86 | | === Post-installation Configuration === |
87 | | |
88 | | Edit /etc/omf-aggmgr-5.4/site.yaml file to prepare for configuring the DHCP/DNS/LDAP. The file should, at minimum, look like this: |
89 | | {{{ |
90 | | --- |
91 | | admins: |
92 | | - 'globaladmin' |
93 | | nodes: |
94 | | - :control: "00:03:1d:0c:d3:73" |
95 | | :data: "00:03:1d:0c:d3:72" |
96 | | :cm: "00:20:4a:d5:94:83" |
97 | | - :control: "00:03:1d:0c:d3:89" |
98 | | :data: "00:03:1d:0c:d3:88" |
99 | | :cm: "00:20:4a:d5:94:f1" |
100 | | - :control: "00:03:1d:0c:d3:71" |
101 | | :data: "00:03:1d:0c:d3:70" |
102 | | :cm: "00:20:4a:d5:94:e1" |
103 | | }}} |
104 | | |
105 | | Run the OS configuration script: |
106 | | {{{ |
107 | | /usr/sbin/geni_os_setup.rb |
108 | | }}} |
109 | | It should produce: |
110 | | {{{ |
111 | | user@testcons:~# sudo /usr/sbin/geni_os_setup.rb |
112 | | Loading /etc/omf-aggmgr-5.4/site.yaml... done. |
113 | | Generating a 2432 bit RSA private key... |
114 | | Generating a self signed certificate... |
115 | | X.509 Certificate Information: |
116 | | Version: 3 |
117 | | Serial Number (hex): 543811fb |
118 | | Validity: |
119 | | Not Before: Fri Oct 10 17:06:03 UTC 2014 |
120 | | Not After: Sat Oct 10 17:06:03 UTC 2015 |
121 | | Subject: CN=GENI 4G Authority for orbit-lab.org |
122 | | Subject Public Key Algorithm: RSA |
123 | | Certificate Security Level: Normal |
124 | | Modulus (bits 2432): |
125 | | 00:f0:49:c6:08:4b:97:31:6a:f0:d6:30:3a:23:2c:92 |
126 | | ac:e8:30:f1:1f:5c:9b:7e:8e:1b:db:37:3b:ae:94:bb |
127 | | f4:82:09:ca:da:48:7b:cd:95:95:e5:7b:9a:d0:f0:85 |
128 | | 5d:13:c0:82:a5:12:eb:c5:45:e6:0c:87:05:12:22:4b |
129 | | 94:96:74:f9:34:35:ef:20:4d:85:3d:48:44:6e:87:0b |
130 | | c7:48:65:e0:ea:70:f4:9a:0a:03:7c:86:c5:d0:62:39 |
131 | | 1d:a3:1e:c0:ce:09:25:8f:f7:85:21:8f:b9:81:30:8a |
132 | | 2c:17:0e:3b:9c:56:83:4e:52:dc:1b:37:38:4f:a5:79 |
133 | | c8:a3:b9:07:e3:38:a9:c9:59:b5:d3:d0:78:46:5f:f5 |
134 | | 81:15:6c:e9:24:a9:46:21:dc:4b:98:22:8c:b5:26:a8 |
135 | | 68:23:61:29:d2:8a:de:eb:a8:15:ac:b8:66:3a:03:e4 |
136 | | 78:02:5a:4b:d9:ae:ff:ff:42:9d:f2:10:b4:8a:9e:25 |
137 | | 25:d4:cb:f1:36:d3:2e:b2:cc:58:de:51:85:4b:82:1a |
138 | | 9b:34:3c:0a:66:f8:a1:7b:7d:39:52:75:7d:6d:9d:e5 |
139 | | fd:ed:c6:a0:5a:fc:39:06:a0:a9:d4:b6:8f:07:e4:18 |
140 | | 69:33:f6:34:cf:cf:5e:a3:89:e5:09:23:56:db:e4:7b |
141 | | 13:a8:cd:c1:a6:ea:1d:95:0e:77:07:b2:f0:70:26:65 |
142 | | b9:cc:fa:de:48:ab:8d:b9:b9:80:d1:5a:a8:a7:34:0c |
143 | | 9e:1f:c7:02:03:63:a7:72:ac:59:83:e7:83:89:d2:4b |
144 | | a7 |
145 | | Exponent (bits 24): |
146 | | 01:00:01 |
147 | | Extensions: |
148 | | Basic Constraints (critical): |
149 | | Certificate Authority (CA): TRUE |
150 | | Subject Key Identifier (not critical): |
151 | | 89161ffe61f729a0fc210f3e8b22e8b4379a5638 |
152 | | Other Information: |
