| Installing VCL 2.3 |
| |
| Install & Configure: |
| I. Database |
| II. Web Components |
| III. Management Node Components |
| IV. Adding LDAP authentication |
| |
| -------------------------------------------------------------------------------- |
| |
| I. Install & Configure the Database |
| 1. Download & Extract the Apache VCL Source |
| a. If you have not already done so, download and the Apache VCL source to |
| the database server: |
| |
| wget http://www.apache.org/dist/vcl/apache-VCL-2.3.tar.bz2 |
| |
| b. Extract the files: |
| |
| tar -jxvf apache-VCL-2.3.tar.bz2 |
| |
| 2. Install MySQL Server |
| a. Install MySQL Server 5.x: |
| |
| yum install mysql-server -y |
| |
| b. Configure the MySQL daemon (mysqld) to start automatically: |
| |
| /sbin/chkconfig --level 345 mysqld on |
| |
| c. Start the MySQL daemon: |
| |
| /sbin/service mysqld start |
| |
| d. If the iptables firewall is being used and the web server and |
| management nodes will be on different machines, port 3306 should be |
| opend up |
| |
| Note the following rules are for Red Hat based distros. |
| |
| vi /etc/sysconfig/iptables |
| |
| Insert the following under the RH-Firewall-1-INPUT chain, changing |
| <web server IP> and <management node IP> to match your configuration. |
| |
| -A RH-Firewall-1-INPUT -m state --state NEW -s <web server IP> -p tcp --dport 3306 -j ACCEPT |
| -A RH-Firewall-1-INPUT -m state --state NEW -s <management node IP> -p tcp --dport 3306 -j ACCEPT |
| service iptables restart |
| |
| For more info on iptables: |
| man iptables |
| |
| 3. Create the VCL Database |
| a. Run the MySQL command-line client: |
| |
| mysql |
| |
| b. Create a database: |
| |
| CREATE DATABASE vcl; |
| |
| c. Create a user with SELECT, INSERT, UPDATE, DELETE, and |
| CREATE TEMPORARY TABLES privileges on the database you just created: |
| |
| Replace vcluser and vcluserpassword in the SQL statement with that of |
| the user you want to use to connect to the database. The GRANT command |
| will automatically create the user if it doesn't already exist. |
| |
| GRANT SELECT,INSERT,UPDATE,DELETE,CREATE TEMPORARY TABLES ON vcl.* TO 'vcluser'@'localhost' IDENTIFIED BY 'vcluserpassword'; |
| |
| d. Exit the MySQL command-line client: |
| |
| exit |
| |
| e. Import the vcl.sql file into the database: |
| |
| mysql vcl < apache-VCL-2.3/mysql/vcl.sql |
| |
| The vcl.sql file is included in the mysql directory within the Apache |
| VCL source code |
| |
| -------------------------------------------------------------------------------- |
| |
| II. Install & Configure the Web Components |
| |
| Prerequisites: |
| |
| The following instructions assume these tasks have previously been completed: |
| * Apache VCL 2.3 has been downloaded |
| * VCL database has been installed and configured |
| |
| Web Server: |
| * Apache HTTP Server v1.3 or v2.x with SSL enabled |
| * PHP 5.0 or later |
| The VCL web frontend may run under other web server platforms capable of |
| running PHP code, but has only been tested to work with Apache HTTP Server |
| |
| Required Linux Packages(See II.1 section below on installing) |
| * httpd - Apache HTTP Server |
| * mod_ssl - SSL/TLS module for the Apache HTTP server |
| * php - The PHP HTML-embedded scripting language |
| |
| Required PHP Modules(See II.1 section below on installing): |
| (Some of these may already be included with your PHP distribution) |
| * php-gd |
| * php-json (required if your PHP version is 5.2 or later) |
| * php-mysql |
| * php-openssl |
| * php-sysvsem |
| * php-xml |
| * php-xmlrpc |
| * php-ldap (if you will be using LDAP authentication) |
| * php-process (for RHEL/CentOS 6) |
| |
| 1. Install the Required Linux Packages & PHP Modules |
| a. If your web server is running a Red Hat-based OS, the required |
| components can be installed with: |
| |
| For RHEL / CentOS 5 |
| yum install httpd mod_ssl php-gd php-mcrypt php-mysql php-xml php-xmlrpc php-ldap -y |
| |
| For RHEL / CentOS 6 |
| yum install httpd mod_ssl php-gd php-mcrypt php-mysql php-xml php-xmlrpc php-ldap php-process -y |
| |
| Note: You may need the optional server rpm repository for the |
| php-process package to add this run the following command: |
| rhn-channel --add --channel=rhel-x86_64-server-optional-6 |
| |
| b. Configure the web server daemon (httpd) to start automatically: |
| |
| /sbin/chkconfig --level 345 httpd on |
| |
| c. Start the web server daemon: |
| |
| /sbin/service httpd start |
| |
| d. If SELinux is enabled, run the following command to allow the web |
| server to connect to the database: |
| |
| /usr/sbin/setsebool -P httpd_can_network_connect=1 |
| |
| e. If the iptables firewall is being used, port 80 and 443 should be |
| opened up: |
| |
| vi /etc/sysconfig/iptables |
| |
| Insert the following lines. |
| -A RH-Firewall-1-INPUT -m state --state NEW -p tcp --dport 80 -j ACCEPT |
| -A RH-Firewall-1-INPUT -m state --state NEW -p tcp --dport 443 -j ACCEPT |
| service iptables restart |
| |
| 2. Install the VCL Frontend Web Code |
| a. Copy the web directory to a location under the web root of your web |
| server and navigate to the destination .ht-inc subdirectory: |
| |
| cp -r apache-VCL-2.3/web/ /var/www/html/vcl |
| cd /var/www/html/vcl/.ht-inc |
| |
| b. Copy secrets-default.php to secrets.php: |
| |
