» Home     » How To…   » Site Map   » Contact Us 
 Computing Facilities    links to the SCS and CMU home pages Carnegie Mellon School of Computer Science Carnegie Mellon University
 
Advanced search tips 
Your location: Home > Unix/Linux support > Service Configuration Add-Ons for Unix/Linux
 Documentation
 » Introduction to Facilities 
 » Accounts & passwords 
 » AFS 
 » Application software 
 » AV help 
 » Backups & restores 
 » E-mail & netnews 
 » Networking 
 » Printing 
 » Purchasing 
 » Security 
 » Software licensing 
 » Support charges 
 » Web publishing 
 » Your health 
 » Macintosh support 
 » Unix/Linux support 
 » Windows PC support 

Service Configuration Add-Ons for Unix/Linux

For systems in in SCS which do not run SCS Dragon or the older Facilitized computing environments, SCS Facilities can provide a set of Service Configuration Add-Ons for approved platforms. These add-ons provide configuration information for allowing interoperability with core SCS services, and mechanisms for keeping such configuration information up-to-date. They do not provide a managed computing environment administered by Facilities or integration for non-core SCS services. Machines running the Service Configuration Add-Ons are expected to be administered by the owner or primary user of the machine, but remote access for Facilities staff members can be optionally enabled and Software Support can be purchased.

Availability

Current approved platforms for which the Service Configuration Add-Ons are available:

  • Ubuntu 10.04 LTS (Lucid Lynx)

Features

Configuration for the following core SCS services is provided:

  • AFS filesystem access
    Configuration information is provided for accessing the global AFS filespace via the vendor-provided OpenAFS client software.
  • Kerberos authentication
    Configuration information is provided for authentication to the SCS Kerberos realm. Configuration is provided for both Heimdal and MIT Kerberos implementations. It is up to the system administrator to decide which Kerberized software to install and enable.
  • SCS printing
    Configuration is provided to allow printing to all public SCS printers via the OS vendor's default print service.
  • SSH host keys
    A list of the public SSH host keys of all Facilities-managed SCS hosts is provided, so that clients connecting to managed SCS hosts from your machine can automatically verify the identity of the SCS host.
  • System backups
    Configuration is provided for Teradactyl's TiBS backup software to allow systems to receive backup service from SCS. Native-format software packages of the TiBS software is also available for installation on a host, should backups be requested.

The above configuration information is provided in a manner that will seamlessly integrate into the OS vendor's configuration mechanisms. Care is taken to not overwrite local system administrator changes to the configuration of these services. Updates to the SCS-specific configuration information will be retrieved nightly by systems running the Service Configuration Add-Ons.

Optional features of the Service Configuration Add-Ons:

  • Remote access for SCS Facilities staff
    Configuration will be provided to allow Facilities staff members to remotely access your machine to assist in troubleshooting problems with the supported core SCS services listed above. SSH server software will need to be present and running on the system, and must be installed if not there by default.
  • Software Support
    Comprehensive Software Support may be purchased for unmanaged systems running the Service Configuration Add-Ons. Purchasing the service requires that the above-listed remote access for Facilities staff be enabled. Unmanaged systems that are not currently subscribed to Software Support are required to purchase a minimum of six months of Software Support service to receive assistance beyond the standard support of troubleshooting only the core SCS services included with the Service Configuration Add-Ons.

Required Software

The SCS Service Configuration Add-Ons provide configuration information only. The software that uses this configuration information may or may not be installed on your system, but should be available from your OS vendor. Each core service is listed below with instructions for obtaining the software required to interact with a service.

  • AFS filesystem access

    SCS Facilities provides configuration information in a format understood by the OpenAFS client suite. It does not support the Arla AFS client, Linux's in-kernel AFS client, or any other AFS implementations.

    For Ubuntu: 

      apt-get install openafs-client openafs-modules-dkms

    With the default apt-get configuration, this will pull in the entire chain of dependencies required to access AFS, including the DKMS sources of the OpenAFS kernel module, which will be automatically built (and rebuilt upon kernel upgrades.)

  • Kerberized software

    Unified configuration is provided for both Heimdal Kerberos and MIT Kerberos. While both sets of Kerberos libraries can coexist on a system (and often do, as they are pulled in as dependencies of Kerberized software) there are several pieces of software that are provided in duplicate by the OS package vendors, each built against one Kerberos implementation or the other. While the libraries can coexist, these software packages cannot, so it is up to the administrator of the system to choose, for example, the MIT or Heimdal versions of the Kerberos commandline clients (kinit, aklog, etc), the Kerberized telnet or FTP servers, or the Kerberos PAM module.

    However, most other Kerberized software is built against only one set of Kerberos libraries, and as such will only have one package available for installation. All such software will pull in whichever Kerberos library dependencies as required, and will happily coexist with any and all other Kerberized software, even if built against the other Kerberos implementation.

  • Printing

    SCS Facilities provides configuration for the CUPS printing system. This printing system is installed by default on all currently-approved SCA platforms. If it is not present on your system, it can be installed as follows:

    For Ubuntu: 

      apt-get install cups cups-client cups-bsd
  • Backups

    SCS Facilities provides backups via Teradactyl's TiBS backup suite. Native-format packages for approved platforms are provided and available to all systems running the Service Configuration Add-Ons. However, since backups are an optional service that incurs an extra monthly charge, and the software is only distributed by Teradactyl (and not OS vendors), it does not appear by default on SCA machines.

    Because the backup software needs to be configured to use the SCS Facilities backup servers, the software must be installed by a Facilities staff member at the time that backup service is purchased. Comprehensive Software Support service is not required for this installation procedure.

  • Remote access for Facilities Staff

    SCS Facilities provides configuration information for both OpenSSH and system Kerberos libraries to permit select Facilities staff members to log into an SCA system to provide troubleshooting or administrative assistance. However, using this configuration is optional and it is disabled by default. Several steps are needed to enable remote access on the approved platforms, and administrators have the option to enable remote access via SSH, Kerberized telnet, or both.

    For Ubuntu:

    Since an OpenSSH server is not installed by default on Ubuntu systems, one must be downloaded and installed, if SSH access is to be granted. 

      apt-get install openssh-server

    Likewise, a Kerberized telnet must be installed to grant access via that mechanism. Both the MIT and Heimdal versions of telnetd are available, and either will work. 

      apt-get install heimdal-servers

    or:

      apt-get install krb5-telnetd

    In order for Kerberized telnet to work, the SCA host must have a Kerberos host key. Having a host key for SSH access is optional. The cmucs-keyme package is available and will automatically obtain a Kerberos host key for any host which has been registered with the SCS auto-keying service. If you wish to obtain a Kerberos host key, please first contact SCS Facilities to request that your system be registered in the auto-keying system and wait for confirmation that they system has been registered. Once registered, install the cmucs-keyme package, which will automatically key your system. 

      apt-get install cmucs-keyme

    Finally, the master cmucs-config package (which implements most of the Service Configuration Add-Ons) will need to be reconfigured to allow remote access to Facilities staff members. Run the following command and answer in the affirmative to the question that asks about enabling SCS Facilities remote support. 

      dpkg-reconfigure cmucs-config
 This site is maintained by SCS Computing Facilities; send comments to help@cs.cmu.edu.
 Accessibility information  © Carnegie Mellon School of Computer Science