Clone scripts repo if needed:
git clone https://github.com/IERoboticsAILab/scripts.git
For a complete post-install, run setup/setup.sh with admin privileges. For example,
sudo setup/setup.shIf you need only some features, you can run specific scripts individually.
For example, run software/docker.sh to setup only Docker
In next sections you can find all the scripts available.
Assume:
- `[uname]` is your LDAP username.
- Robotics lab network access is NECESSARY for access to your file system and LDAP users
IMPORTANT
The new default administrative user which does not rely on network access is called `failsafe`, this users home directory is mounted at `/var/local/failsafe/` - the password can be found in the credentials list.
—
- Have `curl` installed on your system.
“`bash wget https://raw.githubusercontent.com/IE-Robotics-Lab/scripts/main/setup/setup.sh -O setup.sh && chmod +x setup.sh && sudo ./setup.sh “`
When prompted for the **BECOME password**, enter your user password to allow the script to run with `sudo` permissions.
WARNING !!!! Once you execute the script as root, all the existing home directory data will be removed.
- Once the script is ready, enter root and execute with the first 2 commands given
below. You will be prompted for inputting some few details as the packages get
installed, this information is also given below. You will be prompted for the LDAP
password, if you do not have it, you cannot run the script.
- `sudo su`
- `bash setup.sh`
- **LDAP Server**: `ldap://10.205.1.2`
- **LDAP Base DN**: `dc=colossus`
- **SELECT:** passwd,group,shadow
- When at PAM configuration do not select anything and just hit OK
- Now that all is setup and the script does not show any errors, some parts of the system may freeze right after installation, it is important to reboot the machine before any further work is done.
#!/bin/bash
# make a backup of the original files before modifying them
echo "[LDAP] Backing up original configuration files..."
cp /etc/nsswitch.conf /etc/nsswitch.conf.bak
cp /etc/pam.d/common-auth /etc/pam.d/common-auth.bak
cp /etc/pam.d/common-account /etc/pam.d/common-account.bak
cp /etc/pam.d/common-session /etc/pam.d/common-session.bak
cp /etc/pam.d/common-password /etc/pam.d/common-password.bak
cp /etc/sudoers /etc/sudoers.bak
# Install necessary packages
# Note: autofs install moved to setup/services/nfs.sh
echo "Installing necessary packages..."
apt-get update && apt-get install -y libnss-ldapd libpam-ldapd nscd nslcd
# automatically adds ldap to nsswitch.conf
# prompt for the password
# (-s can sometimes be an ilegal option)
read -p "Enter the LDAP bind password: " BIND_PW
# check if the password is correct
ldapsearch -x -D $BIND_DN -w $BIND_PW -b $BASE_DN -H $LDAP_URI > /dev/null
if [ $? -ne 0 ]; then
echo "Invalid password"
exit 1
fi
NFS_SERVER="10.205.10.3" # Replace with your NFS server IP or hostname
NFS_HOME="/homes" # Replace with the NFS shared directory for home directories
PAST_ADMIN="lab"
# Configure nslcd for LDAP
echo "Configuring LDAP..."
cat > /etc/nslcd.conf <<EOF
uid nslcd
gid nslcd
uri $LDAP_URI
base $BASE_DN
binddn $BIND_DN
bindpw $BIND_PW
EOF
# PAM configuration for LDAP Authentication
echo "Configuring PAM for LDAP Authentication..."
pam-auth-update || die "Failed to configure PAM for LDAP."
# Restart nslcd and nscd to apply changes
echo "[LDAP] Restarting services..."
systemctl restart nslcd nscd || die "Failed to restart LDAP services."
####### PAM CONFIGURATION #######
echo "[LDAP] Configuring PAM for LDAP Authentication..."
