Author: jfthomps
Date: Wed May 23 19:07:06 2012
New Revision: 1341983
URL: http://svn.apache.org/viewvc?rev=1341983&view=rev
Log:
VCL-576
Finalizing for 2.3 release
INSTALLATION: updated for 2.3 release
Modified:
incubator/vcl/trunk/INSTALLATION
Modified: incubator/vcl/trunk/INSTALLATION
URL:
http://svn.apache.org/viewvc/incubator/vcl/trunk/INSTALLATION?rev=1341983&r1=1341982&r2=1341983&view=diff
==============================================================================
--- incubator/vcl/trunk/INSTALLATION (original)
+++ incubator/vcl/trunk/INSTALLATION Wed May 23 19:07:06 2012
@@ -17,7 +17,7 @@ I. Install & Configure the Database
b. Extract the files:
- tar -jxvf apache-VCL-2.3-incubating.tar.bz2
+ tar -jxvf apache-VCL-2.3-incubating.tar.bz2
2. Install MySQL Server
a. Install MySQL Server 5.x:
@@ -32,20 +32,23 @@ I. Install & Configure the Database
/sbin/service mysqld start
- d. If the iptables firewall is being used and the web server and
management nodes
- will be on different machines, port 3306 should be
opend up
-
- Note the following rules are for Red Hat based distros.
-
- vi /etc/sysconfig/iptables
-
- Insert the following under the RH-Firewall-1-INPUT chain
- -A RH-Firewall-1-INPUT -m state --state NEW -s <web
server IP> -p tcp --dport 3306 -j ACCEPT
- -A RH-Firewall-1-INPUT -m state --state NEW -s
<management node IP> -p tcp --dport 3306 -j ACCEPT
- service iptables restart
+ d. If the iptables firewall is being used and the web server and
+ management nodes will be on different machines, port 3306 should be
+ opend up
- For more info on iptables:
- man iptables
+ Note the following rules are for Red Hat based distros.
+
+ vi /etc/sysconfig/iptables
+
+ Insert the following under the RH-Firewall-1-INPUT chain, changing
+ <web server IP> and <management node IP> to match your configuration.
+
+ -A RH-Firewall-1-INPUT -m state --state NEW -s <web server IP> -p tcp
--dport 3306 -j ACCEPT
+ -A RH-Firewall-1-INPUT -m state --state NEW -s <management node IP>
-p tcp --dport 3306 -j ACCEPT
+ service iptables restart
+
+ For more info on iptables:
+ man iptables
3. Create the VCL Database
a. Run the MySQL command-line client:
@@ -59,9 +62,9 @@ I. Install & Configure the Database
c. Create a user with SELECT, INSERT, UPDATE, DELETE, and
CREATE TEMPORARY TABLES privileges on the database you just created:
- Replace vcluser and vcluserpassword in the SQL
statement with that of the
- user you want to use to connect to the database. The
GRANT command will
- automatically create the user if it doesn't already exist.
+ Replace vcluser and vcluserpassword in the SQL statement with that of
+ the user you want to use to connect to the database. The GRANT command
+ will automatically create the user if it doesn't already exist.
GRANT SELECT,INSERT,UPDATE,DELETE,CREATE TEMPORARY TABLES ON vcl.* TO
'vcluser'@'localhost' IDENTIFIED BY 'vcluserpassword';
@@ -76,15 +79,6 @@ I. Install & Configure the Database
The vcl.sql file is included in the mysql directory within the Apache
VCL source code
- 4. (Optional) Install & Configure phpMyAdmin (Optional):
- phpMyAdmin is a free and optional tool which allows MySQL to be
- administered using a web browser. It makes administering the VCL
database
- easier. This tool can be installed on the VCL web server. To install
- phpMyAdmin, follow the instructions on:
-
- VCL 2.3 phpMyAdmin Installation & Configuration
-
http://cwiki.apache.org/VCL/vcl-23-phpmyadmin-installation-configuration.html
-
--------------------------------------------------------------------------------
II. Install & Configure the Web Components
@@ -102,39 +96,35 @@ II. Install & Configure the Web Componen
running PHP code, but has only been tested to work with Apache HTTP
Server
Required Linux Packages(See II.1 section below on installing)
- * httpd - Apache HTTP Server
- * mod_ssl - SSL/TLS module for the Apache HTTP server
- * php - The PHP HTML-embedded scripting language
- * libmcrypt - Encryption algorithms library
-
- NOTE: libmycrypt can be removed if using a patch.
