| Installing VCL 2.2.2 |
| |
| Install & Configure: |
| I. Database |
| II. Web Components |
| III. Management Node Components |
| IV. Adding LDAP authentication |
| |
| -------------------------------------------------------------------------------- |
| |
| I. Install & Configure the Database |
| 1. Download & Extract the Apache VCL Source |
| a. If you have not already done so, download and the Apache VCL source to |
| the database server: |
| |
| wget --trust-server-names http://vcl.apache.org/downloads/download.cgi?action=download&filename=%2Fvcl%2Fapache-VCL-2.2.2.tar.bz2 |
| |
| b. Extract the files: |
| |
| tar -jxvf apache-VCL-2.2.2.tar.bz2 |
| |
| 2. Install MySQL Server |
| a. Install MySQL Server 5.x: |
| |
| yum install mysql-server -y |
| |
| b. Configure the MySQL daemon (mysqld) to start automatically: |
| |
| /sbin/chkconfig --level 345 mysqld on |
| |
| c. Start the MySQL daemon: |
| |
| /sbin/service mysqld start |
| |
| d. If the iptables firewall is being used and the web server and |
| management nodes will be on different machines, port 3306 should be |
| opend up |
| |
| Note the following rules are for Red Hat based distros. |
| |
| vi /etc/sysconfig/iptables |
| |
| Insert the following under the RH-Firewall-1-INPUT chain, changing |
| <web server IP> and <management node IP> to match your configuration. |
| |
| -A RH-Firewall-1-INPUT -m state --state NEW -s <web server IP> -p tcp --dport 3306 -j ACCEPT |
| -A RH-Firewall-1-INPUT -m state --state NEW -s <management node IP> -p tcp --dport 3306 -j ACCEPT |
| service iptables restart |
| |
| For more info on iptables: |
| |
| man iptables |
| |
| 3. Create the VCL Database |
| a. Run the MySQL command-line client: |
| |
| mysql |
| |
| b. Create a database: |
| |
| CREATE DATABASE vcl; |
| |
| c. Create a user with SELECT, INSERT, UPDATE, DELETE, and |
| CREATE TEMPORARY TABLES privileges on the database you just created: |
| |
| Replace vcluser and vcluserpassword in the SQL statement with that of |
| the user you want to use to connect to the database. The GRANT command |
| will automatically create the user if it doesn't already exist. |
| |
| GRANT SELECT,INSERT,UPDATE,DELETE,CREATE TEMPORARY TABLES ON vcl.* TO 'vcluser'@'localhost' IDENTIFIED BY 'vcluserpassword'; |
| |
| d. Exit the MySQL command-line client: |
| |
| exit |
| |
| e. Import the vcl.sql file into the database: |
| |
| mysql vcl < apache-VCL-2.2.2/mysql/vcl.sql |
| |
| The vcl.sql file is included in the mysql directory within the Apache |
| VCL source code |
| |
| -------------------------------------------------------------------------------- |
| |
| II. Install & Configure the Web Components |
| |
| Prerequisites: |
| |
| The following instructions assume these tasks have previously been completed: |
| * Apache VCL 2.2.2 has been downloaded |
| * VCL database has been installed and configured |
| |
| Web Server: |
| * Apache HTTP Server v1.3 or v2.x with SSL enabled |
| * PHP 5.0 or later |
| The VCL web frontend may run under other web server platforms capable of |
| running PHP code, but has only been tested to work with Apache HTTP Server |
| |
| Required Linux Packages(See II.1 section below on installing) |
| * libmcrypt - Encryption algorithms library |
| |
| Required PHP Modules(See II.1 section below on installing): |
| (Some of these may already be included with your PHP distribution) |
| * php-gd |
| * php-json (required if your PHP version is 5.2 or later) |
| * php-mcrypt |
| * php-mysql |
| * php-openssl |
| * php-sysvsem |
| * php-xml |
| * php-xmlrpc |
| * php-ldap (if you will be using LDAP authentication) |
| * php-process (for RHEL/CentOS 6) |
| |
| 1. Install the Required Linux Packages & PHP Modules |
| a. If your web server is running a Red Hat-based OS, the required |
| components can be installed with: |
| |
| For RHEL / CentOS 5 |
| |
| yum install httpd mod_ssl php php-gd php-mcrypt php-mysql php-xml php-xmlrpc php-ldap -y |
| |
| For RHEL / CentOS 6 |
| |
| yum install httpd mod_ssl php php-gd php-mcrypt php-mysql php-xml php-xmlrpc php-ldap php-process -y |
| |
| Note: You may need the optional server rpm repository for the |
| php-process package; to add this run the following command: |
| |
| rhn-channel --add --channel=rhel-x86_64-server-optional-6 |
| |
| b. Configure the web server daemon (httpd) to start automatically: |
| |
| /sbin/chkconfig --level 345 httpd on |
| |
| c. Start the web server daemon: |
| |
| /sbin/service httpd start |
| |
