How to build a SandBox console

Updating for 14.04, 06/12/2015

Base system

  1. Boot Ubuntu 14.04 Server installation medium (you may need a usb-cdrom).
  2. perform a standard installation using the installation defaults, with noted deviations:
    1. Partition - Choose "Guided use entire disk" (No LVM)
    2. User Name / Password - Use the well known orbit default
    3. Roles - Add the ssh server role
  3. Check that the network interfaces get the correct address from the correct networks:
    1. em1 - DMZ
    2. em2 - Control

Package Installation

  1. The core packages can be installed as a group via this command:
    sudo apt-get install logwatch logrotate nfs-common libpam-ldap libnss-ldap cfengine3 emacs ntp fail2ban

It will ask questions, but you can accept the defaults as later steps will replace the config files.

NFS Mounting

  1. Add the following line to /etc/fstab
    home:/export/home /home nfs _netdev,auto 0  0

LDAP Authentication

  1. Install ldap libraries. This process will ask you a bunch of ldap related questions that will be used to prime the ldap.confs (there are 2). It's not critical to get them correct as we're just going to replace those conf's any way. (Accepting the defaults is ok).
  2. The /etc/ldap.conf is one of two files that configures the ldap client. The non-commented lines in this file are as follows:
    base dc=orbit-lab,dc=org
    uri ldap://
    ldap_version 3
    rootbinddn cn=admin,dc=orbit-lab,dc=org
    pam_password md5
    nss_initgroups_ignoreusers backup,bin,daemon,games,gnats,irc,libuuid,libvirt-qemu,list,lp,mail,man,messagebus,news,ntp,postfix,proxy,root,sshd,statd,sync,sys,syslog,usbmux,uucp,www-data
    You could edit this file and change all the values to reflect this (leaving the rest as comments) or simply replace the one you have with this one. You can also check the non-comment lines by executing:
    egrep -v "^#|^$" /etc/ldap.conf
  3. The /etc/ldap/ldap.conf is the second file that guides the client. It have very few actual lines:
    BASE    dc=orbit-lab,dc=org
    URI     ldap://
    Again you can edit it directly or copy this version.
  4. The /etc/nsswitch.conf file should have the follow non comment lines:
    passwd:         files ldap compat
    group:          files ldap compat
    shadow:         files compat
    hosts:          files dns
    networks:       files
    protocols:      db files
    services:       db files
    ethers:         db files
    rpc:            db files
    netgroup:       nis
    Again you can edit it directly or copy this version.
  5. Copy or create the /etc/ldap.secret file from another sandbox. (needs root permissions)
  6. set permissions of file to 600
  7. Finally add the follow line to the /etc/sudoers file (note this is done with the visudo command). This has to be done manually.
    %admin ALL=(ALL) ALL
    %sysadmin ALL=NOPASSWD: ALL
  8. Configure networking for the node facing interface of the console and change the address to the appropriate subnet for the sandbox's control vlan. e.g.:
    auto em2
    iface em2 inet static

OMF / OML The Orbit measurement framework binaries.

  1. Configure Apt Repository To begin we'll need to add the repositories (ORBIT and MyTestbed) to the list of sources that our console will pull packages from. This is done by running the following commands.
    wget -qO - | sudo apt-key add -
    wget -qO - | sudo apt-key add -
    echo 'deb trusty main' >> /etc/apt/sources.list.d/orbit.list
    echo 'deb /' >> /etc/apt/sources.list.d/oml2.list
  2. Once the changes are in place, we execute
    apt-get update
    apt-get upgrade
  3. We will then install the following packages NOTE: ADD MONITOR PACKAGE
    apt-get install omf-aggmgr-common-5.4 omf-common-5.4 omf-expctl-5.4 omf-aggmgr-result-5.4 liboml2 oml2-server
  4. Copy a working config file for /etc/omf-expctl-5.X/omf-expctl.yaml from another sandbox and modify its ip addresses and the domain name. The XMPP server is xmpp for 5.3 and for 5.4.
  5. Copy /etc/omf-expctl-5.X/services.yaml
  6. Configure omf-aggmgr-5.4 to enable result service by creating file in /etc/omf-aggmgr-5.X/available/result.yaml with
      # Path to the SQLite3 client binary
      sqlite3_path: '/usr/bin/sqlite3'  
      # Path to the directory holding the experiment measurement databases
      database_path: '/var/lib/oml2'  
  7. and then link it:
    cd /etc/omf-aggmgr-5.3/enabled; ln -s ../available/result.xml
  8. Link omf to omf-5.4 with the following command
    sudo update-alternatives --install /usr/bin/omf omf /usr/bin/omf-5.4 1
  9. fix hostname and domainname
    1. set /etc/hostname to console
    2. set /etc/hosts second line to fqdn
    3. restart hostname service
  10. Install the cfengine3 package and then copy
    sudo scp /etc/cfengine3/*.cf console.??:/etc/cfengine3/
  11. from dhcp1:
    • delete pub key if for the console's ip if it exists.
    • sudo scp /var/lib/cfengine3/ppkeys/ console.??:/var/lib/cfengine3/ppkeys/
  12. Run cf-agent on the console we're installing.
    cf-agent -v

OS specific notes

Ubuntu 13.10

The passwd command in fails after follwing these instructions. There is a minor tweak needed to get the passwd command to work. Edit the /etc/pam.d/common-password and find this line:

password	[success=1 user_unknown=ignore default=die] use_authtok try_first_pass

remove use_authtok, then reboot. This should solve the problem. It documented here

Last modified 8 years ago Last modified on Jan 11, 2016, 8:52:10 PM

Attachments (3)

  • ldap.conf (9.0 KB ) - added by ssugrim 13 years ago. /etc/ldap.conf
  • ldap.2.conf (214 bytes ) - added by ssugrim 13 years ago. /etc/ldap/ldap.conf
  • nsswitch.conf (527 bytes ) - added by ssugrim 13 years ago. /etc/nsswitch.conf

Download all attachments as: .zip

Note: See TracWiki for help on using the wiki.