wiki:Software/bDep

Version 2 (modified by seskar, 10 years ago) ( diff )

Dependencies

DHCP

Once the base OS is installed and we have all of the interfaces properly configured we'll need to instruct the dhcp server to hand out address on the appropriate interfaces. To configure the DHCP server we need to modify the /etc/dhcp/dhcpd.conf file. The following example has all the relvant configurations.

To use this file you will have to modify the following portions:

  • domain-name
  • Node CMC mac addresses (labeled cons#)
  • Node Control mac address (labeled node#)
  • Node Data mac address (labeled data#)

these fields MUST be modified to reflect your configuration.

option domain-name "geni.net";
authoritative;
use-host-decl-names on;
get-lease-hostnames true;
ping-check false;
ping-timeout 0;
log-facility local7;
default-lease-time 86400;
max-lease-time 86400;
ddns-updates off;

subnet 10.1.0.0 netmask 255.255.255.0 {
  option domain-name-servers 10.1.0.254;
  option routers 10.1.0.254;
  option ntp-servers 10.1.0.254;
  next-server 10.1.0.254;

  host cons1 { hardware ethernet 00:20:4a:d5:94:83; fixed-address 10.1.0.1; }
  host cons2 { hardware ethernet 00:20:4a:d5:94:f1; fixed-address 10.1.0.2; }
  host cons3 { hardware ethernet 00:20:4a:d5:94:e1; fixed-address 10.1.0.3; }
}

subnet 10.1.1.0 netmask 255.255.255.0 {
  option domain-name-servers 10.1.1.254;
  option routers 10.1.1.254;
  option log-servers 10.1.1.254;
  option ntp-servers 10.1.1.254;
  filename "pxelinux.0";
#  allow booting;
#  allow bootp;
#  option option-150 code 150 = text;
  next-server 10.1.1.254;

  host node1 { hardware ethernet 00:03:1d:0c:d3:73; fixed-address node1.geni.net; }
  host node2 { hardware ethernet 00:03:1d:0c:d3:89; fixed-address node2.geni.net; }
  host node3 { hardware ethernet 00:03:1d:0c:d3:71; fixed-address node3.geni.net; }
}

subnet 10.1.2.0 netmask 255.255.255.0 {
#  option domain-name-servers 10.1.2.254;
#  option routers 10.1.2.254;
  option ntp-servers 10.1.2.254;
  filename "/pxelinux.fake";

  host data1 { hardware ethernet 00:03:1d:0c:d3:72; fixed-address 10.1.2.1; }
  host data2 { hardware ethernet 00:03:1d:0c:d3:88; fixed-address 10.1.2.2; }
  host data3 { hardware ethernet 00:03:1d:0c:d3:70; fixed-address 10.1.2.3; }
}


DNS

The DNS configuration is split between a few files. The config files that tell named what db files to ready, and then the specific db files. There are other portions of the config that are included as part of the default install. They are not listed here.

This is the default /etc/bind/named.conf.

// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the 
// structure of BIND configuration files in Debian, *BEFORE* you customize 
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local

include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";

The /etc/bind/named.conf.local is modified to point to our specific database files.

//
// Do any local configuration here
//

// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";

zone "geni.net" {
     type master;
        file "/etc/bind/db.geni.net";
};

zone "1.10.in-addr.arpa" {
        type master;
        file "/etc/bind/db.10";
};

The primary config file is /etc/bind/db.geni.net. The name can be modified to reflect your site, but it has to match the entry in named.conf.local. Aside from the domain, this file can remain in tact.

;
; BIND data file for geni.net
;
$TTL    604800
@       IN      SOA     geni.net. root.geni.net. (
                              2         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
;
                IN      A       10.1.1.254
@               IN      NS      consolec.geni.net.
@               IN      A       10.1.1.254
@               IN      AAAA    ::1
consolec        IN      A       10.1.1.254
xmpp            IN      CNAME   consolec.geni.net.

node1           IN      A       10.1.1.1
node2           IN      A       10.1.1.2
node3           IN      A       10.1.1.3

cons1           IN      A       10.1.0.1
cons2           IN      A       10.1.0.2
cons3           IN      A       10.1.0.3

data1           IN      A       10.1.2.1
data2           IN      A       10.1.2.2
data3           IN      A       10.1.2.3

/etc/bind/db.10 is the reverse look-up database. This file will also need to be modified to reflect the domain.

;
; BIND reverse data file for 10.1
;
$TTL    604800
@       IN      SOA     consolec. root.geni.net. (
                              1         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
;
@       IN      NS      consolec.
1.0     IN      PTR     cons1.geni.net.
2.0     IN      PTR     cons2.geni.net.
3.0     IN      PTR     cons3.geni.net.

1.1     IN      PTR     node1.geni.net.
2.1     IN      PTR     node2.geni.net.
3.1     IN      PTR     node3.geni.net.
254.1   IN      PTR     consolec.geni.net.

1.2     IN      PTR     data1.geni.net.
2.2     IN      PTR     data2.geni.net.
3.2     IN      PTR     data3.geni.net.

LDAP Server

Accounting and scheduling depend on LDAP. The following steps will configure the LDAP server.

  1. Create file /etc/ssl/geni-site-ca.info with:
    cn = GENI WiMAX Company
    ca
    cert_signing_key
    
  2. Create file /etc/ssl/geni-site-console.info with (please change console.geni.net to match your FQDN):
    organization = Example Company
    cn = console.geni.net
    tls_www_server
    encryption_key
    signing_key
    expiration_days = 3650
    
  3. Execute the following command to create SSL certificates:
    /usr/sbin/create_ldap_certificates.sh
    
  4. Create LDIF file for our newly created certificates in the file named /etc/ssl/geni-cert-info.ldif:
    dn: cn=config
    add: olcTLSCACertificateFile
    olcTLSCACertificateFile: /etc/ssl/certs/cacert.pem
    -
    add: olcTLSCertificateFile
    olcTLSCertificateFile: /etc/ssl/certs/console_slapd_cert.pem
    -
    add: olcTLSCertificateKeyFile
    olcTLSCertificateKeyFile: /etc/ssl/private/console_slapd_key.pem
    
    and then execute:
    ldapmodify -Y EXTERNAL -H ldapi:/// -f /etc/ssl/geni-cert-info.ldif
    
    The expected output is:
    SASL/EXTERNAL authentication started
    SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
    SASL SSF: 0
    modifying entry "cn=config"
    
  5. Fix the configuration for newly create LDAP for phpldapadmin by editing /etc/phpldapadmin/config.php and changing dc=example,dc=com to dc=geni,dc=net
    $servers->setValue('server','base',array('dc=geni,dc=net'));
    $servers->setValue('login','bind_id','cn=admin,dc=geni,dc=net');
    
  6. Point the Firefox web browser to http://<console-ip-address>/phpldapadmin. Set password for group admin user (add attribute → Password → set password → update object)
  7. Make sure you can access the service with admin credentials:
       ldapsearch -x   -b "dc=geni,dc=net"  "objectClass=organizationalRole"
       ldapsearch -x   -b "dc=geni,dc=net"  "objectClass=organizationalUnit"
       ldapsearch -x   -b "dc=geni,dc=net"  "objectclass=organizationalUnit"
       ldapsearch -x   -b "dc=geni,dc=net"  "objectClass=posixGroup"
       ldapsearch -x localhost -D "cn=admin,dc=geni,dc=net" -W -b "dc=geni,dc=net" uid=*
    
Note: See TracWiki for help on using the wiki.