| 1 | [[TOC(Software*, depth=2)]] |
| 2 | |
| 3 | == Configure DHCP and DNS Services == |
| 4 | |
| 5 | |
| 6 | === DHCP === |
| 7 | Once the base OS is installed and we have all of the interfaces properly configured we'll need to instruct the dhcp server to hand out address on the appropriate interfaces. To configure the DHCP server we need to modify the ''/etc/dhcp/dhcpd.conf'' file. The following example has all the relvant configurations. |
| 8 | |
| 9 | To use this file you will have to modify the following portions: |
| 10 | * domain-name |
| 11 | * Node CMC mac addresses (labeled cons#) |
| 12 | * Node Control mac address (labeled node#) |
| 13 | * Node Data mac address (labeled data#) |
| 14 | |
| 15 | these fields '''MUST be modified''' to reflect your configuration. |
| 16 | |
| 17 | {{{ |
| 18 | option domain-name "geni.net"; |
| 19 | authoritative; |
| 20 | use-host-decl-names on; |
| 21 | get-lease-hostnames true; |
| 22 | ping-check false; |
| 23 | ping-timeout 0; |
| 24 | log-facility local7; |
| 25 | default-lease-time 86400; |
| 26 | max-lease-time 86400; |
| 27 | ddns-updates off; |
| 28 | |
| 29 | subnet 10.1.0.0 netmask 255.255.255.0 { |
| 30 | option domain-name-servers 10.1.0.254; |
| 31 | option routers 10.1.0.254; |
| 32 | option ntp-servers 10.1.0.254; |
| 33 | next-server 10.1.0.254; |
| 34 | |
| 35 | host cons1 { hardware ethernet 00:20:4a:d5:94:83; fixed-address 10.1.0.1; } |
| 36 | host cons2 { hardware ethernet 00:20:4a:d5:94:f1; fixed-address 10.1.0.2; } |
| 37 | host cons3 { hardware ethernet 00:20:4a:d5:94:e1; fixed-address 10.1.0.3; } |
| 38 | } |
| 39 | |
| 40 | subnet 10.1.1.0 netmask 255.255.255.0 { |
| 41 | option domain-name-servers 10.1.1.254; |
| 42 | option routers 10.1.1.254; |
| 43 | option log-servers 10.1.1.254; |
| 44 | option ntp-servers 10.1.1.254; |
| 45 | filename "pxelinux.0"; |
| 46 | # allow booting; |
| 47 | # allow bootp; |
| 48 | # option option-150 code 150 = text; |
| 49 | next-server 10.1.1.254; |
| 50 | |
| 51 | host node1 { hardware ethernet 00:03:1d:0c:d3:73; fixed-address node1.geni.net; } |
| 52 | host node2 { hardware ethernet 00:03:1d:0c:d3:89; fixed-address node2.geni.net; } |
| 53 | host node3 { hardware ethernet 00:03:1d:0c:d3:71; fixed-address node3.geni.net; } |
| 54 | } |
| 55 | |
| 56 | subnet 10.1.2.0 netmask 255.255.255.0 { |
| 57 | # option domain-name-servers 10.1.2.254; |
| 58 | # option routers 10.1.2.254; |
| 59 | option ntp-servers 10.1.2.254; |
| 60 | filename "/pxelinux.fake"; |
| 61 | |
| 62 | host data1 { hardware ethernet 00:03:1d:0c:d3:72; fixed-address 10.1.2.1; } |
| 63 | host data2 { hardware ethernet 00:03:1d:0c:d3:88; fixed-address 10.1.2.2; } |
| 64 | host data3 { hardware ethernet 00:03:1d:0c:d3:70; fixed-address 10.1.2.3; } |
| 65 | } |
| 66 | |
| 67 | |
| 68 | }}} |
| 69 | === DNS === |
| 70 | |
| 71 | The DNS configuration is split between a few files. The config files that tell named what db files to ready, and then the specific db files. There are other portions of the config that are included as part of the default install. They are not listed here. |