| cp secrets-default.php secrets.php |
| |
| c. Edit the secrets.php file: |
| |
| vi secrets.php |
| |
| * Set the following variables to match your database configuration: |
| * $vclhost |
| * $vcldb |
| * $vclusername |
| * $vclpassword |
| * Create random passwords for the following variables: |
| * $cryptkey |
| * $pemkey |
| * Save the secrets.php file |
| d. Run the genkeys.sh script |
| |
| ./genkeys.sh |
| |
| e. Copy conf-default.php to conf.php: |
| |
| cp conf-default.php conf.php |
| |
| f. Modify conf.php to match your site |
| |
| vi conf.php |
| |
| Modify every entry under "Things in this section must be modified". |
| Descriptions and pointers for each value are included within conf.php. |
| * COOKIEDOMAIN - set this to the domain name your web server is using |
| or leave it blank if you are only accessing the web server by its IP |
| address |
| g. Set the owner of the .ht-inc/maintenance directory to the web server |
| user (normally 'apache'): |
| |
| chown apache maintenance |
| |
| h. Open the testsetup.php page in a web browser: |
| * If you set up your site to be https://my.server.org/vcl/ open |
| https://my.server.org/vcl/testsetup.php |
| * Debug any issues reported by testsetup.php |
| |
| 3. Log In to the VCL Website |
| a. Open the index.php page (https://my.server.org/vcl/index.php) |
| * Select Local Account |
| * Username: admin |
| * Password: adminVc1passw0rd |
| b. Set the admin user password (optional): |
| * Click User Preferences |
| * Enter the current password: adminVc1passw0rd |
| * Enter a new password |
| * Click Submit Changes |
| |
| 4. Add a Management Node to the Database |
| a. Click the Management Nodes link |
| * Click Add |
| * Fill in these required fields: |
| * Hostname - The name of the management node server. This value |
| doesn't necessarily need to be a name registered in DNS nor does it |
| need to be the value displayed by the Linux hostname command. For |
| example, if you are installing all of the VCL components on the |
| same machine you can set this value to localhost. |
| * IP address - enter the IP address that matches the hostname you |
| entered (if you entered localhost for hostname, use 127.0.0.1) |
| * Owner - probably admin@Local |
| * SysAdmin Email Address - error emails will be sent to this address |
| (not required, but a really good idea to fill in) |
| * Install Path - this is parent directory under which image files |
| will be stored - only required if doing bare metal installs or |
| using VMWare with local disks |
| * End Node SSH Identity Key Files - probably just enter |
| "/etc/vcl/vcl.key" |
| * Optionally, fill in these fields: |
| * Address for Shadow Emails - End users are sent various emails |
| about the status of their reservations. If this field is |
| configured, copies of all of those emails will be sent to this |
| address. |
| * Public NIC configuration method - this defaults to Dynamic DHCP - |
| if DHCP is not available for the public interface of your nodes, |
| you can set this to Static. Then, the IP configuration on the |
| nodes will be manually set using Public Netmask, Public Gateway, |
| Public DNS Server, and the IP address set for the computer under |
| Manage Computers |
| b. Click Confirm Management Node |
| c. Click Submit |
| d. Click the Management Nodes link |
| * Select Edit Management Node Grouping |
| * Click Submit |
| * Select the checkbox for your management node |
| * Click Submit Changes |
| |
| 5. Install & Configure phpMyAdmin (Optional): |
| phpMyAdmin is a free and optional tool which allows MySQL to be |
| administered using a web browser. It makes administering the VCL database |
| easier. This tool can be installed on the VCL web server. To install |
| phpMyAdmin, follow the instructions on: |
| |
| VCL 2.3 phpMyAdmin Installation & Configuration |
| http://cwiki.apache.org/VCL/vcl-23-phpmyadmin-installation-configuration.html |
| |
| Further steps if using only VMWare |
| |
| If you will only be using bare metal provisioning, you can skip down to |
| "Further steps if using xCAT". |
| |
| If you are using standalone VMware servers (i.e. ones that VCL did not |
| deploy using xCAT), you first need to configure a VM Profile to match |
| your setup. Next, add the VMWare servers. Then, you need to add the |
| virtual machines. You can either add them individually (Adding |
| Individual VMWare Servers/Virtual Machines), or if they have sequential |
| hostnames and IP addresses, you can add them all at once (Adding |
| Multiple VMWare Servers/Virtual Machines). |
| |
| Once you have added at least one computer, you can add more computers |
| by going to Manage Computers->Edit Computer Information and clicking |
| Add Single Computer or Add Multiple Computers. |
| |
| Configure VM Profile(s) |
| |
| 1. Click Virtual Hosts |
| 2. Select the VM Host Profiles tab |
| 3. Select a profile whose name matches your setup or click New |
| Profile... |
| a. If using an existing profile, click Configure Profile |
| b. If creating a new profile: |
| i. Enter the name of the profile |
| ii. Click Create Profile |
| |
| 4. Configure the profile to match your setup. Hover over any ? icons |
| to get further information about that field. More information is |
| available on the VMware Configuration page: |
| |
