Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

There are an estimated 200-300 Linux desktop users at SLAC.  This project aims to provide a basic managed and maintained building block desktop from which users may customize to their specific needs.  At this writing, either Ubuntu or CentOS are available options.  This is very much a work in progress....

Table of Contents

To-Do

  •   consider should the  user  have the netboot file remain active and have the user manually remove the link that makes it active  with
    echo "get Kickstart_end" | /usr/bin/tftp lnxpapa  or do this for them automatically after the first build. Make this an attribute for the node build ?  Consider this for ubuntu too - And ubuntu and kickstart are not great together, unless this is very, very dated https://help.ubuntu.com/community/KickstartCompatibility
  • Decide if we want the pxekicktit to by default run chef on the node. As of 2018-09-27, a build with ks.cfg.centos7.linux_desktop_2 does not run chef. I suggest we do run chef in the default installation, and one picks ks.cfg.centos7.linux_desktop_2.no_chef_run  If one does not want to run chef.
  • decide is this only for SLAC owned equipment or can users with non-SLAC equipment use the chef cookbooks - what does that mean for slac_motd - the content of that message does it change at all?

...

Expand
titleLog...

7/13/2018 - comet2 machine arrives in bldg 48 rm 248. Kerberos authentication (temporary). Initial pass at identifying and installing needed software packages (above table)

8/28/2018 - comet2 rebuilt, lose login ability

9/28/2018 - regain ability to login via local account. Re-install needed packages. Also move offending file which causes polkitd to consume too much CPU, "A workaround that I've been using is to remove /etc/xdg/autostart/org.gnome.SettingsDaemon.Account.desktop until the above mentioned bug is fixed." (but this does not clear up the issue - polkitd still consumes 7-6% of the CPU continuously)

11/13/2018 - chef client installed (by Karl). Unexpectedly (to TG), this also activated unix kerberos authentication, thus I begin to use the 'dragon' (SLAC) account in favor of the dragon1 (local) account on comet2.

12/17/2018 - Karl adds 'dragon1' and 'dragon' accounts to /etc/group 'wheel' group. This allows a user to run, for example, the software installation tool GUI launched from the Applications -> System Tools menu in the WM.

12/19/2018 - Karl adds 'dragon' to sudo list.

 

Tips and Tricks

  • Code Block
    The GUI Gnomes settings app does not provide full flexibility to access and set its parameters.  For example, the "Power" section allows one to select a idle time before the screen blanks, but is limited to choices between 1 and 15 minutes.  To set this value to 1 hour, the following command works:
     
    gsettings set org.gnome.desktop.session idle-delay 3600
    
    

 

References:

  1. SLAC minimum security requirements:
    https://docs.slac.stanford.edu/sites/pub/Publications/701-I02-001-00_Min_Sec_Req_for_Comp.pdf
  2. Stanford minimum security requirements:  
    https://uit.stanford.edu/guide/securitystandards

  3. SLAC support for Linux:
    Ubuntu/CentOS 7 Desktop Scope of Support

...