close Warning: Can't synchronize with repository "(default)" (/common/SVN/wimax does not appear to be a Subversion repository.). Look in the Trac log for more information.

Changes between Version 12 and Version 13 of dSite/c0OMF


Ignore:
Timestamp:
Oct 10, 2014, 5:25:47 PM (6 years ago)
Author:
seskar
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • dSite/c0OMF

    v12 v13  
    6969==== LDAP Client Installation Questions ====
    7070
    71 When Installing you will be asked for the following information:
     71When installing it, you will be asked for the following information:
    7272
    7373 * base dc=geni,dc=net
     
    7676 * rootbinddn cn=admin,dc=geni,dc=net
    7777
    78 Use the defaults for any questions not mentioned here.
     78Use the defaults for any questions not mentioned here (this configuration will be overwritten by the OS setup script in the next section).
    7979
    8080==== MySQL Installation Questions ====
     
    8686=== Post-installation Configuration ===
    8787
    88 Once the installation completes you will need to modify the ''/etc/ldap.conf''. Please make sure the line:
    89 {{{
    90 pam_check_host_attr yes
    91 }}}
    92 is uncommented and is set to '''yes'''. Next add the following line to the end of your ''/etc/ldap.conf''.
    93 {{{
    94 nss_initgroups_ignoreusers backup,bin,daemon,games,gnats,irc,libuuid,libvirt-qemu,list,lp,mail,man,messagebus,news,ntp,postfix,proxy,root,sshd,statd,sync,sys,syslog,usbmux,uucp,www-data
    95 }}}
    96 
    97 You can verify your ldap conf config by running:
    98 {{{
    99 egrep -v "^#|^$" /etc/ldap.conf
    100 }}}
    101 It should produce results like:
    102 {{{
    103 base dc=geni,dc=net
    104 uri ldap://ldap.geni.net/
    105 ldap_version 3
    106 pam_check_host_attr yes
    107 rootbinddn cn=admin,dc=geni,dc=net
    108 pam_password md5
    109 nss_initgroups_ignoreusers backup,bin,daemon,games,gnats,irc,libuuid,libvirt-qemu,list,lp,mail,man,messagebus,news,ntp,postfix,proxy,root,sshd,statd,sync,sys,syslog,usbmux,uucp,www-data
     88Edit /etc/omf-aggmgr-5.4/site.yaml file to prepare for configuring the DHCP/DNS/LDAP. The file should, at minimum, look like this:
     89{{{
     90---
     91admins:
     92  - 'globaladmin'
     93nodes:
     94  - :control: "00:03:1d:0c:d3:73"
     95    :data: "00:03:1d:0c:d3:72"
     96    :cm: "00:20:4a:d5:94:83"
     97  - :control: "00:03:1d:0c:d3:89"
     98    :data: "00:03:1d:0c:d3:88"
     99    :cm: "00:20:4a:d5:94:f1"
     100  - :control: "00:03:1d:0c:d3:71"
     101    :data: "00:03:1d:0c:d3:70"
     102    :cm: "00:20:4a:d5:94:e1"
     103}}}
     104
     105Run the OS configuration script:
     106{{{
     107/usr/sbin/geni_os_setup.rb
     108}}}
     109It should produce:
     110{{{
     111user@testcons:~# sudo /usr/sbin/geni_os_setup.rb
     112Loading /etc/omf-aggmgr-5.4/site.yaml... done.
     113Generating a 2432 bit RSA private key...
     114Generating a self signed certificate...
     115X.509 Certificate Information:
     116        Version: 3
     117        Serial Number (hex): 543811fb
     118        Validity:
     119                Not Before: Fri Oct 10 17:06:03 UTC 2014
     120                Not After: Sat Oct 10 17:06:03 UTC 2015
     121        Subject: CN=GENI 4G Authority for orbit-lab.org
     122        Subject Public Key Algorithm: RSA
     123        Certificate Security Level: Normal
     124                Modulus (bits 2432):
     125                        00:f0:49:c6:08:4b:97:31:6a:f0:d6:30:3a:23:2c:92
     126                        ac:e8:30:f1:1f:5c:9b:7e:8e:1b:db:37:3b:ae:94:bb
     127                        f4:82:09:ca:da:48:7b:cd:95:95:e5:7b:9a:d0:f0:85
     128                        5d:13:c0:82:a5:12:eb:c5:45:e6:0c:87:05:12:22:4b
     129                        94:96:74:f9:34:35:ef:20:4d:85:3d:48:44:6e:87:0b
     130                        c7:48:65:e0:ea:70:f4:9a:0a:03:7c:86:c5:d0:62:39
     131                        1d:a3:1e:c0:ce:09:25:8f:f7:85:21:8f:b9:81:30:8a