| http://cwiki.apache.org/VCL/vmware-configuration.html |
| |
| NOTE: Just click on the text of any field you want to edit to change |
| it. After changing it, click somewhere else to save the changed |
| value for that field. Changes are immediate; there is no "save" |
| button for this tab. |
| |
| Adding Individual VMware Servers |
| |
| 1. Click Manage Computers |
| 2. Select the Add Single Computer radio button |
| 3. Click Submit |
| 4. Fill in the following: |
| * Hostname |
| * Type - blade |
| * Public IP Address |
| * Private IP Address (optional) |
| * Public MAC Address (optional) |
| * Private MAC Address (optional) |
| * Provisioning Engine - "None" |
| * State - vmhostinuse |
| * VM Host Profile - use a default profile or one configured in |
| the previous step |
| * Owner - admin@Local |
| * RAM |
| * No. Cores |
| * Processor Speed |
| * Network Speed |
| * Physical Location (optional) |
| * Click the checkbox under allComputers |
| 5. Click Confirm Computer |
| 6. Click Submit |
| * The computer you just added isn't listed after clicking Submit. |
| This is not a problem. |
| Adding Multiple VMWare Servers |
| |
| 1. Click Manage Computers |
| 2. Select the Add Multiple Computers radio button |
| 3. Click Submit |
| 4. Fill in the following: |
| * Hostname - the hostnames of all the computers must have a |
| numerical part that is sequential, use a % as a placeholder |
| where that part would be |
| * Start value - the first number of the numerical part of the |
| hostname |
| * End value - the last number of the numerical part of the |
| hostname |
| * Type - blade |
| * Start Public IP Address - if using static public addresses, the |
| IP addresses must be sequential; enter the first address here; |
| if using DHCP, just enter something like 1.1.1.1 |
| * End Public IP address - the last IP address of the sequence; if |
| using DHCP, you'll need to enter something that would work out |
| to the last address relative to Start Public IP Address (i.e. |
| if adding 3 computers, use 1.1.1.1 for start and 1.1.1.3 for |
| end) |
| * Start Private IP Address (optional) - the IP addresses must be |
| sequential; enter the first private address here |
| * End Private IP address (optional) - the last IP address of the |
| sequence |
| * Start MAC Address (optional) - if MAC addresses are sequential, |
| with the first one being the private MAC address for the first |
| computer, the second one being the public MAC address for the |
| first computer, the third one being the private MAC address of |
| the second computer, etc, you can enter the first one here and |
| then have the option of downloading data to add to your |
| dhcpd.conf file from the Computer Utilities page |
| * Provisioning Engine - "None" |
| * State - vmhostinuse |
| * VM Host Profile - use a default profile or one configured in |
| the previous step |
| * Owner - admin@Local |
| * RAM |
| * No. Cores |
| * Processor Speed |
| * Network Speed |
| * Physical Location (optional) |
| * Click the checkbox under allComputers |
| 5. Click Confirm Computers |
| 6. Click Submit |
| |
| Adding Individual Virtual Machines |
| |
| 1. Click Manage Computers |
| 2. Select Edit Computer Information |
| 3. Click Submit |
| 4. Click Add Single Computer |
| 5. Fill in the following: |
| * Hostname |
| * Type - virtualmachine |
| * Public IP Address |
| * Private IP Address |
| * Public MAC Address |
| * Private MAC Address |
| |
| NOTE: For VMware virtual machines, the MAC addresses you choose |
| must be in the range 00:50:56:00:00:00 - 00:50:56:3F:FF:FF. Pay |
| special attention to the upper bound of this range. |
| 00:50:56:40:00:00 - 00:50:56:FF:FF:FF are NOT valid VMware |
| virtual machines. |
| |
| * Provisioning Engine - VMware |
| * State - maintenance |
| * Owner - admin@Local |
| * RAM |
| * No. Cores |
| * Processor Speed |
| * Network Speed |
| * Check All VM Computers and newvmimages |
| 6. Click Confirm Computer |
| 7. Click Submit |
| |
| Adding Multiple Virtual Machines |
| |
| 1. Click Manage Computers |
| 2. Select Edit Computer Information |
| 3. Click Submit |
| 4. Click Add Multiple Computers |
| 5. Fill in the following: |
| * Hostname - the hostnames of all the computers must have a |
| numerical part that is sequential, use a % as a placeholder |
| where that part would be |
| * Start value - the first number of the numerical part of the |
| hostname |
| * End value - the last number of the numerical part of the |
| hostname |
| * Type - virtualmachine |
| * Start Public IP Address - if using static public addresses, the |
| IP addresses must be sequential; enter the first address here; |
| if using DHCP, just enter something like 1.1.1.1 |
| * End Public IP address - the last IP address of the sequence; if |
| using DHCP, you'll need to enter something that would work out |
| to the last address relative to Start Public IP Address (i.e. |
| if adding 3 computers, use 1.1.1.1 for start and 1.1.1.3 for |
| end) |
| * Start Private IP Address - similar to Start IP Address, but for |
| the private side |
| * End Private IP Address - similar to the End IP Address but for |
| the private side |
| * Start MAC Address - if MAC addresses are sequential, with the |
| first one being the private MAC address for the first computer, |
| the second one being the public MAC address for the first |
