Changes between Version 12 and Version 13 of dSite/c0OMF

Timestamp:

Oct 10, 2014, 5:25:47 PM (10 years ago)

Author:

seskar

Comment:

—

dSite/c0OMF

@@ -69 +69 @@
 ==== LDAP Client Installation Questions ====
 
-When Installing you will be asked for the following information:
+When installing it, you will be asked for the following information:
 
  * base dc=geni,dc=net
@@ -76 +76 @@
  * rootbinddn cn=admin,dc=geni,dc=net
 
-Use the defaults for any questions not mentioned here.
+Use the defaults for any questions not mentioned here (this configuration will be overwritten by the OS setup script in the next section).
 
 ==== MySQL Installation Questions ====
@@ -86 +86 @@
 === Post-installation Configuration ===
 
-Once the installation completes you will need to modify the ''/etc/ldap.conf''. Please make sure the line:
-{{{
-pam_check_host_attr yes
-}}}
-is uncommented and is set to '''yes'''. Next add the following line to the end of your ''/etc/ldap.conf''.
-{{{
-nss_initgroups_ignoreusers backup,bin,daemon,games,gnats,irc,libuuid,libvirt-qemu,list,lp,mail,man,messagebus,news,ntp,postfix,proxy,root,sshd,statd,sync,sys,syslog,usbmux,uucp,www-data
-}}}
-
-You can verify your ldap conf config by running:
-{{{
-egrep -v "^#|^$" /etc/ldap.conf
-}}}
-It should produce results like:
-{{{
-base dc=geni,dc=net
-uri ldap://ldap.geni.net/
-ldap_version 3
-pam_check_host_attr yes
-rootbinddn cn=admin,dc=geni,dc=net
-pam_password md5
-nss_initgroups_ignoreusers backup,bin,daemon,games,gnats,irc,libuuid,libvirt-qemu,list,lp,mail,man,messagebus,news,ntp,postfix,proxy,root,sshd,statd,sync,sys,syslog,usbmux,uucp,www-data
+Edit /etc/omf-aggmgr-5.4/site.yaml file to prepare for configuring the DHCP/DNS/LDAP. The file should, at minimum, look like this:
+{{{
+---
+admins:
+  - 'globaladmin' 
+nodes:
+  - :control: "00:03:1d:0c:d3:73"
+    :data: "00:03:1d:0c:d3:72"
+    :cm: "00:20:4a:d5:94:83"
+  - :control: "00:03:1d:0c:d3:89"
+    :data: "00:03:1d:0c:d3:88"
+    :cm: "00:20:4a:d5:94:f1"
+  - :control: "00:03:1d:0c:d3:71"
+    :data: "00:03:1d:0c:d3:70"
+    :cm: "00:20:4a:d5:94:e1"
+}}}
+
+Run the OS configuration script:
+{{{
+/usr/sbin/geni_os_setup.rb
+}}}
+It should produce:
+{{{
+user@testcons:~# sudo /usr/sbin/geni_os_setup.rb
+Loading /etc/omf-aggmgr-5.4/site.yaml... done.
+Generating a 2432 bit RSA private key...
+Generating a self signed certificate...
+X.509 Certificate Information:
+        Version: 3
+        Serial Number (hex): 543811fb
+        Validity:
+                Not Before: Fri Oct 10 17:06:03 UTC 2014
+                Not After: Sat Oct 10 17:06:03 UTC 2015
+        Subject: CN=GENI 4G Authority for orbit-lab.org
+        Subject Public Key Algorithm: RSA
+        Certificate Security Level: Normal
+                Modulus (bits 2432):
+                        00:f0:49:c6:08:4b:97:31:6a:f0:d6:30:3a:23:2c:92
+                        ac:e8:30:f1:1f:5c:9b:7e:8e:1b:db:37:3b:ae:94:bb
+                        f4:82:09:ca:da:48:7b:cd:95:95:e5:7b:9a:d0:f0:85
+                        5d:13:c0:82:a5:12:eb:c5:45:e6:0c:87:05:12:22:4b
+                        94:96:74:f9:34:35:ef:20:4d:85:3d:48:44:6e:87:0b
+                        c7:48:65:e0:ea:70:f4:9a:0a:03:7c:86:c5:d0:62:39
+                        1d:a3:1e:c0:ce:09:25:8f:f7:85:21:8f:b9:81:30:8a
+                        2c:17:0e:3b:9c:56:83:4e:52:dc:1b:37:38:4f:a5:79
