The Lab.pm provisioning module is used to broker access to standalone pre-installed Linux or Solaris machines. These machines could be in an existing walk-in computer lab or racked in a server room. VCL does not install these nodes. It controls which user is allowed to remotely connect to the node during a given time period.
There are four main parts needed to setup a standalone machine to use with the Lab.pm module.
For distribution to a large set of machines, an rpm or package could be created to distribute vclclientd and related files.
The Lab.pm module confirms an assigned node or lab machine is accessible using the ssh identity key on port 24. If this succeeds, then a small configuration file with the state, user's id and the users' remote IP address is sent to the node along with a flag to trigger the vclclientd process to either open or close the remote access port. Currently this module only supports Linux and Solaris lab machines.
All commands are run as root.
1. Create the non-root vclstaff account on target machine
on linux: useradd -d /home/vclstaff -m vclstaff
2. Generate ssh identity keys for vclstaff account. Do not enter a passphrase for the key, just hit enter when prompted.
su - vclstaff ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/home/vclstaff/.ssh/id_rsa): Created directory '/home/vclstaff/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/vclstaff/.ssh/id_rsa. Your public key has been saved in /home/vclstaff/.ssh/id_rsa.pub. The key fingerprint is:
At this point we have created a private key /home/vclstaff/.ssh/id_rsa and the public key /home/vclstaff/.ssh/id_rsa.pub.
Copy the public key to /home/vclstaff/.ssh/authorized_keys file
cat /home/vclstaff/.ssh/id_rsa.pub > /home/vclstaff/.ssh/authorized_keys
Copy the private key to the management node. This can be stored in /etc/vcl/lab.key. This private key is used by vcld to remotely log into the the lab machine.
Edit /etc/vcld.conf Set the variables IDENTITY_linux_lab and IDENTITY_solaris_lab to use this new key. It should look like: IDENTITY_solaris_lab=/etc/vcl/lab.key IDENTITY_linux_lab=/etc/vcl/lab.key
Test out the newly created key from the vcl management node:
ssh -i /etc/vcl/lab.key vclstaff@target_lab_machine
3. Set ssh server on target machine to listen on port 24. Edit /etc/ssh/sshd_config on target lab machine(s).
echo "Port 24" >> /etc/ssh/sshd_config
For advanced ssh configurations one may need to also add vclstaff to the AllowUsers directive or some other group which would work with ones existing campus ssh login restrictions, if any.
Restart sshd: /etc/init.d/sshd restart
retest to make sure sshd is accessible on port 24
ssh -p24 -i /etc/vcl/lab.key vclstaff@target_lab_machine
4. Copy vclclientd and vclclientd init script to target_lab_machine, from managenment node:
scp -P24 /usr/local/vcl/bin/vclclientd vclstaff@target_lab_machine:/home/vclstaff
scp -P24 /usr/local/vcl/bin/S99vclclient.linux target_lab_machine:/etc/init.d/S99vclclient.linux add this start up script to the appropriate run time levels
Start vclclientd :
/etc/init.d/S99vclclient.linux start5. Add computers to the VCL database as one normally would.
Make sure to select the Lab provisioning module it is labeled as "Computing Lab"
6. Insert an image into the image table for this lab machine:
INSERT INTO `vcl`.`image` (`id` , `name` , `prettyname` , `ownerid` , `platformid` , `OSid` , `imagemetaid` , `minram` , `minprocnumber` , `minprocspeed` , `minnetwork` , `maxconcurrent` , `reloadtime` , `deleted` , `test` , `lastupdate` , `forcheckout` , `maxinitialtime` , `project` , `size` , `architecture` , `description` , `usage` , `basedoffrevisionid`) VALUES ('8' , 'lab-machine-image1', 'Lab Machine image', '1', '1', '22', NULL, '512', '1', '1024', '100', NULL , '5', '0', '0', NOW(), '1', '0', 'vcl', '1500', 'x86', NULL , NULL , NULL );
Insert information into the imagerevision table. Note 'Lab Machine image' can be what ever you want.
INSERT INTO `vcl`.`imagerevision` ( `id` , `imageid` , `revision` , `userid` , `datecreated` , `deleted` , `datedeleted` , `production` , `comments` , `imagename` ) VALUES ( NULL , '8', '1', '1', NOW(), '0', NULL , '1', NULL , 'lab-machine-image1' )
Insert information into the resource table.
INSERT INTO `vcl`.`resource` ( `id` , `resourcetypeid` , `subid` ) VALUES ( NULL , '13', '8' )
7. Set up the image to computer group mappings and grant access.
These next steps will be done using the VCL web interface