Google Git
Sign in
apache / vcl-site / ce45b19c7fe7b0ce31f7d371ca3d193fa70fc15e / . / content / docs / VCL251InstallGuide.html
blob: d4164591e58bc547a8583696eb093866e92a75a0 [file] [log] [blame]
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<link href="/css/vcl.css" rel="stylesheet" type="text/css">
<link href="/css/code.css" rel="stylesheet" type="text/css">
<title>Apache VCL - VCL 2.5.1 Installation Guide</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<div id="sitetitle">
<table width="100%" border="0" cellspacing="0" cellpadding="5">
<tr>
<td><a href="/index.html"><img src="/img/vcl-logo.png" height="100" align="left" alt="Apache VCL logo"></a></td>
<td><a href="http://www.apache.org"><img src="/img/asf-logo.png" align="right" alt="Apache Software Foundation logo"></a></td>
</tr>
</table>
</div>
<div id="left-column">
<div id="navigation">
<ul>
<li><a href="/index.html">Information</a>
<ul>
<li><a href="/info/features.html">Features</a></li>
<li><a href="/info/architecture.html">Architecture</a></li>
<li><a href="/downloads/download.cgi">Download</a></li>
<li><a href="http://www.apache.org/licenses/">License</a></li>
<li><a href="http://www.apache.org/security/">Security</a></li>
</ul>
</li>
<li><a href="/docs/index.html">Documentation</a>
<ul>
<li><a href="https://cwiki.apache.org/confluence/x/yQdG">Using VCL</a></li>
<li><a href="https://cwiki.apache.org/confluence/x/ywdG">Administration</a></li>
<li><a href="/docs/installation.html">Installation</a></li>
</ul>
</li>
<li><a href="https://cwiki.apache.org/confluence/display/VCL/Apache+VCL" target="_blank">Confluence Wiki</a>
<ul>
<li></li>
</ul>
</li>
<li><a href="https://issues.apache.org/jira/browse/VCL" target="_blank">Jira Issue Tracking</a>
<ul>
<li></li>
</ul>
</li>
<li><a href="/comm/index.html">Community</a>
<ul>
<li><a href="/comm/index.html#getInvolved">Getting Involved</a></li>
<li><a href="/comm/index.html#mail-list">Mailing Lists</a></li>
<li><a href="/dev/index.html">Development</a>
<ul>
<li><a href="/dev/code-documentation.html">Code Documentation</a></li>
<li><a href="/dev/roadmap.html">Roadmap</a></li>
</ul>
</li>
</ul>
</li>
<li><a href="http://www.apache.org">Apache Software Foundation</a>
<ul>
<li><a href="http://www.apache.org/foundation/thanks.html">Thanks</a></li>
<li><a href="http://www.apache.org/foundation/sponsorship.html">Sponsorship</a></li>
</ul>
</li>
</ul>
</div>
<div id="current-event">
<a href="https://www.apache.org/events/current-event.html">
<img src="https://www.apache.org/events/current-event-125x125.png" alt="Apache current event" />
</a>
</div>
</div>
<div id="content">
<h1 class="title">VCL 2.5.1 Installation Guide</h1>
<h1 id="scripted-installation">Scripted Installation</h1>
<p>VCL 2.5.1 can be installed using an installation script. All you need to install
VCL is the script. It will download and validate the VCL software and then install it.
The script can be used to install all three parts of VCL (database, web portal, and
management node) or to install each part individually.</p>
<p><a href="https://www.apache.org/dist/vcl/2.5.1/vcl-install.sh">Download Install Script (vcl-install.sh)</a></p>
<p>Validate script:</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">wget https://www.apache.org/dist/vcl/2.5.1/vcl-install.sh.sha512
sha512sum -c vcl-install.sh.sha512
wget https://www.apache.org/dist/vcl/KEYS
gpg --import KEYS
wget https://www.apache.org/dist/vcl/2.5.1/vcl-install.sh.asc
gpg --verify vcl-install.sh.asc
</code></pre></div><span class="docnote">
<b>Required Patch for Windows Images</b><br>
Microsoft added openssh as a package that can be installed on Windows. This forced
the Cygwin project to change the name of their ssh service from sshd to cygsshd.
<a href="/docs/cygsshd_patch.html">A patch</a> needs to be applied to VCL 2.5.1 to accommodate this change.
