== Install OMF Services == [[TOC(WiMAX/dSite*)]] === Configure Apt Repository === To begin we'll need to add the Orbit apt repository to the list of sources that our console will pull packages from. This is done by running the follwing two commands. '''Note: It is assumed that you have root access and can run these commands as root if needed''' The first installs the orbit repositories gpg-key into the consoles key-ring. {{{ wget -qO - http://packages.orbit-lab.org/downloads/orbitapt.gpg.key | sudo apt-key add - }}} Next we download the source list for the repository. {{{ wget -qO /etc/apt/sources.list.d/orbit.list http://packages.orbit-lab.org/downloads/orbit-precise.list }}} Once we have these changes in place, we need to update the repository list via {{{ apt-get update }}} === Install Services === All the services can be installed via a single container package: {{{ apt-get install omf-aggmgr-geni-5.4 }}} This will install: {{{ The following extra packages will be installed: apache2 apache2-mpm-prefork apache2-utils apache2.2-bin apache2.2-common auth-client-config bind9 bind9utils binutils cpp cpp-4.6 frisbee gcc gcc-4.6 gnutls-bin imagezip isc-dhcp-server ldap-auth-client ldap-auth-config ldap-utils ldapscripts libapache2-mod-php5 libapr1 libaprutil1 libaprutil1-dbd-sqlite3 libaprutil1-ldap libc-bin libc-dev-bin libc6 libc6-dev libcap2 libdbd-mysql-perl libdbi-perl libgomp1 libhtml-template-perl libltdl7 liblua5.1-0 libmpc2 libmpfr4 libmysql-ruby1.9.1 libmysqlclient-dev libmysqlclient18 libnet-daemon-perl libnss-ldap libodbc1 libpam-ldap libperl5.14 libplrpc-perl libquadmath0 libruby1.9.1 libslp1 libsqlite3-ruby1.9.1 libssl0.9.8 libterm-readkey-perl libyaml-0-2 linux-libc-dev make manpages-dev mysql-client-5.5 mysql-client-core-5.5 mysql-common mysql-server mysql-server-5.5 mysql-server-core-5.5 nmap omf-aggmgr-accountingcommon-5.4 omf-aggmgr-accountmanagement-5.4 omf-aggmgr-autoapprover-5.4 omf-aggmgr-cmc-5.4 omf-aggmgr-common-5.4 omf-aggmgr-controlpanel-5.4 omf-aggmgr-delegatedam-5.4 omf-aggmgr-frisbee-5.4 omf-aggmgr-genimon-5.4 omf-aggmgr-instr-5.4 omf-aggmgr-inventory-5.4 omf-aggmgr-pxe-5.4 omf-aggmgr-result-5.4 omf-aggmgr-saveimage-5.4 omf-aggmgr-scheduler-5.4 omf-aggmgr-status-5.4 omf-aggmgr-wimaxrf-5.4 omf-common-5.4 perl perl-base perl-modules php5-cli php5-common php5-fpm php5-ldap phpldapadmin pwgen ruby-mysql ruby-sqlite3 ruby1.9.1 ruby1.9.1-dev sharutils slapd sqlite3 ssl-cert tftpd-hpa zlib1g-dev Suggested packages: apache2-doc apache2-suexec apache2-suexec-custom libpam-cracklib bind9-doc binutils-doc cpp-doc gcc-4.6-locales gcc-multilib autoconf automake1.9 libtool flex bison gdb gcc-doc gcc-4.6-multilib libmudflap0-4.6-dev gcc-4.6-doc libgcc1-dbg libgomp1-dbg libquadmath0-dbg libmudflap0-dbg binutils-gold isc-dhcp-server-ldap php-pear glibc-doc libipc-sharedcache-perl nscd libmyodbc odbc-postgresql tdsodbc unixodbc-bin slpd openslp-doc make-doc tinyca mailx perl-doc libterm-readline-gnu-perl libterm-readline-perl-perl libpod-plainer-perl php5-suhosin ruby1.9.1-examples ri1.9.1 graphviz sqlite3-doc openssl-blacklist syslinux-common The following NEW packages will be installed: apache2 apache2-mpm-prefork apache2-utils apache2.2-bin apache2.2-common auth-client-config bind9 bind9utils binutils cpp cpp-4.6 frisbee