-
https://cwiki.apache.org/VCL/patch-to-remove-mcrypt-dependency.html
+ * httpd - Apache HTTP Server
+ * mod_ssl - SSL/TLS module for the Apache HTTP server
+ * php - The PHP HTML-embedded scripting language
Required PHP Modules(See II.1 section below on installing):
(Some of these may already be included with your PHP distribution)
* php-gd
* php-json (required if your PHP version is 5.2 or later)
- * php-mcrypt
* php-mysql
* php-openssl
* php-sysvsem
* php-xml
* php-xmlrpc
* php-ldap (if you will be using LDAP authentication)
+ * php-process (for RHEL/CentOS 6)
1. Install the Required Linux Packages & PHP Modules
a. If your web server is running a Red Hat-based OS, the required
components can be installed with:
-
- For RHEL / CentOS 5
+
+ For RHEL / CentOS 5
yum install httpd mod_ssl php-gd php-mcrypt php-mysql php-xml
php-xmlrpc php-ldap -y
- For RHEL / CentOS 6
+ For RHEL / CentOS 6
yum install httpd mod_ssl php-gd php-mcrypt php-mysql php-xml
php-xmlrpc php-ldap php-process -y
- Note: You may need the optional server rpm repository
for the php-process
- package to add this run the following command:
- rhn-channel --add
--channel=rhel-x86_64-server-optional-6
+ Note: You may need the optional server rpm repository for the
+ php-process package to add this run the following command:
+ rhn-channel --add --channel=rhel-x86_64-server-optional-6
b. Configure the web server daemon (httpd) to start automatically:
@@ -148,15 +138,16 @@ II. Install & Configure the Web Componen
server to connect to the database:
/usr/sbin/setsebool -P httpd_can_network_connect=1
-
- e. If the iptables firewall is being used, port 80 and 443
should be opened up:
-
- vi /etc/sysconfig/iptables
-
- Insert the following lines.
- -A RH-Firewall-1-INPUT -m state --state NEW -p tcp
--dport 80 -j ACCEPT
- -A RH-Firewall-1-INPUT -m state --state NEW -p tcp
--dport 443 -j ACCEPT
- service iptables restart
+
+ e. If the iptables firewall is being used, port 80 and 443 should be
+ opened up:
+
+ vi /etc/sysconfig/iptables
+
+ Insert the following lines.
+ -A RH-Firewall-1-INPUT -m state --state NEW -p tcp --dport 80 -j
ACCEPT
+ -A RH-Firewall-1-INPUT -m state --state NEW -p tcp --dport 443 -j
ACCEPT
+ service iptables restart
2. Install the VCL Frontend Web Code
a. Copy the web directory to a location under the web root of your web
@@ -179,8 +170,7 @@ II. Install & Configure the Web Componen
* $vclusername
* $vclpassword
* Create random passwords for the following variables:
- * $mcryptkey
- * $mcryptiv (must be 8 hex characters)
+ * $cryptkey
* $pemkey
* Save the secrets.php file
d. Run the genkeys.sh script. Enter the value you set for $pemkey in
@@ -226,11 +216,16 @@ II. Install & Configure the Web Componen
a. Click the Management Nodes link
* Click Add
* Fill in these required fields:
- * Hostname - The name of the management node server.
This value doesn't necessarily
- need to be a name registered in DNS nor does
it need to be the value displayed by
- the Linux hostname command. For example, if
you are installing all of the VCL
- components on the same machine you can set
this value to localhost.
+ * Hostname - The name of the management node server. This value
+ doesn't necessarily need to be a name registered in DNS nor does
it
+ need to be the value displayed by the Linux hostname command. For
+ example, if you are installing all of the VCL components on the
+ same machine you can set this value to localhost.
+ * IP address - enter the IP address that matches the hostname you
+ entered (if you entered localhost for hostname, use 127.0.0.1)
+ * Owner - probably admin@Local
* SysAdmin Email Address - error emails will be sent to this address
+ (not required, but a really good idea to fill in)
* Install Path - this is parent directory under which image files
will be stored - only required if doing bare metal installs or
using VMWare with local disks
@@ -253,22 +248,55 @@ II. Install & Configure the Web Componen
* Select Edit Management Node Grouping
* Click Submit
* Select the checkbox for your management node
- * Click Submit
+ * Click Submit Changes
+
+ 5. Install & Configure phpMyAdmin (Optional):
+ phpMyAdmin is a free and optional tool which allows MySQL to be
+ administered using a web browser. It makes administering the VCL
database
+ easier. This tool can be installed on the VCL web server. To install
+ phpMyAdmin, follow the instructions on:
+
+ VCL 2.3 phpMyAdmin Installation & Configuration
+
http://cwiki.apache.org/VCL/vcl-23-phpmyadmin-installation-configuration.html
Further steps if using only VMWare
+ If you will only be using bare metal provisioning, you can skip down
to
+ "Further steps if using xCAT".
+
If you are using standalone VMware servers (i.e. ones that VCL did not
- deploy using xCAT), you first need to add the VMWare servers; then,
you
- need to add the virtual machines. You can either add them individually
- (Adding Individual VMWare Servers/Virtual Machines), or if they have
- sequential hostnames and IP addresses, you can add them all at once
- (Adding Multiple VMWare Servers/Virtual Machines).
-
- Once you have added at least one computer, you can get to the "Add
- Single Computer" page by going to "Manage Computers->Edit Computer
- Information" and clicking Add. You can get to the "Add Multiple
- Computers" page by doing the same thing but checking the "Add
- Multiple" checkbox.