| d. If SELinux is enabled, run the following command to allow the web |
| server to connect to the database: |
| |
| /usr/sbin/setsebool -P httpd_can_network_connect=1 |
| |
| e. If the iptables firewall is being used, port 80 and 443 should be |
| opened up: |
| |
| vi /etc/sysconfig/iptables |
| |
| Insert the following lines. |
| -A RH-Firewall-1-INPUT -m state --state NEW -p tcp --dport 80 -j ACCEPT |
| -A RH-Firewall-1-INPUT -m state --state NEW -p tcp --dport 443 -j ACCEPT |
| service iptables restart |
| |
| 2. Install the VCL Frontend Web Code |
| a. Copy the web directory to a location under the web root of your web |
| server and navigate to the destination .ht-inc subdirectory: |
| |
| cp -r apache-VCL-2.2.2/web/ /var/www/html/vcl |
| cd /var/www/html/vcl/.ht-inc |
| |
| b. Copy secrets-default.php to secrets.php: |
| |
| cp secrets-default.php secrets.php |
| |
| c. Edit the secrets.php file: |
| |
| vi secrets.php |
| |
| * Set the following variables to match your database configuration: |
| * $vclhost |
| * $vcldb |
| * $vclusername |
| * $vclpassword |
| * Create random passwords for the following variables: |
| * $mcryptkey |
| * $mcryptiv (must be 8 hex characters) |
| * $pemkey |
| * Save the secrets.php file |
| d. Run the genkeys.sh script. Enter the value you set for $pemkey in |
| secrets.php as the passphrase (3 times, copy/paste is a good idea) |
| |
| ./genkeys.sh |
| |
| e. Copy conf-default.php to conf.php: |
| |
| cp conf-default.php conf.php |
| |
| f. Modify conf.php to match your site |
| |
| vi conf.php |
| |
| Modify every entry under "Things in this section must be modified". |
| Descriptions and pointers for each value are included within conf.php. |
| * COOKIEDOMAIN - set this to the domain name your web server is using |
| or leave it blank if you are only accessing the web server by its IP |
| address |
| g. Set the owner of the .ht-inc/maintenance directory to the web server |
| user (normally 'apache'): |
| |
| chown apache maintenance |
| |
| h. Open the testsetup.php page in a web browser: |
| * If you set up your site to be https://my.server.org/vcl/ open |
| https://my.server.org/vcl/testsetup.php |
| * Debug any issues reported by testsetup.php |
| |
| 3. Log In to the VCL Website |
| a. Open the index.php page (https://my.server.org/vcl/index.php) |
| * Select Local Account |
| * Username: admin |
| * Password: adminVc1passw0rd |
| b. Set the admin user password (optional): |
| * Click User Preferences |
| * Enter the current password: adminVc1passw0rd |
| * Enter a new password |
| * Click Submit Changes |
| |
| 4. Add a Management Node to the Database |
| a. Click the Management Nodes link |
| * Enter the hostname and IP address of your management node |
| * Click Add |
| * Fill in these additional required fields: |
| * SysAdmin Email Address - error emails will be sent to this address |
| * Install Path - this is parent directory under which image files |
| will be stored - only required if doing bare metal installs or |
| using VMWare with local disks |
| * End Node SSH Identity Key Files - probably just enter |
| "/etc/vcl/vcl.key" |
| * Optionally, fill in these fields: |
| * Address for Shadow Emails - End users are sent various emails |
| about the status of their reservations. If this field is |
| configured, copies of all of those emails will be sent to this |
| address. |
| * Public NIC configuration method - this defaults to Dynamic DHCP - |
| if DHCP is not available for the public interface of your nodes, |
| you can set this to Static. Then, the IP configuration on the |
| nodes will be manually set using Public Netmask, Public Gateway, |
| Public DNS Server, and the IP address set for the computer under |
| Manage Computers |
| b. Click Confirm Management Node |
| c. Click Submit |
| d. Click the Management Nodes link |
| * Select Edit Management Node Grouping |
| * Click Submit |
| * Select the checkbox for your management node |
| * Click Submit |
| |
| 5. Install & Configure phpMyAdmin (Optional): |
| phpMyAdmin is a free and optional tool which allows MySQL to be |
| administered using a web browser. It makes administering the VCL database |
| easier. This tool can be installed on the VCL web server. To install |
| phpMyAdmin, follow the instructions on: |
| |
| phpMyAdmin Installation & Configuration |
| http://vcl.apache.org/docs/installphpmyadmin.html |
| |
| Further steps if using only VMWare |
| |
| If you are using standalone VMware servers (i.e. ones that VCL did not |
