Beta
This commit is contained in:
154
README.html
154
README.html
@@ -1195,33 +1195,22 @@ github.com style (c) Vasily Polovnyov <vast@whiteants.net>
|
||||
<script src="https://cdn.jsdelivr.net/npm/katex-copytex@latest/dist/katex-copytex.min.js"></script>
|
||||
|
||||
</head>
|
||||
<body class="vscode-body vscode-light">
|
||||
<body class="vscode-body">
|
||||
<h1 id="hartman-lab-server-manual-">Hartman Lab Server Manual <!-- omit in toc --></h1>
|
||||
<ul>
|
||||
<li>Bryan C. Roessler</li>
|
||||
<li>Last updated: 2021-10-22</li>
|
||||
</ul>
|
||||
<p><img src="file:////home/bryan/develop/scripts/hartmanlab/manual-images/anyconnect.png" alt="UAB AnyConnect VPN"></p>
|
||||
<h2 id="important-information">Important information</h2>
|
||||
<p>At some point UAB may restrict <code>ssh</code> access to the Hartman Lab Server, which will require users to first connect to the UAB VPN using the <a href="https://www.uab.edu/vpn/">UAB AnyConnect VPN</a>. Once the VPN connection is established, follow the rest of the manual to connect to the server.</p>
|
||||
<p>For users that do not have UAB VPN credentials, a whitelist exception for the user's IP address will need to be added to the UAB firewall. Requests to UAB IT can be made <a href="https://uabprod.service-now.com/service_portal?id=sc_cat_item&sys_id=daf70746374ce3c0daa253b543990e7f">here</a> using your UAB credentials, and should resemble the following:</p>
|
||||
<pre><code class="language-(text)"><code><div>Type: Permit
|
||||
Application Name: ssh
|
||||
Firewall: UAB Internet Border
|
||||
Source IP Addresses: User address(es)
|
||||
Destination IP address: 138.26.17.151
|
||||
TCP Port: 22
|
||||
UDP Port: N/A
|
||||
Other Protocols: N/A
|
||||
Reason: Outside collaboration/(Other reason)
|
||||
</div></code></code></pre>
|
||||
<p>© 2021 Bryan C. Roessler</p>
|
||||
<p>Last updated: 2021-10-22</p>
|
||||
<h2 id="table-of-contents-">Table of Contents <!-- omit in toc --></h2>
|
||||
<ul>
|
||||
<li><a href="#important-information">Important information</a></li>
|
||||
<li><a href="#for-users">For users</a>
|
||||
<ul>
|
||||
<li><a href="#first-time-login">First time login</a></li>
|
||||
<li><a href="#sshsftp-file-server">SSH/SFTP file server</a></li>
|
||||
<li><a href="#file-server">File server</a>
|
||||
<ul>
|
||||
<li><a href="#sshsftp">SSH/SFTP</a></li>
|
||||
<li><a href="#samba-file-shares">Samba file shares</a></li>
|
||||
</ul>
|
||||
</li>
|
||||
<li><a href="#x2go-remote-desktop">X2Go remote desktop</a>
|
||||
<ul>
|
||||
<li><a href="#session-tab">Session tab</a></li>
|
||||
@@ -1239,7 +1228,6 @@ Reason: Outside collaboration/(Other reason)
|
||||
</li>
|
||||
<li><a href="#windows-10-virtual-machines">Windows 10 Virtual Machines</a></li>
|
||||
<li><a href="#robot-computer-access">Robot computer access</a></li>
|
||||
<li><a href="#samba-file-server">Samba File Server</a></li>
|
||||
<li><a href="#webcam-robot-monitoring">Webcam robot monitoring</a></li>
|
||||
<li><a href="#rstudio-server">RStudio Server</a></li>
|
||||
<li><a href="#recommendations">Recommendations</a>
|
||||
@@ -1259,7 +1247,6 @@ Reason: Outside collaboration/(Other reason)
|
||||
<li><a href="#unban-a-user">Unban a user</a></li>
|
||||
<li><a href="#fix-or-repair-user-file-permissions">Fix or repair user file permissions</a></li>
|
||||
<li><a href="#services">Services</a></li>
|
||||
<li><a href="#adding-a-drive">Adding a drive</a></li>
|
||||
<li><a href="#virtual-machines">Virtual Machines</a>
|
||||
<ul>
|
||||
<li><a href="#allow-access-to-the-samba-share-within-the-windows-vm-windows-bug-workaround">Allow access to the samba share within the Windows VM (Windows bug workaround)</a></li>