+ deploy using xCAT), you first need to configure a VM Profile to match
+ your setup. Next, add the VMWare servers. Then, you need to add the
+ virtual machines. You can either add them individually (Adding
+ Individual VMWare Servers/Virtual Machines), or if they have
sequential
+ hostnames and IP addresses, you can add them all at once (Adding
+ Multiple VMWare Servers/Virtual Machines).
+
+ Once you have added at least one computer, you can add more computers
+ by going to Manage Computers->Edit Computer Information and clicking
+ Add Single Computer or Add Multiple Computers.
+
+ Configure VM Profile(s)
+
+ 1. Click Virtual Hosts
+ 2. Select the VM Host Profiles tab
+ 3. Select a profile whose name matches your setup or click New
+ Profile...
+ a. If using an existing profile, click Configure Profile
+ b. If creating a new profile:
+ i. Enter the name of the profile
+ ii. Click Create Profile
+
+ 4. Configure the profile to match your setup. Hover over any ?
icons
+ to get further information about that field. More information is
+ available on the VMware Configuration page:
+
+ http://cwiki.apache.org/VCL/vmware-configuration.html
+
+ NOTE: Just click on the text of any field you want to edit to
change
+ it. After changing it, click somewhere else to save the changed
+ value for that field. Changes are immediate; there is no "save"
+ button for this tab.
Adding Individual VMware Servers
@@ -277,25 +305,24 @@ II. Install & Configure the Web Componen
3. Click Submit
4. Fill in the following:
* Hostname
- * IP Address
- * State - vmhostinuse *** Double-check this because you will
- not be able to change it later
+ * Type - blade
+ * Public IP Address
+ * Private IP Address (optional)
+ * Public MAC Address (optional)
+ * Private MAC Address (optional)
+ * Provisioning Engine - "None"
+ * State - vmhostinuse
+ * VM Host Profile - use a default profile or one configured in
+ the previous step
* Owner - admin@Local
* RAM
+ * No. Cores
* Processor Speed
* Network Speed
- * Type - blade
- * Provisioning Engine - xCAT 2.x Provisioning
- * Click the checkbox under allcomputers
+ * Physical Location (optional)
+ * Click the checkbox under allComputers
5. Click Confirm Computer
6. Click Submit
- 7. Select a VM Host Profile these VMware hosts will use. You can
- modify the VM Host Profile later if needed. See following page
- for more information about VM Host Profiles:
-
- http://cwiki.apache.org/VCL/vmware-configuration.html
-
- 8. Click Add Computer
* The computer you just added isn't listed after clicking
Submit.
This is not a problem.
Adding Multiple VMWare Servers
@@ -311,38 +338,78 @@ II. Install & Configure the Web Componen
hostname
* End value - the last number of the numerical part of the
hostname
- * Start IP Address - if using static public addresses, the IP
- addresses must be sequential; enter the first address here; if
- using DHCP, just enter something like 1.1.1.1
- * End IP address - the last IP address of the sequence; if using
- DHCP, you'll need to enter something that would work out to
the
- last address relative to Start IP Address (i.e. if adding 3
- computers, use 1.1.1.1 for start and 1.1.1.3 for end)
- * State - vmhostinuse *** Double-check this because you will
- not be able to change it later
- * Owner - owner of the computer
+ * Type - blade
+ * Start Public IP Address - if using static public addresses,
the
+ IP addresses must be sequential; enter the first address here;
+ if using DHCP, just enter something like 1.1.1.1
+ * End Public IP address - the last IP address of the sequence;
if
+ using DHCP, you'll need to enter something that would work out
+ to the last address relative to Start Public IP Address (i.e.
+ if adding 3 computers, use 1.1.1.1 for start and 1.1.1.3 for
+ end)
+ * Start Private IP Address (optional) - the IP addresses must be
+ sequential; enter the first private address here
+ * End Private IP address (optional) - the last IP address of the
+ sequence
+ * Start MAC Address (optional) - if MAC addresses are
sequential,
+ with the first one being the private MAC address for the first
+ computer, the second one being the public MAC address for the
+ first computer, the third one being the private MAC address of
+ the second computer, etc, you can enter the first one here and
+ then have the option of downloading data to add to your
+ dhcpd.conf file from the Computer Utilities page
+ * Provisioning Engine - "None"
+ * State - vmhostinuse
+ * VM Host Profile - use a default profile or one configured in
+ the previous step
+ * Owner - admin@Local
* RAM
+ * No. Cores
* Processor Speed
* Network Speed
- * Type - blade
- * Provisioning Engine - xCAT 2.x
- * Check allComputers
+ * Physical Location (optional)
+ * Click the checkbox under allComputers
5. Click Confirm Computers
6. Click Submit
- 7. Select a VM Host Profile these VMware hosts will use. You can
- modify the VM Host Profile later if needed. See following page
- for more information about VM Host Profiles:
- http://cwiki.apache.org/VCL/vmware-configuration.html
+ Adding Individual Virtual Machines
+
+ 1. Click Manage Computers
+ 2. Select Edit Computer Information
+ 3. Click Submit
+ 4. Click Add Single Computer
+ 5. Fill in the following:
+ * Hostname
+ * Type - virtualmachine
+ * Public IP Address
+ * Private IP Address
+ * Public MAC Address
+ * Private MAC Address
- 8. Click Add Computers
+ NOTE: For VMware virtual machines, the MAC addresses you
choose
+ must be in the range 00:50:56:00:00:00 - 00:50:56:3F:FF:FF.
