Context Navigation

← Previous Change
Wiki History
Next Change →

Changes between Initial Version and Version 1 of Software/bDep

Timestamp:: Oct 10, 2014, 6:02:50 PM (10 years ago)
Author:: seskar
Comment:: —

Legend:

: Unmodified
: Added
: Removed
: Modified

Software/bDep

               v1
+[[TOC(Software*, depth=2)]]
+== Configure DHCP and DNS Services ==
+=== DHCP ===
+Once the base OS is installed and we have all of the interfaces properly configured we'll need to instruct the dhcp server to hand out address on the appropriate interfaces. To configure the DHCP server we need to modify the ''/etc/dhcp/dhcpd.conf'' file. The following example has all the relvant configurations.
+To use this file you will have to modify the following portions:
+ * domain-name
+ * Node CMC mac addresses (labeled cons#)
+ * Node Control mac address (labeled node#)
+ * Node Data mac address (labeled data#)
+these fields '''MUST be modified''' to reflect your configuration.
+{{{
+option domain-name "geni.net";
+authoritative;
+use-host-decl-names on;
+get-lease-hostnames true;
+ping-check false;
+ping-timeout 0;
+log-facility local7;
+default-lease-time 86400;
+max-lease-time 86400;
+ddns-updates off;
+subnet 10.1.0.0 netmask 255.255.255.0 {
+  option domain-name-servers 10.1.0.254;
+  option routers 10.1.0.254;
+  option ntp-servers 10.1.0.254;
+  next-server 10.1.0.254;
+  host cons1 { hardware ethernet 00:20:4a:d5:94:83; fixed-address 10.1.0.1; }
+  host cons2 { hardware ethernet 00:20:4a:d5:94:f1; fixed-address 10.1.0.2; }
+  host cons3 { hardware ethernet 00:20:4a:d5:94:e1; fixed-address 10.1.0.3; }
+}
+subnet 10.1.1.0 netmask 255.255.255.0 {
+  option domain-name-servers 10.1.1.254;
+  option routers 10.1.1.254;
+  option log-servers 10.1.1.254;
+  option ntp-servers 10.1.1.254;
+  filename "pxelinux.0";
+#  allow booting;
+#  allow bootp;
+#  option option-150 code 150 = text;
+  next-server 10.1.1.254;
+  host node1 { hardware ethernet 00:03:1d:0c:d3:73; fixed-address node1.geni.net; }
+  host node2 { hardware ethernet 00:03:1d:0c:d3:89; fixed-address node2.geni.net; }
+  host node3 { hardware ethernet 00:03:1d:0c:d3:71; fixed-address node3.geni.net; }
+}
+subnet 10.1.2.0 netmask 255.255.255.0 {
+#  option domain-name-servers 10.1.2.254;
+#  option routers 10.1.2.254;
+  option ntp-servers 10.1.2.254;
+  filename "/pxelinux.fake";
+  host data1 { hardware ethernet 00:03:1d:0c:d3:72; fixed-address 10.1.2.1; }
+  host data2 { hardware ethernet 00:03:1d:0c:d3:88; fixed-address 10.1.2.2; }
+  host data3 { hardware ethernet 00:03:1d:0c:d3:70; fixed-address 10.1.2.3; }
+}
+}}}
+=== DNS ===
+The DNS configuration is split between a few files. The config files that tell named what db files to ready, and then the specific db files. There are other portions of the config that are included as part of the default install. They are not listed here.
+This is the default ''/etc/bind/named.conf''.
+{{{
+// This is the primary configuration file for the BIND DNS server named.
+//
+// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
+// structure of BIND configuration files in Debian, *BEFORE* you customize
+// this configuration file.
+//
+// If you are just adding zones, please do that in /etc/bind/named.conf.local
+include "/etc/bind/named.conf.options";
+include "/etc/bind/named.conf.local";
+include "/etc/bind/named.conf.default-zones";
+}}}
+The ''/etc/bind/named.conf.local'' is modified to point to our specific database files.
+{{{
+//
+// Do any local configuration here
+//
+// Consider adding the 1918 zones here, if they are not used in your
+// organization
+//include "/etc/bind/zones.rfc1918";
+zone "geni.net" {
+     type master;
+        file "/etc/bind/db.geni.net";
+};
+zone "1.10.in-addr.arpa" {
+        type master;
+        file "/etc/bind/db.10";
+};
+}}}
+The primary config file is ''/etc/bind/db.geni.net''. The name can be modified to reflect your site, but it has to match the entry in ''named.conf.local''. Aside from the '''domain''', this file can remain in tact.