|
||||
@@ -1269,12 +1256,30 @@ Reason: Outside collaboration/(Other reason)
|
||||
</li>
|
||||
<li><a href="#updating-all-software">Updating all software</a></li>
|
||||
<li><a href="#scheduling-a-restart">Scheduling a restart</a></li>
|
||||
<li><a href="#adding-a-drive">Adding a drive</a></li>
|
||||
<li><a href="#logging">Logging</a></li>
|
||||
</ul>
|
||||
</li>
|
||||
<li><a href="#resources">Resources</a></li>
|
||||
<li><a href="#contact">Contact</a></li>
|
||||
</ul>
|
||||
<h2 id="important-information">Important information</h2>
|
||||
<p>If UAB restricts direct <code>ssh</code> access to the Hartman Lab Server, users will need to first connect to the UAB VPN using the <a href="https://www.uab.edu/vpn/">UAB AnyConnect VPN</a>. Once the VPN connection is established, follow the rest of the manual to connect to the server.</p>
|
||||
<p>For users that do not have UAB VPN credentials, a whitelist exception for the user's IP address will need to be added to the UAB firewall. Requests to UAB IT can be made <a href="https://uabprod.service-now.com/service_portal?id=sc_cat_item&sys_id=daf70746374ce3c0daa253b543990e7f">here</a> using your UAB credentials, and should resemble the following:</p>
|
||||
<pre><code class="language-(text)"><code><div>Type: Permit
|
||||
Application Name: ssh
|
||||
Firewall: UAB Internet Border
|
||||
Source IP Addresses: User address(es)
|
||||
Destination IP address: 138.26.17.151
|
||||
TCP Port: 22
|
||||
UDP Port: N/A
|
||||
Other Protocols: N/A
|
||||
Reason: Outside collaboration/(Other reason)
|
||||
</div></code></code></pre>
|
||||
<ul>
|
||||
<li>Network Manager UAB VPN settings
|
||||
<img src="manual-images/anyconnect.png" alt="UAB AnyConnect VPN"></li>
|
||||
</ul>
|
||||
<h2 id="for-users">For users</h2>
|
||||
<h3 id="first-time-login">First time login</h3>
|
||||
<ol>
|
||||
@@ -1286,11 +1291,37 @@ Reason: Outside collaboration/(Other reason)
|
||||
<li>Re-login: <code>ssh blazerid@hartmanlab.genetics.uab.edu</code> using the new password</li>
|
||||
<li><em>Optional:</em> Change Samba password (default password is your username): <code>smbpasswd</code></li>
|
||||
</ol>
|
||||
<h3 id="sshsftp-file-server">SSH/SFTP file server</h3>
|
||||
<h3 id="file-server">File server</h3>
|
||||
<h4 id="sshsftp">SSH/SFTP</h4>
|
||||
<p>Files can be transferred to/from the server using <code>sftp</code>.</p>
|
||||
<p>Users can access the server directly through a terminal (text-based) ssh client (<code>ssh</code> in OSX/Linux, or <a href="http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html"><code>PuTTY</code></a> in Windows) or via a GUI SFTP program such as <a href="https://filezilla-project.org/download.php?type=client">Filezilla</a> or <a href="https://winscp.net/eng/index.php">WinSCP</a>. Linux users can access and mount the SFTP share directly within most file managers (Fig. 2) or by using <a href="https://www.digitalocean.com/community/tutorials/how-to-use-sshfs-to-mount-remote-file-systems-over-ssh"><code>sshfs</code></a>.</p>
|
||||
<p>Users can access the server directly through a terminal (text-based) ssh client (<code>ssh</code> in OSX/Linux, or <a href="http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html"><code>PuTTY</code></a> in Windows) or via a GUI SFTP program such as <a href="https://filezilla-project.org/download.php?type=client">Filezilla</a> or <a href="https://winscp.net/eng/index.php">WinSCP</a>. Linux users can access and mount the SFTP share directly within most file managers or by using <a href="https://www.digitalocean.com/community/tutorials/how-to-use-sshfs-to-mount-remote-file-systems-over-ssh"><code>sshfs</code></a>.</p>
|
||||