Pay
+ special attention to the upper bound of this range.
+ 00:50:56:40:00:00 - 00:50:56:FF:FF:FF are NOT valid VMware
+ virtual machines.
+
+ * Provisioning Engine - VMware
+ * State - maintenance
+ * Owner - admin@Local
+ * RAM
+ * No. Cores
+ * Processor Speed
+ * Network Speed
+ * Check All VM Computers and newvmimages
+ 6. Click Confirm Computer
+ 7. Click Submit
- Adding Virtual Machines
+ Adding Multiple Virtual Machines
1. Click Manage Computers
- 2. Select the Add Multiple Computers radio button
+ 2. Select Edit Computer Information
3. Click Submit
- 4. Fill in the following:
+ 4. Click Add Multiple Computers
+ 5. Fill in the following:
* Hostname - the hostnames of all the computers must have a
numerical part that is sequential, use a % as a placeholder
where that part would be
@@ -350,69 +417,136 @@ II. Install & Configure the Web Componen
hostname
* End value - the last number of the numerical part of the
hostname
- * Start IP Address - if using static public addresses, the IP
- addresses must be sequential; enter the first address here; if
- using DHCP, just enter something like 1.1.1.1
- * End IP address - the last IP address of the sequence; if using
- DHCP, you'll need to enter something that would work out to
the
- last address relative to Start IP Address (i.e. if adding 3
- computers, use 1.1.1.1 for start and 1.1.1.3 for end)
- * Start private IP Address - similar to Start IP Address, but
for
+ * Type - virtualmachine
+ * Start Public IP Address - if using static public addresses,
the
+ IP addresses must be sequential; enter the first address here;
+ if using DHCP, just enter something like 1.1.1.1
+ * End Public IP address - the last IP address of the sequence;
if
+ using DHCP, you'll need to enter something that would work out
+ to the last address relative to Start Public IP Address (i.e.
+ if adding 3 computers, use 1.1.1.1 for start and 1.1.1.3 for
+ end)
+ * Start Private IP Address - similar to Start IP Address, but
for
the private side
- * End private IP Address - similar to the End IP Address but for
+ * End Private IP Address - similar to the End IP Address but for
the private side
- * Start MAC Address - if mac addresses are sequential, with the
+ * Start MAC Address - if MAC addresses are sequential, with the
first one being the private MAC address for the first
computer,
the second one being the public MAC address for the first
computer, the third one being the private MAC address of the
second computer, etc, you can enter the first one here and
then
- have the option of generating data to add to your dhcpd.conf
- file later in the process.
+ have the option of downloading data to add to your dhcpd.conf
+ file from the Computer Utilities page
NOTE: For VMware virtual machines, the MAC addresses you
choose
must be in the range 00:50:56:00:00:00 - 00:50:56:3F:FF:FF.
Pay
special attention to the upper bound of this range.
00:50:56:40:00:00 - 00:50:56:FF:FF:FF are NOT valid VMware
- virtual machines.
+ virtual machines.
+
+ * Provisioning Engine - VMware
* State - maintenance
- * Owner - owner of the computer
+ * Owner - admin@Local
* RAM
+ * No. Cores
* Processor Speed
* Network Speed
- * Type - virtualmachine
- * Provisioning Engine - VMware
* Check All VM Computers and newvmimages
- 5. Click Confirm Computers
- 6. Click Submit
- 7. If you filled in the private address fields and the Start MAC
- Address, you can now enter the private IP address of the
- management node that will be handling these virtual machines to
- generate information to add to your dhcpd.conf file.
+ 6. Click Confirm Computers
+ 7. Click Submit
+
+ Assign Virtual Machine(s) to a Virtual Host
+
+ 1. Click Virtual Hosts
+ 2. On the VM Hosts tab, select the virtual host server added
+ previously
+ 3. Click Configure Host, You should see VM limit set to a number
+ along with the vm profile, two columns of VMs assigned to host
+ and Unassigned VMs
+ 4. Adjust the VM limit to the desired number of vms you would like
+ to run on this host
+
+ Please consult your hypervisor documentation for the recommended
+ number of virtual machines to run concurrently for your virtual
+ server configuration.
+
+ 5. Select the virtual machine nodes from the Unassigned VMs: column
+ 6. Click Add
+
+ Add entries to dhcpd.conf
+
+ You need to add entries for your VMs to your dhcpd.conf file so
that
+ they will correctly be assigned their private addresses at boot.