153 | | Public Key Id: |
154 | | 89161ffe61f729a0fc210f3e8b22e8b4379a5638 |
158 | | Signing certificate... |
159 | | ** Note: Please use the --sec-param instead of --bits |
160 | | Generating a 1024 bit RSA private key... |
161 | | Generating a signed certificate... |
162 | | X.509 Certificate Information: |
163 | | Version: 3 |
164 | | Serial Number (hex): 543811fb |
165 | | Validity: |
166 | | Not Before: Fri Oct 10 17:06:03 UTC 2014 |
167 | | Not After: Sat Oct 10 17:06:03 UTC 2015 |
168 | | Subject: O=GENI 4G Site for orbit-lab.org,CN=testcons.orbit-lab.org |
169 | | Subject Public Key Algorithm: RSA |
170 | | Certificate Security Level: Weak |
171 | | Modulus (bits 1024): |
172 | | 00:d9:28:ed:fc:f8:c2:57:48:8a:7e:2a:91:cb:b7:48 |
173 | | d0:d8:25:7a:b2:64:b3:3f:95:40:b1:22:3c:8e:c2:8b |
174 | | 6b:dd:53:66:b2:3e:97:f0:48:e2:af:72:93:82:17:18 |
175 | | 91:17:3a:0b:01:8b:09:8c:9b:9c:a4:37:0c:c0:a9:1a |
176 | | 3b:b5:66:6c:77:77:84:90:6a:fe:e2:6d:53:cf:8b:33 |
177 | | 64:f3:41:54:f2:98:99:1c:0f:d1:1c:5e:bd:70:e8:55 |
178 | | e3:6d:ee:90:36:a7:a2:4f:3f:de:83:85:85:57:7a:bc |
179 | | 98:64:79:b8:be:1d:bd:bc:8d:1a:3b:3f:4a:ec:8a:a0 |
180 | | 93 |
181 | | Exponent (bits 24): |
182 | | 01:00:01 |
183 | | Extensions: |
184 | | Basic Constraints (critical): |
185 | | Certificate Authority (CA): FALSE |
186 | | Key Purpose (not critical): |
187 | | TLS WWW Server. |
188 | | Key Usage (critical): |
189 | | Digital signature. |
190 | | Key encipherment. |
191 | | Subject Key Identifier (not critical): |
192 | | 0324b56406f97f7d19bdc1619dd29cbab231d52f |
193 | | Authority Key Identifier (not critical): |
194 | | 89161ffe61f729a0fc210f3e8b22e8b4379a5638 |
195 | | Other Information: |
196 | | Public Key Id: |
197 | | 0324b56406f97f7d19bdc1619dd29cbab231d52f |
198 | | |
199 | | |
200 | | |
201 | | Signing certificate... |
202 | | SASL/EXTERNAL authentication started |
203 | | SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth |
204 | | SASL SSF: 0 |
205 | | SASL/EXTERNAL authentication started |
206 | | SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth |
207 | | SASL SSF: 0 |
208 | | }}} |
209 | | |
210 | | Next edit /etc/nsswitch.conf file so that is has the follow non comment lines: |
211 | | {{{ |
212 | | passwd: files ldap compat |
213 | | group: files ldap compat |
214 | | shadow: files compat |
215 | | |
216 | | hosts: files dns |
217 | | networks: files |
218 | | |
219 | | protocols: db files |
220 | | services: db files |
221 | | ethers: db files |
222 | | rpc: db files |
223 | | |
224 | | netgroup: nis |
225 | | }}} |
226 | | Finally add the follow line to the /etc/sudoers file (note this is done with the visudo command). |
227 | | {{{ |
228 | | %admin ALL=(ALL) ALL |
229 | | %sysadmin ALL=NOPASSWD: ALL |
230 | | }}} |
231 | | |
232 | | |
233 | | |