<ul>
|
||||
<li>
|
||||
<p>Using <code>caja</code> to access sftp shares:
|
||||
<img src="manual-images/sftp-native-linux.png" alt="Caja SFTP Example"></p>
|
||||
</li>
|
||||
<li>
|
||||
<p>Using <a href="https://filezilla-project.org/download.php?type=client">Filezilla</a> to access sftp shares:
|
||||
<img src="manual-images/filezilla.png" alt="Filezilla SFTP Example"></p>
|
||||
</li>
|
||||
</ul>
|
||||
<h4 id="samba-file-shares">Samba file shares</h4>
|
||||
<p>Samba file shares can be mounted cross-platform as if the data existed locally. The server provides two shares:</p>
|
||||
<ol>
|
||||
<li>The shared data array (<code>/mnt/data</code>): <code>\\username\data</code></li>
|
||||
<li>The user's home directory (<code>$HOME</code>): <code>\\username\username</code></li>
|
||||
</ol>
|
||||
<p>The default Samba credentials are the same as your server username and password. Users can change their Samba password using <code>smbpasswd</code>.</p>
|
||||
<ul>
|
||||
<li>Mounting samba shares on Windows:
|
||||
<ol>
|
||||
<li><img src="manual-images/samba-windows1.png" alt="Samba shares on Windows"></li>
|
||||
<li><img src="manual-images/samba-windows2.png" alt="Samba shares on Windows"></li>
|
||||
</ol>
|
||||
</li>
|
||||
</ul>
|
||||
<h3 id="x2go-remote-desktop">X2Go remote desktop</h3>
|
||||
<p>X2Go provides a remote virtual desktop over <code>vnc</code> secured using <code>ssh</code>. X2Go clients are provided for Windows, OSX, and Linux systems on the <a href="http://wiki.x2go.org/doku.php">X2Go website</a> or from your package manager (<code>x2goclient</code>).</p>
|
||||
<p>X2Go provides a remote virtual desktop over <code>vnc</code> secured with <code>ssh</code>. X2Go clients are provided for Windows, OSX, and Linux systems on the <a href="http://wiki.x2go.org/doku.php">X2Go website</a> or from your package manager (<code>x2goclient</code>).</p>
|
||||
<p>X2Go sessions can be paused or closed from the X2Go client window. Multiple sessions can be saved in the client, making it easy to select alternate quality settings based on location/bandwidth or to provide multiple user login sessions on the same machine.</p>
|
||||
<p><strong>Note:</strong> Some programs do not continue to run at full speed when an X2Go session is paused. In these cases, the program should be run via remote SSH (ideally in a <a href="https://en.wikipedia.org/wiki/Tmux"><code>tmux</code></a> or <a href="https://www.gnu.org/software/screen/"><code>screen</code></a> session).</p>
|
||||
<h4 id="session-tab">Session tab</h4>
|
||||
@@ -1301,6 +1332,7 @@ Reason: Outside collaboration/(Other reason)
|
||||
<li>SSH port: 22</li>
|
||||
<li>Session type: <strong>MATE</strong> (Not all session types are allowed and MATE should provide the best experience with X2Go)</li>
|
||||
</ul>
|
||||
<p><img src="manual-images/x2go-session.png" alt="X2Go session preferences"></p>
|
||||
<h4 id="connection-tab">Connection tab</h4>
|
||||
<ul>
|
||||
<li>Set the connection speed to <em>LAN</em> when connecting from within the UAB network. When connecting from off-campus these quality values can be adjusted based on bandwidth and latency.</li>
|
||||
@@ -1316,7 +1348,8 @@ Reason: Outside collaboration/(Other reason)
|
||||
<h4 id="shared-folders">Shared folders</h4>
|
||||
<ul>
|
||||
<li>Select folders on the client to be shared with the server during a session. Browse to the chosen folder, add it to the share, and select <em>automount</em>.</li>
|
||||
<li>These folders will then appear on the server under <code>/media/disk/<share_name></code> (Fig. 4).</li>
|
||||
<li>These folders will then appear on the server under <code>/media/disk/<share_name></code>.