+
+ 1. Click Manage Computers
+ 2. Select the All VM Computers group in the list at the top
+ 3. Select the Computer Utilities radio button
+ 4. Click Submit
+ 5. Click the Check All link at the bottom of the table
+ 6. Next to "For selected computers, generate computer data for",
+ select "dhcpd"
+ 7. Click Generate Data
+ 8. Enter the private IP address for your management node
+ 9. Click Generate Data
+ 10. Copy/Paste the data for dhcpd.conf to the dhcpd.conf file on
+ your management node (ignore the part for dhcpd.leases)
+ 11. Restart dhcpd:
+
+ service dhcpd restart
+ 12. Scroll to the bottom and click Close
+
+ Add entries to /etc/hosts
+
+ You need to add entries for your VM hosts and VMs to /etc/hosts
+
+ 1. Click Manage Computers
+ 2. Select the All VM Computers and the allComputers groups in the
+ list at the top
+ 3. Select the Computer Utilities radio button
+ 4. Click Submit
+ 5. Click the Check All link at the bottom of the table
+ 6. Next to "For selected computers, generate computer data for",
+ select /etc/hosts
+ 7. Click Generate Data
+ 8. Copy/Paste the data to your /etc/hosts file
+ 9. Click Close
+
Further steps if using xCAT
If you will not be doing bare metal provisioning, you can skip down to
- "Adding Local VCL Accounts".
+ "III. Install & Configure the Management Node Components".
- You can initially add individual computers or multiple computers all
- together. After you have added at least one computer, you will need to
- go to Manage Computers -> Edit Computer Information to additional
ones.
+ Once you have added at least one computer, you can add more computers
+ by going to Manage Computers->Edit Computer Information and clicking
+ Add Single Computer or Add Multiple Computers".
Adding Individual Computers
- 1. click "Manage Computers"
- 2. select the "Add Single Computer" radio button
- 3. click Submit
- 4. fill in Hostname, IP Address, owner (admin@Local), RAM, Proc
- Speed, Network Speed, select "blade" for Type, select "xCAT 2.x
- Provisioning" for "Provisioning Engine", and click the checkbox
- under "allcomputers", and "newimages"
- 5. click Confirm Computer
- 6. click Submit (don't worry about the fact that the computer you
- just added isn't listed after clicking Submit)
- 7. after you've configured your image library and your management
- node has started checking in, you should be able to make a
- reservation
+ 1. Click Manage Computers
+ 2. Select the Add Single Computer radio button
+ 3. Click Submit
+ 4. Fill in the following:
+ * Hostname
+ * Type - blade
+ * Public IP Address
+ * Private IP Address (optional)
+ * Public MAC Address (optional)
+ * Private MAC Address (optional)
+ * Provisioning Engine - xCAT 2.x
+ * State - available (or maintenance if you do not want it to be
+ immediately available)
+ * Owner - admin@Local
+ * RAM
+ * No. Cores
+ * Processor Speed
+ * Network Speed
+ * Physical Location (optional)
+ * Click the checkboxs under allComputers and newimages
+ 5. Click Confirm Computer
+ 6. Click Submit
+ NOTE: The computer you just added isn't listed after clicking
+ Submit. This is not a problem.
Adding Multiple Computers
@@ -427,56 +561,57 @@ II. Install & Configure the Web Componen
hostname
* End value - the last number of the numerical part of the
hostname
- * Start IP Address - if using static public addresses, the IP
- addresses must be sequential; enter the first address here; if
- using DHCP, just enter something like 1.1.1.1
- * End IP address - the last IP address of the sequence; if using
- DHCP, you'll need to enter something that would work out to
the
- last address relative to Start IP Address (i.e. if adding 3
- computers, use 1.1.1.1 for start and 1.1.1.3 for end)
- * Owner - owner of the computer
+ * Type - blade
+ * Start Public IP Address - if using static public addresses,
+ the IP addresses must be sequential; enter the first address
+ here; if using DHCP, just enter something like 1.1.1.1
+ * End Public IP address - the last IP address of the sequence;
if
+ using DHCP, you'll need to enter something that would work out
+ to the last address relative to Start IP Address (i.e. if
+ adding 3 computers, use 1.1.1.1 for start and 1.1.1.3 for end)
+ * Start Private IP Address (optional) - the IP addresses must be
+ sequential; enter the first private address here
+ * End Private IP Address (optional) - the last IP address of the
+ sequence
+ * Start MAC Address (optional) - if MAC addresses are
sequential,
+ with the first one being the private MAC address for the first
+ computer, the second one being the public MAC address for the
+ first computer, the third one being the private MAC address of
+ the second computer, etc, you can enter the first one here and
+ then have the option of downloading data to add to your
+ dhcpd.conf file from the Computer Utilities page
+ * Provisioning Engine - xCAT 2.x
+ * State - available (or maintenance if you do not want them to
be
+ immediately available)
+ * Owner - admin@Local
* RAM
* Processor Speed
* Network Speed
- * Type - blade
- * Provisioning Engine - xCAT 2.x
- * check allComputers and newimages
- 5. click Confirm Computer
- 6. click Submit (don't worry about the fact that the computers you
- just added aren't listed after clicking Submit)
- 7. after you've configured your image library and your management
- node has started checking in, you should be able to make a
- reservation
-
- Adding Local VCL Accounts
-
- Local VCL accounts are contained within the VCL database. The admin
- account is a local VCL account. Additional local accounts can be
added
- via the backend management node code. After you have finished the
- backend management node installation, run:
+ * Click the checkboxs under allComputers and newimages
+ 5. Click Confirm Computers
+ 6. Click Submit
+ NOTE: The computer you just added isn't listed after clicking
+ Submit. This is not a problem.
