close Warning: Can't synchronize with repository "(default)" (/common/SVN/wimax does not appear to be a Subversion repository.). Look in the Trac log for more information.

Changes between Version 13 and Version 14 of dSite/c0OMF


Ignore:
Timestamp:
Oct 10, 2014, 6:32:38 PM (6 years ago)
Author:
seskar
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • dSite/c0OMF

    v13 v14  
    1 == Install OMF Services ==
     1== Install OMF Services and Dependencies ==
    22
    33[[TOC(WiMAX/dSite*)]]
     
    8484==== Postfix Installation Questions ====
    8585
    86 === Post-installation Configuration ===
    87 
    88 Edit /etc/omf-aggmgr-5.4/site.yaml file to prepare for configuring the DHCP/DNS/LDAP. The file should, at minimum, look like this:
    89 {{{
    90 ---
    91 admins:
    92   - 'globaladmin'
    93 nodes:
    94   - :control: "00:03:1d:0c:d3:73"
    95     :data: "00:03:1d:0c:d3:72"
    96     :cm: "00:20:4a:d5:94:83"
    97   - :control: "00:03:1d:0c:d3:89"
    98     :data: "00:03:1d:0c:d3:88"
    99     :cm: "00:20:4a:d5:94:f1"
    100   - :control: "00:03:1d:0c:d3:71"
    101     :data: "00:03:1d:0c:d3:70"
    102     :cm: "00:20:4a:d5:94:e1"
    103 }}}
    104 
    105 Run the OS configuration script:
    106 {{{
    107 /usr/sbin/geni_os_setup.rb
    108 }}}
    109 It should produce:
    110 {{{
    111 user@testcons:~# sudo /usr/sbin/geni_os_setup.rb
    112 Loading /etc/omf-aggmgr-5.4/site.yaml... done.
    113 Generating a 2432 bit RSA private key...
    114 Generating a self signed certificate...
    115 X.509 Certificate Information:
    116         Version: 3
    117         Serial Number (hex): 543811fb
    118         Validity:
    119                 Not Before: Fri Oct 10 17:06:03 UTC 2014
    120                 Not After: Sat Oct 10 17:06:03 UTC 2015
    121         Subject: CN=GENI 4G Authority for orbit-lab.org
    122         Subject Public Key Algorithm: RSA
    123         Certificate Security Level: Normal
    124                 Modulus (bits 2432):
    125                         00:f0:49:c6:08:4b:97:31:6a:f0:d6:30:3a:23:2c:92
    126                         ac:e8:30:f1:1f:5c:9b:7e:8e:1b:db:37:3b:ae:94:bb
    127                         f4:82:09:ca:da:48:7b:cd:95:95:e5:7b:9a:d0:f0:85
    128                         5d:13:c0:82:a5:12:eb:c5:45:e6:0c:87:05:12:22:4b
    129                         94:96:74:f9:34:35:ef:20:4d:85:3d:48:44:6e:87:0b
    130                         c7:48:65:e0:ea:70:f4:9a:0a:03:7c:86:c5:d0:62:39
    131                         1d:a3:1e:c0:ce:09:25:8f:f7:85:21:8f:b9:81:30:8a
    132                         2c:17:0e:3b:9c:56:83:4e:52:dc:1b:37:38:4f:a5:79
    133                         c8:a3:b9:07:e3:38:a9:c9:59:b5:d3:d0:78:46:5f:f5
    134                         81:15:6c:e9:24:a9:46:21:dc:4b:98:22:8c:b5:26:a8
    135                         68:23:61:29:d2:8a:de:eb:a8:15:ac:b8:66:3a:03:e4
    136                         78:02:5a:4b:d9:ae:ff:ff:42:9d:f2:10:b4:8a:9e:25
    137                         25:d4:cb:f1:36:d3:2e:b2:cc:58:de:51:85:4b:82:1a
    138                         9b:34:3c:0a:66:f8:a1:7b:7d:39:52:75:7d:6d:9d:e5
    139                         fd:ed:c6:a0:5a:fc:39:06:a0:a9:d4:b6:8f:07:e4:18
    140                         69:33:f6:34:cf:cf:5e:a3:89:e5:09:23:56:db:e4:7b
    141                         13:a8:cd:c1:a6:ea:1d:95:0e:77:07:b2:f0:70:26:65
    142                         b9:cc:fa:de:48:ab:8d:b9:b9:80:d1:5a:a8:a7:34:0c
    143                         9e:1f:c7:02:03:63:a7:72:ac:59:83:e7:83:89:d2:4b
    144                         a7
    145                 Exponent (bits 24):
    146                         01:00:01
    147         Extensions:
