SUIT and SCS Instructions for installing a Chef centrally managed Ubuntu linux desktop.

Ubuntu installation instructions:

  1. Install Ubuntu 16.04 or 18.04

Chef installation instructions:

  1. Run the following command to bootstrap Chef central configuration management:

    curl http://yum.slac.stanford.edu/go-chef  |  sudo /bin/sh 

Scope of support for Ubuntu desktops:

Also see: Ubuntu/CentOS 7 Desktop Scope of Support

  1. There is no central support for native AFS or NFS on CentOS 7 or Ubuntu desktops.
  2. sshfs can be used to access AFS and/or NFS from the desktop
  3. We are also investigating samba client access for CentOS 7 or Ubuntu desktops
  4. A centrally managed VMware virtual machine (CentOS 7) can be provisioned which has direct AFS and NFS access on the FARM science subnet


FAQ for scope of support for Ubuntu and CentOS 7:

Also see: Ubuntu/CentOS 7 Desktop Scope of Support

  1. How do I access SLAC AFS or NFS space?
    1. There is not native AFS or NFS support for Ubuntu or CentOS 7 desktops.  These are the supported methods for accessing SLAC AFS or NFS space:
      1. sshfs
        1. [detailed instructions coming]
      2. samba client
        1. [detailed instructions coming]
      3. ssh to centos7.slac.stanford.edu or rhel6-64.slac.stanford.edu
        1. [detailed instructions coming]
      4. sftp
        1. [detailed instructions coming]
  2. How do I request sudo access for my desktop?
    1. Fill out the sudo request form (required for an Audit trail and for you to agree to the terms of sudo privileges)
      1.  https://www.slac.stanford.edu/comp/unix/auth/superuser-req.shtml
  3. Can I install and configure the AFS client software myself?
    1. There is nothing prohibiting you from installing, configuring, and maintaining AFS client software on your desktop, but there is no central support for it, so the Help Desk or unix-admin cannot provide assistance or answer questions.
    2. You will be responsible for security updates and configuration of the AFS client software.
  4. I want my desktop to be a development environment for my code, therefore I require AFS, NFS, and require my desktop to be configured like a SLAC linux server.
    1. Taylor, the configuration management tool for Red Hat Enterprise Linux (RHEL) 6 and earlier, would configure desktops with a very similar configuration to Linux servers (such as rhel6-64).  This proved to be a difficult configuration to support on the desktop.  One example is that new kernel installs could break AFS in some situations, and unix-admin administrators would get called in to fix desktops instead of spending their time maintaining the High Performance Computing infrastructure.  The new model and scope of support for Linux desktops (for Ubuntu and CentOS 7 and later) at SLAC draws a clear line between desktops and servers.  Centrally managed Linux desktops are personal productivity machines, and desktops are not configured in the same manner as central servers.
    2. Networking rules for building (office) subnets does not permit the same access as the science (FARM) subnets.  For example, if you run a server/service on your desktop for development or testing, you may not be able to connect to it.  See the next question/answer for a solution:
  5. If I want to use a machine which is configured the same as a central Linux server, what can I do?
    1. The SLAC OpenStack cluster provides a self-service provisioning of a centrally supported RHEL 6 or CentOS 7 machine which is configured in a similar way as servers and batch nodes.  The RHEL 6 virtual machine can run taylor and the CentOS 7 virtual machine can run Chef, to provide AFS, NFS, and other configuration which matches standard servers at SLAC.  This is a good solution if you require sudo access.
    2. VMs provisioned on the SLAC OpenStack cluster are placed directly on the science (FARM) subnets, so you have the same access to data as LSF batch nodes, servers, and login machines like rhel6-64 and centos7.
    3. Central login pools of servers are available: rhel6-64.slac.stanford.edu, iris.slac.stanford.edu, centos7.slac.stanford.edu .  This is a good solution if you do not require sudo access.
    4. Consider using/investigating containers.  Singularity is a popular choice for HPC environments.  http://singularity.lbl.gov/
  6. Do I need to install security updates on my desktop?
    1. The default configuration is to have updates installed automatically.  If you change this, then you are responsible for manually installing updates yourself within the time period specified by the Minimun Security Requirement policy.  [insert link here]