locked out and screen saver has activated, forcibly restart the vnc session:
initctl stop turbo VNC=5
wait a few seconds, then:
initctl start turbo VNC=5
Install cups-cloudprint:
cd
wget http://customers.creativecomputing.com.au/concare/cups.tgz
cd /etc
tar xvzf ~/cups.tgz
yum install cupscloudprint
service cups restart
Prior to running the following, please make sure you have a cloudprint account set up with Google and have at least one A4 printer there. This link will give you some more idea about Google cloud print: https://www.google.com/cloudprint/learn/printers.html . It is advisable that you create a Google account just for the sole purpose of printing and not use a pre-existing one.
The following command will initiate setting up cups cloudprint. (This will ask you to enter a URL into a browser and log in to your Google cloud print account) /usr/share/cloudprint-cups/setupcloudprint.py
For now, only add the account and do not add any printers just yet.
Set up chroot sftp
In /etc/ssh/sshd_config change the following near the bottom:
#Subsystem sftp /usr/libexec/openssh/sftp-server
Subsystem sftp internal-sftp
Match Group sftpusers
ChrootDirectory /sftp/%u
ForceCommand internal-sftp
Add a new group sftpusers and create a chroot subdirectory
groupadd -g 3255 sftpusers
mkdir /sftp/
Restart sshd if you want to use it straight away
service sshd restart
Set up OpenVPN
Install the OpenVPN package
yum install openvpn easy-rsa
cd /usr/share/easy-rsa/2.0
source vars
./clean-all
Edit the file "vars" and change the items near the end (this is just an example, you can use your real location details):
export KEY_COUNTRY="AU"
export KEY_PROVINCE="NewSouthWales"
export KEY_CITY="CrowsNest"
export KEY_ORG="Creative-Computing"
export KEY_EMAIL="support@creativecomputing.com.au"
export KEY_OU="Concare"
build the certificate authority (just accept all the defaults and say yes to sign the certificate and commit):
source ./vars
./build-ca
./build-dh
./build-key-server server
wget http://customers.creativecomputing.com.au/concare/openvpn.conf
mv openvpn.conf /etc/openvpn/
chkconfig openvpn on
mkdir /var/log/openvpn
service openvpn start
At this point the OS is installed and a very rudimentary version of Control (based on what's installed in the original test VM) is now installed in the system. The following instructions are for adding sessions and printers which I will do a live demo for.
To Add a new session:
Add a Linux user and set their password
adduser -m <session_name> -G sftpusers
mkdir -p /sftp/<session_name>/<session_name>
chmod 755 /sftp/<session_name>
passwd <session_name>
Add this to /etc/fstab:
/u/cc/usr/<session_name> /sftp/<session_name>/<session_name> none bind
Then mount it.
mount -a
Edit the file /u/cc/usr/vncusers.sh and add a line
USER[<USER_NUMBER>]='<session_name>'
RESO[<USER_NUMBER>]='800x600'
<USER_NUMBER> is a vnc session number, for now keep this between 6 and 100. 5 is the screen we use for support. The 'RESO' line is optional, if you leave it out, it defaults to 1600x900
Start up the vnc session
initctl start turbo VNC=<USER_NUMBER>
Use a VNC client to connect to <ip_address_of_server>:<USER_NUMBER>. Initial password is set to "123456"
If the menu is on top, go to System->Log out <session_name>, then click OK. If the screen saver has started, unlock it with the linux password and log out. This will move the menus to the bottom of the screen and disable the screen saver.
