aims2deploy
Deploying an aims2server
The following recipes outline what an
aims2server looks like and is designed for use by those deploying an
aims2server.
Update |
Automated installation of aims2server |
#!/bin/bash
...using this when I've finished writting it...
You can run all this in one go using
/afs/cern.ch/projcet/linux/dev/aims2project/aims2server/build
You will be prompted to the appropriate service account details to use.
But if you want to take a quick tutorial, please continue.
Installing and configuring httpd and Shibboleth
You first need to install a 'web server' (Apache) and the packages required by CERN SSO (Shibboleth). Use yum to install, stop the services and add then to
chkconfig
yum install httpd shibboleth log4shib shibboleth-selinux-policy-targeted
/etc/init.d/shibd stop
/etc/init.d/httpd stop
/sbin/chkconfig --levels 345 shibd on
/sbin/chkconfig --levels 345 httpd on
The next step is to configure Shibboleth. First we need to get our configuration files. In this example we will use the default configurations available from CERN SSO.
cd /etc/shibboleth/
wget http://linux.web.cern.ch/linux/scientific4/docs/shibboleth/shibboleth.xml
wget http://linux.web.cern.ch/linux/scientific4/docs/shibboleth/AAP.xml
wget http://linux.web.cern.ch/linux/scientific4/docs/shibboleth/ADFS-metadata.xml
wget http://linux.web.cern.ch/linux/scientific4/docs/shibboleth/wsignout.gif
Make sure that our listen is configured as below (as by default)
<TCPListener address="127.0.0.1" port="1600" acl="127.0.0.1"/>
Next, replace ALL 4 occurences of somehost.cern.ch, with
lxpxeboottest.cern.ch
<Host name="lxpxeboottest.cern.ch">
...
<Site id="1" name="lxpxeboottest.cern.ch">
...
<Applications id="default" providerId="urn:federation:self" homeURL="https://lxpxeboottest.cern.ch"...
...
<saml:Audience>https://somehost.cern.ch/Shibboleth.sso/ADFS</saml:Audience>
Next, configure the 'Application Name' as follows
<SessionInitiator isDefault="true" id="aims2www" Location="/aims2www/" ...
Finally we want to use our custom httpd and shibd configurations. These should be placed in
/etc/httpd/conf.d/
, using the names
aims2httpd.conf
and
aims2shibd.conf
respectively.
aims2httpd.conf
#
# aims2www httpd conf
#
# Bring in our server statup script
PerlRequire /home/aims2/aims2project/aims2server/conf/aims2startup.pl
ExtendedStatus On
<Location /server-info>
SetHandler server-info
Order deny,allow
Deny from all
Allow from .cern.ch
</Location>
<Location /server-status>
SetHandler server-status
Order deny,allow
Deny from all
Allow from .cern.ch
</Location>
ServerAdmin aims2.support@cern.ch
DirectoryIndex index.htm index.php
HostnameLookups On
ServerSignature Email
<Location /cgi-bin/aims2soap/>
Options ExecCGI
</Location>
Options +Includes
aims2shibd.conf
#
# aims2server shibboleth conf
#
# load module
LoadModule mod_shib /usr/libexec/mod_shib_20.so
# global conf
ShibSchemaDir /usr/share/xml/shibboleth
ShibConfig /etc/shibboleth/shibboleth.xml
# Used for example logo and style sheet in error templates.
<IfModule mod_alias.c>
<Location /shibboleth-sp>
Allow from all
</Location>
Alias /shibboleth-sp/main.css /usr/share/doc/shibboleth-1.3/main.css
Alias /shibboleth-sp/logo.jpg /usr/share/doc/shibboleth-1.3/logo.jpg
</IfModule>
# configure the module for content
<Location /aims2www/>
Options ExecCGI
AuthType shibboleth
ShibRequireSession On
require valid-user
</Location>
Warning: |
You NEED to REMOVE /etc/httpd/conf.d/shibd.conf |
Install tftpboot server
yum install tftpboot
#FIXME!! Configure args
Reconfigure iptables
foo
Additational packages
yum install --enablerepo=*cern*only* --enablerepo=*cern*extra* oracle-instantclient-basic oracle-instantclient-devel oracle-instantclient-jdbc yum install oracle-instantclient-odbc oracle-instantclient-sqlplus perl-DBI perl-DBD-Oracle perl-SOAP-Lite -y
wget -nv http://search.cpan.org/CPAN/authors/id/Z/ZA/ZAXO/Tie-Constrained-0.03.tar.gz
tar -xzf Tie-Constrained-0.03.tar.gz;
cd Tie-Constrained-0.03;
perl Makefile.PL;
make;
make install;
aims2server package (building from stratch)
FIXME: SELINUX policy context should be used!
#...this should really be an rpm...
# create fake /tftpboot/aims
mkdir /home/aims2/tftpboot/
mkdir /home/aims2/tftpboot/aims2/
mkdir /home/aims2/tftpboot/aims2/boot
mkdir /home/aims2/tftpboot/aims2/pxelinux.cfg
chown aims2:aims2 /home/aims2/tftpboot/aims2/boot
chown aims2:aims2 /home/aims2/tftpboot/aims2/pxelinux.cfg
chmod g+rw /home/aims2/tftpboot/aims2/boot
chmod g+rw /home/aims2/tftpboot/aims2/pxelinux.cfg
aims2 web interface
mv /opt/aims2deploy/aims2cvs/Server/www /var/www/html/aims2www -f
Tidy up
/etc/init.d/shibd start
/etc/init.d/httpd start