| deploy using xCAT), you first need to add the VMWare servers; then, you |
| need to add the virtual machines. You can either add them individually |
| (Adding Individual VMWare Servers/Virtual Machines), or if they have |
| sequential hostnames and IP addresses, you can add them all at once |
| (Adding Multiple VMWare Servers/Virtual Machines). |
| |
| Once you have added at least one computer, you can get to the "Add |
| Single Computer" page by going to "Manage Computers->Edit Computer |
| Information" and clicking Add. You can get to the "Add Multiple |
| Computers" page by doing the same thing but checking the "Add |
| Multiple" checkbox. |
| |
| Adding Individual VMware Servers |
| |
| 1. Click Manage Computers |
| 2. Select the Add Single Computer radio button |
| 3. Click Submit |
| 4. Fill in the following: |
| * Hostname |
| * IP Address |
| * State - vmhostinuse *** Double-check this because you will |
| not be able to change it later |
| * Owner - admin@Local |
| * RAM |
| * Processor Speed |
| * Network Speed |
| * Type - blade |
| * Provisioning Engine - xCAT 2.x Provisioning |
| * Click the checkbox under allcomputers |
| 5. Click Confirm Computer |
| 6. Click Submit |
| 7. Select a VM Host Profile these VMware hosts will use. You can |
| modify the VM Host Profile later if needed. See following page |
| for more information about VM Host Profiles: |
| |
| http://cwiki.apache.org/VCL/vmware-configuration.html |
| |
| 8. Click Add Computer |
| * The computer you just added isn't listed after clicking Submit. |
| This is not a problem. |
| Adding Multiple VMWare Servers |
| |
| 1. Click Manage Computers |
| 2. Select the Add Multiple Computers radio button |
| 3. Click Submit |
| 4. Fill in the following: |
| * Hostname - the hostnames of all the computers must have a |
| numerical part that is sequential, use a % as a placeholder |
| where that part would be |
| * Start value - the first number of the numerical part of the |
| hostname |
| * End value - the last number of the numerical part of the |
| hostname |
| * Start IP Address - if using static public addresses, the IP |
| addresses must be sequential; enter the first address here; if |
| using DHCP, just enter something like 1.1.1.1 |
| * End IP address - the last IP address of the sequence; if using |
| DHCP, you'll need to enter something that would work out to the |
| last address relative to Start IP Address (i.e. if adding 3 |
| computers, use 1.1.1.1 for start and 1.1.1.3 for end) |
| * State - vmhostinuse *** Double-check this because you will |
| not be able to change it later |
| * Owner - owner of the computer |
| * RAM |
| * Processor Speed |
| * Network Speed |
| * Type - blade |
| * Provisioning Engine - xCAT 2.x |
| * Check allComputers |
| 5. Click Confirm Computers |
| 6. Click Submit |
| 7. Select a VM Host Profile these VMware hosts will use. You can |
| modify the VM Host Profile later if needed. See following page |
| for more information about VM Host Profiles: |
| |
| http://vcl.apache.org/docs/vmwareconfiguration |
| |
| 8. Click Add Computers |
| |
| Adding Virtual Machines |
| |
| 1. Click Manage Computers |
| 2. Select the Add Multiple Computers radio button |
| 3. Click Submit |
| 4. Fill in the following: |
| * Hostname - the hostnames of all the computers must have a |
| numerical part that is sequential, use a % as a placeholder |
| where that part would be |
| * Start value - the first number of the numerical part of the |
| hostname |
| * End value - the last number of the numerical part of the |
| hostname |
| * Start IP Address - if using static public addresses, the IP |
| addresses must be sequential; enter the first address here; if |
| using DHCP, just enter something like 1.1.1.1 |
| * End IP address - the last IP address of the sequence; if using |
| DHCP, you'll need to enter something that would work out to the |
| last address relative to Start IP Address (i.e. if adding 3 |
| computers, use 1.1.1.1 for start and 1.1.1.3 for end) |
| * Start private IP Address - similar to Start IP Address, but for |
| the private side |
| * End private IP Address - similar to the End IP Address but for |
| the private side |
| * Start MAC Address - if mac addresses are sequential, with the |
| first one being the private MAC address for the first computer, |
| the second one being the public MAC address for the first |
| computer, the third one being the private MAC address of the |
| second computer, etc, you can enter the first one here and then |