</span>
<p>Running the installation script with no arguments will step you through installing all
three parts of VCL. Alternatively, the following explains optional arguments. If
installing the management node part of VCL, it will also prompt you to agree to the
installation of various system level requirements needed for the code to run.</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">vcl-install.sh <span style="color:#666">[</span>-h|--help<span style="color:#666">]</span> <span style="color:#666">[</span>-d|--database<span style="color:#666">]</span> <span style="color:#666">[</span>-w|--web<span style="color:#666">]</span> <span style="color:#666">[</span>-m|--managementnode<span style="color:#666">]</span>
<span style="color:#666">[</span>--dbhost &lt;hostname&gt; --dbpass &lt;password&gt;<span style="color:#666">]</span>
<span style="color:#666">[</span>--mnhost &lt;hostname&gt;<span style="color:#666">]</span> <span style="color:#666">[</span>--webhost &lt;hostname&gt;<span style="color:#666">]</span>
-d|--database - install database server components
--dbpass, --mnhost, --mnip, --webhost, and --adminpass must also be specified
-w|--web - install web server components
--dbhost and --dbpass must also be specified
-m|--managementnode - install management node <span style="color:#666">(</span>vcld<span style="color:#666">)</span> components
--dbhost, --dbpass, and --adminpass must also be specified
--dbhost &lt;hostname&gt; - hostname of database server <span style="color:#666">(</span><span style="color:#b8860b">default</span><span style="color:#666">=</span>localhost<span style="color:#666">)</span>
--dbpass &lt;password&gt; - password VCL will use <span style="color:#a2f;font-weight:bold">for</span> accessing
database <span style="color:#666">(</span><span style="color:#b8860b">default</span><span style="color:#666">=</span>random<span style="color:#666">)</span>
--mnhost &lt;hostname&gt; - hostname of management node <span style="color:#666">(</span><span style="color:#b8860b">default</span><span style="color:#666">=</span>localhost<span style="color:#666">)</span>
--webhost &lt;hostname&gt; - hostname of web server <span style="color:#666">(</span><span style="color:#b8860b">default</span><span style="color:#666">=</span>localhost<span style="color:#666">)</span>
--adminpass &lt;password&gt; - password <span style="color:#a2f;font-weight:bold">for</span> VCL admin user
</code></pre></div><h1 id="manual-installation">Manual Installation</h1>
<p>This section provides a list of commands for installing VCL if you prefer to manually
install it.</p>
<p><a href="#database">Database Installation</a><br>
<a href="#web">Web Portal Installation</a><br>
<a href="#managementnode">Management Node Installation</a></p>
<h2 id="database">Install and Configure Database</h2>
<p>VCL currently supports the use of MySQL or MariaDB as the database.</p>
<ol>
<li>
<p>Download and Extract the Apache VCL Source</p>
<ul>
<li>
<p>If you have not already done so, follow the instructions on the <a href="/downloads/download.cgi">download</a>
page to download and verify apache-VCL-2.5.1.tar.bz2, and put it in /root</p>
</li>
<li>
<p>Extract the files:</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">tar -jxvf apache-VCL-2.5.1.tar.bz2
</code></pre></div></li>
</ul>
</li>
<li>
<p>Install MySQL Server or MariaDB Server</p>
<ul>
<li>
<p>Install MySQL or MariaDB Server</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">yum install mysql-server -y
</code></pre></div><p>or</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">yum install mariadb-server -y
</code></pre></div></li>
<li>
<p>Configure the database daemon to start automatically:</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">/sbin/chkconfig --level <span style="color:#666">345</span> mysqld on
</code></pre></div><p>or</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">/sbin/chkconfig --level <span style="color:#666">345</span> mariadb on
</code></pre></div></li>
<li>
<p>Start the database daemon:</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">/sbin/service mysqld start
</code></pre></div><p>or</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">/sbin/service mariadb start
</code></pre></div></li>
<li>
<p>If the iptables firewall is being used and the web server and management nodes
will be on different machines, port 3306 should be opened up to each of those nodes.
Add the following to your iptables config and restart iptables service.</p>
<p><strong>Note:</strong> Insert your web server and management node IP address in the right locations.</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">vi /etc/sysconfig/iptables
</code></pre></div><ul>
<li>
<p>Add these rules:</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-text" data-lang="text">-A INPUT -m state --state NEW -s &lt;web server IP&gt; -p tcp --dport 3306 -j ACCEPT
-A INPUT -m state --state NEW -s &lt;management node IP&gt; -p tcp --dport 3306 -j ACCEPT
</code></pre></div></li>
<li>
<p>Restart iptables:</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">service iptables restart
</code></pre></div></li>
</ul>
</li>
<li>
<p>If the firewalld firewall is being used and the web server and management nodes
will be on different machines, port 3306 should be opened up to each of those nodes.