+                        c8:a3:b9:07:e3:38:a9:c9:59:b5:d3:d0:78:46:5f:f5
+                        81:15:6c:e9:24:a9:46:21:dc:4b:98:22:8c:b5:26:a8
+                        68:23:61:29:d2:8a:de:eb:a8:15:ac:b8:66:3a:03:e4
+                        78:02:5a:4b:d9:ae:ff:ff:42:9d:f2:10:b4:8a:9e:25
+                        25:d4:cb:f1:36:d3:2e:b2:cc:58:de:51:85:4b:82:1a
+                        9b:34:3c:0a:66:f8:a1:7b:7d:39:52:75:7d:6d:9d:e5
+                        fd:ed:c6:a0:5a:fc:39:06:a0:a9:d4:b6:8f:07:e4:18
+                        69:33:f6:34:cf:cf:5e:a3:89:e5:09:23:56:db:e4:7b
+                        13:a8:cd:c1:a6:ea:1d:95:0e:77:07:b2:f0:70:26:65
+                        b9:cc:fa:de:48:ab:8d:b9:b9:80:d1:5a:a8:a7:34:0c
+                        9e:1f:c7:02:03:63:a7:72:ac:59:83:e7:83:89:d2:4b
+                        a7
+                Exponent (bits 24):
+                        01:00:01
+        Extensions:
+                Basic Constraints (critical):
+                        Certificate Authority (CA): TRUE
+                Subject Key Identifier (not critical):
+                        89161ffe61f729a0fc210f3e8b22e8b4379a5638
+Other Information:
+        Public Key Id:
+                89161ffe61f729a0fc210f3e8b22e8b4379a5638
+
+
+
+Signing certificate...
+** Note: Please use the --sec-param instead of --bits
+Generating a 1024 bit RSA private key...
+Generating a signed certificate...
+X.509 Certificate Information:
+        Version: 3
+        Serial Number (hex): 543811fb
+        Validity:
+                Not Before: Fri Oct 10 17:06:03 UTC 2014
+                Not After: Sat Oct 10 17:06:03 UTC 2015
+        Subject: O=GENI 4G Site for orbit-lab.org,CN=testcons.orbit-lab.org
+        Subject Public Key Algorithm: RSA
+        Certificate Security Level: Weak
+                Modulus (bits 1024):
+                        00:d9:28:ed:fc:f8:c2:57:48:8a:7e:2a:91:cb:b7:48
+                        d0:d8:25:7a:b2:64:b3:3f:95:40:b1:22:3c:8e:c2:8b
+                        6b:dd:53:66:b2:3e:97:f0:48:e2:af:72:93:82:17:18
+                        91:17:3a:0b:01:8b:09:8c:9b:9c:a4:37:0c:c0:a9:1a
+                        3b:b5:66:6c:77:77:84:90:6a:fe:e2:6d:53:cf:8b:33
+                        64:f3:41:54:f2:98:99:1c:0f:d1:1c:5e:bd:70:e8:55
+                        e3:6d:ee:90:36:a7:a2:4f:3f:de:83:85:85:57:7a:bc
+                        98:64:79:b8:be:1d:bd:bc:8d:1a:3b:3f:4a:ec:8a:a0
+                        93
+                Exponent (bits 24):
+                        01:00:01
+        Extensions:
+                Basic Constraints (critical):
+                        Certificate Authority (CA): FALSE
+                Key Purpose (not critical):
+                        TLS WWW Server.
+                Key Usage (critical):
+                        Digital signature.
+                        Key encipherment.
+                Subject Key Identifier (not critical):
+                        0324b56406f97f7d19bdc1619dd29cbab231d52f
+                Authority Key Identifier (not critical):
+                        89161ffe61f729a0fc210f3e8b22e8b4379a5638
+Other Information:
+        Public Key Id:
+                0324b56406f97f7d19bdc1619dd29cbab231d52f
+
+
+
+Signing certificate...
+SASL/EXTERNAL authentication started
+SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
+SASL SSF: 0
+SASL/EXTERNAL authentication started
+SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
+SASL SSF: 0
 }}}