| have the option of generating data to add to your dhcpd.conf |
| file later in the process. |
| |
| NOTE: For VMware virtual machines, the MAC addresses you choose |
| must be in the range 00:50:56:00:00:00 - 00:50:56:3F:FF:FF. Pay |
| special attention to the upper bound of this range. |
| 00:50:56:40:00:00 - 00:50:56:FF:FF:FF are NOT valid VMware |
| virtual machines. |
| * State - maintenance |
| * Owner - owner of the computer |
| * RAM |
| * Processor Speed |
| * Network Speed |
| * Type - virtualmachine |
| * Provisioning Engine - VMware |
| * Check All VM Computers and newvmimages |
| 5. Click Confirm Computers |
| 6. Click Submit |
| 7. If you filled in the private address fields and the Start MAC |
| Address, you can now enter the private IP address of the |
| management node that will be handling these virtual machines to |
| generate information to add to your dhcpd.conf file. |
| |
| Further steps if using xCAT |
| |
| If you will not be doing bare metal provisioning, you can skip down to |
| "Adding Local VCL Accounts". |
| |
| You can initially add individual computers or multiple computers all |
| together. After you have added at least one computer, you will need to |
| go to Manage Computers -> Edit Computer Information to additional ones. |
| |
| Adding Individual Computers |
| |
| 1. click "Manage Computers" |
| 2. select the "Add Single Computer" radio button |
| 3. click Submit |
| 4. fill in Hostname, IP Address, owner (admin@Local), RAM, Proc |
| Speed, Network Speed, select "blade" for Type, select "xCAT 2.x |
| Provisioning" for "Provisioning Engine", and click the checkbox |
| under "allcomputers", and "newimages" |
| 5. click Confirm Computer |
| 6. click Submit (don't worry about the fact that the computer you |
| just added isn't listed after clicking Submit) |
| 7. after you've configured your image library and your management |
| node has started checking in, you should be able to make a |
| reservation |
| |
| Adding Multiple Computers |
| |
| 1. click "Manage Computers" |
| 2. select the "Add Multiple Computers" radio button |
| 3. click Submit |
| 4. fill in |
| * Hostname - the hostnames of all the computers must have a |
| numerical part that is sequential, use a % as a placeholder |
| where that part would be |
| * Start value - the first number of the numerical part of the |
| hostname |
| * End value - the last number of the numerical part of the |
| hostname |
| * Start IP Address - if using static public addresses, the IP |
| addresses must be sequential; enter the first address here; if |
| using DHCP, just enter something like 1.1.1.1 |
| * End IP address - the last IP address of the sequence; if using |
| DHCP, you'll need to enter something that would work out to the |
| last address relative to Start IP Address (i.e. if adding 3 |
| computers, use 1.1.1.1 for start and 1.1.1.3 for end) |
| * Owner - owner of the computer |
| * RAM |
| * Processor Speed |
| * Network Speed |
| * Type - blade |
| * Provisioning Engine - xCAT 2.x |
| * check allComputers and newimages |
| 5. click Confirm Computer |
| 6. click Submit (don't worry about the fact that the computers you |
| just added aren't listed after clicking Submit) |
| 7. after you've configured your image library and your management |
| node has started checking in, you should be able to make a |
| reservation |
| |
| -------------------------------------------------------------------------------- |
| |
| III. Install & Configure the Management Node Components |
| |
| Prerequisites |
| |
| The following management node installation instructions assume the |
| instructions on the following pages have previously been completed: |
| * VCL 2.2.2 Database Installation |
| * VCL 2.2.2 Web Code Installation |
| |
| Supported Operating Systems: |
| |
| The VCL management node daemon (vcld) has been developed to run on an |
| operating system based on Red Hat Enterprise Linux (RHEL). It has been |
| tested on the following: |
| * Red Hat Enterprise Linux 4.x |
| * Red Hat Enterprise Linux 5.x |
| * CentOS 5.x |
| |
| Required Linux Packages: |
| |
| The VCL management node daemon (vcld) requires the following Linux |
| packages and Perl modules in order to run (see step 2 below for |
| installation instructions): |
| * expat - A library for parsing XML |
| * expat-devel - Libraries and include files to develop XML applications |
| with expat |
| * gcc - Various compilers (C, C++, Objective-C, Java, ...) |
| * krb5-libs - The shared libraries used by Kerberos 5 |