- vcld -setup
+ Add entries to /etc/hosts
- 1. Select VCL Base Module
- 2. Select Add Local VCL User Account
- 3. Enter the requested information
-
- Adding LDAP Authentication
+ You need to add entries for your nodes to /etc/hosts
- The last section of this installation guide (IV. Adding LDAP
- authentication) explains how to set up LDAP authentication.
+ 1. Click Manage Computers
+ 2. Select the allComputers group in the list at the top
+ 3. Select the Computer Utilities radio button
+ 4. Click Submit
+ 5. Click the Check All link at the bottom of the table
+ 6. Next to "For selected computers, generate computer data for",
+ select /etc/hosts
+ 7. Click Generate Data
+ 8. Copy/Paste the data to your /etc/hosts file
+ 9. Click Close
--------------------------------------------------------------------------------
III. Install & Configure the Management Node Components
- Prerequisites
-
- The following management node installation instructions assume the
- instructions on the following pages have previously been completed:
- * VCL 2.3 Database Installation
- * VCL 2.3 Web Code Installation
-
Supported Operating Systems:
The VCL management node daemon (vcld) has been developed to run on an
@@ -537,7 +672,7 @@ III. Install & Configure the Management
The last line of the install_perl_libs.pl script output should be:
- successfully installed required Perl modules
+ COMPLETE: installed all components
Note: The script will hang or terminate if it encounters a problem. If
this occurs, you will need to troubleshoot the problem by looking at the
@@ -579,9 +714,11 @@ III. Install & Configure the Management
* server - the IP address or FQDN of the database server
* LockerWrtUser - database user account with write privileges
* wrtPass - database user password
- * xmlrpc_pass - password for xmlrpc api from
vcld to the web interface(can be long). This will be
- used later to sync the database
vclsystem user account
- * xmlrpc_url - URL for xmlrpc api
https://my.server.org/vcl/index.php?mode=xmlrpccall
+ * xmlrpc_pass - password for xmlrpc api from vcld to the web
+ interface(can be long). This will be used later to sync the
+ database vclsystem user account
+ * xmlrpc_url - URL for xmlrpc api
+ https://my.server.org/vcl/index.php?mode=xmlrpccall
d. Save the vcld.conf file
@@ -594,8 +731,7 @@ III. Install & Configure the Management
vi /etc/ssh/ssh_config
- Locate the UserKnownHostsFile and StrictHostKeyChecking lines and change
- them to the following:
+ Set the following parameters:
UserKnownHostsFile /dev/null
StrictHostKeyChecking no
@@ -625,18 +761,6 @@ III. Install & Configure the Management
You should see output similar to the following:
Starting vcld daemon:
- =====================================================================
- VCL Management Node Daemon (vcld) | 2011-03-15 10:23:04
- =====================================================================
- bin path: /usr/local/vcl/bin
- config file: /etc/vcl/vcld.conf
- log file: /var/log/vcld.log
- pid file: /var/run/vcld.pid
- daemon mode: 1
- setup mode: 0
- verbose mode: 1
- =====================================================================
- Created VCL daemon process: 8465
[ OK ]
The vcld service can also be started by running the service script
@@ -649,29 +773,65 @@ III. Install & Configure the Management
You should see the following being added to the log file every few
seconds if the management node is checking in with the database:
- 2009-06-16 16:57:15|15792|vcld:main(165)|lastcheckin time updated
- for management node 18: 2009-06-16 16:57:15
- 6. Set the vclsystem account password for xmlrpc api
- Using the vcld -setup tool, set the vclsystem account. This is
needed to properly use the block allocation features.
-
- /usr/local/vcl/bin/vcld -setup
-
- Select 1. VCL Base Module
- Select 2. Set Local VCL User Account Password
- Select 2. vclsystem
-
- From the vcld.conf file, paste or type the password from
xmlrpc_pass variable and hit enter.
+ 2012-05-15 13:23:45|25494|vcld:main(167)|lastcheckin time updated
+ for management node 1: 2012-05-15 13:23:45
+
+ 6. Set the vclsystem account password for xmlrpc api
+ Using the vcld -setup tool, set the vclsystem account. This is needed to
+ properly use the block allocation features.
+
+ /usr/local/vcl/bin/vcld -setup
+
+ Select 1. VCL Base Module
+ Select 2. Set Local VCL User Account Password
+ Select 2. vclsystem
+
+ From the vcld.conf file, paste or type the password from xmlrpc_pass
+ variable and hit enter.