| computer, the third one being the private MAC address of the |
| second computer, etc, you can enter the first one here and then |
| have the option of downloading data to add to your dhcpd.conf |
| file from the Computer Utilities page |
| |
| NOTE: For VMware virtual machines, the MAC addresses you choose |
| must be in the range 00:50:56:00:00:00 - 00:50:56:3F:FF:FF. Pay |
| special attention to the upper bound of this range. |
| 00:50:56:40:00:00 - 00:50:56:FF:FF:FF are NOT valid VMware |
| virtual machines. |
| |
| * Provisioning Engine - VMware |
| * State - maintenance |
| * Owner - admin@Local |
| * RAM |
| * No. Cores |
| * Processor Speed |
| * Network Speed |
| * Check All VM Computers and newvmimages |
| 6. Click Confirm Computers |
| 7. Click Submit |
| |
| Assign Virtual Machine(s) to a Virtual Host |
| |
| 1. Click Virtual Hosts |
| 2. On the VM Hosts tab, select the virtual host server added |
| previously |
| 3. Click Configure Host, You should see VM limit set to a number |
| along with the vm profile, two columns of VMs assigned to host |
| and Unassigned VMs |
| 4. Adjust the VM limit to the desired number of vms you would like |
| to run on this host |
| |
| Please consult your hypervisor documentation for the recommended |
| number of virtual machines to run concurrently for your virtual |
| server configuration. |
| |
| 5. Select the virtual machine nodes from the Unassigned VMs: column |
| 6. Click Add |
| |
| Add entries to dhcpd.conf |
| |
| You need to add entries for your VMs to your dhcpd.conf file so that |
| they will correctly be assigned their private addresses at boot. |
| |
| 1. Click Manage Computers |
| 2. Select the All VM Computers group in the list at the top |
| 3. Select the Computer Utilities radio button |
| 4. Click Submit |
| 5. Click the Check All link at the bottom of the table |
| 6. Next to "For selected computers, generate computer data for", |
| select "dhcpd" |
| 7. Click Generate Data |
| 8. Enter the private IP address for your management node |
| 9. Click Generate Data |
| 10. Copy/Paste the data for dhcpd.conf to the dhcpd.conf file on |
| your management node (ignore the part for dhcpd.leases) |
| 11. Restart dhcpd: |
| |
| service dhcpd restart |
| |
| 12. Scroll to the bottom and click Close |
| |
| Add entries to /etc/hosts |
| |
| You need to add entries for your VM hosts and VMs to /etc/hosts |
| |
| 1. Click Manage Computers |
| 2. Select the All VM Computers and the allComputers groups in the |
| list at the top |
| 3. Select the Computer Utilities radio button |
| 4. Click Submit |
| 5. Click the Check All link at the bottom of the table |
| 6. Next to "For selected computers, generate computer data for", |
| select /etc/hosts |
| 7. Click Generate Data |
| 8. Copy/Paste the data to your /etc/hosts file |
| 9. Click Close |
| |
| Further steps if using xCAT |
| |
| If you will not be doing bare metal provisioning, you can skip down to |
| "III. Install & Configure the Management Node Components". |
| |
| Once you have added at least one computer, you can add more computers |
| by going to Manage Computers->Edit Computer Information and clicking |
| Add Single Computer or Add Multiple Computers". |
| |
| Adding Individual Computers |
| |
| 1. Click Manage Computers |
| 2. Select the Add Single Computer radio button |
| 3. Click Submit |
| 4. Fill in the following: |
| * Hostname |
| * Type - blade |
| * Public IP Address |
| * Private IP Address (optional) |
| * Public MAC Address (optional) |
| * Private MAC Address (optional) |
| * Provisioning Engine - xCAT 2.x |
| * State - available (or maintenance if you do not want it to be |
| immediately available) |
| * Owner - admin@Local |
| * RAM |
| * No. Cores |
| * Processor Speed |
| * Network Speed |
| * Physical Location (optional) |
| * Click the checkboxs under allComputers and newimages |
| 5. Click Confirm Computer |
| 6. Click Submit |
| NOTE: The computer you just added isn't listed after clicking |
| Submit. This is not a problem. |
| |
| Adding Multiple Computers |
| |
| 1. click "Manage Computers" |
| 2. select the "Add Multiple Computers" radio button |
| 3. click Submit |
| 4. fill in |
| * Hostname - the hostnames of all the computers must have a |
| numerical part that is sequential, use a % as a placeholder |
| where that part would be |
| * Start value - the first number of the numerical part of the |
| hostname |
| * End value - the last number of the numerical part of the |
| hostname |
| * Type - blade |
| * Start Public IP Address - if using static public addresses, |
| the IP addresses must be sequential; enter the first address |
| here; if using DHCP, just enter something like 1.1.1.1 |
| * End Public IP address - the last IP address of the sequence; if |
| using DHCP, you'll need to enter something that would work out |
| to the last address relative to Start IP Address (i.e. if |
| adding 3 computers, use 1.1.1.1 for start and 1.1.1.3 for end) |
| * Start Private IP Address (optional) - the IP addresses must be |
| sequential; enter the first private address here |
| * End Private IP Address (optional) - the last IP address of the |
| sequence |
| * Start MAC Address (optional) - if MAC addresses are sequential, |
| with the first one being the private MAC address for the first |
