TWiki> LinuxSupport Web>WebPreferences>Aims2>Aims2server>Aims2deploy (revision 2)EditAttachPDF

aims2deploy

Deploying an aims2server

The following recipes outline what an aims2server looks like and is designed for use by those deploying an aims2server.

TIP Update Automated installation of aims2server 

#!/bin/bash
...using this when I've finished writting it...

You can run all this in one go using

/afs/cern.ch/projcet/linux/dev/aims2project/aims2server/build

You will be prompted to the appropriate service account details to use.

But if you want to take a quick tutorial, please continue.

Installing and configuring httpd and Shibboleth

You first need to install a 'web server' (Apache) and the packages required by CERN SSO (Shibboleth). Use yum to install, stop the services and add then to chkconfig 

yum install httpd shibboleth log4shib shibboleth-selinux-policy-targeted 
/etc/init.d/shibd stop
/etc/init.d/httpd stop
/sbin/chkconfig --levels 345 shibd on
/sbin/chkconfig --levels 345 httpd on

The next step is to configure Shibboleth. First we need to get our configuration files. In this example we will use the default configurations available from CERN SSO. 

cd /etc/shibboleth/
wget http://linux.web.cern.ch/linux/scientific4/docs/shibboleth/shibboleth.xml
wget http://linux.web.cern.ch/linux/scientific4/docs/shibboleth/AAP.xml
wget http://linux.web.cern.ch/linux/scientific4/docs/shibboleth/ADFS-metadata.xml
wget http://linux.web.cern.ch/linux/scientific4/docs/shibboleth/wsignout.gif

Make sure that our listen is configured as below (as by default) 

<TCPListener address="127.0.0.1" port="1600" acl="127.0.0.1"/>

Next, replace ALL 4 occurences of somehost.cern.ch, with lxpxeboottest.cern.ch 

<Host name="lxpxeboottest.cern.ch">
...
<Site id="1" name="lxpxeboottest.cern.ch">
...
<Applications id="default" providerId="urn:federation:self" homeURL="https://lxpxeboottest.cern.ch"...
...
<saml:Audience>https://somehost.cern.ch/Shibboleth.sso/ADFS</saml:Audience>

Next, configure the 'Application Name' as follows 

<SessionInitiator isDefault="true" id="aims2www" Location="/aims2www/" ...

Finally we want to use our custom httpd and shibd configurations. These should be placed in /etc/httpd/conf.d/, using the names aims2httpd.conf and aims2shibd.conf respectively.

aims2httpd.conf 

#
# aims2www httpd conf
#
# Bring in our server statup script
PerlRequire /home/aims2/aims2project/aims2server/conf/aims2startup.pl
ExtendedStatus On
<Location /server-info>
   SetHandler server-info
   Order deny,allow
   Deny from all
   Allow from .cern.ch
</Location>
<Location /server-status>
   SetHandler server-status
   Order deny,allow
   Deny from all
   Allow from .cern.ch
</Location>
ServerAdmin aims2.support@cern.ch
DirectoryIndex index.htm index.php
HostnameLookups On
ServerSignature Email
<Location /cgi-bin/aims2soap/>
  Options ExecCGI
</Location>
Options +Includes

aims2shibd.conf 

#
# aims2server shibboleth conf
#
# load module
LoadModule mod_shib /usr/libexec/mod_shib_20.so
# global conf
ShibSchemaDir /usr/share/xml/shibboleth
ShibConfig /etc/shibboleth/shibboleth.xml
# Used for example logo and style sheet in error templates.
<IfModule mod_alias.c>
  <Location /shibboleth-sp>
    Allow from all
  </Location>
  Alias /shibboleth-sp/main.css /usr/share/doc/shibboleth-1.3/main.css
  Alias /shibboleth-sp/logo.jpg /usr/share/doc/shibboleth-1.3/logo.jpg
</IfModule>
# configure the module for content
<Location /aims2www/>
  Options ExecCGI
  AuthType shibboleth
  ShibRequireSession On
  require valid-user
</Location>

TIP Warning: You NEED to REMOVE /etc/httpd/conf.d/shibd.conf

Install tftpboot server 

yum install tftpboot
#FIXME!! Configure args

Reconfigure iptables 

foo

Additational packages 

yum install --enablerepo=*cern*only* --enablerepo=*cern*extra* oracle-instantclient-basic oracle-instantclient-devel oracle-instantclient-jdbc yum install oracle-instantclient-odbc oracle-instantclient-sqlplus perl-DBI perl-DBD-Oracle perl-SOAP-Lite -y   
wget -nv http://search.cpan.org/CPAN/authors/id/Z/ZA/ZAXO/Tie-Constrained-0.03.tar.gz
tar -xzf Tie-Constrained-0.03.tar.gz;
cd Tie-Constrained-0.03;
perl Makefile.PL;
make;
make install;

aims2server package (building from stratch)

FIXME: SELINUX policy context should be used! 

#...this should really be an rpm...
# create fake /tftpboot/aims
mkdir /home/aims2/tftpboot/
mkdir /home/aims2/tftpboot/aims2/
mkdir /home/aims2/tftpboot/aims2/boot
mkdir /home/aims2/tftpboot/aims2/pxelinux.cfg
chown aims2:aims2 /home/aims2/tftpboot/aims2/boot
chown aims2:aims2 /home/aims2/tftpboot/aims2/pxelinux.cfg
chmod g+rw /home/aims2/tftpboot/aims2/boot
chmod g+rw /home/aims2/tftpboot/aims2/pxelinux.cfg

aims2 web interface 

mv /opt/aims2deploy/aims2cvs/Server/www /var/www/html/aims2www -f

Tidy up 

/etc/init.d/shibd start
/etc/init.d/httpd start
Edit | Attach | Watch | Print version | History: r6 | r4 < r3 < r2 < r1 | Backlinks | Raw View | Raw edit | More topic actions...
Topic revision: r2 - 2008-04-08 - DanDengate
 
    • Cern Search Icon Cern Search
    • TWiki Search Icon TWiki Search
    • Google Search Icon Google Search

    LinuxSupport All webs login

This site is powered by the TWiki collaboration platform Powered by PerlCopyright &© 2008-2024 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
or Ideas, requests, problems regarding TWiki? use Discourse or Send feedback