| * krb5-devel - Development files needed to compile Kerberos 5 programs |
| * libxml2 - Library providing XML and HTML support |
| * libxml2-devel - Libraries, includes, etc. to develop XML and HTML |
| applications |
| * mysql - MySQL client programs and shared libraries |
| * nmap - Network exploration tool and security scanner |
| * openssh - The OpenSSH implementation of SSH protocol versions 1 and 2 |
| * openssl - The OpenSSL toolkit |
| * openssl-devel - Files for development of applications which will use |
| OpenSSL |
| * perl - The Perl programming language |
| * perl-DBD-MySQL - A MySQL interface for perl |
| * xmlsec1-openssl - OpenSSL crypto plugin for XML Security Library |
| |
| Required Perl Modules: |
| |
| The VCL management node daemon (vcld) is written in Perl and has been |
| tested on Perl 5.8.x. The following Perl modules available from CPAN are |
| also required (see step 2 below for installation instructions): |
| * DBI - Generic Database Interface |
| * Digest::SHA1 - NIST SHA message digest algorithm |
| * Mail::Mailer - Simple mail agent interface |
| * Object::InsideOut - Comprehensive inside-out object support |
| * RPC::XML - A set of classes for core data, message and XML handling |
| * YAML - YAML Ain't Markup Language |
| |
| 1. Install the VCL Management Node Code - Perl Daemon |
| Copy the managementnode directory to the location where you want it to |
| reside (typically /usr/local): |
| |
| cp -r apache-VCL-2.2.2/managementnode /usr/local/vcl |
| |
| 2. Install the Required Linux Packages & Perl Modules |
| Run the install_perl_libs.pl script: |
| |
| perl /usr/local/vcl/bin/install_perl_libs.pl |
| |
| The last line of the install_perl_libs.pl script output should be: |
| |
| successfully installed required Perl modules |
| |
| Note: The script will hang or terminate if it encounters a problem. If |
| this occurs, you will need to troubleshoot the problem by looking at the |
| output. |
| |
| The install_perl_libs.pl script included in the VCL distribution will |
| attempt to download and install the required Linux packages and Perl |
| modules. It uses the yum utility to install the required Linux packages. |
| The required Perl modules are available from CPAN - The Comprehensive Perl |
| Archive Network. The install_perl_libs.pl script attempts to download and |
| install the required Perl modules by using the CPAN.pm module which is |
| included with most Perl distributions. |
| |
| The yum utility should exist on any modern Red Hat-based Linux |
| distribution (Red Hat, CentOS, Fedora, etc). If yum isn't available on |
| your management node OS, you will need to download and install the |
| required Linux packages manually or by using another package management |
| utility. After installing the required Linux packages, attempt to run the |
| install_perl_libs.pl script again. |
| |
| 3. Configure vcld.conf |
| a. Create the /etc/vcl directory: |
| |
| mkdir /etc/vcl |
| |
| b. Copy the stock vcld.conf file to /etc/vcl: |
| |
| cp /usr/local/vcl/etc/vcl/vcld.conf /etc/vcl |
| |
| c. Edit /etc/vcl/vcld.conf: |
| |
| vi /etc/vcl/vcld.conf |
| |
| The following lines must be configured in order to start the VCL daemon |
| (vcld) and allow it to check in to the database: |
| * FQDN - the fully qualified name of the management node, this |
| should match the name that was configured for the management node |
| in the database |
| * server - the IP address or FQDN of the database server |
| * LockerWrtUser - database user account with write privileges |
| * wrtPass - database user password |
| d. Save the vcld.conf file |
| |
| 4. Configure the SSH Client |
| The SSH client on the management node should be configured to prevent SSH |
| processes spawned by the root user to the computers it controls from |
| hanging because of missing or different entries in the known_hosts file. |
| |
| Edit the ssh_config file: |
| |
| vi /etc/ssh/ssh_config |
| |
| Locate the UserKnownHostsFile and StrictHostKeyChecking lines and change |
| them to the following: |
| |
| UserKnownHostsFile /dev/null |
| StrictHostKeyChecking no |
| |
| Note: If you do not want these settings applied universally on the |
| management node the SSH configuration can also be configured to only apply |
| these settings to certain hosts or only for the root user. Consult the SSH |
| documentation for more information. |
| |
| 5. Install and Start the VCL Daemon (vcld) Service |