Add the following rules and reload the rule set.</p>
<p><strong>Note:</strong> Insert your web server and management node IP address in the right locations.</p>
<ul>
<li>
<p>Add these rules:</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">firewall-cmd --zone<span style="color:#666">=</span>public --permanent --add-rich-rule<span style="color:#666">=</span><span style="color:#b44">&#34;rule family=&#34;</span>ipv4<span style="color:#b44">&#34; source address=&#34;</span>&lt;web server IP&gt;<span style="color:#b44">&#34; service name=&#34;</span>mysql<span style="color:#b44">&#34; accept&#34;</span>
firewall-cmd --zone<span style="color:#666">=</span>public --permanent --add-rich-rule<span style="color:#666">=</span><span style="color:#b44">&#34;rule family=&#34;</span>ipv4<span style="color:#b44">&#34; source address=&#34;</span>&lt;management node IP&gt;<span style="color:#b44">&#34; service name=&#34;</span>mysql<span style="color:#b44">&#34; accept&#34;</span>
</code></pre></div></li>
<li>
<p>Restart iptables:</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">firewall-cmd --reload
</code></pre></div></li>
</ul>
</li>
</ul>
</li>
<li>
<p>Create the VCL Database</p>
<ul>
<li>
<p>Run the MySQL command-line client:</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">mysql
</code></pre></div></li>
<li>
<p>Create a database:</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-sql" data-lang="sql"><span style="color:#a2f;font-weight:bold">CREATE</span> <span style="color:#a2f;font-weight:bold">DATABASE</span> vcl;
</code></pre></div></li>
<li>
<p>Create a user with SELECT, INSERT, UPDATE, DELETE, and CREATE TEMPORARY TABLES
privileges on the database you just created (<strong>NOTE Use your own password</strong>):</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-sql" data-lang="sql"><span style="color:#a2f;font-weight:bold">GRANT</span> <span style="color:#a2f;font-weight:bold">SELECT</span>,<span style="color:#a2f;font-weight:bold">INSERT</span>,<span style="color:#a2f;font-weight:bold">UPDATE</span>,<span style="color:#a2f;font-weight:bold">DELETE</span>,<span style="color:#a2f;font-weight:bold">CREATE</span> <span style="color:#a2f;font-weight:bold">TEMPORARY</span> TABLES <span style="color:#a2f;font-weight:bold">ON</span> vcl.<span style="color:#666">*</span> <span style="color:#a2f;font-weight:bold">TO</span> <span style="color:#b44">&#39;</span><span style="color:#b44">vcluser</span><span style="color:#b44">&#39;</span><span style="color:#666">@</span><span style="color:#b44">&#39;</span><span style="color:#b44">localhost</span><span style="color:#b44">&#39;</span> IDENTIFIED <span style="color:#a2f;font-weight:bold">BY</span> <span style="color:#b44">&#39;</span><span style="color:#b44">vcluserpassword</span><span style="color:#b44">&#39;</span>;
</code></pre></div></li>
<li>
<p>Exit the MySQL command-line client</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash"><span style="color:#a2f">exit</span>
</code></pre></div></li>
<li>
<p>Import the vcl.sql file into the database. The <strong>vcl.sql</strong> file is included in the
<strong>mysql</strong> directory within the Apache VCL source code</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">mysql vcl &lt; apache-VCL-2.5.1/mysql/vcl.sql
</code></pre></div></li>
</ul>
</li>
</ol>
<hr>
<h2 id="web">Install and Configure the Web Components</h2>
<p><strong>Prerequisites</strong></p>
<ul>
<li>Apache VCL 2.5.1 has been downloaded</li>
<li>VCL database has been installed and configured</li>
</ul>
<p><strong>Web Server:</strong></p>
<ul>
<li>Apache HTTP Server v2.x with SSL enabled</li>
<li>PHP 5.x or 7.x</li>
</ul>
<p><strong>Required Linux Packages:</strong></p>
<ul>
<li>httpd - Apache HTTP Server</li>
<li>mod_ssl - SSL/TLS module for the Apache HTTP server</li>
<li>php - The PHP HTML-embedded scripting language</li>
</ul>
<p><strong>Required PHP Modules:</strong></p>
<ul>
<li>php</li>
<li>php-gettext</li>
<li>php-json (required if your PHP version is 5.2 or later)</li>
<li>php-ldap (if you will be using LDAP authentication)</li>
<li>php-mysql</li>
<li>php-openssl</li>
<li>php-xml</li>
<li>php-xmlrpc</li>
</ul>
<hr>
<ol>
<li>
<p><strong>Install the Required Linux Packages &amp; PHP Modules</strong></p>
<ul>
<li>