sed -i 's/^passwd:.*/passwd: compat ldap/' /etc/nsswitch.conf
sed -i 's/^group:.*/group: compat ldap/' /etc/nsswitch.conf
sed -i 's/^shadow:.*/shadow: compat ldap/' /etc/nsswitch.conf
# add "SUDOers" group to sudoers file (if it is not already present)
grep -q "^%SUDOers" /etc/sudoers
if [ $? -ne 0 ]; then
echo "%SUDOers ALL=(ALL:ALL) ALL" >> /etc/sudoers
fi
# !!!! migrate to users.sh
# make lab sudo
# check if lab exists in /etc/sudoers
grep -q "^lab" /etc/sudoers
if [ $? -ne 0 ]; then
echo "lab ALL=(ALL:ALL) ALL" >> /etc/sudoers
fi
# make lab the owner of /home if it is not already
if [ $(stat -c %U /home) != "lab" ]; then
chown -R lab /home
fi
# !!!! admin user (failsafe) should be created during ubuntu install...
# create failsafe user
#LOCAL_USER="failsafe"
#LOCAL_PASS="*******"
# check if users exists or not
#grep -q "^$LOCAL_USER" /etc/passwd
#if [ $? -ne 0 ]; then
# echo "Creating failsafe user..."
# useradd -m $LOCAL_USER -d /var/local/$LOCAL_USER -s /bin/bash -p $(openssl passwd -1 $LOCAL_PASS) -G sudo
# chown -R $LOCAL_USER /var/local/$LOCAL_USER
#fi
# remove past admin user if it exists
#grep -q "^$PAST_ADMIN" /etc/passwd
#if [ $? -eq 0 ]; then
# echo "Removing past admin user..."
# userdel -r $PAST_ADMIN
#fi
echo "[LDAP] Configuration complete. LDAP users should now be able to log in and access their NFS home directories."#!/bin/bash
apt-get install -y autofs
echo "[NFS] Configuring autoFS mount of /home..."
echo "[NFS] Backing up original configuration files..."
cp /etc/auto.master /etc/auto.master.bak
cp /etc/auto.home /etc/auto.home.bak
# if not already present, add the following line to /etc/auto.master
grep -q "^/home" /etc/auto.master
if [ $? -ne 0 ]; then
echo "/home /etc/auto.home" >> /etc/auto.master
fi
if [ ! -f /etc/auto.home ]; then
touch /etc/auto.home
echo "* -fstype=nfs,rw $NFS_SERVER:$NFS_HOME/&" > /etc/auto.home
fi
# Restart autofs to apply the configuration
systemctl restart autofs || die "Failed to restart autofs."(in case it is more convenient to curl a bootstrap script than cloning the whole repo)
#!/bin/bash
# Service variables moved to config file
GITHUB_REPO="https://github.com/IE-Robotics-Lab/scripts"
DNS_ENABLE_SCRIPT="https://raw.githubusercontent.com/IE-Robotics-Lab/scripts/main/ubuntu_enable_local_dns.sh"
ADD_STUDENT_SCRIPT="https://raw.githubusercontent.com/IE-Robotics-Lab/scripts/main/setup/adduser.sh"
ANSIBLE_SSH="setup/services/ssh.yml"
. $(dirname $0)/../common/useful.sh
# !!!! install each package set inside its own task script
# libnss-ldapd libpam-ldapd nscd nslcd installed in setup/services/LDAP.sh
# autofs installed in setup/services/nfs.sh
# ansible is being retired
apt install -y curl || die "Failed to install curl."
assert
####### PACKAGES SETUP #######
# !!!! better reflect decissions in configuration (instead of interactive questions)
read -r -p "Would you like to install software packages? (y/n)" response
if [[ "$response" =~ ^([yY][eE][sS]|[yY])$ ]]; then
software/essentials.sh
software/python-packages.sh
software/docker.sh
software/vnc.sh
software/ros.sh
echo "Packages installed"
else
echo "Skipping ROS and software installation..."
fi
assert
# !!!! script to setup SSH
# ansible-pull -U $GITHUB_REPO -i "localhost," -c local -K $ANSIBLE_SSH || die "Failed to run Ansible playbook."
####### DNS SETUP #######
echo "Testing local DNS resolution..."
ping prometheus -c 5 >/dev/null 2>&1
if [ $? -ne 0 ]; then
read -r -p "Local DNS resolution is not working. Would you like to set up a local DNS server? (y/n)" response
if [[ "$response" =~ ^([yY][eE][sS]|[yY])$ ]]; then
echo "Enabling local DNS resolution..."
curl -s "$DNS_ENABLE_SCRIPT" | bash || die "Failed to enable local DNS resolution."
echo "Waiting for DNS to update..."
sleep 5
else
echo "Skipping DNS setup."
fi
fi
####### LDAP CONFIGURATION #######
# reuse services/ldap.sh script
./setup/services/ldap.sh
####### NFS CONFIGURATION #######
# reuse services/nfs.sh script
./setup/services/nfs.sh
# !!!! is it actually needed?
# Ensure home directory is owned by 'lab'
[ "$(stat -c %U /home)" != "$PAST_ADMIN" ] && chown -R lab /home
####### TESTING #######
echo "Testing LDAP and NFS configuration..."
getent passwd | grep ldap >/dev/null && echo "LDAP configuration successful." || echo "LDAP configuration failed."
ls /home >/dev/null && echo "NFS mount successful." || echo "NFS mount failed."
echo "Setup complete! LDAP users should now be able to log in and access their NFS home directories."