+ 7. Install & Configure the DHCP Service
+ a. Install dhcp if it is not already installed:
+
+ yum install dhcp -y
+
+ b. Configure the dhcpd service to automatically start at runlevels 3-5:
+
+ /sbin/chkconfig --level 345 dhcpd on
+
+ c. Configure the dhcpd.conf file.
+
+ vi /etc/dhcpd.conf
+
+ Configure your dhcpd.conf file according to your network
configuration.
+ The contents of the dhcpd.conf file will vary based on how your
network
+ is configured. Below is an example of a basic dhcpd.conf file:
+
+ ddns-update-style none;
+ shared-network eth0 {
+ subnet 10.100.0.0 netmask 255.255.255.0 {
+ ignore unknown-clients;
+ }
+ }
+
+ You will add host definitions to the dhcpd.conf file after you add
+ computers to VCL using the website. The website will display the
+ dhcpd.conf host definitions after the computers have been added to
VCL,
+ which can be copied and pasted into the dhcpd.conf file.
+
+ d. Start the dhcpd service:
+
+ /sbin/service dhcpd start
- 7. Configure Windows Product Keys and/or KMS Server Addresses (Optional)
+ 8. Configure Windows Product Keys and/or KMS Server Addresses (Optional)
If you will be deploying Windows environments your institution's Windows
product key and/or KMS server addresses must be entered into the VCL
database. This can be done by running the following command:
/usr/local/vcl/bin/vcld -setup
+
Select "Windows OS Module" and follow the prompts.
- 8. Download Windows Sysprep Utility (Optional)
+ 9. Download Windows Sysprep Utility (Optional)
If you will be using VCL to deploy bare-metal Windows XP or Windows
Server
2003 environments via xCAT, the appropriate versions of the Microsoft
Sysprep utility must be downloaded to the management node. The following
@@ -706,7 +866,7 @@ III. Install & Configure the Management
/usr/local/vcl/tools/Windows_Server_2003/Utilities/Sysprep
- 9.Download Windows Drivers (Optional)
+ 10. Download Windows Drivers (Optional)
Drivers which aren't included with Windows must be downloaded and saved
to
the management node. The drivers required will vary greatly depending on
@@ -772,7 +932,8 @@ III. Install & Configure the Management
/var/lib/vcl/tools/Windows_Version_XP/Drivers/Storage
/var/lib/vcl/tools/Windows_Version_XP/Drivers/Video
- 10. Install & Configure Provisioning Engines and Hypervisors
+ 11. Install & Configure Provisioning Engines and Hypervisors
+
VCL supports the following, please see the related websites for
installation and configuration instructions:
@@ -796,120 +957,135 @@ III. Install & Configure the Management
--------------------------------------------------------------------------------
-IV. Adding LDAP authentication
-
- 1. Prerequisites for your LDAP server:
-
- * enable SSL on your LDAP server
- * Create an account that can look up a user's first and last names, user
- id, and email address (email address is optional) - this will be
- referred to as 'vcllookup' in this document. You can skip this step if
- anonymous binds are enabled on your LDAP server and an anonymous bind
- will be able to look up userids, names, and email addresses.
- * if your LDAP server is firewalled, you will need to allow your VCL web
- server to access tcp port 636 on your LDAP server
-
- 2. Prerequisites for your VCL web server:
-
- * php-ldap needs to be installed
- * If your LDAP server SSL certificate is self-signed, your VCL web
- server needs to have the root CA certificate that was used to sign the
- LDAP server certificate installed. The PEM formatted certificate needs
- to be added to the ca-bundle.crt file. On CentOS, the file is located
at
-
- /etc/pki/tls/certs/ca-bundle.crt
-
- * After adding the certificate, restart httpd:
-
- service httpd restart
-
- * You can verify that the certificate is properly installed using this
- command:
-
- openssl s_client -showcerts -CAfile /etc/pki/tls/certs/ca-bundle.crt \
- -connect your.ldap.server.here:636
-
- If you see "Verify return code: 0 (ok)" at the end of the output, then
- it is installed correctly. If you see a different return code, then
- you'll need to work through the problem.
- * You may need to add a line to /etc/openldap/ldap.conf to point to the
- ca-bundle.crt file. It is difficult to explain if you need it or not,
- but if you do, add the following:
-
- TLS_CACERT /etc/pki/tls/certs/ca-bundle.crt
-
- 3. Adding LDAP Authentication to the Web Code
-
- * You will need to manually add an entry to the affiliation table in the
- vcl database. You need to come up with a name for the affiliation.
This
- will be appended to all userids for the affiliation to distinguish
them
- from other affiliations you may configure later. Initials or a short
- name of your organization are a good idea. This cannot contain spaces.
- Use the following to add the affiliation, replacing 'EXAMPLE' with the
- name you chose. Take note of the id from the 2nd SQL statement as you
- will need it later. It is the affiliationid for this affiliation.