| computer, the second one being the public MAC address for the |
| first computer, the third one being the private MAC address of |
| the second computer, etc, you can enter the first one here and |
| then have the option of downloading data to add to your |
| dhcpd.conf file from the Computer Utilities page |
| * Provisioning Engine - xCAT 2.x |
| * State - available (or maintenance if you do not want them to be |
| immediately available) |
| * Owner - admin@Local |
| * RAM |
| * Processor Speed |
| * Network Speed |
| * Click the checkboxs under allComputers and newimages |
| 5. Click Confirm Computers |
| 6. Click Submit |
| NOTE: The computer you just added isn't listed after clicking |
| Submit. This is not a problem. |
| |
| Add entries to /etc/hosts |
| |
| You need to add entries for your nodes to /etc/hosts |
| |
| 1. Click Manage Computers |
| 2. Select the allComputers group in the list at the top |
| 3. Select the Computer Utilities radio button |
| 4. Click Submit |
| 5. Click the Check All link at the bottom of the table |
| 6. Next to "For selected computers, generate computer data for", |
| select /etc/hosts |
| 7. Click Generate Data |
| 8. Copy/Paste the data to your /etc/hosts file |
| 9. Click Close |
| |
| -------------------------------------------------------------------------------- |
| |
| III. Install & Configure the Management Node Components |
| |
| Supported Operating Systems: |
| |
| The VCL management node daemon (vcld) has been developed to run on an |
| operating system based on Red Hat Enterprise Linux (RHEL). It has been |
| tested on the following: |
| * Red Hat Enterprise Linux 4.x |
| * Red Hat Enterprise Linux 5.x |
| * Red Hat Enterprise Linux 6.x |
| * CentOS 5.x |
| * CentOS 6.x |
| |
| Required Linux Packages: |
| |
| The VCL management node daemon (vcld) requires the following Linux |
| packages and Perl modules in order to run (see step 2 below for |
| installation instructions): |
| * expat - A library for parsing XML |
| * expat-devel - Libraries and include files to develop XML applications |
| with expat |
| * gcc - Various compilers (C, C++, Objective-C, Java, ...) |
| * krb5-libs - The shared libraries used by Kerberos 5 |
| * krb5-devel - Development files needed to compile Kerberos 5 programs |
| * libxml2 - Library providing XML and HTML support |
| * libxml2-devel - Libraries, includes, etc. to develop XML and HTML |
| applications |
| * mysql - MySQL client programs and shared libraries |
| * nmap - Network exploration tool and security scanner |
| * openssh - The OpenSSH implementation of SSH protocol versions 1 and 2 |
| * openssl - The OpenSSL toolkit |
| * openssl-devel - Files for development of applications which will use |
| OpenSSL |
| * perl - The Perl programming language |
| * perl-DBD-MySQL - A MySQL interface for perl |
| * xmlsec1-openssl - OpenSSL crypto plugin for XML Security Library |
| |
| Required Perl Modules: |
| |
| The VCL management node daemon (vcld) is written in Perl and has been |
| tested on Perl 5.8.x. The following Perl modules available from CPAN are |
| also required (see step 2 below for installation instructions): |
| * DBI - Generic Database Interface |
| * Digest::SHA1 - NIST SHA message digest algorithm |
| * Mail::Mailer - Simple mail agent interface |
| * Object::InsideOut - Comprehensive inside-out object support |
| * RPC::XML - A set of classes for core data, message and XML handling |
| * YAML - YAML Ain't Markup Language |
| |
| 1. Install the VCL Management Node Code - Perl Daemon |
| Copy the managementnode directory to the location where you want it to |
| reside (typically /usr/local): |
| |
| cp -r apache-VCL-2.3/managementnode /usr/local/vcl |
| |
| 2. Install the Required Linux Packages & Perl Modules |
| Run the install_perl_libs.pl script: |
| |
| perl /usr/local/vcl/bin/install_perl_libs.pl |
| |
| The last line of the install_perl_libs.pl script output should be: |
| |
| COMPLETE: installed all components |
| |
| Note: The script will hang or terminate if it encounters a problem. If |
| this occurs, you will need to troubleshoot the problem by looking at the |
| output. |
| |
| The install_perl_libs.pl script included in the VCL distribution will |
| attempt to download and install the required Linux packages and Perl |
| modules. It uses the yum utility to install the required Linux packages. |
| The required Perl modules are available from CPAN - The Comprehensive Perl |
| Archive Network. The install_perl_libs.pl script attempts to download and |
| install the required Perl modules by using the CPAN.pm module which is |
| included with most Perl distributions. |
| |
| The yum utility should exist on any modern Red Hat-based Linux |
| distribution (Red Hat, CentOS, Fedora, etc). If yum isn't available on |
| your management node OS, you will need to download and install the |
| required Linux packages manually or by using another package management |
| utility. After installing the required Linux packages, attempt to run the |
| install_perl_libs.pl script again. |
| |
| 3. Configure vcld.conf |
| a. Create the /etc/vcl directory: |
| |
| mkdir /etc/vcl |
| |
| b. Copy the stock vcld.conf file to /etc/vcl: |
| |
| cp /usr/local/vcl/etc/vcl/vcld.conf /etc/vcl |
| |
| c. Edit /etc/vcl/vcld.conf: |
| |
| vi /etc/vcl/vcld.conf |