####### USER MANAGEMENT #######
# Add 'lab' to sudoers - users.sh
####### ADD STUDENT USER #######
read -r -p "Would you like to add a student user? (y/n)" response
if [[ "$response" =~ ^([yY][eE][sS]|[yY])$ ]]; then
echo "Running adduser.sh script..."
curl -s "$ADD_STUDENT_SCRIPT" | bash || die "Failed to add student user."
else
echo "Skipping student user creation."
fi
echo "Rebooting in 10 seconds..."
sleep 10
rebootsudo add-apt-repository --yes --update ppa:ansible/ansible
sudo apt-get update -y
sudo apt-get install -y ansible
# Ensure Git is installed
sudo apt-get install -y git
#!/bin/bash
# Check if the script is run as root
if [ "$EUID" -ne 0 ]; then
echo "Please run this script as root."
exit 1
fi
# Check if a new hostname is provided
if [ -z "$1" ]; then
echo "Usage: $0 <new-hostname>"
exit 1
fi
NEW_HOSTNAME=$1
# Update /etc/hostname
echo "$NEW_HOSTNAME" > /etc/hostname
# Update /etc/hosts
sed -i "s/^127\.0\.1\.1\s.*/127.0.1.1 $NEW_HOSTNAME/" /etc/hosts
# Apply the new hostname
hostnamectl set-hostname "$NEW_HOSTNAME"
# Confirm the change
echo "Hostname successfully changed to: $NEW_HOSTNAME"#!/bin/bash
# Disable and stop systemd-resolved
sudo systemctl disable systemd-resolved
sudo systemctl stop systemd-resolved
# Backup NetworkManager.conf
cp /etc/NetworkManager/NetworkManager.conf /etc/NetworkManager/NetworkManager.conf.bak
# Update DNS setting in NetworkManager.conf
if ! grep -q "dns=10.205.10.2" /etc/NetworkManager/NetworkManager.conf; then
line_number=$(grep -n "\[main\]" /etc/NetworkManager/NetworkManager.conf | cut -d: -f1)
sed -i "$line_number a dns=10.205.10.2" /etc/NetworkManager/NetworkManager.conf
fi
# Backup and remove resolv.conf
cp /etc/resolv.conf /etc/resolv.conf.bak
rm -f /etc/resolv.conf
# Restart NetworkManager
sudo systemctl restart NetworkManager
# Create the /local directory and set permissions
sudo mkdir /local
sudo chmod 755 /local
sudo chown root:root /local
# Modify the adduser default configuration to change the home directory base
sudo sed -i 's|DHOME=/home|DHOME=/local|' /etc/adduser.conf
# Add the student user with a specified home directory and GECOS information
sudo adduser --home /local/student --gecos "Student Guest" student <<EOF
EOF
# Retrieve the hostname
HOSTNAME=$(hostname)
# Set the student's password to the hostname
echo "student:$HOSTNAME" | sudo chpasswd
# Output a message indicating the password has been set
echo "Password for user 'student' has been set to the hostname: $HOSTNAME"#!/bin/bash
# Script to sync home directory permissions and ownership based on LDAP configuration
# Function to apply ownership and permissions
sync_directory() {
local dir=$1
local user=$2
local group=$3
local permissions=$4
echo "Updating $dir..."
sudo chown -R "$user":"$group" "$dir"
sudo chmod "$permissions" "$dir"
}
# Sync directories based on the given mapping
# sync_directory /home/cgomez cgomez 1000000 755
# sync_directory /home/edu edu 1000000 755
# sync_directory /home/forfaly forfaly 1000000 755
# sync_directory /home/gringo gringo 1000000 755
# sync_directory /home/haxybaxy haxybaxy 1000000 755
# sync_directory /home/luis luis 1000000 755
# sync_directory /home/paches paches 1000000 755
# sync_directory /home/rodrigo rodrigo 1000000 755
# sync_directory /home/Suzan suzan 1000000 755
# sync_directory /home/velocitatem velocitatem 1000000 755
sync_directory /home/lab lab 1000000 755
# Verify the changes
echo "Verification of changes:"
ls -la /homeSoftware installation scripts live inside software directory
Currently software is installed directly into the OS, but the plan is to try to install as few as possible as OS packages and move towards (user) software environments
