The Lab.pm provisioning module is used to broker access to standalone pre-installed Linux or Solaris machines. These machines could be in an existing walk-in computer lab or racked in a server room.
There are four main parts needed to setup a standalone machine to use with the Lab.pm module.
- a non-root account called vclstaff on the target machines
- ssh idenitity key for vclstaff account, this key is used by the vcld process on the management node
- ssh service running on port 24 of the target machines
- vclclientd running on the target machines, vclclientd in the bin directory of the vcld release
For distribution to a large set of machines, an rpm or package could be created to distribute vclclientd and related files.
How it works.
The Lab.pm module confirms an assigned node or lab machine is accessible using the ssh identity key on port 24. If this succeeds, then a small configuration file with the state, user's id and the users' remote IP address is sent to the node along with a flag to trigger the vclclientd process to either open or close the remote access port. Currently this module only supports Linux and Solaris lab machines.
How to setup:
All commands are run as root.
1. Create the non-root vclstaff account on target machine
2. Generate ssh identity keys for vclstaff account. Do not enter a passphrase for the key, just hit enter when prompted.
At this point we have created a private key /home/vclstaff/.ssh/id_rsa and the public key /home/vclstaff/.ssh/id_rsa.pub.
Copy the public key to /home/vclstaff/.ssh/authorized_keys file
Copy the private key to the management node. This can be stored in /etc/vcl/lab.key. This private key is used by vcld to remotely log into the the lab machine.
Test out the newly created key from the vcl management node:
ssh -i /etc/vcl/lab.key vclstaff@target_lab_machine
3. Set ssh server on target machine to listen on port 24. Edit /etc/ssh/sshd_config on target lab machine(s).
For advanced ssh configurations one may need to also add vclstaff to the AllowUsers directive or some other group which would work with ones existing campus ssh login restrictions, if any.
retest to make sure sshd is accessible on port 24
4. Copy vclclientd and vclclientd init script to target_lab_machine, from managenment node:
Start vclclientd :
/etc/init.d/S99vclclient.linux start5. Add computers to the VCL database as one normally would.
Make sure to select the Lab provisioning module it is labeled as "Computing Lab"
6. Insert an image into the image table for this lab machine:
Insert information into the imagerevision table. Note 'Lab Machine image' can be what ever you want.
Insert information into the resource table.
7. Set up the image to computer group mappings and grant access.
These next steps will be done using the VCL web interface
- Create a new Image group. Manage groups, add a new image resrouce group.
- Create a new Computer group. Manage groups, add a new computer resrouce group.
- Add new image (inserted above) to the image group just created in step 1.
- Add machines that have vclclientd to the computer group created in step 2.
- Assign new computer group to be controlled by management node. Select Management Nodes, Edit Management Node Mapping
- Grant access to the new lab image and computer group in the privilege tree.