Moka5 Engine User Guide - BareMetal

Managing the Moka5 Engine

• Lockdown
• Automating the installation process
• Assigning a static IP
• Setting the default list of subscribed LivePCs
• Managing the list of subscribed LivePCs centrally
• Enabling SSH root login for remote maintenance
• BACK TO TABLE OF CONTENTS

Lockdown

This allows you to disable features which would allow users to tamper with the configuration of the local computer, including the list of LivePCs.

The user interface now runs as a non-privileged user. To login in as root, go to the console, log in as 'notroot'. You can then type 'sudo sh' to access root.

• ctrl-alt-f3 will go to a console.
• cltl-alt-f6 will return to the user interface.

You can also set a root password. Place a UNIX-style password hash (looks like $1$abcdefgh....) in /sysconfig/config/root_password.

The following flags can be placed in the /sysroot/config directory to lockdown the user interface.

• lockdown_ui -- if the file exists, restrict the actions allowed in the UI
• f5_console_hide - if the file exists, don't allow F5 to bring up an xterm
• sudo_disable -- if the file exists, disable sudo
• notroot_disable -- if the file exists, disable notroot login
• doc_url -- contents of the file specify link to documentation; an empty file removes the link
• support_url -- contents of the file specify the link to the support forum; an empty file removes the link
• update_repository -- contents of the file specify the URL from which to get updates to the Moka5 Engine
• vmware_fullscreen -- set contents of this file to yes to force fullscreen for all LivePCs. Options are yes,no,default.

Automating the installation process

You can use a bootable USB key to automatically install the Moka5 Engine for BareMetal.

Using the automated installer, you can script the repartitioning and reformatting of the computer's hard disk, as well as set initial configuration options and subscribed LivePCs.

You can download the USB installer at the download page.

Run the installer from Windows XP and select the USB storage device. At the end of the install, remove the USB key and plug it back in to refresh Windows.

To configure automated install, download the following zip file (http://downloads.Moka5.com/bm-elm-release/autoinst.zip) and extract it to the root directory of the USB key. There should then be a \Moka5\autoinst directory on your USB key.

To automate the repartitioning and reformat of the hard disk, edit the \Moka5\autoinst\answers.txt file.

You can specify computer-specific partitioning and formatting settings by MAC address. Create \Moka5\autoinst\answer.xx.xx.xx.xx.xx.xx.txt where the 6 xx are replaced by the MAC address of one of the computer's network adapters.

You can also set the default configuration settings by creating files in the \Moka5\autoinst\config directory, much as you would in the /sysroot/config directory. For example, create an empty lockdown_ui file to lock down the UI. Be careful not include any extensions on the file.

You can specify additional default configurations specific to a computer by creating a \Moka5\autoinst\config.xx.xx.xx.xx.xx.xx where the 6 xx are replaced by the MAC address of one of the computer's network adapters. The hex digits in the MAC address must be written with lowercase letters. The MAC addresses of the network adapters are displayed when booting the installer from CD or USB key.

Assigning a static IP

To assign a static IP to a computer's network interface, create /sysroot/config/static_ip on that computer with the following form, substituting the appropriate values for your network:

# This is the MAC address of the interface you'd like to set the IP on
MAC=01:2a:30:4b:5c:6e
IP=10.0.0.5
NETMASK=255.255.255.0
GATEWAY=10.0.0.1
# The quotes are important
DNS="10.0.0.20 10.0.0.21"

Setting the default list of subscribed LivePCs

You may wish to change which LivePCs the Moka5 Engine is subscribed to by default when you first boot it. To do this, create a text file in /sysroot/config named default_applist. (If you're installing off a USB drive, put the default_applist file under config/ in the drive's root directory instead.) Each line of the file should have the format

LivePcID,LivePcRssUrl

For example, to add Fearless Browser to the list, add the following line to the file:

FearlessBrowser,http://www.moka5.com/livepc/sbtrss/FearlessBrowser

You can extract the ID and URL to add to the applist from the .lpc file that you download to subscribe to a LivePC. The .lpc file for the Fearless Browser contains:

id=FearlessBrowser&url=http://www.moka5.com/livepc/sbtrss/FearlessBrowser

Everything after the "id=" and before the "&" is the id and everything after the "url=" is the URL.

Managing the list of subscribed LivePCs centrally

The Moka5 Engine can pull the list of subscribed LivePC from a central server that you specify. If LivePCs are added to the list, they will be added to the Engine. If LivePC are removed from the list, they will be removed at the Engine. The Moka5 Engine checks the server every hour for an update.

You can specify a default list of subscribed LivePCs, and you can also specify lists for individual machines (based on IP address) which will override the default list.

There are three steps to configuring this mechanism: creating the list of LivePCs, posting it on the web server, and configuring the client.

The list is a text file with a series of lines in exactly the same format as that described above under Setting the default list of subscribed LivePCs.

Upload the list to a web server that the client can access. You should call the file "default_applist". We recommend that you try to pull down the file using a web browser first.

To configure the client to pull down that applist, set the remote_applist_url variable, like follows. Note: the remote_applist_url must NOT include the default_applist.

% echo "http://example.Moka5.com/cluster3" > /sysroot/config/remote_applist_url

To test, run update-applist.pl by hand:

% perl /usr/bin/update-applist.pl

A client with IP address 10.5.3.2 will also look for an applist called 10.5.3.2_applist on the server. If you wish to configure different applists for different clients, you can create an applist file with the IP address of client. This applist overrides the default_applist.

Enabling SSH root login for remote maintenance

In /sysroot/config, create a blank file called ssh_enable to enable SSH logins. To set the public keys that are allowed to log in as root, create a /sysroot/config/ssh_authorized_keys which should be an authorized_keys file in OpenSSH format.