#!/bin/bash
apt-get update
apt-get install -y vim git curl wget net-tools python3 python3-pip
# Update OS pip to latest
# !!!! is last version of pip really needed?
pip3 install --upgrade pip#!/bin/bash
pip install virtualenv numpy pandas#!/bin/bash
apt-get install -y docker.io#!/bin/bash
apt-get install -y tigervnc-standalone-server#!/bin/bash
apt-get install -y xrdp
mkdir /etc/polkit-1/localauthority/50-local.d
chown 755 /etc/polkit-1/localauthority/50-local.d
cat > /etc/polkit-1/localauthority/50-local.d/45-allow-colord.pkla <<EOF
[Allow Colord all Users]
Identity=unix-user:*
Action=org.freedesktop.color-manager.create-device;org.freedesktop.color-manager.create-profile;org.freedesktop.color-manager.delete-device;org.freedesktop.color-manager.delete-profile;org.freedesktop.color-manager.modify-device;org.freedesktop.color-manager.modify-profile
ResultAny=no
ResultInactive=no
ResultActive=yes
EOF
chmod 644 /etc/polkit-1/localauthority/50-local.d/45-allow-colord.pkla#!/bin/bash
ros_version="humble"
common/add-ubuntu-repo.sh universe
apt-get update
apt-get install -y curl
echo "Adding ROS repo key..."
curl -sSL https://raw.githubusercontent.com/ros/rosdistro/master/ros.key -o /usr/share/keyrings/ros-archive-keyring.gpg
# !!!! use common/add-ubuntu-repo.sh
echo "Adding ROS repo..."
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/ros-archive-keyring.gpg] http://packages.ros.org/ros2/ubuntu $(. /etc/os-release && echo $UBUNTU_CODENAME) main" | sudo tee /etc/apt/sources.list.d/ros2.list > /dev/null
apt-get update
# ROS recommends to upgrade OS before installation
apt-get upgrade -y
apt-get install -y ros-${version}-desktop
# ROS-Base Install (Bare Bones): Communication libraries, message packages, command line tools. No GUI tools.
# apt-get install -y ros-humble-ros-base
# Development tools: Compilers and other tools to build ROS packages
# apt-get install -y ros-dev-tools
echo "Installing additional ROS dependencies..."
apt-get install -y python3-rosdep python3-rosinstall python3-rosinstall-generator python3-wstool build-essential
# /etc/ros/rosdep/sources.list.d/20-default.list
echo "Initializing rosdep..."
rosdep init
echo "Updating rosdep..."
rosdep update
echo "Updating ~/.bashrc to load ROS setup.bash..."
if ! grep "source /opt/ros/noetic/setup.bash" ~/.bashrc ; then
echo "source /opt/ros/noetic/setup.bash" >> ~/.bashrc;
fi- Find the playbook you want to pull on the repository. Get the URL of the playbook.
- Use the `ansible-pull` command to pull the playbook from the URL.
BOOK="path/to/playbook.yml"
ansible-pull -U https://github.com/IE-Robotics-Lab/ -i "localhost," -c local -K $BOOK---
- name: Ensure %SUDOers line is present in /etc/sudoers
hosts: all
become: yes
tasks:
- name: Check if %SUDOers line is present
command: grep -q "^%SUDOers" /etc/sudoers
register: sudoers_check
ignore_errors: true
- name: Add %SUDOers line if not present
lineinfile:
path: /etc/sudoers
state: present
regexp: '^%SUDOers'
line: '%SUDOers ALL=(ALL:ALL) ALL'
when: sudoers_check.rc != 0
---
- name: Disable and stop systemd-resolved
hosts: all
become: yes
tasks:
- name: Disable systemd-resolved
ansible.builtin.systemd:
name: systemd-resolved
enabled: no
state: stopped
- name: Ensure dns=default is in NetworkManager.conf
ansible.builtin.lineinfile:
path: /etc/NetworkManager/NetworkManager.conf
regexp: '^dns=default$'
line: 'dns=default'
insertbefore: '^\\[main\\]'
- name: Backup resolv.conf
ansible.builtin.copy:
src: /etc/resolv.conf
dest: /etc/resolv.conf.bak
backup: yes
- name: Remove resolv.conf
ansible.builtin.file:
path: /etc/resolv.conf
state: absent
- name: Restart NetworkManager
ansible.builtin.systemd:
name: NetworkManager
state: restarted