| a. Copy the vcld service script to /etc/init.d and name it vcld: |
| |
| cp /usr/local/vcl/bin/S99vcld.linux /etc/init.d/vcld |
| |
| b. Add the vcld service using chkconfig: |
| |
| /sbin/chkconfig --add vcld |
| |
| c. Configure the vcld service to automatically run at runtime levels 3-5: |
| |
| /sbin/chkconfig --level 345 vcld on |
| |
| d. Start the vcld service: |
| |
| /sbin/service vcld start |
| |
| You should see output similar to the following: |
| |
| Starting vcld daemon: |
| ===================================================================== |
| VCL Management Node Daemon (vcld) | 2011-03-15 10:23:04 |
| ===================================================================== |
| bin path: /usr/local/vcl/bin |
| config file: /etc/vcl/vcld.conf |
| log file: /var/log/vcld.log |
| pid file: /var/run/vcld.pid |
| daemon mode: 1 |
| setup mode: 0 |
| verbose mode: 1 |
| ===================================================================== |
| Created VCL daemon process: 8465 |
| [ OK ] |
| |
| The vcld service can also be started by running the service script |
| directly: /etc/init.d/vcld start |
| |
| e. Check the vcld service by monitoring the vcld.log file: |
| |
| tail -f /var/log/vcld.log |
| |
| You should see the following being added to the log file every few |
| seconds if the management node is checking in with the database: |
| |
| 2009-06-16 16:57:15|15792|vcld:main(165)|lastcheckin time updated |
| for management node 18: 2009-06-16 16:57:15 |
| |
| 6. Configure Windows Product Keys and/or KMS Server Addresses (Optional) |
| If you will be deploying Windows environments your institution's Windows |
| product key and/or KMS server addresses must be entered into the VCL |
| database. This can be done by running the following command: |
| |
| /usr/local/vcl/bin/vcld -setup |
| Select "Windows OS Module" and follow the prompts. |
| |
| 7. Download Windows Sysprep Utility (Optional) |
| If you will be using VCL to deploy bare-metal Windows XP or Windows Server |
| 2003 environments via xCAT, the appropriate versions of the Microsoft |
| Sysprep utility must be downloaded to the management node. The following |
| steps do not need to be completed if you only intend to deploy VMware |
| virtual machines. |
| |
| The Sysprep utility is included in the Deployment Tools available for free |
| from Microsoft. You do not need to download Sysprep for Windows 7 or |
| Windows Server 2008 because it is included in the operating system. |
| |
| The Sysprep files need to be downloaded, extracted, and then copied to the |
| management node. The format of the file available for download is |
| Microsoft's .cab format. It is easiest to extract the files on a Windows |
| computer. Windows Explorer is able to open the .cab file and then the |
| files contained within can be copied elsewhere. |
| |
| a. Windows XP |
| * Download Sysprep for Windows XP: Windows XP Service Pack 3 |
| Deployment Tools |
| * Extract the Windows XP Sysprep Files |
| * Copy the extracted Windows XP Sysprep files to the following |
| directory the management node: |
| |
| /usr/local/vcl/tools/Windows_XP/Utilities/Sysprep |
| |
| b.Windows Server 2003 |
| * Download Sysprep for Windows Server 2003: System Preparation tool |
| for Windows Server 2003 Service Pack 2 Deployment |
| * Extract the Windows Server 2003 Sysprep Files |
| * Copy the extracted Windows Server 2003 Sysprep files to the |
| following directory the management node: |
| |
| /usr/local/vcl/tools/Windows_Server_2003/Utilities/Sysprep |
| |
| 8.Download Windows Drivers (Optional) |
| |
| Drivers which aren't included with Windows must be downloaded and saved to |
| the management node. The drivers required will vary greatly depending on |
| the hardware. The only way to know what additional drivers you need is to |
| install Windows on a computer and check for missing drivers. |
| |
| The drivers must be copied to the appropriate directory on the management |
| node. The VCL image capture process copies the driver directories to the |
| computer before an image is captured. Drivers from multiple directories |
| will be copied based on the version of Windows being captured. There are |
| driver directories under tools for each version of Windows (Windows XP, |
| Windows 7) and for each version group of Windows (version 5, 6). This |
| allows drivers which are common to multiple versions of Windows to be |
| shared in the management node tools directory structure. |
| |
| Examples: |
| |