| |
| The following lines must be configured in order to start the VCL daemon |
| (vcld) and allow it to check in to the database: |
| * FQDN - the fully qualified name of the management node, this |
| should match the name that was configured for the management node |
| in the database |
| * server - the IP address or FQDN of the database server |
| * LockerWrtUser - database user account with write privileges |
| * wrtPass - database user password |
| * xmlrpc_pass - password for xmlrpc api from vcld to the web |
| interface(can be long). This will be used later to sync the |
| database vclsystem user account |
| * xmlrpc_url - URL for xmlrpc api |
| https://my.server.org/vcl/index.php?mode=xmlrpccall |
| |
| d. Save the vcld.conf file |
| |
| 4. Configure the SSH Client |
| The SSH client on the management node should be configured to prevent SSH |
| processes spawned by the root user to the computers it controls from |
| hanging because of missing or different entries in the known_hosts file. |
| |
| Edit the ssh_config file: |
| |
| vi /etc/ssh/ssh_config |
| |
| Set the following parameters: |
| |
| UserKnownHostsFile /dev/null |
| StrictHostKeyChecking no |
| |
| Note: If you do not want these settings applied universally on the |
| management node the SSH configuration can also be configured to only apply |
| these settings to certain hosts or only for the root user. Consult the SSH |
| documentation for more information. |
| |
| 5. Install and Start the VCL Daemon (vcld) Service |
| a. Copy the vcld service script to /etc/init.d and name it vcld: |
| |
| cp /usr/local/vcl/bin/S99vcld.linux /etc/init.d/vcld |
| |
| b. Add the vcld service using chkconfig: |
| |
| /sbin/chkconfig --add vcld |
| |
| c. Configure the vcld service to automatically run at runtime levels 3-5: |
| |
| /sbin/chkconfig --level 345 vcld on |
| |
| d. Start the vcld service: |
| |
| /sbin/service vcld start |
| |
| You should see output similar to the following: |
| |
| Starting vcld daemon: |
| [ OK ] |
| |
| The vcld service can also be started by running the service script |
| directly: /etc/init.d/vcld start |
| |
| e. Check the vcld service by monitoring the vcld.log file: |
| |
| tail -f /var/log/vcld.log |
| |
| You should see the following being added to the log file every few |
| seconds if the management node is checking in with the database: |
| |
| 2012-05-15 13:23:45|25494|vcld:main(167)|lastcheckin time updated |
| for management node 1: 2012-05-15 13:23:45 |
| |
| 6. Set the vclsystem account password for xmlrpc api |
| Using the vcld -setup tool, set the vclsystem account. This is needed to |
| properly use the block allocation features. |
| |
| /usr/local/vcl/bin/vcld -setup |
| |
| Select 1. VCL Base Module |
| Select 2. Set Local VCL User Account Password |
| Select 2. vclsystem |
| |
| From the vcld.conf file, paste or type the password from xmlrpc_pass |
| variable and hit enter. |
| |
| 7. Install & Configure the DHCP Service |
| a. Install dhcp if it is not already installed: |
| |
| yum install dhcp -y |
| |
| b. Configure the dhcpd service to automatically start at runlevels 3-5: |
| |
| /sbin/chkconfig --level 345 dhcpd on |
| |
| c. Configure the dhcpd.conf file. |
| |
| vi /etc/dhcpd.conf |
| |
| Configure your dhcpd.conf file according to your network configuration. |
| The contents of the dhcpd.conf file will vary based on how your network |
| is configured. Below is an example of a basic dhcpd.conf file: |
| |
| ddns-update-style none; |
| shared-network eth0 { |
| subnet 10.100.0.0 netmask 255.255.255.0 { |
| ignore unknown-clients; |
| } |
| } |
| |
| You will add host definitions to the dhcpd.conf file after you add |
| computers to VCL using the website. The website will display the |
| dhcpd.conf host definitions after the computers have been added to VCL, |
| which can be copied and pasted into the dhcpd.conf file. |
| |
| d. Start the dhcpd service: |
| |
| /sbin/service dhcpd start |
| |
| 8. Configure Windows Product Keys and/or KMS Server Addresses (Optional) |
| If you will be deploying Windows environments your institution's Windows |
| product key and/or KMS server addresses must be entered into the VCL |
| database. This can be done by running the following command: |
| |
| /usr/local/vcl/bin/vcld -setup |
| |
| Select "Windows OS Module" and follow the prompts. |
| |
| 9. Download Windows Sysprep Utility (Optional) |
| If you will be using VCL to deploy bare-metal Windows XP or Windows Server |
| 2003 environments via xCAT, the appropriate versions of the Microsoft |
| Sysprep utility must be downloaded to the management node. The following |
| steps do not need to be completed if you only intend to deploy VMware |
| virtual machines. |
| |
| The Sysprep utility is included in the Deployment Tools available for free |
| from Microsoft. You do not need to download Sysprep for Windows 7 or |
| Windows Server 2008 because it is included in the operating system. |
| |
| The Sysprep files need to be downloaded, extracted, and then copied to the |
| management node. The format of the file available for download is |
| Microsoft's .cab format. It is easiest to extract the files on a Windows |
| computer. Windows Explorer is able to open the .cab file and then the |
| files contained within can be copied elsewhere. |