| 72 | |
| 73 | This is the default ''/etc/bind/named.conf''. |
| 74 | {{{ |
| 75 | // This is the primary configuration file for the BIND DNS server named. |
| 76 | // |
| 77 | // Please read /usr/share/doc/bind9/README.Debian.gz for information on the |
| 78 | // structure of BIND configuration files in Debian, *BEFORE* you customize |
| 79 | // this configuration file. |
| 80 | // |
| 81 | // If you are just adding zones, please do that in /etc/bind/named.conf.local |
| 82 | |
| 83 | include "/etc/bind/named.conf.options"; |
| 84 | include "/etc/bind/named.conf.local"; |
| 85 | include "/etc/bind/named.conf.default-zones"; |
| 86 | }}} |
| 87 | |
| 88 | The ''/etc/bind/named.conf.local'' is modified to point to our specific database files. |
| 89 | {{{ |
| 90 | // |
| 91 | // Do any local configuration here |
| 92 | // |
| 93 | |
| 94 | // Consider adding the 1918 zones here, if they are not used in your |
| 95 | // organization |
| 96 | //include "/etc/bind/zones.rfc1918"; |
| 97 | |
| 98 | zone "geni.net" { |
| 99 | type master; |
| 100 | file "/etc/bind/db.geni.net"; |
| 101 | }; |
| 102 | |
| 103 | zone "1.10.in-addr.arpa" { |
| 104 | type master; |
| 105 | file "/etc/bind/db.10"; |
| 106 | }; |
| 107 | }}} |
| 108 | |
| 109 | The primary config file is ''/etc/bind/db.geni.net''. The name can be modified to reflect your site, but it has to match the entry in ''named.conf.local''. Aside from the '''domain''', this file can remain in tact. |
| 110 | |
| 111 | {{{ |
| 112 | ; |
| 113 | ; BIND data file for geni.net |
| 114 | ; |
| 115 | $TTL 604800 |
| 116 | @ IN SOA geni.net. root.geni.net. ( |
| 117 | 2 ; Serial |
| 118 | 604800 ; Refresh |
| 119 | 86400 ; Retry |
| 120 | 2419200 ; Expire |
| 121 | 604800 ) ; Negative Cache TTL |
| 122 | ; |
| 123 | IN A 10.1.1.254 |
| 124 | @ IN NS consolec.geni.net. |
| 125 | @ IN A 10.1.1.254 |
| 126 | @ IN AAAA ::1 |
| 127 | consolec IN A 10.1.1.254 |
| 128 | xmpp IN CNAME consolec.geni.net. |
| 129 | |
| 130 | node1 IN A 10.1.1.1 |
| 131 | node2 IN A 10.1.1.2 |
| 132 | node3 IN A 10.1.1.3 |
| 133 | |
| 134 | cons1 IN A 10.1.0.1 |
| 135 | cons2 IN A 10.1.0.2 |
| 136 | cons3 IN A 10.1.0.3 |
| 137 | |
| 138 | data1 IN A 10.1.2.1 |
| 139 | data2 IN A 10.1.2.2 |
| 140 | data3 IN A 10.1.2.3 |
| 141 | }}} |
| 142 | |
| 143 | ''/etc/bind/db.10'' is the reverse look-up database. This file will also need to be modified to reflect the '''domain'''. |
| 144 | {{{ |
| 145 | ; |
| 146 | ; BIND reverse data file for 10.1 |
| 147 | ; |
| 148 | $TTL 604800 |
| 149 | @ IN SOA consolec. root.geni.net. ( |
| 150 | 1 ; Serial |
| 151 | 604800 ; Refresh |
| 152 | 86400 ; Retry |
| 153 | 2419200 ; Expire |
| 154 | 604800 ) ; Negative Cache TTL |
| 155 | ; |
| 156 | @ IN NS consolec. |
| 157 | 1.0 IN PTR cons1.geni.net. |
| 158 | 2.0 IN PTR cons2.geni.net. |
| 159 | 3.0 IN PTR cons3.geni.net. |
| 160 | |
| 161 | 1.1 IN PTR node1.geni.net. |
