wiki:dSite/c0OMF
close Warning: Can't synchronize with repository "(default)" (/common/SVN/wimax does not appear to be a Subversion repository.). Look in the Trac log for more information.

Version 13 (modified by seskar, 6 years ago) ( diff )

Install OMF Services

Table of Contents

    Configure Apt Repository

    To begin we'll need to add the Orbit apt repository to the list of sources that our console will pull packages from. This is done by running the follwing two commands.

    Note: It is assumed that you have root access and can run these commands as root if needed

    The first installs the orbit repositories gpg-key into the consoles key-ring.

    wget -qO - http://packages.orbit-lab.org/downloads/orbitapt.gpg.key | sudo apt-key add -
    

    Next we download the source list for the repository.

    wget -qO /etc/apt/sources.list.d/orbit.list http://packages.orbit-lab.org/downloads/orbit-precise.list
    

    Once we have these changes in place, we need to update the repository list via

    apt-get update
    

    Install Services

    All the services can be installed via a single container package:

    apt-get install omf-aggmgr-geni-5.4
    

    This will install:

    The following extra packages will be installed:
      apache2 apache2-mpm-prefork apache2-utils apache2.2-bin apache2.2-common auth-client-config bind9 bind9utils binutils cpp cpp-4.6 frisbee gcc gcc-4.6 gnutls-bin imagezip isc-dhcp-server ldap-auth-client
      ldap-auth-config ldap-utils ldapscripts libapache2-mod-php5 libapr1 libaprutil1 libaprutil1-dbd-sqlite3 libaprutil1-ldap libc-bin libc-dev-bin libc6 libc6-dev libcap2 libdbd-mysql-perl libdbi-perl
      libgomp1 libhtml-template-perl libltdl7 liblua5.1-0 libmpc2 libmpfr4 libmysql-ruby1.9.1 libmysqlclient-dev libmysqlclient18 libnet-daemon-perl libnss-ldap libodbc1 libpam-ldap libperl5.14 libplrpc-perl
      libquadmath0 libruby1.9.1 libslp1 libsqlite3-ruby1.9.1 libssl0.9.8 libterm-readkey-perl libyaml-0-2 linux-libc-dev make manpages-dev mysql-client-5.5 mysql-client-core-5.5 mysql-common mysql-server
      mysql-server-5.5 mysql-server-core-5.5 nmap omf-aggmgr-accountingcommon-5.4 omf-aggmgr-accountmanagement-5.4 omf-aggmgr-autoapprover-5.4 omf-aggmgr-cmc-5.4 omf-aggmgr-common-5.4
      omf-aggmgr-controlpanel-5.4 omf-aggmgr-delegatedam-5.4 omf-aggmgr-frisbee-5.4 omf-aggmgr-genimon-5.4 omf-aggmgr-instr-5.4 omf-aggmgr-inventory-5.4 omf-aggmgr-pxe-5.4 omf-aggmgr-result-5.4
      omf-aggmgr-saveimage-5.4 omf-aggmgr-scheduler-5.4 omf-aggmgr-status-5.4 omf-aggmgr-wimaxrf-5.4 omf-common-5.4 perl perl-base perl-modules php5-cli php5-common php5-fpm php5-ldap phpldapadmin pwgen
      ruby-mysql ruby-sqlite3 ruby1.9.1 ruby1.9.1-dev sharutils slapd sqlite3 ssl-cert tftpd-hpa zlib1g-dev
    Suggested packages:
      apache2-doc apache2-suexec apache2-suexec-custom libpam-cracklib bind9-doc binutils-doc cpp-doc gcc-4.6-locales gcc-multilib autoconf automake1.9 libtool flex bison gdb gcc-doc gcc-4.6-multilib
      libmudflap0-4.6-dev gcc-4.6-doc libgcc1-dbg libgomp1-dbg libquadmath0-dbg libmudflap0-dbg binutils-gold isc-dhcp-server-ldap php-pear glibc-doc libipc-sharedcache-perl nscd libmyodbc odbc-postgresql
      tdsodbc unixodbc-bin slpd openslp-doc make-doc tinyca mailx perl-doc libterm-readline-gnu-perl libterm-readline-perl-perl libpod-plainer-perl php5-suhosin ruby1.9.1-examples ri1.9.1 graphviz sqlite3-doc
      openssl-blacklist syslinux-common
    The following NEW packages will be installed:
      apache2 apache2-mpm-prefork apache2-utils apache2.2-bin apache2.2-common auth-client-config bind9 bind9utils binutils cpp cpp-4.6 frisbee gcc gcc-4.6 gnutls-bin imagezip isc-dhcp-server ldap-auth-client
      ldap-auth-config ldap-utils ldapscripts libapache2-mod-php5 libapr1 libaprutil1 libaprutil1-dbd-sqlite3 libaprutil1-ldap libc-dev-bin libc6-dev libcap2 libdbd-mysql-perl libdbi-perl libgomp1
      libhtml-template-perl libltdl7 liblua5.1-0 libmpc2 libmpfr4 libmysql-ruby1.9.1 libmysqlclient-dev libmysqlclient18 libnet-daemon-perl libnss-ldap libodbc1 libpam-ldap libperl5.14 libplrpc-perl
      libquadmath0 libruby1.9.1 libslp1 libsqlite3-ruby1.9.1 libssl0.9.8 libterm-readkey-perl libyaml-0-2 linux-libc-dev make manpages-dev mysql-client-5.5 mysql-client-core-5.5 mysql-common mysql-server
      mysql-server-5.5 mysql-server-core-5.5 nmap omf-aggmgr-accountingcommon-5.4 omf-aggmgr-accountmanagement-5.4 omf-aggmgr-autoapprover-5.4 omf-aggmgr-cmc-5.4 omf-aggmgr-common-5.4
      omf-aggmgr-controlpanel-5.4 omf-aggmgr-delegatedam-5.4 omf-aggmgr-frisbee-5.4 omf-aggmgr-geni-5.4 omf-aggmgr-genimon-5.4 omf-aggmgr-instr-5.4 omf-aggmgr-inventory-5.4 omf-aggmgr-pxe-5.4
      omf-aggmgr-result-5.4 omf-aggmgr-saveimage-5.4 omf-aggmgr-scheduler-5.4 omf-aggmgr-status-5.4 omf-aggmgr-wimaxrf-5.4 omf-common-5.4 php5-cli php5-common php5-fpm php5-ldap phpldapadmin pwgen ruby-mysql
      ruby-sqlite3 ruby1.9.1 ruby1.9.1-dev sharutils slapd sqlite3 ssl-cert tftpd-hpa zlib1g-dev
    The following packages will be upgraded:
      libc-bin libc6 perl perl-base perl-modules
    