    148                 Basic Constraints (critical):
    149                         Certificate Authority (CA): TRUE
    150                 Subject Key Identifier (not critical):
    151                         89161ffe61f729a0fc210f3e8b22e8b4379a5638
    152 Other Information:
    153         Public Key Id:
    154                 89161ffe61f729a0fc210f3e8b22e8b4379a5638
    15586
    15687
    15788
    158 Signing certificate...
    159 ** Note: Please use the --sec-param instead of --bits
    160 Generating a 1024 bit RSA private key...
    161 Generating a signed certificate...
    162 X.509 Certificate Information:
    163         Version: 3
    164         Serial Number (hex): 543811fb
    165         Validity:
    166                 Not Before: Fri Oct 10 17:06:03 UTC 2014
    167                 Not After: Sat Oct 10 17:06:03 UTC 2015
    168         Subject: O=GENI 4G Site for orbit-lab.org,CN=testcons.orbit-lab.org
    169         Subject Public Key Algorithm: RSA
    170         Certificate Security Level: Weak
    171                 Modulus (bits 1024):
    172                         00:d9:28:ed:fc:f8:c2:57:48:8a:7e:2a:91:cb:b7:48
    173                         d0:d8:25:7a:b2:64:b3:3f:95:40:b1:22:3c:8e:c2:8b
    174                         6b:dd:53:66:b2:3e:97:f0:48:e2:af:72:93:82:17:18
    175                         91:17:3a:0b:01:8b:09:8c:9b:9c:a4:37:0c:c0:a9:1a
    176                         3b:b5:66:6c:77:77:84:90:6a:fe:e2:6d:53:cf:8b:33
    177                         64:f3:41:54:f2:98:99:1c:0f:d1:1c:5e:bd:70:e8:55
    178                         e3:6d:ee:90:36:a7:a2:4f:3f:de:83:85:85:57:7a:bc
    179                         98:64:79:b8:be:1d:bd:bc:8d:1a:3b:3f:4a:ec:8a:a0
    180                         93
    181                 Exponent (bits 24):
    182                         01:00:01
    183         Extensions:
    184                 Basic Constraints (critical):
    185                         Certificate Authority (CA): FALSE
    186                 Key Purpose (not critical):
    187                         TLS WWW Server.
    188                 Key Usage (critical):
    189                         Digital signature.
    190                         Key encipherment.
    191                 Subject Key Identifier (not critical):
    192                         0324b56406f97f7d19bdc1619dd29cbab231d52f
    193                 Authority Key Identifier (not critical):
    194                         89161ffe61f729a0fc210f3e8b22e8b4379a5638
    195 Other Information:
    196         Public Key Id:
    197                 0324b56406f97f7d19bdc1619dd29cbab231d52f
    198 
    199 
    200 
    201 Signing certificate...
    202 SASL/EXTERNAL authentication started
    203 SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
    204 SASL SSF: 0
    205 SASL/EXTERNAL authentication started
    206 SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
    207 SASL SSF: 0
    208 }}}
    209 
    210 Next edit /etc/nsswitch.conf file so that is has the follow non comment lines:
    211 {{{
    212     passwd:         files ldap compat
    213     group:          files ldap compat
    214     shadow:         files compat
    215 
    216     hosts:          files dns
    217     networks:       files
    218 
    219     protocols:      db files
    220     services:       db files
    221     ethers:         db files
    222     rpc:            db files
    223 
    224     netgroup:       nis
    225 }}}
    226 Finally add the follow line to the /etc/sudoers file (note this is done with the visudo command).
    227 {{{
    228     %admin ALL=(ALL) ALL
    229     %sysadmin ALL=NOPASSWD: ALL
    230 }}}
    231  
    232 
    233