<p>If your web server is running a Red Hat-based OS, the required components can be installed with:</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">yum install httpd mod_ssl php php-mysql php-xml php-xmlrpc php-ldap -y
</code></pre></div></li>
<li>
<p>Configure the web server daemon (httpd) to start automatically:</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">/sbin/chkconfig --level <span style="color:#666">345</span> httpd on
</code></pre></div></li>
<li>
<p>Start the web server daemon</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">/sbin/service httpd start
</code></pre></div></li>
<li>
<p>If SELinux is enabled, run the following command to allow the web server to connect to the database:</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">/usr/sbin/setsebool -P <span style="color:#b8860b">httpd_can_network_connect</span><span style="color:#666">=</span><span style="color:#666">1</span>
</code></pre></div></li>
<li>
<p>If the iptables firewall is being used, port 80 and 443 should be opened up in the iptables
config file:</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">vi /etc/sysconfig/iptables
</code></pre></div><ul>
<li>
<p>Add these rules:</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-text" data-lang="text">-A INPUT -m state --state NEW -p tcp --dport 80 -j ACCEPT
-A INPUT -m state --state NEW -p tcp --dport 443 -j ACCEPT
</code></pre></div></li>
<li>
<p>Restart iptables</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">service iptables restart
</code></pre></div></li>
</ul>
</li>
<li>
<p>If the firewalld firewall is being used, port 80 and 443 should be opened up:</p>
<ul>
<li>
<p>Add these rules:</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">firewall-cmd --zone<span style="color:#666">=</span>public --add-service<span style="color:#666">=</span>http --permanent
firewall-cmd --zone<span style="color:#666">=</span>public --add-service<span style="color:#666">=</span>https --permanent
</code></pre></div></li>
<li>
<p>Reload firewalld rules</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">firewall-cmd --reload
</code></pre></div></li>
</ul>
</li>
</ul>
</li>
<li>
<p><strong>Install the VCL Frontend Web Code</strong></p>
<ul>
<li>
<p>If you have not already done so, follow the instructions on the <a href="/downloads/download.cgi">download</a>
page to download and verify apache-VCL-2.5.1.tar.bz2, and put it in /root</p>
</li>
<li>
<p>Extract the files:</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">tar -jxvf apache-VCL-2.5.1.tar.bz2
</code></pre></div></li>
<li>
<p>Copy the <strong>web</strong> directory to a location under the web root of your web server and
navigate to the destination <strong>.ht-inc</strong> subdirectory:</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">cp -ar apache-VCL-2.5.1/web/ /var/www/html/vcl-2.5.1
ln -s /var/www/html/vcl-2.5.1 /var/www/html/vcl
<span style="color:#a2f">cd</span> /var/www/html/vcl/.ht-inc
</code></pre></div></li>
<li>
<p>If SELinux is enabled, run the following command to set the context of the web code to httpd_sys_content_t</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">chcon -R -t httpd_sys_content_t /var/www/html/vcl-2.5.1
</code></pre></div></li>
<li>
<p>Copy secrets-default.php to secrets.php:</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">cp secrets-default.php secrets.php
</code></pre></div></li>
<li>
<p>Edit the secrets.php file:</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">vi secrets.php
</code></pre></div><ul>
<li>Set the following variables to match your database configuration:
<ul>
<li>$vclhost</li>
<li>$vcldb</li>
<li>$vclusername</li>
<li>$vclpassword</li>
</ul>
</li>
<li>Create random passwords for the following variables:
<ul>
<li>$cryptkey (generate with &ldquo;openssl rand 32 | base64&rdquo;)</li>
<li>$pemkey</li>
</ul>
</li>
<li>Save the secrets.php file</li>
</ul>
</li>
<li>
<p>Run the genkeys.sh</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">./genkeys.sh
</code></pre></div></li>
<li>
<p>Copy conf-default.php to conf.php:</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">cp conf-default.php conf.php
</code></pre></div></li>
<li>
<p>Modify conf.php to match your site</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">vi conf.php
</code></pre></div><ul>
<li>Review every entry under &ldquo;Things in this section must be modified/reviewed&rdquo;.
