-
Notifications
You must be signed in to change notification settings - Fork 141
Deployment
Please see the Cloud Images Wiki page for the list of images available. If you intend to deploy a local instance (without GitHub), you can use one of the images above but add following directives to rcloud.conf:
gist.backend: gitgist
gist.git.root: ${ROOT}/data/gists
Exec.auth: as-local
and make sure permissions leading to /data/rcloud/data/gists are sufficient:
sudo chgrp -R rcloud /data/rcloud/data
sudo chmod -R g+rwx /data/rcloud/data
If you want to support multiple users in the instance, you will have to run the QAP service as root and enable PAM authentication. To do that, make sure SessionKeyServer has been compiled with PAM support and then in rcloud.conf use:
Exec.auth: pam
Exec.match.user: login
In order to run the QAP service as root edit /data/rcloud/services/rcloud-qap and replace
exec su - rcloud /data/rcloud/services/rcloud-start
with
exec /data/rcloud/services/rcloud-start
Again, adjust the permissions of the gist directory:
sudo chmod a+rx /data/rcloud/data
sudo chmod 0777 /data/rcloud/data/gists
Finally, run
sudo usermod -a -G shadow ubuntu
(see below why) and restart.
On some systems PAM using pam_unix.so will fail to authenticate users due to a restriction in unix_chkpwd. The error message will be cryptic:
unix_chkpwd[1444]: check pass; user unknown
despite the fact that the user is actually correct and known. The full explanation is in this post. The most practical fix is to add the user running SKS into the shadow group (or whatever group owns /etc/shadow), e.g. for our Ubuntu cloud images that would be
sudo usermod -a -G shadow ubuntu