+{{{
+;
+; BIND data file for geni.net
+;
+$TTL    604800
+@       IN      SOA     geni.net. root.geni.net. (
+         ; Serial
+         ; Refresh
+         ; Retry
+                        2419200         ; Expire
+)       ; Negative Cache TTL
+;
+                IN      A       10.1.1.254
+@               IN      NS      consolec.geni.net.
+@               IN      A       10.1.1.254
+@               IN      AAAA    ::1
+consolec        IN      A       10.1.1.254
+xmpp            IN      CNAME   consolec.geni.net.
+node1           IN      A       10.1.1.1
+node2           IN      A       10.1.1.2
+node3           IN      A       10.1.1.3
+cons1           IN      A       10.1.0.1
+cons2           IN      A       10.1.0.2
+cons3           IN      A       10.1.0.3
+data1           IN      A       10.1.2.1
+data2           IN      A       10.1.2.2
+data3           IN      A       10.1.2.3
+}}}
+''/etc/bind/db.10'' is the reverse look-up database. This file will also need to be modified to reflect the '''domain'''.
+{{{
+;
+; BIND reverse data file for 10.1
+;
+$TTL    604800
+@       IN      SOA     consolec. root.geni.net. (
+         ; Serial
+         ; Refresh
+         ; Retry
+                        2419200         ; Expire
+)       ; Negative Cache TTL
+;
+@       IN      NS      consolec.
+.0     IN      PTR     cons1.geni.net.
+.0     IN      PTR     cons2.geni.net.
+.0     IN      PTR     cons3.geni.net.
+.1     IN      PTR     node1.geni.net.
+.1     IN      PTR     node2.geni.net.
+.1     IN      PTR     node3.geni.net.
+.1   IN      PTR     consolec.geni.net.
+.2     IN      PTR     data1.geni.net.
+.2     IN      PTR     data2.geni.net.
+.2     IN      PTR     data3.geni.net.
+}}}
+== LDAP Server ==
+Accounting and scheduling depend on LDAP. The following steps will configure the LDAP server.
+=== Setting up LDAP server ===
+. Create file ''/etc/ssl/geni-site-ca.info'' with:
+    {{{
+cn = GENI WiMAX Company
+ca
+cert_signing_key
+    }}}
+. Create file ''/etc/ssl/geni-site-console.info'' with (please change console.geni.net to match
+    your FQDN):
+    {{{
+organization = Example Company
+cn = console.geni.net
+tls_www_server
+encryption_key
+signing_key
+expiration_days = 3650
+    }}}
+. Execute the following command to create SSL certificates:
+    {{{
+/usr/sbin/create_ldap_certificates.sh
+    }}}
+. Create LDIF file for our newly created certificates in the file named
+    ''/etc/ssl/geni-cert-info.ldif'':
+    {{{
+dn: cn=config
+add: olcTLSCACertificateFile
+olcTLSCACertificateFile: /etc/ssl/certs/cacert.pem
+-
+add: olcTLSCertificateFile
+olcTLSCertificateFile: /etc/ssl/certs/console_slapd_cert.pem
+-
+add: olcTLSCertificateKeyFile
+olcTLSCertificateKeyFile: /etc/ssl/private/console_slapd_key.pem
+    }}}
+    and then execute:
+    {{{
+ldapmodify -Y EXTERNAL -H ldapi:/// -f /etc/ssl/geni-cert-info.ldif
+    }}}
+    The expected output is:
+    {{{
+SASL/EXTERNAL authentication started
+SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
+SASL SSF: 0
+modifying entry "cn=config"
+    }}}
+. Fix the configuration for newly create LDAP for phpldapadmin by editing
+    ''/etc/phpldapadmin/config.php'' and changing ''dc=example,dc=com'' to ''dc=geni,dc=net''
+    {{{
+$servers->setValue('server','base',array('dc=geni,dc=net'));
+$servers->setValue('login','bind_id','cn=admin,dc=geni,dc=net');
+    }}}
+. Point the Firefox web browser to http://<console-ip-address>/phpldapadmin. Set password for group admin user (add attribute -> Password -> set password -> update object)
+. Make sure you can access the service with admin credentials:
+    {{{
+   ldapsearch -x   -b "dc=geni,dc=net"  "objectClass=organizationalRole"
+   ldapsearch -x   -b "dc=geni,dc=net"  "objectClass=organizationalUnit"
+   ldapsearch -x   -b "dc=geni,dc=net"  "objectclass=organizationalUnit"
+   ldapsearch -x   -b "dc=geni,dc=net"  "objectClass=posixGroup"
+   ldapsearch -x localhost -D "cn=admin,dc=geni,dc=net" -W -b "dc=geni,dc=net" uid=*
+    }}}