|
||||
<img src="manual-images/x2go-sharedfolders.png" alt="X2Go shared folders"></li>
|
||||
</ul>
|
||||
<h3 id="native-x-forwarding">Native X forwarding</h3>
|
||||
<p>It is possible to launch graphical server programs directly on a client.</p>
|
||||
@@ -1331,19 +1364,22 @@ Reason: Outside collaboration/(Other reason)
|
||||
</ul>
|
||||
<h3 id="windows-10-virtual-machines">Windows 10 Virtual Machines</h3>
|
||||
<ul>
|
||||
<li>Access from X2Go:
|
||||
<li>
|
||||
<p>Access from within X2Go:</p>
|
||||
<ul>
|
||||
<li><em>Applications>Internet>Remote Viewer</em>: <a href="spice://localhost:5900"><code>spice://localhost:5900</code></a></li>
|
||||
<li><em>Applications>Internet>Remote Viewer</em>: <a href="spice://localhost:5900"><code>spice://localhost:5900</code></a>
|
||||
<img src="manual-images/virt-viewer.png" alt="Samba shares on Windows"></li>
|
||||
</ul>
|
||||
</li>
|
||||
<li>External access:
|
||||
<ul>
|
||||
<li><code>virt-viewer</code> is available for all platforms (<a href="https://virt-manager.org/download/">Windows</a>, <a href="https://www.spice-space.org/page/OSX_Client">OSX</a>)</li>
|
||||
</ul>
|
||||
<li>
|
||||
<p>Direct external access:
|
||||
<a href="/usr/local/bin/virt-viewer"><code>virt-viewer</code></a> is available across all platforms (<a href="https://virt-manager.org/download/">Windows</a>, <a href="https://www.spice-space.org/page/OSX_Client">OSX</a>).</p>
|
||||
</li>
|
||||
</ul>
|
||||
<li>
|
||||
<p>The SPICE password is: <strong><code>hartmanlab</code></strong></p>
|
||||
<p>The virtualized Windows 10 instances require logging in with your UAB e-mail address and password.</p>
|
||||
</li>
|
||||
</ul>
|
||||
<p>The virtualized Windows 10 instances require logging in with your UAB email address and password.</p>
|
||||
<ul>
|
||||
<li><strong>Note:</strong> Users should NOT log in with a pin when prompted, it will disable access to the Samba file shares (Windows bug). Users should always log in with a password.</li>
|
||||
</ul>
|
||||
@@ -1352,13 +1388,6 @@ Reason: Outside collaboration/(Other reason)
|
||||
<ul>
|
||||
<li>While logged into the server, launch <em>Applications>Internet>Remote Viewer>Connection>New</em>: <code>vnc://192.168.16.101:5900</code></li>
|
||||
</ul>
|
||||
<h3 id="samba-file-server">Samba File Server</h3>
|
||||
<p>Samba file shares can be mounted on any client as if the data existed locally. The server provides two shares:</p>
|
||||
<ol>
|
||||
<li>The shared data array (<code>/mnt/data</code>): <code>\\username\data</code></li>
|
||||
<li>The user's home directory (<code>$HOME</code>): <code>\\username\username</code></li>
|
||||
</ol>
|
||||
<p>The default Samba credentials are the same as your server username and password. Users can change their Samba password using <code>smbpasswd</code>.</p>
|
||||
<h3 id="webcam-robot-monitoring">Webcam robot monitoring</h3>
|
||||
<p>The robot webcam is viewable in a web page within an X2Go session at: <code>localhost:8888</code></p>
|
||||
<h3 id="rstudio-server">RStudio Server</h3>
|
||||
@@ -1440,32 +1469,25 @@ Reason: Outside collaboration/(Other reason)
|
||||
<ul>
|
||||
<li><code>script-files-permissions-set</code> <em><code>username</code></em> <em><code>password</code></em> <em><code>PATH[...]</code></em>
|
||||
<ul>
|
||||
<li>This script will walk you through fixing or setting the permissions on one or more <code>PATH</code>'s.</li>
|
||||
<li>This script will walk you through fixing or setting the permissions on one or more <code>PATH</code>'s. If no PATH is provided the <code>$PWD</code> is used.</li>