| If a chipset driver works for all versions of Windows it should be saved |
| in: |
| |
| /var/lib/vcl/tools/Windows/Drivers/Chipset |
| |
| If Windows XP and Windows Server 2003 both use the same network driver it |
| can be saved in: |
| |
| /var/lib/vcl/tools/Windows_Version_5/Drivers/Network |
| |
| If a storage driver only works for Windows XP it should be saved in: |
| |
| /var/lib/vcl/tools/Windows_XP/Drivers/Storage |
| |
| During the image capture process, each Windows version directory is copied |
| to the computer under C:\Cygwin\home\root\VCL. The order in which the |
| Windows version directories are copied goes from most general to most |
| specific. In the example above, the order would be: |
| |
| /var/lib/vcl/tools/Windows/* |
| /var/lib/vcl/tools/Windows_Version_5/* |
| /var/lib/vcl/tools/Windows_XP/* |
| |
| The following list shows which driver files should be saved in the driver |
| directories: |
| |
| /var/lib/vcl/tools/Windows/Drivers - drivers common to all versions of |
| Windows |
| /var/lib/vcl/tools/Windows_Version_5/Drivers - drivers used by Windows XP |
| and Server 2003 |
| /var/lib/vcl/tools/Windows_XP/Drivers - drivers only used by Windows XP |
| /var/lib/vcl/tools/Windows_Server_2003/Drivers - drivers only used by |
| Windows Server 2003 |
| /var/lib/vcl/tools/Windows_Version_6/Drivers - drivers used by Windows |
| Vista and Server 2008 |
| /var/lib/vcl/tools/Windows_7/Drivers - drivers only used by Windows 7 |
| /var/lib/vcl/tools/Windows_Server_2008/Drivers - drivers only used by |
| Windows Server 2008 |
| |
| The directory structure under each Drivers directory does not matter. It |
| is helpful to organize each directory by driver class, and each directory |
| should be organized using the same theme. For example: |
| |
| /var/lib/vcl/tools/Windows_Version_XP/Drivers/Chipset |
| /var/lib/vcl/tools/Windows_Version_XP/Drivers/Network |
| /var/lib/vcl/tools/Windows_Version_XP/Drivers/Storage |
| /var/lib/vcl/tools/Windows_Version_XP/Drivers/Video |
| |
| 8. Install & Configure Provisioning Engines and Hypervisors |
| VCL supports the following, please see the related websites for |
| installation and configuration instructions: |
| |
| a. xCAT - Extreme Cluster Administration Toolkit |
| * Versions Supported: |
| * 1.3 |
| * 2.x |
| * See the xCAT website for installation & configuration information: |
| |
| http://xcat.sourceforge.net |
| |
| b. VMware |
| * See the VMware website for installation & configuration information: |
| |
| http://www.vmware.com |
| |
| * See the following page for additional VCL VMware configuration |
| information: |
| |
| http://cwiki.apache.org/VCL/vmware-configuration.html |
| |
| -------------------------------------------------------------------------------- |
| |
| IV. Configure Frontend Authentication |
| |
| |
| |
| Adding Local VCL Accounts |
| |
| Local VCL accounts are contained within the VCL database. The admin |
| account is a local VCL account. Additional local accounts can be added |
| via the backend management node code. After you have finished the |
| backend management node installation, run: |
| |
| vcld -setup |
| |
| 1. Select VCL Base Module |
| 2. Select Add Local VCL User Account |
| 3. Enter the requested information |
| |
| |
| |
| Adding LDAP Authentication |
| |
| 1. Prerequisites for your LDAP server: |
| |
| * enable SSL on your LDAP server |
| * Create an account that can look up a user's first and last names, user |
| id, and email address (email address is optional) - this will be |
| referred to as 'vcllookup' in this document. You can skip this step if |
| anonymous binds are enabled on your LDAP server and an anonymous bind |
| will be able to look up userids, names, and email addresses. |
| * if your LDAP server is firewalled, you will need to allow your VCL web |
| server to access tcp port 636 on your LDAP server |
| |
| 2. Prerequisites for your VCL web server: |
| |
| * php-ldap needs to be installed |
| * If your LDAP server SSL certificate is self-signed, your VCL web |
| server needs to have the root CA certificate that was used to sign the |
| LDAP server certificate installed. The PEM formatted certificate needs |
| to be added to the ca-bundle.crt file. On CentOS, the file is located at |
| |
| /etc/pki/tls/certs/ca-bundle.crt |
| |
| * After adding the certificate, restart httpd: |
| |
| service httpd restart |
| |
| * You can verify that the certificate is properly installed using this |
| command: |
| |
| openssl s_client -showcerts -CAfile /etc/pki/tls/certs/ca-bundle.crt \ |