| |
| a. Windows XP |
| * Download Sysprep for Windows XP: Windows XP Service Pack 3 |
| Deployment Tools |
| * Extract the Windows XP Sysprep Files |
| * Copy the extracted Windows XP Sysprep files to the following |
| directory the management node: |
| |
| /usr/local/vcl/tools/Windows_XP/Utilities/Sysprep |
| |
| b.Windows Server 2003 |
| * Download Sysprep for Windows Server 2003: System Preparation tool |
| for Windows Server 2003 Service Pack 2 Deployment |
| * Extract the Windows Server 2003 Sysprep Files |
| * Copy the extracted Windows Server 2003 Sysprep files to the |
| following directory the management node: |
| |
| /usr/local/vcl/tools/Windows_Server_2003/Utilities/Sysprep |
| |
| 10. Download Windows Drivers (Optional) |
| |
| Drivers which aren't included with Windows must be downloaded and saved to |
| the management node. The drivers required will vary greatly depending on |
| the hardware. The only way to know what additional drivers you need is to |
| install Windows on a computer and check for missing drivers. |
| |
| The drivers must be copied to the appropriate directory on the management |
| node. The VCL image capture process copies the driver directories to the |
| computer before an image is captured. Drivers from multiple directories |
| will be copied based on the version of Windows being captured. There are |
| driver directories under tools for each version of Windows (Windows XP, |
| Windows 7) and for each version group of Windows (version 5, 6). This |
| allows drivers which are common to multiple versions of Windows to be |
| shared in the management node tools directory structure. |
| |
| Examples: |
| |
| If a chipset driver works for all versions of Windows it should be saved |
| in: |
| |
| /var/lib/vcl/tools/Windows/Drivers/Chipset |
| |
| If Windows XP and Windows Server 2003 both use the same network driver it |
| can be saved in: |
| |
| /var/lib/vcl/tools/Windows_Version_5/Drivers/Network |
| |
| If a storage driver only works for Windows XP it should be saved in: |
| |
| /var/lib/vcl/tools/Windows_XP/Drivers/Storage |
| |
| During the image capture process, each Windows version directory is copied |
| to the computer under C:\Cygwin\home\root\VCL. The order in which the |
| Windows version directories are copied goes from most general to most |
| specific. In the example above, the order would be: |
| |
| /var/lib/vcl/tools/Windows/* |
| /var/lib/vcl/tools/Windows_Version_5/* |
| /var/lib/vcl/tools/Windows_XP/* |
| |
| The following list shows which driver files should be saved in the driver |
| directories: |
| |
| /var/lib/vcl/tools/Windows/Drivers - drivers common to all versions of |
| Windows |
| /var/lib/vcl/tools/Windows_Version_5/Drivers - drivers used by Windows XP |
| and Server 2003 |
| /var/lib/vcl/tools/Windows_XP/Drivers - drivers only used by Windows XP |
| /var/lib/vcl/tools/Windows_Server_2003/Drivers - drivers only used by |
| Windows Server 2003 |
| /var/lib/vcl/tools/Windows_Version_6/Drivers - drivers used by Windows |
| Vista and Server 2008 |
| /var/lib/vcl/tools/Windows_7/Drivers - drivers only used by Windows 7 |
| /var/lib/vcl/tools/Windows_Server_2008/Drivers - drivers only used by |
| Windows Server 2008 |
| |
| The directory structure under each Drivers directory does not matter. It |
| is helpful to organize each directory by driver class, and each directory |
| should be organized using the same theme. For example: |
| |
| /var/lib/vcl/tools/Windows_Version_XP/Drivers/Chipset |
| /var/lib/vcl/tools/Windows_Version_XP/Drivers/Network |
| /var/lib/vcl/tools/Windows_Version_XP/Drivers/Storage |
| /var/lib/vcl/tools/Windows_Version_XP/Drivers/Video |
| |
| 11. Install & Configure Provisioning Engines and Hypervisors |
| |
| VCL supports the following, please see the related websites for |
| installation and configuration instructions: |
| |
| a. xCAT - Extreme Cluster Administration Toolkit |
| * Versions Supported: |
| * 1.3 |
| * 2.x |
| * See the xCAT website for installation & configuration information: |
| |
| http://xcat.sourceforge.net |
| |
| b. VMware |
| * See the VMware website for installation & configuration information: |
| |
| http://www.vmware.com |
| |
| * See the following page for additional VCL VMware configuration |
| information: |
| |
| http://cwiki.apache.org/VCL/vmware-configuration.html |
| |
| -------------------------------------------------------------------------------- |
| |
| IV. Configure Frontend Authentication |
| |
| Adding Local VCL Accounts |
| |
| Local VCL accounts are contained within the VCL database. The admin |
| account is a local VCL account. Additional local accounts can be added |
| via the backend management node code. After you have finished the backend |
| management node installation, run: |
| |
| vcld -setup |
| |
| 1. Select VCL Base Module |
| 2. Select Add Local VCL User Account |
| 3. Enter the requested information |
| |
| Adding LDAP Authentication |
| |
| 1. Prerequisites for your LDAP server: |
| |
| * enable SSL on your LDAP server |
| * Create an account that can look up a user's first and last names, |
| user id, and email address (email address is optional) - this will be |
| referred to as 'vcllookup' in this document. You can skip this step |
| if anonymous binds are enabled on your LDAP server and an anonymous |
