Carnegie Mellon University School of Computer Science

Linux Service Configuration Add-Ons (SCAs) for Unsupported Systems

For systems within SCS which do not run our supported SCS Dragon or the older "Facilitized" computing environments, SCS Computing Facilities (SCSCF) can provide a set of Service Configuration Add-Ons (SCAs) for approved platforms. These add-ons provide configuration information that allows interoperability with core SCS services, and mechanisms for keeping such configuration information up-to-date. They do not provide a managed computing environment administered by SCSCF or integration for non-core SCS services. Hosts running the Service Configuration Add-Ons are expected to be administered by the owner or primary user of the machine. 

Availability

Supported platforms for which the SCAs are available:


  • Ubuntu 18.04 LTS (Bionic Beaver)
  • Ubuntu 16.04 LTS (Xenial Xerus)
  • Ubuntu 14.04 LTS (Trusty Tahr)

Features

Configuration for the following core SCS services is provided:

  • AFS filesystem access  - Configuration information is provided for accessing the global AFS filespace via the vendor-provided OpenAFS client software.
  • Kerberos authentication - Configuration information is provided for authentication to the SCS Kerberos realm. Configuration is provided for both Heimdal and MIT Kerberos implementations. It is up to the system administrator to decide which Kerberos library suite and Kerberized software to install and enable.
  • SCS Printing - Configuration is provided to allow printing to all public SCS printers via the OS vendor's default print service.
  • SSH host keys  - A list of the public SSH host keys of all managed SCS hosts is provided, so that clients connecting to managed SCS hosts from your machine can automatically verify the identity of the SCS host.

The above configuration information is provided in a manner that will seamlessly integrate into the OS vendor's configuration mechanisms. Care is taken to not overwrite local system administrator changes to the configuration of these services. Updates to the SCSCF configuration information will be retrieved nightly by systems running the Service Configuration Add-Ons.

Required Software

The SCS SCAs provide configuration information only. The software that uses this configuration information may or may not be installed on your system, but should be available from your OS vendor. Each core service is listed below with instructions for obtaining the software required to interact with a service.

AFS filesystem access 

SCSCF provides configuration information in a format understood by the OpenAFS client suite. It does not support the Arla AFS client, Linux's in-kernel AFS client, or any other AFS implementations.

Run the following command to install the AFS client on Ubuntu systems:

apt-get install openafs-client openafs-modules-dkms

With the default apt-get configuration, this will pull in the entire chain of dependencies required to access AFS, including the DKMS sources of the OpenAFS kernel module, which will be automatically built (and rebuilt upon kernel upgrades.)

Kerberized software

Unified configuration is provided for both Heimdal Kerberos and MIT Kerberos. While both sets of Kerberos libraries can coexist on a system (and often do, as they are pulled in as dependencies of Kerberized software) there are several pieces of software that are provided in duplicate by the OS package vendors, each built against one Kerberos implementation or the other. While the libraries can coexist, these software packages cannot, so it is up to the administrator of the system to choose, for example, the MIT or Heimdal versions of the Kerberos command line clients (kinit, aklog, etc), the Kerberized telnet or FTP servers, or the Kerberos PAM module.

However, most other Kerberized software is built against only one set of Kerberos libraries, and as such will only have one package available for installation. All such software will pull in whichever Kerberos library dependencies are required, and will happily coexist with any and all other Kerberized software, even if built against the other Kerberos implementation.

Run the following command to install Heimdal Kerberos, which is the default in SCS Dragon, on Ubuntu systems:

apt-get install heimdal-clients

If MIT Kerberos is desired, run this command instead:

apt-get install krb5-user

Printing

SCSCF provides configuration for the CUPS printing system. This printing system is installed by default on all currently-approved SCA platforms. If it is not present on your system, it can be installed as follows:

Rund this command for Ubuntu:

apt-get install cups cups-client cups-bsd

Install the Service Configuration Add-Ons (SCAs)

A script is available that will configure your machine to obtain and keep updated the package that implements the SCAs. You will need to download the script to your machine and run it as root.

The SCAs script is is provides in a best-effort manner and are not guaranteed to work with any other LInux or Unix distributions beyond those stated above.

Download the SCAs nbinstall.sh Script (1.5k) 
Run this command for Ubuntu:

# sh nbinstall.sh

Once it has completed, all necessary service configuration and mechanisms to keep that information up-to-date will have been installed.