|
||||
</ul>
|
||||
</li>
|
||||
<li><code>script-files-permissions-reset</code>
|
||||
<li><code>script-files-permissions-reset</code> <em><code>PATH[...]</code></em>
|
||||
<ul>
|
||||
<li>If things go really south, use this script as a method of last resort to reset permissions on the entire shared data array <code>/mnt/data</code> so they are writeable by the <code>smbgrp</code> group.</li>
|
||||
<li>If no <em><code>PATH[...]</code></em> is provided it will reset the data array <code>/mnt/data</code>.</li>
|
||||
<li>If things go really south, use this script as a method of last resort to reset permissions on a path by resetting the original permissions for the shared data.</li>
|
||||
</ul>
|
||||
</li>
|
||||
</ul>
|
||||
<h3 id="services">Services</h3>
|
||||
<ul>
|
||||
<li>Start: <em>sudo systemctl start smb.service</em></li>
|
||||
<li>Stop: <em>sudo systemctl stop smb.service</em></li>
|
||||
<li>Start at boot: <em>sudo systemctl enable smb.service</em></li>
|
||||
<li>Do not start at boot: <em>sudo systemctl disable smb.service</em></li>
|
||||
<li>Restart service: <em>sudo systemctl restart smb.service</em></li>
|
||||
<li>Reload services: <em>sudo systemctl daemon-reload</em></li>
|
||||
<li>Read service: <em>sudo systemctl cat smb.service</em></li>
|
||||
</ul>
|
||||
<h3 id="adding-a-drive">Adding a drive</h3>
|
||||
<ul>
|
||||
<li><s><code>sudo scripts-drive-add</code> <code>/dev/sdX</code></s> (Under construction)
|
||||
<ul>
|
||||
<li>To determine the correct drive, use <code>lsblk -f</code>.</li>
|
||||
</ul>
|
||||
</li>
|
||||
<li>Start: <code>sudo systemctl start smb.service</code></li>
|
||||
<li>Stop: <code>sudo systemctl stop smb.service</code></li>
|
||||
<li>Start at boot: <code>sudo systemctl enable smb.service</code></li>
|
||||
<li>Do not start at boot: <code>sudo systemctl disable smb.service</code></li>
|
||||
<li>Restart service: <code>sudo systemctl restart smb.service</code></li>
|
||||
<li>Reload services: <code>sudo systemctl daemon-reload</code></li>
|
||||
<li>Read service: <code>sudo systemctl cat smb.service</code></li>
|
||||
</ul>
|
||||
<h3 id="virtual-machines">Virtual Machines</h3>
|
||||
<ul>
|
||||
@@ -1516,9 +1538,19 @@ slmgr -ato
|
||||
</ul>
|
||||
<h3 id="scheduling-a-restart">Scheduling a restart</h3>
|
||||
<ul>
|
||||
<li><s><code>sudo script-system-restart</code> <em><code>datetime</code></em></s> (Under construction)
|
||||
<li><code>sudo script-system-scheduled-restart</code> <em><code>OnCalendar</code></em>
|
||||
<ul>
|
||||
<li>This will alert users via <code>notify-send</code> in X2Go and <code>wall</code> in ssh of the scheduled restart.</li>
|
||||
<li>If a valid <code>OnCalendar</code> is not passed, assumes <code>*-*-* 01:30:00</code> (1:30 AM).</li>
|
||||
<li>See <a href="https://www.freedesktop.org/software/systemd/man/systemd.time.html">Calendar Events</a> for proper time format.</li>
|
||||
<li>This will alert users via <code>notify-send</code> in X2Go, <code>wall</code> in ssh, and add a reminder to the <code>motd</code> about the scheduled restart.</li>
|
||||
</ul>
|
||||
</li>
|
||||
</ul>
|
||||
<h3 id="adding-a-drive">Adding a drive</h3>
|
||||
<ul>
|
||||
<li><s><code>sudo scripts-drive-add</code> <code>/dev/sdX</code></s> (Under construction)
|
||||
<ul>
|
||||
<li>To determine the correct drive, use <code>lsblk -f</code>.</li>
|
||||
</ul>
|
||||
</li>
|
||||
</ul>
|
||||
|
||||
Reference in New Issue
Block a user