Change the VNC password:
Open a terminal inside the session:
/opt/TurboVNC/bin/vncpasswd
Edit the file /etc/init/start-xvncs.conf and add the number to the string ACTIVE_VNCSCREENS
env ACTIVE_VNCSCREENS="5 6 7 8 9 10 11 12"
This is to make sure the session will auto startup if the server was restarted.
create guacamole account:
in the web page http://<ip address>:8080/guacamole, log in as guacadmin
click on the guacadmin on the upper right then click on settings
click on connections
click on New Connection
Name: <session_name>
Maximum number of connections: 5
Maximum number of connections per user: 5
Hostname: localhost
Port: <5900+USER_NUMBER>
Password: <vnc_password>
Enable SFTP: <Tick>
Hostname: localhost
Port: 22
Username: <session_name>
Password: <Linux_password>
Default upload directory: /<session_name>
and then click Save.
Click on Users
Click on Add New User
Username: <session_name>
Password: <set up a password for end user>
Re-enter Password: same as Password
Change own password: <tick>
Connections:
tick on <session_name>
Set up a Printer:
These instructions are mostly just an outline. I will have to do a live demo of this.
If using a printer that will be hooked up to a windows PC, We will need to make sure that the windows printer driver is installed and a test page can be printed.
If using cloudprint, a google account should be created solely for printing.
If using cloud print (A4 printers):
On native cloudprint printer
set up cloudprint on device (this is device specific)
https://support.google.com/cloudprint/answer/1686197?hl=en
On classic printer
set up cloudprint on attached windows PC and Chrome.
https://support.google.com/cloudprint/answer/1686197?hl=en
for both of the above: set up cups-cloudprint using python script
/usr/share/cloudprint-cups/setupcloudprint.py
If direct printing (40 column thermal receipt printers and label printers)
set up openvpn account on the server:
cd /usr/share/easy-rsa/2.0
source vars
./build-key <session_name>
It will then ask you a series of questions, similar to the ones asked by the ./build-key-server script. You should only need to answer the "Common Name" field, "Sign the certificate?" and "1 out of 1 certificate requests certified, commit?"
In the keys directory under current a configuration file <session_name>.ovpn similar to openvpn.conf must be created.
# Configuration for connecting into Concarce internal network
tls-client
dev tap
proto udp
remote <ip_address_of_server> 1194
resolv-retry infinite
nobind
ifconfig 10.5.0.x 255.255.255.0 # This line is client dependent. (x means choose the ip address to use for client)
ca ca.crt
cert <session_name>.crt
key <session_name>.key
verb 3
mute 10
Then zip all these file you just created ( .crt, .key,.opvn and etc may be 6 or so files)
zip <session_name>.zip <session_name>.* dh2048.pem ca.crt
Load into client machine. An external method may be needed to load the OpenVPN files into the client computer.
Use the latest stable installer (whether 32 bit or 64 bit) from the following:
https://openvpn.net/index.php/open-source/downloads.html
Unzip all the files into the config directory under where OpenVPN is installed (Usually C:\Program Files\OpenVPN\config). Create a shortcut to OpenVPN on the desktop if the installer has not done so.
set up windows driver and make sure test page works.
turn on Unix printing for windows and make sure it auto starts the service.
use system-config-printer to set up cups
At this point, you have a cups printer, either to a cloud printer device, or a direct printing device.
run printer management from inside Control:
prnaad (as end user)
cloud print printer use "graphics" printing, the rest choose appropriate printer model.
Go to Control "terminal details" screen to set up printers.
yum install sendmail
chkconfig --levels 235 sendmail on
chmod 755 -R /etc/mail
service sendmail restart
update all the binaries to the latest:
From SAM:
rsync -avz --delete /u/ccr.15/std/{ut,}bin{l,x11} root@<serverIP>:/u/cc/std/
rsync -avz –-delete /u/ccr.15/standard.adm/ root@<server IP>:/u/cc/adm/
scp /u/ccr.15/adm/menu.* /u/ccr.15/adm/*.qss root@<server IP>:/u/cc/adm/
ssh to the server.
Copy the <standard company> to <company name>
chmod a+w -R /u/ccr.15/<company> /u/ccr.15/adm
./contrl =>put address and phone
/u/cc/std/localbin/brarep