IRTF VNC Documentation
NASA InfraRed Telescope Facility (IRTF), Institute for Astronomy, University of Hawaii
NASA InfraRed Telescope Facility (IRTF), Institute for Astronomy, University of Hawaii
Goal: Set up local accounts to be used as virtual VNC sessions for IRTF operations. Using RealVNC + SystemXorg Server + XFCE desktops.1. System Changes
1.1) agp dnf install apg # Install APG ( Automated Password Generator) needed for POTD 1.2) policy kit To disallow/remove shutdown/restart options on Xfce4 you need to set hybernate/shutdown/reboot to no/auth_admin in these files: vi /usr/share/polkit-1/actions/org.xfce.power.policy # set Suspend or Hibernate to "auth_admin" 32:auth_admin vi /usr/share/polkit-1/actions/org.xfce.session.policy # set Shutdown, restart, .. to "auth_admin" 21:auth_admin 1.3) ssh port conflict At display :10 I got "A VNC server is already running as :10", but wasn't. The sshd was listening on port 6010 as shown below: lsof -i tcp:6012 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME sshd 3016 root 10u IPv6 57585 0t0 TCP localhost:6012 (LISTEN) sshd 3016 root 11u IPv4 57586 0t0 TCP localhost:6012 (LISTEN) To fix, add the following to the /etc/ssh/sshd_config file: X11DisplayOffset 502. RealVNC configuration Files
The configuration files are as such. They are listed in the order they are applied (lower has precendance). /etc/vnc/config.d/custom.common # common to both Xvnc and Xorg ~/.vnc/config.d/vncserver-virtual # SystemXorg=1 to use Xorg Server /etc/vnc/policy.d/common # Policy, user can't override.3. User accounts
Using local user accounts to host the vnc session. Vnc password is based on SystemAuth (the login password). User accounts are on the /home2/ partition (not NIS based). (see user_accounts.html for comprehensive setup details) To create a user account (using vnc-99 as the example): 3.1) create account as root on local host. Use the UID corresponding to the display you are setting up an account for, in the table in 3.4 below: adduser --uid 1109 \ --user-group \ --shell /bin/tcsh \ --create-home \ --home-dir /home2/vnc-99 \ --comment "vnc 99" \ vnc-99 3.2) verify that the user is listed correctly in the /etc/passwd file: vnc-99:x:1109:1109:vnc 99:/home2/vnc-99:/bin/tcsh 3.3) Copy key files from /home2/vnc-template: (full config notes in user_accounts.html) rsync -avi --delete --stats /home2/vnc-template/ /home2/vnc-99/ chown -R vnc-99:vnc-99 /home2/vnc-99/ chown root:bin /home2/vnc-99/Desktop/*.desktop chown root:bin /home2/vnc-99/.local/share/applications/*.desktop chown root:bin /home2/vnc-99/.config/autostart/*.desktop 3.4) Test VNC and do some basic configuration ssh stefanh -l vnc-99 vncserver-virtual :99 Dpy username used for Resolutions UID 01 vnc-bigdog bigdog 1920x1080 1011 02 vnc-guidedog guidedog 1920x1080 1012 03 vnc-cartman cartman 1920x1080 1013 04 vnc-kyle kyle 1920x1080 1014 05 vnc-mirsi mirsi 1920x1080 1015 06 vnc-moc moc 1920x1080 1016 07 vnc-felix felix 1920x1080 1017 08 vnc-opihi opihi 1920x1080 1018 09 vnc-t3remote t3remote 1920x1080 1019 10 vnc-fct fct 1280x960 1020 11 vnc-11 unused 1021 12 vnc-moris moris 1920x1080 1022 13 vnc-13 unused 1023 14 vnc-14 unused 1024 15 vnc-texes texes 2048x1152 1025 16 vnc-16 unused 1026 17 vnc-17 unused 1027 18 vnc-18 unused 1028 19 vnc-19 unused 1029 20 vnc-operator operator tools 1030 21 vnc-test test_account 1920x1080 1031 22 vnc-22 unused 1032 23 vnc-lockhart lockhart 1033 24 vnc-24 unused 1034 25 vnc-hawarden hawarden 10354. Starting VNC session at boot time
As a user, you just need to used these command to start/stop vnc session: ssh stefan -l vnc-99 # login stefan using a local vnc account vncserver-virtual :99 # start a vnc on display :99 vncserver-virtual -kill :99 # kill the running session As root, this works, but an annoyning "Polkit Error" dialog is on the desktop. Once dismissed, the vnc session seems fine. su -l -c "vncserver-virtual :99" vnc-99 su -l -c "vncserver-virtual -kill :99" vnc-99 /home/vnc/src/start-irtf-vncs/start-irtf-vnc.sh is a simple script to start all the required vnc session at boot time. Script is call using a systemctl service at boot time. How to create the systemd service to run the start-irtf-vncs.sh script: # create service vi /etc/systemd/system/start-irtf-vncs.service #the make systemd aware of the new service: systemctl daemon-reload # to enable at next boot: systemctl enable start-irtf-vncs5. Cron Jobs
As of 2023-12-12: crontab -l # /irtf.backup jobs # every Sunday, rsync the /etc and /var data 10 6 * * 0 cd /irtf.backup/servers/`/usr/bin/hostname -s`; ./rsync_etc.sh | tee ./rsync.log > /dev/null # every 3 month, do a dump (8:15am on Jan,Apr,July,Oct 15th day of the month) 15 8 15 5,11 * cd /irtf.backup/servers/`/usr/bin/hostname -s`; ./backup.sh > /dev/null # every month, do a home2 tar (7:15am on 15th day of the month) 14 7 15 * * cd /irtf.backup/servers/`/usr/bin/hostname -s`; ./tar_home2.sh > /dev/null # # at 07:10 everyday, changed vnc password 10 7 * * * /home/vnc/src/set_vnc_pw/set_vnc_pw.sh > /dev/null 2>&1
See user_accounts.html for more informaiton on the setup and configuration of the individual vnc-xxx user accounts on stefan.