Descriptions and pointers for each value are included within conf.php.</li>
</ul>
</li>
<li>
<p>Set the owner of the .ht-inc/maintenance and .ht-inc/cryptkey directories to the web server user (normally &lsquo;apache&rsquo;):</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">chown apache maintenance
chown apache cryptkey
</code></pre></div></li>
<li>
<p>If SELinux is enabled, run the following command to allow the web server to write to maintenance and cryptkey</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">chcon -t httpd_sys_rw_content_t maintenance
chcon -t httpd_sys_rw_content_t cryptkey
</code></pre></div></li>
<li>
<p>Open the testsetup.php page in a web browser:</p>
<ul>
<li>If you set up your site to be <a href="https://my.server.org/vcl/">https://my.server.org/vcl/</a> open <a href="https://my.server.org/vcl/testsetup.php">https://my.server.org/vcl/testsetup.php</a></li>
<li>Debug any issues reported by testsetup.php</li>
</ul>
</li>
</ul>
</li>
<li>
<p><strong>Log In to the VCL Website</strong></p>
<ul>
<li>
<p>Open the index.php page in your browser (<a href="https://my.server.org/vcl/index.php">https://my.server.org/vcl/index.php</a>)</p>
<ul>
<li>Select Local Account</li>
<li>Username: admin</li>
<li>Password: adminVc1passw0rd</li>
</ul>
</li>
<li>
<p>Set the admin user password (<strong>DO NOT skip this step</strong>):</p>
<ul>
<li>Click User Preferences</li>
<li>Enter the current password: adminVc1passw0rd</li>
<li>Enter a new password</li>
<li>Click Submit Changes</li>
</ul>
</li>
</ul>
</li>
<li>
<p><strong>Add a Management Node to the Database</strong></p>
<ul>
<li>Click the Management Nodes link
<ul>
<li>Select Edit Management Node Profiles</li>
<li>Click Submit</li>
<li>Click Add New Management Node</li>
<li>Fill in these required fields:
<ul>
<li>Hostname - The name of the management node server. This value doesn&rsquo;t
necessarily need to be a name registered in DNS nor does it need to be the value
displayed by the Linux hostname command. For example, if you are installing all of the
VCL components on the same machine you can set this value to localhost.</li>
<li>IP address - the public IP address of the management node</li>
<li>SysAdmin Email Address - error emails will be sent to this address</li>
<li>Install Path - this is the parent directory under which image files will be
stored - only required if doing bare metal installs or using VMWare with local disks</li>
<li>End Node SSH Identity Key Files - enter /etc/vcl/vcl.key unless you know
you are using a different SSH identity key file</li>
</ul>
</li>
<li>Optionally, fill in these fields:
<ul>
<li>Address for Shadow Emails - End users are sent various emails about the
status of their reservations. If this field is configured, copies of all of those emails
will be sent to this address.</li>
<li>Public NIC configuration method - this defaults to Dynamic DHCP - if DHCP
is not available for the public interface of your nodes, you can set this to Static.
Then, the IP configuration on the nodes will be manually set using Public Netmask,
Public Gateway, Public DNS Server, and the IP address set for the computer under Manage
Computers</li>
</ul>
</li>
<li>Click Add Management Node</li>
<li>A dialog will pop up informing you to add the management node to a group,
read it and click Close</li>
<li>select the allManagementNodes group on the right</li>
<li>click &lt;-Add</li>
<li>click Close</li>
</ul>
</li>
</ul>
</li>
<li>
<p><strong>Install &amp; Configure phpMyAdmin (Optional):</strong>
<a href="http://www.phpmyadmin.net/">phpMyAdmin</a> is a free and optional tool which allows <a href="http://www.mysql.com/">MySQL</a> to be administered
using a web browser. It makes administering the VCL database easier. This tool can be
installed on the VCL web server.
