How to build a SandBox console
Updating for 14.04, 06/12/2015
- Boot Ubuntu 14.04 Server installation medium (you may need a usb-cdrom).
- perform a standard installation using the installation defaults, with noted deviations:
- Partition - Choose "Guided use entire disk" (No LVM)
- User Name / Password - Use the well known orbit default
- Roles - Add the ssh server role
- Check that the network interfaces get the correct address from the correct networks:
- em1 - DMZ
- em2 - Control
- The core packages can be installed as a group via this command:
sudo apt-get install logwatch logrotate nfs-common libpam-ldap libnss-ldap cfengine3 emacs ntp fail2ban
It will ask questions, but you can accept the defaults as later steps will replace the config files.
- Add the following line to /etc/fstab
home:/export/home /home nfs _netdev,auto 0 0
- Install ldap libraries. This process will ask you a bunch of ldap related questions that will be used to prime the ldap.confs (there are 2). It's not critical to get them correct as we're just going to replace those conf's any way. (Accepting the defaults is ok).
- The /etc/ldap.conf is one of two files that configures the ldap client. The non-commented lines in this file are as follows:
base dc=orbit-lab,dc=org uri ldap://ldap.orbit-lab.org/ ldap_version 3 binddn rootbinddn cn=admin,dc=orbit-lab,dc=org pam_password md5 nss_initgroups_ignoreusers backup,bin,daemon,games,gnats,irc,libuuid,libvirt-qemu,list,lp,mail,man,messagebus,news,ntp,postfix,proxy,root,sshd,statd,sync,sys,syslog,usbmux,uucp,www-dataYou could edit this file and change all the values to reflect this (leaving the rest as comments) or simply replace the one you have with this one. You can also check the non-comment lines by executing:
egrep -v "^#|^$" /etc/ldap.conf
- The /etc/ldap/ldap.conf is the second file that guides the client. It have very few actual lines:
BASE dc=orbit-lab,dc=org URI ldap://ldap.orbit-lab.orgAgain you can edit it directly or copy this version.
- The /etc/nsswitch.conf file should have the follow non comment lines:
passwd: files ldap compat group: files ldap compat shadow: files compat hosts: files dns networks: files protocols: db files services: db files ethers: db files rpc: db files netgroup: nisAgain you can edit it directly or copy this version.
- Copy or create the /etc/ldap.secret file from another sandbox. (needs root permissions)
- set permissions of file to 600
- Finally add the follow line to the /etc/sudoers file (note this is done with the visudo command). This has to be done manually.
%admin ALL=(ALL) ALL %sysadmin ALL=NOPASSWD: ALL
- Configure networking for the node facing interface of the console and change the address to the appropriate subnet for the sandbox's control vlan. e.g.:
auto em2 iface em2 inet static address 10.14.0.10 netmask 255.255.0.0
OMF / OML The Orbit measurement framework binaries.
- Configure Apt Repository
To begin we'll need to add the repositories (ORBIT and MyTestbed) to the list of sources that our console will pull packages from. This is done by running the following commands.
wget -qO - http://packages.orbit-lab.org/downloads/orbitapt.gpg.key | sudo apt-key add - wget -qO - http://download.opensuse.org/repositories/devel:/tools:/mytestbed:/stable/xUbuntu_14.04/Release.key | sudo apt-key add - echo 'deb http://packages.orbit-lab.org/ubuntu trusty main' >> /etc/apt/sources.list.d/orbit.list echo 'deb http://download.opensuse.org/repositories/devel:/tools:/mytestbed:/stable/xUbuntu_14.04/ /' >> /etc/apt/sources.list.d/oml2.list
- Once the changes are in place, we execute
apt-get update apt-get upgrade
- We will then install the following packages NOTE: ADD MONITOR PACKAGE
apt-get install omf-aggmgr-common-5.4 omf-common-5.4 omf-expctl-5.4 omf-aggmgr-result-5.4 liboml2 oml2-server
- Copy a working config file for /etc/omf-expctl-5.X/omf-expctl.yaml from another sandbox and modify its ip addresses and the domain name. The XMPP server is xmpp for 5.3 and xmpp2.orbit-lab.org for 5.4.
- Copy /etc/omf-expctl-5.X/services.yaml
- Configure omf-aggmgr-5.4 to enable result service by creating file in /etc/omf-aggmgr-5.X/available/result.yaml with
--- result: # Path to the SQLite3 client binary sqlite3_path: '/usr/bin/sqlite3' # Path to the directory holding the experiment measurement databases database_path: '/var/lib/oml2'
- and then link it:
cd /etc/omf-aggmgr-5.3/enabled; ln -s ../available/result.xml
- Link omf to omf-5.4 with the following command
sudo update-alternatives --install /usr/bin/omf omf /usr/bin/omf-5.4 1
- fix hostname and domainname
- set /etc/hostname to console
- set /etc/hosts second line to fqdn
- restart hostname service
- Install the cfengine3 package and then copy
sudo scp /etc/cfengine3/*.cf console.??:/etc/cfengine3/
- from dhcp1:
- delete pub key if for the console's ip if it exists.
- sudo scp /var/lib/cfengine3/ppkeys/root-10.0.0.9.pub console.??:/var/lib/cfengine3/ppkeys/
- Run cf-agent on the console we're installing.
OS specific notes
The passwd command in fails after follwing these instructions. There is a minor tweak needed to get the passwd command to work. Edit the /etc/pam.d/common-password and find this line:
password [success=1 user_unknown=ignore default=die] pam_ldap.so use_authtok try_first_pass
remove use_authtok, then reboot. This should solve the problem. It documented here