gcc gcc-4.6 gnutls-bin imagezip isc-dhcp-server ldap-auth-client ldap-auth-config ldap-utils ldapscripts libapache2-mod-php5 libapr1 libaprutil1 libaprutil1-dbd-sqlite3 libaprutil1-ldap libc-dev-bin libc6-dev libcap2 libdbd-mysql-perl libdbi-perl libgomp1 libhtml-template-perl libltdl7 liblua5.1-0 libmpc2 libmpfr4 libmysql-ruby1.9.1 libmysqlclient-dev libmysqlclient18 libnet-daemon-perl libnss-ldap libodbc1 libpam-ldap libperl5.14 libplrpc-perl libquadmath0 libruby1.9.1 libslp1 libsqlite3-ruby1.9.1 libssl0.9.8 libterm-readkey-perl libyaml-0-2 linux-libc-dev make manpages-dev mysql-client-5.5 mysql-client-core-5.5 mysql-common mysql-server mysql-server-5.5 mysql-server-core-5.5 nmap omf-aggmgr-accountingcommon-5.4 omf-aggmgr-accountmanagement-5.4 omf-aggmgr-autoapprover-5.4 omf-aggmgr-cmc-5.4 omf-aggmgr-common-5.4 omf-aggmgr-controlpanel-5.4 omf-aggmgr-delegatedam-5.4 omf-aggmgr-frisbee-5.4 omf-aggmgr-geni-5.4 omf-aggmgr-genimon-5.4 omf-aggmgr-instr-5.4 omf-aggmgr-inventory-5.4 omf-aggmgr-pxe-5.4 omf-aggmgr-result-5.4 omf-aggmgr-saveimage-5.4 omf-aggmgr-scheduler-5.4 omf-aggmgr-status-5.4 omf-aggmgr-wimaxrf-5.4 omf-common-5.4 php5-cli php5-common php5-fpm php5-ldap phpldapadmin pwgen ruby-mysql ruby-sqlite3 ruby1.9.1 ruby1.9.1-dev sharutils slapd sqlite3 ssl-cert tftpd-hpa zlib1g-dev The following packages will be upgraded: libc-bin libc6 perl perl-base perl-modules }}} during the install process you will be prompted to answer the following questions. The order may not match up, but each will be asked. ==== LDAP Server Installation Questions ==== You will be promted for Ldap root passwords. The password you specify must match the password you give when configuring the client. The installer will guess the organizational structure for LDAP based on FQDN that was set during installation. For example if your machine name is console.geni.net, it will assume the domain is: {{{ geni.net => dc=geni,dc=net }}} '''Note: For the rest of this guide we assume the domain is dc=geni,dc=net. Please adjust this domain to match your FQDN.''' ==== LDAP Client Installation Questions ==== When installing it, you will be asked for the following information: * base dc=geni,dc=net * uri ldap://console.geni.net/ * ldap_version 3 * rootbinddn cn=admin,dc=geni,dc=net Use the defaults for any questions not mentioned here (this configuration will be overwritten by the OS setup script in the next section). ==== MySQL Installation Questions ==== You will be prompted for a MySQL admin password during the install. ==== Postfix Installation Questions ==== === Post-installation Configuration === Edit /etc/omf-aggmgr-5.4/site.yaml file to prepare for configuring the DHCP/DNS/LDAP. The file should, at minimum, look like this: {{{ --- admins: - 'globaladmin' nodes: - :control: "00:03:1d:0c:d3:73" :data: "00:03:1d:0c:d3:72" :cm: "00:20:4a:d5:94:83" - :control: "00:03:1d:0c:d3:89" :data: "00:03:1d:0c:d3:88" :cm: "00:20:4a:d5:94:f1" - :control: "00:03:1d:0c:d3:71" :data: "00:03:1d:0c:d3:70" :cm: "00:20:4a:d5:94:e1" }}} Run the OS configuration script: {{{ /usr/sbin/geni_os_setup.rb }}} It should produce: {{{ user@testcons:~# sudo /usr/sbin/geni_os_setup.rb Loading /etc/omf-aggmgr-5.4/site.yaml... done. Generating a 2432 bit RSA private key... Generating a self signed certificate... X.509 