To install phpMyAdmin, follow the instructions on: <a href="installphpmyadmin">phpMyAdmin Installation &amp;
Configuration</a></p>
</li>
</ol>
<hr>
<h2 id="managementnode">Install &amp; Configure the Management Node Components</h2>
<p><strong>Prerequisites</strong>
The following management node installation instructions assume the instructions in these
previous sections have been completed:</p>
<ul>
<li>VCL 2.5.1 Database Installation</li>
<li>VCL 2.5.1 Web Code Installation</li>
</ul>
<p><strong>Supported Operating Systems:</strong></p>
<p>The VCL management node daemon (vcld) has been developed to run on an operating system
based on Red Hat Enterprise Linux (RHEL). It has been tested on the following:</p>
<ul>
<li>Red Hat Enterprise Linux 6.x</li>
<li>Red Hat Enterprise Linux 7.x</li>
<li>CentOS 6.x</li>
<li>CentOS 7.x</li>
</ul>
<p><strong>Required Linux Packages:</strong></p>
<p>The VCL management node daemon (vcld) requires the following Linux packages and Perl
modules in order to run (see step 2 below for installation instructions).</p>
<ul>
<li>expat-devel - Libraries and include files to develop XML applications with expat</li>
<li>gcc - Various compilers (C, C++, Objective-C, Java, &hellip;)</li>
<li>krb5-devel - Development files needed to compile Kerberos 5 programs</li>
<li>krb5-libs - The shared libraries used by Kerberos 5</li>
<li>libxml2-devel - Libraries, includes, etc. to develop XML and HTML applications</li>
<li>make - GNU make utility to maintain groups of programs</li>
<li>mysql/mariadb - Includes libraries for connecting to mysql/mariadb</li>
<li>nmap - Network exploration tool and security scanner</li>
<li>openssh - The OpenSSH implementation of SSH protocol versions 1 and 2</li>
<li>openssl-devel - Files for development of applications which will use OpenSSL</li>
<li>perl - The Perl programming language</li>
<li>xmlsec1-openssl - OpenSSL crypto plugin for XML Security Library</li>
</ul>
<p><strong>Required Perl Modules:</strong></p>
<p>The VCL management node daemon (vcld) is written in Perl and has been tested on Perl
5.10 and 5.16. The following Perl modules available from CPAN are also required (see step 2
below for installation instructions):</p>
<ul>
<li>Crypt::CBC - implementation of the cryptographic cipher block chaining mode</li>
<li>Crypt::OpenSSL::RSA - RSA encoding and decoding, using the openSSL libraries</li>
<li>Crypt::Rijndael - Crypt::CBC compliant Rijndael encryption module</li>
<li>DBD::MySQL - MySQL driver for the Perl5 Database Interface (DBI)</li>
<li>DBI - Generic Database Interface</li>
<li>Digest::SHA1 - NIST SHA message digest algorithm</li>
<li>Exception::Class::Base - base class for exception objects</li>
<li>Frontier::Client - issue Frontier XML RPC requests to a server</li>
<li>HTTP::Headers - class encapsulating HTTP Message headers</li>
<li>IO::String - emulate file interface for in-core strings</li>
<li>JSON - JavaScript Object Notation</li>
<li>LWP::UserAgent - class implementing a web user agent</li>
<li>Mail::Mailer - Simple mail agent interface</li>
<li>Net::Jabber - Jabber perl library</li>
<li>Net::Netmask - parse, manipulate and lookup IP network blocks</li>
<li>Net::Ping::External - Cross-platform Perl interface to &ldquo;ping&rdquo; utilities</li>
<li>Net::SSH::Expect - a wrapper to the ssh executable that is available in system&rsquo;s PATH</li>
<li>Object::InsideOut - Comprehensive inside-out object support</li>
<li>RPC::XML::Client - XML-RPC client class</li>
<li>Text::CSV_XS - comma-separated values manipulation routines</li>
<li>XML::Simple - API for simple XML files</li>
<li>YAML - YAML Ain&rsquo;t Markup Language</li>
</ul>
<hr>
<ol>
<li>
<p><strong>Install the VCL Management Node Code - Perl Daemon</strong></p>
<ul>
<li>
<p>If you have not already done so, follow the instructions on the
<a href="/downloads/download.cgi">download</a> page to download and verify
apache-VCL-2.5.1.tar.bz2, and put it in /root</p>
</li>
<li>
<p>Extract the files:</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">tar -jxvf apache-VCL-2.5.1.tar.bz2
</code></pre></div></li>
<li>
<p>Copy the managementnode directory to the location where you want it to reside
(typically /usr/local):</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">cp -ar apache-VCL-2.5.1/managementnode /usr/local/vcl-2.5.1
ln -s /usr/local/vcl-2.5.1 /usr/local/vcl
</code></pre></div></li>
</ul>
</li>
<li>
<p><strong>Install the Required Linux Packages &amp; Perl Modules</strong></p>
<ul>
<li>
<p>Run the install_perl_libs.pl script located in the bin directory:</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">perl /usr/local/vcl/bin/install_perl_libs.pl
</code></pre></div></li>
</ul>
<p>The last line of the install_perl_libs.pl script output should be:</p>
<p><em>COMPLETE: installed all components</em></p>
<p>Note: The script will hang or terminate if it encounters a problem. If this occurs,
you will need to troubleshoot the problem by looking at the output.</p>
<p>The install_perl_libs.pl script included in the VCL distribution will attempt to