    during the install process you will be prompted to answer the following questions. The order may not match up, but each will be asked.

    LDAP Server Installation Questions

    You will be promted for Ldap root passwords. The password you specify must match the password you give when configuring the client. The installer will guess the organizational structure for LDAP based on FQDN that was set during installation. For example if your machine name is console.geni.net, it will assume the domain is:

    geni.net => dc=geni,dc=net
    

    Note: For the rest of this guide we assume the domain is dc=geni,dc=net. Please adjust this domain to match your FQDN.

    LDAP Client Installation Questions

    When installing it, you will be asked for the following information:

    • base dc=geni,dc=net
    • uri ldap://console.geni.net/
    • ldap_version 3
    • rootbinddn cn=admin,dc=geni,dc=net

    Use the defaults for any questions not mentioned here (this configuration will be overwritten by the OS setup script in the next section).

    MySQL Installation Questions

    You will be prompted for a MySQL admin password during the install.

    Postfix Installation Questions

    Post-installation Configuration

    Edit /etc/omf-aggmgr-5.4/site.yaml file to prepare for configuring the DHCP/DNS/LDAP. The file should, at minimum, look like this:

    ---
    admins:
      - 'globaladmin' 
    nodes:
      - :control: "00:03:1d:0c:d3:73"
        :data: "00:03:1d:0c:d3:72"
        :cm: "00:20:4a:d5:94:83"
      - :control: "00:03:1d:0c:d3:89"
        :data: "00:03:1d:0c:d3:88"
        :cm: "00:20:4a:d5:94:f1"
      - :control: "00:03:1d:0c:d3:71"
        :data: "00:03:1d:0c:d3:70"
        :cm: "00:20:4a:d5:94:e1"
    

    Run the OS configuration script:

    /usr/sbin/geni_os_setup.rb
    

    It should produce:

    user@testcons:~# sudo /usr/sbin/geni_os_setup.rb
    Loading /etc/omf-aggmgr-5.4/site.yaml... done.
    Generating a 2432 bit RSA private key...
    Generating a self signed certificate...
    X.509 Certificate Information:
    	Version: 3
    	Serial Number (hex): 543811fb
    	Validity:
    		Not Before: Fri Oct 10 17:06:03 UTC 2014
    		Not After: Sat Oct 10 17:06:03 UTC 2015
    	Subject: CN=GENI 4G Authority for orbit-lab.org
    	Subject Public Key Algorithm: RSA
    	Certificate Security Level: Normal
    		Modulus (bits 2432):
    			00:f0:49:c6:08:4b:97:31:6a:f0:d6:30:3a:23:2c:92
    			ac:e8:30:f1:1f:5c:9b:7e:8e:1b:db:37:3b:ae:94:bb
    			f4:82:09:ca:da:48:7b:cd:95:95:e5:7b:9a:d0:f0:85
    			5d:13:c0:82:a5:12:eb:c5:45:e6:0c:87:05:12:22:4b
    			94:96:74:f9:34:35:ef:20:4d:85:3d:48:44:6e:87:0b
    			c7:48:65:e0:ea:70:f4:9a:0a:03:7c:86:c5:d0:62:39
    			1d:a3:1e:c0:ce:09:25:8f:f7:85:21:8f:b9:81:30:8a
    			2c:17:0e:3b:9c:56:83:4e:52:dc:1b:37:38:4f:a5:79
    			c8:a3:b9:07:e3:38:a9:c9:59:b5:d3:d0:78:46:5f:f5
    			81:15:6c:e9:24:a9:46:21:dc:4b:98:22:8c:b5:26:a8
    			68:23:61:29:d2:8a:de:eb:a8:15:ac:b8:66:3a:03:e4
    			78:02:5a:4b:d9:ae:ff:ff:42:9d:f2:10:b4:8a:9e:25
    			25:d4:cb:f1:36:d3:2e:b2:cc:58:de:51:85:4b:82:1a
    			9b:34:3c:0a:66:f8:a1:7b:7d:39:52:75:7d:6d:9d:e5
    			fd:ed:c6:a0:5a:fc:39:06:a0:a9:d4:b6:8f:07:e4:18
    			69:33:f6:34:cf:cf:5e:a3:89:e5:09:23:56:db:e4:7b
    			13:a8:cd:c1:a6:ea:1d:95:0e:77:07:b2:f0:70:26:65
    			b9:cc:fa:de:48:ab:8d:b9:b9:80:d1:5a:a8:a7:34:0c
    			9e:1f:c7:02:03:63:a7:72:ac:59:83:e7:83:89:d2:4b
    			a7
    		Exponent (bits 24):
    			01:00:01
    	Extensions:
    		Basic Constraints (critical):
    			Certificate Authority (CA): TRUE
    		Subject Key Identifier (not critical):
    			89161ffe61f729a0fc210f3e8b22e8b4379a5638
    Other Information:
    	Public Key Id:
    		89161ffe61f729a0fc210f3e8b22e8b4379a5638
    
    
    
    Signing certificate...
    ** Note: Please use the --sec-param instead of --bits
    Generating a 1024 bit RSA private key...
    Generating a signed certificate...
    X.509 Certificate Information:
    	Version: 3
    	Serial Number (hex): 543811fb
    	Validity:
    		Not Before: Fri Oct 10 17:06:03 UTC 2014
    		Not After: Sat Oct 10 17:06:03 UTC 2015
    	Subject: O=GENI 4G Site for orbit-lab.org,CN=testcons.orbit-lab.org
    	Subject Public Key Algorithm: RSA
    	Certificate Security Level: Weak
    		Modulus (bits 1024):
    			00:d9:28:ed:fc:f8:c2:57:48:8a:7e:2a:91:cb:b7:48
    			d0:d8:25:7a:b2:64:b3:3f:95:40:b1:22:3c:8e:c2:8b
    			6b:dd:53:66:b2:3e:97:f0:48:e2:af:72:93:82:17:18
    			91:17:3a:0b:01:8b:09:8c:9b:9c:a4:37:0c:c0:a9:1a
    			3b:b5:66:6c:77:77:84:90:6a:fe:e2:6d:53:cf:8b:33
    			64:f3:41:54:f2:98:99:1c:0f:d1:1c:5e:bd:70:e8:55
    			e3:6d:ee:90:36:a7:a2:4f:3f:de:83:85:85:57:7a:bc
    			98:64:79:b8:be:1d:bd:bc:8d:1a:3b:3f:4a:ec:8a:a0
    			93
    		Exponent (bits 24):
    			01:00:01
    	Extensions:
    		Basic Constraints (critical):
    			Certificate Authority (CA): FALSE
    		Key Purpose (not critical):
    			TLS WWW Server.
    		Key Usage (critical):
    			Digital signature.
    			Key encipherment.
    		Subject Key Identifier (not critical):
    			0324b56406f97f7d19bdc1619dd29cbab231d52f
    		Authority Key Identifier (not critical):
    			89161ffe61f729a0fc210f3e8b22e8b4379a5638
    Other Information:
    	Public Key Id:
    		0324b56406f97f7d19bdc1619dd29cbab231d52f
    
    
    
    Signing certificate...
    SASL/EXTERNAL authentication started
    SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
    SASL SSF: 0
    SASL/EXTERNAL authentication started
    SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
    SASL SSF: 0
    

    Next edit /etc/nsswitch.conf file so that is has the follow non comment lines:

        passwd:         files ldap compat
        group:          files ldap compat
        shadow:         files compat
    
        hosts:          files dns
        networks:       files
    
        protocols:      db files
        services:       db files
        ethers:         db files
        rpc:            db files
    
        netgroup:       nis
    

    Finally add the follow line to the /etc/sudoers file (note this is done with the visudo command).

        %admin ALL=(ALL) ALL
        %sysadmin ALL=NOPASSWD: ALL
    

    Attachments (7)

    Download all attachments as: .zip

    Note: See TracWiki for help on using the wiki.