| 162 | 2.1 IN PTR node2.geni.net. |
| 163 | 3.1 IN PTR node3.geni.net. |
| 164 | 254.1 IN PTR consolec.geni.net. |
| 165 | |
| 166 | 1.2 IN PTR data1.geni.net. |
| 167 | 2.2 IN PTR data2.geni.net. |
| 168 | 3.2 IN PTR data3.geni.net. |
| 169 | }}} |
| 170 | |
| 171 | |
| 172 | == LDAP Server == |
| 173 | Accounting and scheduling depend on LDAP. The following steps will configure the LDAP server. |
| 174 | === Setting up LDAP server === |
| 175 | 1. Create file ''/etc/ssl/geni-site-ca.info'' with: |
| 176 | {{{ |
| 177 | cn = GENI WiMAX Company |
| 178 | ca |
| 179 | cert_signing_key |
| 180 | }}} |
| 181 | 1. Create file ''/etc/ssl/geni-site-console.info'' with (please change console.geni.net to match |
| 182 | your FQDN): |
| 183 | {{{ |
| 184 | organization = Example Company |
| 185 | cn = console.geni.net |
| 186 | tls_www_server |
| 187 | encryption_key |
| 188 | signing_key |
| 189 | expiration_days = 3650 |
| 190 | }}} |
| 191 | 1. Execute the following command to create SSL certificates: |
| 192 | {{{ |
| 193 | /usr/sbin/create_ldap_certificates.sh |
| 194 | }}} |
| 195 | 1. Create LDIF file for our newly created certificates in the file named |
| 196 | ''/etc/ssl/geni-cert-info.ldif'': |
| 197 | {{{ |
| 198 | dn: cn=config |
| 199 | add: olcTLSCACertificateFile |
| 200 | olcTLSCACertificateFile: /etc/ssl/certs/cacert.pem |
| 201 | - |
| 202 | add: olcTLSCertificateFile |
| 203 | olcTLSCertificateFile: /etc/ssl/certs/console_slapd_cert.pem |
| 204 | - |
| 205 | add: olcTLSCertificateKeyFile |
| 206 | olcTLSCertificateKeyFile: /etc/ssl/private/console_slapd_key.pem |
| 207 | }}} |
| 208 | and then execute: |
| 209 | {{{ |
| 210 | ldapmodify -Y EXTERNAL -H ldapi:/// -f /etc/ssl/geni-cert-info.ldif |
| 211 | }}} |
| 212 | The expected output is: |
| 213 | {{{ |
| 214 | SASL/EXTERNAL authentication started |
| 215 | SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth |
| 216 | SASL SSF: 0 |
| 217 | modifying entry "cn=config" |
| 218 | }}} |
| 219 | 5. Fix the configuration for newly create LDAP for phpldapadmin by editing |
| 220 | ''/etc/phpldapadmin/config.php'' and changing ''dc=example,dc=com'' to ''dc=geni,dc=net'' |
| 221 | {{{ |
| 222 | $servers->setValue('server','base',array('dc=geni,dc=net')); |
| 223 | $servers->setValue('login','bind_id','cn=admin,dc=geni,dc=net'); |
| 224 | }}} |
| 225 | 6. Point the Firefox web browser to http://<console-ip-address>/phpldapadmin. Set password for group admin user (add attribute -> Password -> set password -> update object) |
| 226 | 7. Make sure you can access the service with admin credentials: |
| 227 | {{{ |
| 228 | ldapsearch -x -b "dc=geni,dc=net" "objectClass=organizationalRole" |
| 229 | ldapsearch -x -b "dc=geni,dc=net" "objectClass=organizationalUnit" |
| 230 | ldapsearch -x -b "dc=geni,dc=net" "objectclass=organizationalUnit" |
| 231 | ldapsearch -x -b "dc=geni,dc=net" "objectClass=posixGroup" |
| 232 | ldapsearch -x localhost -D "cn=admin,dc=geni,dc=net" -W -b "dc=geni,dc=net" uid=* |
| 233 | }}} |