Certificate Information: Version: 3 Serial Number (hex): 543811fb Validity: Not Before: Fri Oct 10 17:06:03 UTC 2014 Not After: Sat Oct 10 17:06:03 UTC 2015 Subject: CN=GENI 4G Authority for orbit-lab.org Subject Public Key Algorithm: RSA Certificate Security Level: Normal Modulus (bits 2432): 00:f0:49:c6:08:4b:97:31:6a:f0:d6:30:3a:23:2c:92 ac:e8:30:f1:1f:5c:9b:7e:8e:1b:db:37:3b:ae:94:bb f4:82:09:ca:da:48:7b:cd:95:95:e5:7b:9a:d0:f0:85 5d:13:c0:82:a5:12:eb:c5:45:e6:0c:87:05:12:22:4b 94:96:74:f9:34:35:ef:20:4d:85:3d:48:44:6e:87:0b c7:48:65:e0:ea:70:f4:9a:0a:03:7c:86:c5:d0:62:39 1d:a3:1e:c0:ce:09:25:8f:f7:85:21:8f:b9:81:30:8a 2c:17:0e:3b:9c:56:83:4e:52:dc:1b:37:38:4f:a5:79 c8:a3:b9:07:e3:38:a9:c9:59:b5:d3:d0:78:46:5f:f5 81:15:6c:e9:24:a9:46:21:dc:4b:98:22:8c:b5:26:a8 68:23:61:29:d2:8a:de:eb:a8:15:ac:b8:66:3a:03:e4 78:02:5a:4b:d9:ae:ff:ff:42:9d:f2:10:b4:8a:9e:25 25:d4:cb:f1:36:d3:2e:b2:cc:58:de:51:85:4b:82:1a 9b:34:3c:0a:66:f8:a1:7b:7d:39:52:75:7d:6d:9d:e5 fd:ed:c6:a0:5a:fc:39:06:a0:a9:d4:b6:8f:07:e4:18 69:33:f6:34:cf:cf:5e:a3:89:e5:09:23:56:db:e4:7b 13:a8:cd:c1:a6:ea:1d:95:0e:77:07:b2:f0:70:26:65 b9:cc:fa:de:48:ab:8d:b9:b9:80:d1:5a:a8:a7:34:0c 9e:1f:c7:02:03:63:a7:72:ac:59:83:e7:83:89:d2:4b a7 Exponent (bits 24): 01:00:01 Extensions: Basic Constraints (critical): Certificate Authority (CA): TRUE Subject Key Identifier (not critical): 89161ffe61f729a0fc210f3e8b22e8b4379a5638 Other Information: Public Key Id: 89161ffe61f729a0fc210f3e8b22e8b4379a5638 Signing certificate... ** Note: Please use the --sec-param instead of --bits Generating a 1024 bit RSA private key... Generating a signed certificate... X.509 Certificate Information: Version: 3 Serial Number (hex): 543811fb Validity: Not Before: Fri Oct 10 17:06:03 UTC 2014 Not After: Sat Oct 10 17:06:03 UTC 2015 Subject: O=GENI 4G Site for orbit-lab.org,CN=testcons.orbit-lab.org Subject Public Key Algorithm: RSA Certificate Security Level: Weak Modulus (bits 1024): 00:d9:28:ed:fc:f8:c2:57:48:8a:7e:2a:91:cb:b7:48 d0:d8:25:7a:b2:64:b3:3f:95:40:b1:22:3c:8e:c2:8b 6b:dd:53:66:b2:3e:97:f0:48:e2:af:72:93:82:17:18 91:17:3a:0b:01:8b:09:8c:9b:9c:a4:37:0c:c0:a9:1a 3b:b5:66:6c:77:77:84:90:6a:fe:e2:6d:53:cf:8b:33 64:f3:41:54:f2:98:99:1c:0f:d1:1c:5e:bd:70:e8:55 e3:6d:ee:90:36:a7:a2:4f:3f:de:83:85:85:57:7a:bc 98:64:79:b8:be:1d:bd:bc:8d:1a:3b:3f:4a:ec:8a:a0 93 Exponent (bits 24): 01:00:01 Extensions: Basic Constraints (critical): Certificate Authority (CA): FALSE Key Purpose (not critical): TLS WWW Server. Key Usage (critical): Digital signature. Key encipherment. Subject Key Identifier (not critical): 0324b56406f97f7d19bdc1619dd29cbab231d52f Authority Key Identifier (not critical): 89161ffe61f729a0fc210f3e8b22e8b4379a5638 Other Information: Public Key Id: 0324b56406f97f7d19bdc1619dd29cbab231d52f Signing certificate... SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 }}} Next edit /etc/nsswitch.conf file so that is has the follow non comment lines: {{{ passwd: files ldap compat group: files ldap compat shadow: files compat hosts: files dns networks: files protocols: db files services: db files ethers: db files rpc: db files netgroup: nis }}} Finally add the follow line to the /etc/sudoers file (note this is done with the visudo command). {{{ %admin ALL=(ALL) ALL %sysadmin ALL=NOPASSWD: ALL }}}