Replaced with python packages”>software > python packages, VNC”>software > VNC, --- - name: Ensure key packages are installed hosts: all become: yes tasks: - name: Update apt cache apt: update_cache: yes - name: Install essential packages apt: name: - vim - git - curl - wget - net-tools state: present - name: Install Python and pip apt: name: - python3 - python3-pip state: present - name: Ensure pip is up to date pip: name: pip state: latest executable: pip3 - name: Install Python packages pip: name: - virtualenv - numpy - pandas state: present executable: pip3 - name: Install Docker apt: name: docker.io state: present - name: Install ROS Noetic on Ubuntu hosts: all become: yes tasks: - name: Ensure required Ubuntu repositories are enabled apt_repository: repo: "deb http://archive.ubuntu.com/ubuntu {{ item }} main restricted universe multiverse" state: present loop: - focal - focal-updates - focal-security - name: Update apt cache apt: update_cache: yes - name: Install curl apt: name: curl state: present - name: Add ROS GPG key apt_key: url: https://raw.githubusercontent.com/ros/rosdistro/master/ros.asc state: present - name: Add ROS repository to sources list apt_repository: repo: "deb http://packages.ros.org/ros/ubuntu {{ ansible_distribution_release | lower }} main" state: present - name: Update apt cache after adding ROS repository apt: update_cache: yes - name: Install ROS Noetic Desktop-Full apt: name: ros-noetic-desktop-full state: present - name: Install additional ROS dependencies apt: name: - python3-rosdep - python3-rosinstall - python3-rosinstall-generator - python3-wstool - build-essential state: present - name: Initialize rosdep command: rosdep init args: creates: /etc/ros/rosdep/sources.list.d/20-default.list - name: Update rosdep command: rosdep update - name: Source ROS setup.bash in bashrc lineinfile: path: ~/.bashrc line: "source /opt/ros/noetic/setup.bash" state: present - name: Source ROS setup.bash for current session shell: source /opt/ros/noetic/setup.bash args: executable: /bin/bash - name: Install VNC apt: name: - tigervnc-standalone-server state: present
---
- name: Install xrdp and configure polkit
hosts: all
become: yes
tasks:
- name: Install xrdp
apt:
name: xrdp
state: present
update_cache: yes
- name: Ensure /etc/polkit-1/localauthority/50-local.d directory exists
file:
path: /etc/polkit-1/localauthority/50-local.d
state: directory
mode: '0755'
- name: Create /etc/polkit-1/localauthority/50-local.d/45-allow-colord.pkla
copy:
dest: /etc/polkit-1/localauthority/50-local.d/45-allow-colord.pkla
content: |
[Allow Colord all Users]
Identity=unix-user:*
Action=org.freedesktop.color-manager.create-device;org.freedesktop.color-manager.create-profile;org.freedesktop.color-manager.delete-device;org.freedesktop.color-manager.delete-profile;org.freedesktop.color-manager.modify-device;org.freedesktop.color-manager.modify-profile
ResultAny=no
ResultInactive=no
ResultActive=yes
mode: '0644'
---
- name: Install, configure, and enable SSH server
hosts: all
become: yes
tasks:
- name: Ensure SSH package is installed (Debian/Ubuntu)
apt:
name: openssh-server
state: present
when: ansible_os_family == "Debian"
- name: Ensure SSH package is installed (RedHat/CentOS)
yum:
name: openssh-server
state: present
when: ansible_os_family == "RedHat"
- name: Ensure SSH configuration file is backed up
copy:
src: /etc/ssh/sshd_config
dest: /etc/ssh/sshd_config.bak
remote_src: yes
notify: Restart SSH
- name: Configure SSH to disable root login
lineinfile:
path: /etc/ssh/sshd_config
regexp: '^#?PermitRootLogin'
line: 'PermitRootLogin no'
notify: Restart SSH
- name: Configure SSH to use key-based authentication only
lineinfile:
path: /etc/ssh/sshd_config
regexp: '^#?PasswordAuthentication'
line: 'PasswordAuthentication no'
notify: Restart SSH
- name: Ensure SSH service is enabled and started (Debian/Ubuntu)
service:
name: ssh
state: started
enabled: yes
when: ansible_os_family == "Debian"
- name: Ensure SSH service is enabled and started (RedHat/CentOS)
service:
name: sshd
state: started
enabled: yes
when: ansible_os_family == "RedHat"
handlers:
- name: Restart SSH
service:
name: "{{ 'ssh' if ansible_os_family == 'Debian' else 'sshd' }}"
state: restarted