| bind will be able to look up userids, names, and email addresses. |
| * if your LDAP server is firewalled, you will need to allow your VCL |
| web server to access tcp port 636 on your LDAP server |
| |
| 2. Prerequisites for your VCL web server: |
| |
| * php-ldap needs to be installed |
| * If your LDAP server SSL certificate is self-signed, your VCL web |
| server needs to have the root CA certificate that was used to sign |
| the LDAP server certificate installed. The PEM formatted certificate |
| needs to be added to the ca-bundle.crt file. On CentOS, the file is |
| located at |
| |
| /etc/pki/tls/certs/ca-bundle.crt |
| |
| The hostname in the certificate must match the hostname entered in |
| the conf.php file further down. If your certificate does not have the |
| correct hostname in it, you can put an entry in /etc/hosts for the |
| hostname in the certificate. |
| |
| * After adding the certificate, restart httpd: |
| |
| service httpd restart |
| |
| * You can verify that the certificate is properly installed using this |
| command: |
| |
| openssl s_client -showcerts -CAfile /etc/pki/tls/certs/ca-bundle.crt \ |
| -connect your.ldap.server.here:636 |
| |
| If you see "Verify return code: 0 (ok)" at the end of the output, |
| then it is installed correctly. If you see a different return code, |
| then you'll need to work through the problem. |
| |
| * You may need to add a line to /etc/openldap/ldap.conf to point to the |
| ca-bundle.crt file. It is difficult to explain if you need it or not, |
| but if you do, add the following: |
| |
| TLS_CACERT /etc/pki/tls/certs/ca-bundle.crt |
| |
| 3. Adding LDAP Authentication to the Web Code |
| |
| * You will need to manually add an entry to the affiliation table in |
| the VCL database. Choose a name for the affiliation. This will be |
| appended to all userids for the affiliation to distinguish them from |
| other affiliations you may configure later. Do not use the Global |
| affiliation for this. Initials or a short name of your organization |
| are a good idea. The affiliation name cannot contain spaces. Use the |
| following to add the affiliation, replacing 'EXAMPLE' with the name |
| you chose. Take note of the id from the 2nd SQL statement as you will |
| need it later. It is the numerical id for this affiliation. |
| |
| mysql vcl |
| INSERT INTO affiliation (name) VALUES ('EXAMPLE'); |
| SELECT id FROM affiliation WHERE name = 'EXAMPLE'; |
| exit |
| |
| * Edit conf.php and search for "EXAMPLE1 LDAP" |
| * Uncomment the "EXAMPLE1 LDAP" section by removing the '/*' before it |
| and the '*/' at the end of 'to use this login mechanism' |
| * Change 'EXAMPLE1 LDAP' to something to match your location, for |
| example at NCSU, it is 'NCSU LDAP'. This string is what users will |
| see where they select the authentication mechanism to use when |
| logging in. |
| * Modify the following fields: |
| * server - this is the hostname of your LDAP server - this must match |
| the hostname in the certificate |
| * binddn - typically, you'll want to use the base DN of your LDAP |
| server; for Active Directory, this is usually dc= for each of your |
| domain name components. For example, your your domain name was |
| ad.example.org, it would be "dc=ad,dc=example,dc=org" |
| * userid - this is a string that is added to the userid a user enters |
| on the login page. Place a '%s' where the entered userid should go. |
| Some examples are: |
| * %s@example.org |
| * %s@ad.example.org |
| * uid=%s,ou=accounts,dc=example,dc=org' |
| * unityid - this is the ldap field that contains a user's login id |
| (for Active Directory, this is usually sAMAccountName) |
| * firstname - this is the ldap field that contains a user's first |
| name |
| * lastname - this is the ldap field that contains a user's last name |
| * email - this is the ldap field that contains a user's email address |
| * defaultemail - if an email address is not provided by the ldap |
| server, this will be appended to the end of the userid to create an |
| email address. In this case, email notifications will be disabled |
| by default |
| * masterlogin - this is the vcllookup account referred to in the |
| "Prerequisites for your LDAP server" section - comment out this |
| line if using anonymous binds |
| * masterpwd - password for the masterlogin account - comment out this |
| line if using anonymous binds |
| * affiliationid - this is the id from the SELECT statement in the |
| first step |
| * lookupuserbeforeauth - Some LDAP servers will only allow the full |
| DN of a user to be used when authenticating. If this is the case, |
| you will need to set this to 1 and set a value for lookupuserfield. |
| You can probably start out with this set to 0. If your LDAP server |
| has users in multiple containers, you will probably need to set |
| this to 1. |
| * lookupuserfield - If you need to set lookupuserbeforeauth to 1, set |
| this to the attribute to use to search for the user in ldap. |
| Typical values are 'cn', 'uid', and 'samaccountname'. |
| * help - this is some text that will show up on the page where users |
| select the authentication method explaining why they would select |
| this option |
| * uncomment the require_once line for ldapauth.php toward the bottom of |
| the file |