| -connect your.ldap.server.here:636 |
| |
| If you see "Verify return code: 0 (ok)" at the end of the output, then |
| it is installed correctly. If you see a different return code, then |
| you'll need to work through the problem. |
| * You may need to add a line to /etc/openldap/ldap.conf to point to the |
| ca-bundle.crt file. It is difficult to explain if you need it or not, |
| but if you do, add the following: |
| |
| TLS_CACERT /etc/pki/tls/certs/ca-bundle.crt |
| |
| 3. Adding LDAP Authentication to the Web Code |
| |
| * You will need to manually add an entry to the affiliation table in the |
| vcl database. You need to come up with a name for the affiliation. This |
| will be appended to all userids for the affiliation to distinguish them |
| from other affiliations you may configure later. Initials or a short |
| name of your organization are a good idea. This cannot contain spaces. |
| Use the following to add the affiliation, replacing 'EXAMPLE' with the |
| name you chose. Take note of the id from the 2nd SQL statement as you |
| will need it later. It is the affiliationid for this affiliation. |
| |
| mysql vcl |
| INSERT INTO affiliation (name) VALUES ('EXAMPLE'); |
| SELECT id FROM affiliation WHERE name = 'EXAMPLE'; |
| exit |
| |
| * Edit conf.php and search for "EXAMPLE1 LDAP" |
| * Uncomment the "EXAMPLE1 LDAP" section by removing the '/*' before it and |
| the '*/' at the end of 'to use this login mechanism' |
| * Change 'EXAMPLE1 LDAP' to something to match your location, for example |
| at NCSU, it is 'NCSU LDAP'. This string is what users will see where |
| they select the authentication mechanism to use when logging in. |
| * Modify the following fields: |
| * server - this is the hostname of your LDAP server |
| * binddn - typically, you'll want to use the base DN of your LDAP |
| server; for Active Directory, this is usually dc= for each of your |
| domain name components. For example, your your domain name was |
| ad.example.org, it would be "dc=ad,dc=example,dc=org" |
| * userid - this is a string that is added to the userid a user enters on |
| the login page. Place a '%s' where the entered userid should go. Some |
| examples are: |
| * %s@example.org |
| * %s@ad.example.org |
| * uid=%s,ou=accounts,dc=example,dc=org' |
| * unityid - this is the ldap field that contains a user's login id (for |
| Active Directory, this is usually sAMAccountName) |
| * firstname - this is the ldap field that contains a user's first name |
| * lastname - this is the ldap field that contains a user's last name |
| * email - this is the ldap field that contains a user's email address |
| * defaultemail - if an email address is not provided by the ldap server, |
| this will be appended to the end of the userid to create an email |
| address. In this case, email notifications will be disabled by default |
| * masterlogin - this is the vcllookup account referred to in the |
| "Prerequisites for your LDAP server" section - comment out this line |
| if using anonymous binds |
| * masterpwd - password for the masterlogin account - comment out this |
| line if using anonymous binds |
| * affiliationid - this is the id from the SELECT statement in the first |
| step |
| * help - this is some text that will show up on the page where users |
| select the authentication method explaining why they would select |
| this option |
| * uncomment the require_once line for ldapauth.php toward the bottom of |
| the file |
| |
| 4. Tweak if your LDAP server has users in multiple containers |
| |
| If your LDAP server has users in multiple containers, then the full DN for |
| each user must be looked up before doing a bind to the LDAP server to |
| authenticate the user. In this case, you'll need to modify |
| authentication.php. |
| |
| * edit authenciation.php |
| * search for ldapLogin |
| * search for EXAMPLE1 LDAP in the function |
| * uncomment the block of code it is contained in by removing the '/*' at |
| the beginning of the line containing 'EXAMPLE1 LDAP', and removing the |
| '*/' at the end of the else that is before |
| '$ldapuser = sprintf($authMechs[]'userid', $userid);' |
| * change 'EXAMPLE1 LDAP' to match what you changed it to in step 3 |
| * Look for the line containing 'cn=$userid'. If you use 'cn' to look up |
| userids in your LDAP server, the line is fine as is. If you use |
| something else, such as 'uid', change 'cn' to 'uid' or whatever is used |
| on your LDAP server. |
| * save the file |