     132                        2c:17:0e:3b:9c:56:83:4e:52:dc:1b:37:38:4f:a5:79
     133                        c8:a3:b9:07:e3:38:a9:c9:59:b5:d3:d0:78:46:5f:f5
     134                        81:15:6c:e9:24:a9:46:21:dc:4b:98:22:8c:b5:26:a8
     135                        68:23:61:29:d2:8a:de:eb:a8:15:ac:b8:66:3a:03:e4
     136                        78:02:5a:4b:d9:ae:ff:ff:42:9d:f2:10:b4:8a:9e:25
     137                        25:d4:cb:f1:36:d3:2e:b2:cc:58:de:51:85:4b:82:1a
     138                        9b:34:3c:0a:66:f8:a1:7b:7d:39:52:75:7d:6d:9d:e5
     139                        fd:ed:c6:a0:5a:fc:39:06:a0:a9:d4:b6:8f:07:e4:18
     140                        69:33:f6:34:cf:cf:5e:a3:89:e5:09:23:56:db:e4:7b
     141                        13:a8:cd:c1:a6:ea:1d:95:0e:77:07:b2:f0:70:26:65
     142                        b9:cc:fa:de:48:ab:8d:b9:b9:80:d1:5a:a8:a7:34:0c
     143                        9e:1f:c7:02:03:63:a7:72:ac:59:83:e7:83:89:d2:4b
     144                        a7
     145                Exponent (bits 24):
     146                        01:00:01
     147        Extensions:
     148                Basic Constraints (critical):
     149                        Certificate Authority (CA): TRUE
     150                Subject Key Identifier (not critical):
     151                        89161ffe61f729a0fc210f3e8b22e8b4379a5638
     152Other Information:
     153        Public Key Id:
     154                89161ffe61f729a0fc210f3e8b22e8b4379a5638
     155
     156
     157
     158Signing certificate...
     159** Note: Please use the --sec-param instead of --bits
     160Generating a 1024 bit RSA private key...
     161Generating a signed certificate...
     162X.509 Certificate Information:
     163        Version: 3
     164        Serial Number (hex): 543811fb
     165        Validity:
     166                Not Before: Fri Oct 10 17:06:03 UTC 2014
     167                Not After: Sat Oct 10 17:06:03 UTC 2015
     168        Subject: O=GENI 4G Site for orbit-lab.org,CN=testcons.orbit-lab.org
     169        Subject Public Key Algorithm: RSA
     170        Certificate Security Level: Weak
     171                Modulus (bits 1024):
     172                        00:d9:28:ed:fc:f8:c2:57:48:8a:7e:2a:91:cb:b7:48
     173                        d0:d8:25:7a:b2:64:b3:3f:95:40:b1:22:3c:8e:c2:8b
     174                        6b:dd:53:66:b2:3e:97:f0:48:e2:af:72:93:82:17:18
     175                        91:17:3a:0b:01:8b:09:8c:9b:9c:a4:37:0c:c0:a9:1a
     176                        3b:b5:66:6c:77:77:84:90:6a:fe:e2:6d:53:cf:8b:33
     177                        64:f3:41:54:f2:98:99:1c:0f:d1:1c:5e:bd:70:e8:55
     178                        e3:6d:ee:90:36:a7:a2:4f:3f:de:83:85:85:57:7a:bc
     179                        98:64:79:b8:be:1d:bd:bc:8d:1a:3b:3f:4a:ec:8a:a0
     180                        93
     181                Exponent (bits 24):
     182                        01:00:01
     183        Extensions:
     184                Basic Constraints (critical):
     185                        Certificate Authority (CA): FALSE
     186                Key Purpose (not critical):
     187                        TLS WWW Server.
     188                Key Usage (critical):
     189                        Digital signature.
     190                        Key encipherment.
     191                Subject Key Identifier (not critical):
     192                        0324b56406f97f7d19bdc1619dd29cbab231d52f
     193                Authority Key Identifier (not critical):
     194                        89161ffe61f729a0fc210f3e8b22e8b4379a5638
     195Other Information:
     196        Public Key Id:
     197                0324b56406f97f7d19bdc1619dd29cbab231d52f
     198
     199
     200
     201Signing certificate...
     202SASL/EXTERNAL authentication started
     203SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
     204SASL SSF: 0
     205SASL/EXTERNAL authentication started
     206SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
     207SASL SSF: 0
    110208}}}
    111209