Service Configuration Add-Ons for Unix/Linux
For systems in in SCS which do not run SCS Dragon or the older Facilitized computing environments, SCS Facilities can provide a set of Service Configuration Add-Ons for approved platforms. These add-ons provide configuration information that allows interoperability with core SCS services, and mechanisms for keeping such configuration information up-to-date. They do not provide a managed computing environment administered by Facilities or integration for non-core SCS services. Machines running the Service Configuration Add-Ons are expected to be administered by the owner or primary user of the machine.
Supported platforms for which the Service Configuration Add-Ons are available:
- Ubuntu 16.04 (Xenial Xerus)
- Ubuntu 14.04 LTS (Trusty Tahr)
- Ubuntu 12.04 LTS (Precise Pangolin)1
Configuration for the following core SCS services is provided:
- AFS filesystem access
- Configuration information is provided for accessing the global AFS filespace via the vendor-provided OpenAFS client software.
- Kerberos authentication
- Configuration information is provided for authentication to the SCS Kerberos realm. Configuration is provided for both Heimdal and MIT Kerberos implementations. It is up to the system administrator to decide which Kerberos library suite and Kerberized software to install and enable.
- SCS printing
- Configuration is provided to allow printing to all public SCS printers via the OS vendor's default print service.
- SSH host keys
- A list of the public SSH host keys of all Facilities-managed SCS hosts is provided, so that clients connecting to managed SCS hosts from your machine can automatically verify the identity of the SCS host.
The above configuration information is provided in a manner that will seamlessly integrate into the OS vendor's configuration mechanisms. Care is taken to not overwrite local system administrator changes to the configuration of these services. Updates to the SCS-specific configuration information will be retrieved nightly by systems running the Service Configuration Add-Ons.
Installing the Service Configuration Add-Ons
A script is available that will configure your machine to obtain and keep updated the package that implements the Service Configuration Add-Ons. Download the script to your machine and run it as root.
- Service Configuration Add-On Script download
- nbinstall.sh (Bourne shell script, approx. 1.5K)
# sh nbinstall.shOnce it has completed, all necessary service configuration and mechanisms to keep that information up-to-date will have been installed.
NOTE: This is only the configuration information. The software that actually uses this may or may not be installed on your system. Please see the Required Software section of this page for details on how to install those particular software packages.
The SCS Service Configuration Add-Ons provide configuration information only. The software that uses this configuration information may or may not be installed on your system, but should be available from your OS vendor. Each core service is listed below with instructions for obtaining the software required to interact with a service.
- AFS filesystem access
SCS Facilities provides configuration information in a format understood by the OpenAFS client suite. It does not support the Arla AFS client, Linux's in-kernel AFS client, or any other AFS implementations.
apt-get install openafs-client openafs-modules-dkms
For Ubuntu backports (12.04.3 and up):
apt-get install openafs-client/precise-backports openafs-modules-dkms/precise-backports
With the default apt-get configuration, this will pull in the entire chain of dependencies required to access AFS, including the DKMS sources of the OpenAFS kernel module, which will be automatically built (and rebuilt upon kernel upgrades.)
- Kerberized software
Unified configuration is provided for both Heimdal Kerberos and MIT Kerberos. While both sets of Kerberos libraries can coexist on a system (and often do, as they are pulled in as dependencies of Kerberized software) there are several pieces of software that are provided in duplicate by the OS package vendors, each built against one Kerberos implementation or the other. While the libraries can coexist, these software packages cannot, so it is up to the administrator of the system to choose, for example, the MIT or Heimdal versions of the Kerberos commandline clients (kinit, aklog, etc), the Kerberized telnet or FTP servers, or the Kerberos PAM module.
However, most other Kerberized software is built against only one set of Kerberos libraries, and as such will only have one package available for installation. All such software will pull in whichever Kerberos library dependencies are required, and will happily coexist with any and all other Kerberized software, even if built against the other Kerberos implementation.
SCS Facilities provides configuration for the CUPS printing system. This printing system is installed by default on all currently-approved SCA platforms. If it is not present on your system, it can be installed as follows:
apt-get install cups cups-client cups-bsd