close
Warning:
Can't synchronize with repository "(default)" (/common/SVN/wimax does not appear to be a Subversion repository.). Look in the Trac log for more information.
- Timestamp:
-
Oct 10, 2014, 9:35:44 PM (9 years ago)
- Author:
-
ssugrim
- Comment:
-
—
Legend:
- Unmodified
- Added
- Removed
- Modified
-
v14
|
v15
|
|
5 | 5 | === Post-installation OS Services Configuration === |
6 | 6 | |
7 | | Run the OS configuration script: |
8 | | {{{ |
| 7 | 1. Run the OS configuration script: |
| 8 | {{{ |
9 | 9 | /usr/sbin/geni_os_setup.rb |
10 | | }}} |
11 | | It should produce: |
12 | | {{{ |
| 10 | }}} |
| 11 | It should produce: |
| 12 | {{{ |
13 | 13 | user@testcons:~# sudo /usr/sbin/geni_os_setup.rb |
14 | 14 | Loading /etc/omf-aggmgr-5.4/site.yaml... done. |
… |
… |
|
108 | 108 | SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth |
109 | 109 | SASL SSF: 0 |
110 | | }}} |
111 | | |
112 | | After this script is run, we will need to point the dns resolver to the localhost. To do this edit ''/etc/network/interfaces'' file and change the '''dns-nameservers''' line to use '''localhost''', e.g.: |
113 | | {{{ |
| 110 | }}} |
| 111 | 2. After this script is run, we will need to point the dns resolver to the localhost. To do |
| 112 | this edit ''/etc/network/interfaces'' file and change the '''dns-nameservers''' line to |
| 113 | use '''localhost''', e.g.: |
| 114 | {{{ |
114 | 115 | # The primary network interface |
115 | 116 | auto eth2 |
… |
… |
|
120 | 121 | dns-nameservers localhost |
121 | 122 | |
122 | | }}} |
123 | | then restart the networking service to reflect the DNS change: |
124 | | {{{ |
| 123 | }}} |
| 124 | then restart the networking service to reflect the DNS change: |
| 125 | {{{ |
125 | 126 | /etc/init.d/networking restart |
126 | | }}} |
127 | | Once this setting is done you can test the local dns by tring to resolve node names e.g.: |
128 | | {{{ |
| 127 | }}} |
| 128 | Once this setting is done you can test the local dns by tring to resolve node names e.g.: |
| 129 | {{{ |
129 | 130 | host node1.geni.rutgers.edu |
130 | 131 | node1.geni.rutgers.edu has address 10.1.1.1 |
131 | | }}} |
132 | | External name resolution should also work. |
133 | | |
134 | | Next edit ''/etc/nsswitch.conf'' file so that is has the follow non comment lines: |
135 | | {{{ |
| 132 | }}} |
| 133 | External name resolution should also work. |
| 134 | |
| 135 | 3. Edit ''/etc/nsswitch.conf'' file so that is has the follow non comment lines: |
| 136 | {{{ |
136 | 137 | passwd: files ldap compat |
137 | 138 | group: files ldap compat |
… |
… |
|
147 | 148 | |
148 | 149 | netgroup: nis |
149 | | }}} |
150 | | Finally add the follow line to the /etc/sudoers file (note this is done with the visudo command). |
151 | | {{{ |
| 150 | }}} |
| 151 | 4. Add the follow line to the /etc/sudoers file (note this is done with the visudo command). |
| 152 | {{{ |
152 | 153 | %admin ALL=(ALL) ALL |
153 | 154 | %sysadmin ALL=NOPASSWD: ALL |
154 | | }}} |
| 155 | }}} |
155 | 156 | |
156 | 157 | |
157 | | In file /etc/ldap/ldap.conf make sure you have: |
158 | | {{{ |
| 158 | 5. Edit the file /etc/ldap/ldap.conf and make sure the following lines have these values (add |
| 159 | them if they are missing): |
| 160 | {{{ |
159 | 161 | TLS_CACERT /etc/ssl/certs/cacert.pem |
160 | 162 | TLS_REQCERT never |
161 | | }}} |
162 | | |
163 | | === Import initial LDAP content === |
| 163 | }}} |
| 164 | then restart the ldap daemon with: |
| 165 | {{{ |
| 166 | /etc/init.d/slapd restart |
| 167 | }}} |
| 168 | |
| 169 | === Import initial GENI LDAP content === |
164 | 170 | Next we will import initial content consisting of first groups and accounts that will be used as administrators for the range of services. The deployment assumes the following delegated accounting structure: users are organized into groups based on their organization or project (or in LDAP terms organizational units (OUs)). Each group can have number of administrators (or users with group management capabilities) but has to have one person who is the main administrator for the OU (the principal investigator - PI). While most of the account management is performed through Control Panel functions, the initial site administrator and the first OU need to be added to LDAP manually. This can be done through ''phpldapadmin'' or through LDIF configuration file and command line tools. The LDIF config for initial import looks like: |
165 | 171 | {{{ |