download and install the required Linux packages and Perl modules. It uses the yum
utility to install the required Linux packages. The required Perl modules are available
from CPAN - The Comprehensive Perl Archive Network. The install_perl_libs.pl script
attempts to download and install the required Perl modules by using the CPAN.pm module
which is included with most Perl distributions.</p>
<p>The yum utility should exist on any modern Red Hat-based Linux distribution (Red
Hat, CentOS, Fedora, etc). If yum isn&rsquo;t available on your management node OS, you will
need to download and install the required Linux packages manually or by using another
package management utility. After installing the required Linux packages, attempt to
run the install_perl_libs.pl script again.</p>
</li>
<li>
<p><strong>Configure vcld.conf</strong></p>
<ul>
<li>
<p>Create the /etc/vcl directory:</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">mkdir /etc/vcl
</code></pre></div></li>
<li>
<p>Copy the stock vcld.conf file to /etc/vcl:</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">cp /usr/local/vcl/etc/vcl/vcld.conf /etc/vcl
</code></pre></div></li>
<li>
<p>Edit /etc/vcl/vcld.conf:</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">vi /etc/vcl/vcld.conf
</code></pre></div><p>The following lines must be configured in order to start the VCL daemon (vcld)
and allow it to check in to the database:</p>
<ul>
<li>FQDN - the fully qualified name of the management node, this should match the
name that was configured for the management node in the database</li>
<li>server - the IP address or FQDN of the database server</li>
<li>LockerWrtUser - database user account with write privileges</li>
<li>wrtPass - database user password</li>
<li>xmlrpc_pass - password for xmlrpc api from vcld to the web interface(can be
long). This will be used later to sync the database vclsystem user account</li>
<li>xmlrpc_url - URL for xmlrpc api
<a href="https://my.server.org/vcl/index.php?mode=xmlrpccall">https://my.server.org/vcl/index.php?mode=xmlrpccall</a></li>
</ul>
</li>
<li>
<p>Save the vcld.conf file</p>
</li>
</ul>
</li>
<li>
<p><strong>Configure the SSH Client</strong></p>
<p>The SSH client on the management node should be configured to prevent SSH processes
spawned by the root user to the computers it controls from hanging because of missing or
different entries in the known_hosts file.</p>
<ul>
<li>
<p>Edit the ssh_config file:</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">vi /etc/ssh/ssh_config
</code></pre></div></li>
<li>
<p>Set the following parameters:</p>
<ul>
<li>UserKnownHostsFile /dev/null</li>
<li>StrictHostKeyChecking no</li>
</ul>
</li>
</ul>
<p>Note: If you do not want these settings applied universally on the management node
the SSH configuration can also be configured to only apply these settings to certain
hosts or only for the root user. Consult the SSH documentation for more information.</p>
</li>
<li>
<p><strong>Install and Start the VCL Daemon (vcld) Service</strong></p>
<ul>
<li>
<p><strong>Steps for systemd</strong> - use these steps if your system is using systemd</p>
<ul>
<li>
<p>Copy the vcld service script to /usr/lib/systemd/system</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">cp /usr/local/vcl/etc/systemd/system/vcld.service /usr/lib/systemd/system
</code></pre></div></li>
<li>
<p>Create a vcld config file in /etc/sysconfig</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash"><span style="color:#a2f">echo</span> <span style="color:#b44">&#34;OPTIONS=&#39;-v -conf=/etc/vcl/vcld.conf&#39;&#34;</span> &gt; /etc/sysconfig/vcld
</code></pre></div></li>
<li>
<p>If using SELinux, set the correct user and context:</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">chcon -u system_u -t systemd_unit_file_t /usr/lib/systemd/system/vcld.service
</code></pre></div></li>
<li>
<p>Enable vcld.service</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">systemctl <span style="color:#a2f">enable</span> vcld.service
</code></pre></div></li>
<li>
<p>Start the vcld service:</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">systemctl start vcld.service
</code></pre></div></li>
<li>
<p>Check the vcld service by monitoring the vcld.log file:</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">tail -f /var/log/vcld.log
</code></pre></div></li>
</ul>
</li>
<li>
<p><strong>Steps for SystemV</strong> - use these steps if your system is using SystemV (scripts located in
/etc/init.d)</p>
<ul>
<li>
<p>Copy the vcld service script to /etc/init.d and name it vcld:</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">cp /usr/local/vcl/bin/S99vcld.linux /etc/init.d/vcld
</code></pre></div></li>
<li>
<p>Add the vcld service using chkconfig:</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">/sbin/chkconfig --add vcld
</code></pre></div></li>
<li>
<p>Configure the vcld service to automatically run at runtime levels 3-5:</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">/sbin/chkconfig --level <span style="color:#666">345</span> vcld on
