| Version 37 (modified by , 9 years ago) ( diff ) |
|---|
How to build a SandBox console
Updating for 14.04, 06/12/2015
LDAP questions are answered below.
Base system
- Boot Ubuntu 14.04 Server installation medium (you may need a usb-cdrom).
- perform a standard installation using the installation defaults, with noted deviations:
- Partition - Choose "Guided use entire disk" (No LVM)
- User Name / Password - Use the well known orbit default
- Roles - Add the ssh server role
- Check that the network interfaces get the correct address from the correct networks:
- em1 - DMZ
- em2 - Control
Package Installation The core packages can be installed as a group via this command:
sudo apt-get install logwatch logrotate nfs-common libpam-ldap libnss-ldap cfengine3 emacs ntp fail2ban
NFS Mounting
- Add the following line to /etc/fstab
home:/export/home /home nfs _netdev,auto 0 0
LDAP Authentication
- Install ldap libraries. This process will ask you a bunch of ldap related questions that will be used to prime the ldap.confs (there are 2). It's not critical to get them correct as we're just going to replace those conf's any way. (Accepting the defaults is ok).
- The /etc/ldap.conf is one of two files that configures the ldap client. The non-commented lines in this file are as follows:
base dc=orbit-lab,dc=org uri ldap://ldap.orbit-lab.org/ ldap_version 3 binddn rootbinddn cn=admin,dc=orbit-lab,dc=org pam_password md5 nss_initgroups_ignoreusers backup,bin,daemon,games,gnats,irc,libuuid,libvirt-qemu,list,lp,mail,man,messagebus,news,ntp,postfix,proxy,root,sshd,statd,sync,sys,syslog,usbmux,uucp,www-data
You could edit this file and change all the values to reflect this (leaving the rest as comments) or simply replace the one you have with this one. You can also check the non-comment lines by executing:egrep -v "^#|^$" /etc/ldap.conf
- The /etc/ldap/ldap.conf is the second file that guides the client. It have very few actual lines:
BASE dc=orbit-lab,dc=org URI ldap://ldap.orbit-lab.org
Again you can edit it directly or copy this version. - The /etc/nsswitch.conf file should have the follow non comment lines:
passwd: files ldap compat group: files ldap compat shadow: files compat hosts: files dns networks: files protocols: db files services: db files ethers: db files rpc: db files netgroup: nis
Again you can edit it directly or copy this version. - Copy or create the /etc/ldap.secret file from another sandbox. (needs root permissions)
- Finally add the follow line to the /etc/sudoers file (note this is done with the visudo command). This has to be done manually.
%admin ALL=(ALL) ALL %sysadmin ALL=NOPASSWD: ALL
- Configure networking for the node facing interface of the console and change the address to the appropriate subnet for the sandbox's control vlan. e.g.:
auto em2 iface em2 inet static address 10.14.0.10 netmask 255.255.0.0
- We need to make sure machine have fully qualified host name (some services depend on it). So:
echo "console.sb4.orbit-lab.org" > /etc/hostname
- also set domainname (hostname SHOULD NOT be fqdn. Needs fixing.)
domainname should be set in /etc/hosts
OMF / OML The Orbit measurement framework binaries.
- Comparing to a running Console, the apt repositories are:
deb http://pkg.mytestbed.net/ubuntu karmic/ deb http://pkg.mytestbed.net/ubuntu lucid/ deb http://pkg.mytestbed.net/ubuntu maverick/ deb http://pkg.mytestbed.net/ubuntu natty/ deb http://pkg.mytestbed.net/ubuntu oneiric/ deb http://pkg.mytestbed.net/ubuntu precise/
- The installed packages are:
ii omf-aggmgr-5.3 5.3.1-ubuntu3 OMF Aggregate Manager ii omf-common-5.3 5.3.1-ubuntu3 Common ruby classes for OMF ii omf-common-5.4 5.4.2-ubuntu2 Common ruby classes for OMF ii omf-expctl-5.3 5.3.1-ubuntu6 OMF Experiment Controller ii omf-expctl-5.4 5.4.2-ubuntu2 OMF Experiment Controller ii liboml2-0 2.8.1-ubuntu2 OML: The Orbit Measurement Library ii oml2-server 2.8.1-ubuntu2 OML measurement server
- Before I could install all those packages, I needed to install this library.
wget http://ubuntu.media.mit.edu/ubuntu//pool/universe/libx/libxmpp4r-ruby/libxmpp4r-ruby1.8_0.5-1_all.deb dpkg -i libxmpp4r-ruby1.8_0.5-1_all.deb wget http://ubuntu.media.mit.edu/ubuntu//pool/universe/libx/libxmpp4r-ruby/libxmpp4r-ruby_0.5-1_all.deb dpkg -i libxmpp4r-ruby_0.5-1_all.deb
For the console we need to OMF packages; please try and install the latest release also
apt-get install omf-expctl-5.4 omf-aggmgr-5.4 oml2-server
- OMF Configuration
Copy a working config file for /etc/omf-expctl-5.X/omf-expctl.yaml from another sandbox and modify its ip addresses and the domain name. The XMPP server is xmpp for 5.3 and xmpp2.orbit-lab.org for 5.4.
Configure omf-aggmgr-5.X to enable result service by creating file in /etc/omf-aggmgr-5.X/available/result.yaml with
--- result: # Path to the SQLite3 client binary sqlite3_path: '/usr/bin/sqlite3' # Path to the directory holding the experiment measurement databases database_path: '/var/lib/oml2'
and then link it:
cd /etc/omf-aggmgr-5.3/enabled; ln -s ../available/result.xml
- Copy authorized keys to new console.
- Install the cfengine3 package and then copy
sudo scp /etc/cfengine3/*.cf console.??:/etc/cfengine3/
- from dhcp1:
- delete pub key if for the console's ip if it exists.
- sudo scp /var/lib/cfengine3/ppkeys/root-10.0.0.9.pub console.??:/var/lib/cfengine3/ppkeys/
- Run cf-agent on the console we're installing.
cf-agent -v
OS specific notes
Ubuntu 13.10
The passwd command in fails after follwing these instructions. There is a minor tweak needed to get the passwd command to work. Edit the /etc/pam.d/common-password and find this line:
password [success=1 user_unknown=ignore default=die] pam_ldap.so use_authtok try_first_pass
remove use_authtok, then reboot. This should solve the problem. It documented here
Attachments (3)
-
ldap.conf
(9.0 KB
) - added by 13 years ago.
/etc/ldap.conf
-
ldap.2.conf
(214 bytes
) - added by 13 years ago.
/etc/ldap/ldap.conf
-
nsswitch.conf
(527 bytes
) - added by 13 years ago.
/etc/nsswitch.conf
Download all attachments as: .zip
Note:
See TracWiki
for help on using the wiki.