</code></pre></div></li>
<li>
<p>Start the vcld service:</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">/sbin/service vcld start
</code></pre></div></li>
<li>
<p>Check the vcld service by monitoring the vcld.log file:</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">tail -f /var/log/vcld.log
</code></pre></div><p>You should see the following being added to the log file every few seconds if the
management node is checking in with the database:</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-text" data-lang="text">2019-06-07 13:23:45|25494|vcld:main(167)|lastcheckin time updated for management node 1: 2019-06-07 13:23:45
</code></pre></div></li>
</ul>
</li>
</ul>
</li>
<li>
<p><strong>Set the vclsystem account password for xmlrpc api</strong></p>
<p>Using the vcld -setup tool, set the vclsystem account. This is needed to properly
use the block allocation features.</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">/usr/local/vcl/bin/vcld --setup
</code></pre></div><p>Select the options listed below to set the password. When prompted paste or type the
password from xmlrpc_pass variable in the vcld.conf file and hit enter.</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">Select 5. Set Local VCL User Account Password
Select 2. vclsystem
Enter the password you <span style="color:#a2f">set</span> <span style="color:#a2f;font-weight:bold">for</span> xmlrpc_pass in /etc/vcl/vcld.conf
</code></pre></div><p>After setting the password for the vclsystem user, test that RPC-XML Access works correctly
by selecting</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">2: Test RPC-XML Access
</code></pre></div><p><strong>SUCCESS: RPC-XML access is configured correctly</strong> should be displayed followed by a long list of
available XMLRPC functions</p>
</li>
<li>
<p><strong>Install &amp; Configure the DHCP Service</strong></p>
<p>DHCP service is needed for the private network to provide address to provisioned
machines.</p>
<ul>
<li>
<p>Install dhcp if it is not already installed:</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">yum install dhcp -y
</code></pre></div></li>
<li>
<p>Configure the dhcpd service to automatically start at runlevels 3-5:</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">/sbin/chkconfig dhcpd on
</code></pre></div></li>
<li>
<p>Configure the dhcpd.conf file.</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">vi /etc/dhcpd.conf
<span style="color:#080;font-style:italic"># -or-</span>
vi /etc/dhcp/dhcpd.conf
</code></pre></div><p>Configure your dhcpd.conf file according to your network configuration.
The contents of the dhcpd.conf file will vary based on how your network is
configured. Below is an example of a basic dhcpd.conf file:</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-text" data-lang="text">ddns-update-style none;
shared-network eth0 {
subnet 10.100.0.0 netmask 255.255.255.0 {
ignore unknown-clients;
}
}
</code></pre></div><p>You will add host definitions to the dhcpd.conf file after you add computers to VCL
using the website. The website allows you to select a set of computers for which to
generate dhcpd.conf information, which can be copied and pasted into the dhcpd.conf file.</p>
</li>
<li>
<p>Start the dhcpd service:</p>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">/sbin/service dhcpd start
</code></pre></div></li>
</ul>
</li>
</ol>
<hr>
<h1 id="initial-administration-steps-after-installing-vcl">Initial Administration Steps After Installing VCL</h1>
<p>After you have installed the VCL components, you need to do some initial administration
of your new VCL install.</p>
<ol>
<li>
<p>Add Computers</p>
<ul>
<li>If using <strong>bare-metal</strong> provisioning, follow the instruction
on the <a href="addcomputers">Adding Computers</a> page, selecting <strong>Bare Metal</strong>
as the computer Type</li>
<li>If using <strong>VM</strong> provisioning:
<ul>
<li>Follow the instruction on the <a href="addcomputers">Adding Computers</a>
page, selecting <strong>Bare Metal</strong> as the computer Type to add at least one
VM Host</li>
<li>Follow the instruction on the <a href="addcomputers">Adding Computers</a>
page, selecting <strong>Virtual Machine</strong> as the computer Type to add some
virtual computers</li>
<li>Finally, <a href="assignvmtohost">Assign the VMs to VM hosts</a></li>
</ul>
</li>
</ul>
</li>
<li>
<p><a href="image-creation">Create Base Images</a></p>
</li>
<li>
<p>Configure Authorization (follow links appropriate to your site)</p>
<ul>
<li><a href="localaccounts">Adding Local Accounts</a></li>
<li><a href="ldapauth">Configuring LDAP Authentication</a></li>
<li><a href="shibauth">Configuring Shibboleth Authentication</a></li>
</ul>
</li>
</ol>
<hr>
</div>
<div id="footer">
<div class="copyright">
<p>
Copyright &copy; 2020 The Apache Software Foundation, Licensed under
the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.
<br />
Apache and the Apache feather logo are trademarks of The Apache Software Foundation.
</p>
</div>
</div>
</body>
</html>