-
- mysql vcl
- INSERT INTO affiliation (name) VALUES ('EXAMPLE');
- SELECT id FROM affiliation WHERE name = 'EXAMPLE';
- exit
-
- * Edit conf.php and search for "EXAMPLE1 LDAP"
- * Uncomment the "EXAMPLE1 LDAP" section by removing the '/*' before it
and
- the '*/' at the end of 'to use this login mechanism'
- * Change 'EXAMPLE1 LDAP' to something to match your location, for example
- at NCSU, it is 'NCSU LDAP'. This string is what users will see where
- they select the authentication mechanism to use when logging in.
- * Modify the following fields:
- * server - this is the hostname of your LDAP server
- * binddn - typically, you'll want to use the base DN of your LDAP
- server; for Active Directory, this is usually dc= for each of your
- domain name components. For example, your your domain name was
- ad.example.org, it would be "dc=ad,dc=example,dc=org"
- * userid - this is a string that is added to the userid a user enters
on
- the login page. Place a '%s' where the entered userid should go. Some
- examples are:
- * %s...@example.org
- * %s...@ad.example.org
- * uid=%s,ou=accounts,dc=example,dc=org'
- * unityid - this is the ldap field that contains a user's login id (for
- Active Directory, this is usually sAMAccountName)
- * firstname - this is the ldap field that contains a user's first name
- * lastname - this is the ldap field that contains a user's last name
- * email - this is the ldap field that contains a user's email address
- * defaultemail - if an email address is not provided by the ldap
server,
- this will be appended to the end of the userid to create an email
- address. In this case, email notifications will be disabled by
default
- * masterlogin - this is the vcllookup account referred to in the
- "Prerequisites for your LDAP server" section - comment out this line
- if using anonymous binds
- * masterpwd - password for the masterlogin account - comment out this
- line if using anonymous binds
- * affiliationid - this is the id from the SELECT statement in the first
- step
- * help - this is some text that will show up on the page where users
- select the authentication method explaining why they would select
- this option
- * uncomment the require_once line for ldapauth.php toward the bottom of
- the file
-
- 4. Tweak if your LDAP server has users in multiple containers
-
- If your LDAP server has users in multiple containers, then the full DN
for
- each user must be looked up before doing a bind to the LDAP server to
- authenticate the user. In this case, you'll need to modify
- authentication.php.
-
- * edit authenciation.php
- * search for ldapLogin
- * search for EXAMPLE1 LDAP in the function
- * uncomment the block of code it is contained in by removing the '/*' at
- the beginning of the line containing 'EXAMPLE1 LDAP', and removing the
- '*/' at the end of the else that is before
- '$ldapuser = sprintf($authMechs[]'userid', $userid);'
- * change 'EXAMPLE1 LDAP' to match what you changed it to in
step 3
- * Look for the line containing 'cn=$userid'. If you use 'cn' to look up
- userids in your LDAP server, the line is fine as is. If you use
- something else, such as 'uid', change 'cn' to 'uid' or whatever is
used
- on your LDAP server.
- * save the file
+IV. Configure Frontend Authentication
+
+ Adding Local VCL Accounts
+
+ Local VCL accounts are contained within the VCL database. The admin
+ account is a local VCL account. Additional local accounts can be added
+ via the backend management node code. After you have finished the backend
+ management node installation, run:
+
+ vcld -setup
+
+ 1. Select VCL Base Module
+ 2. Select Add Local VCL User Account
+ 3. Enter the requested information
+
+ Adding LDAP Authentication
+
+ 1. Prerequisites for your LDAP server:
+
+ * enable SSL on your LDAP server
+ * Create an account that can look up a user's first and last names,
+ user id, and email address (email address is optional) - this will
be
+ referred to as 'vcllookup' in this document. You can skip this step
+ if anonymous binds are enabled on your LDAP server and an anonymous
+ bind will be able to look up userids, names, and email addresses.
+ * if your LDAP server is firewalled, you will need to allow your VCL
+ web server to access tcp port 636 on your LDAP server
+
+ 2. Prerequisites for your VCL web server:
+
+ * php-ldap needs to be installed
+ * If your LDAP server SSL certificate is self-signed, your VCL web
+ server needs to have the root CA certificate that was used to sign
+ the LDAP server certificate installed. The PEM formatted certificate
+ needs to be added to the ca-bundle.crt file. On CentOS, the file is
+ located at
+
+ /etc/pki/tls/certs/ca-bundle.crt
+
+ The hostname in the certificate must match the hostname entered in
+ the conf.php file further down. If your certificate does not have
the
+ correct hostname in it, you can put an entry in /etc/hosts for the
+ hostname in the certificate.
+
+ * After adding the certificate, restart httpd:
+
+ service httpd restart
+
+ * You can verify that the certificate is properly installed using this
+ command:
+
+ openssl s_client -showcerts -CAfile
/etc/pki/tls/certs/ca-bundle.crt \
+ -connect your.ldap.server.here:636
+
+ If you see "Verify return code: 0 (ok)" at the end of the output,
+ then it is installed correctly. If you see a different return code,
+ then you'll need to work through the problem.
+
+ * You may need to add a line to /etc/openldap/ldap.conf to point to
the
+ ca-bundle.crt file. It is difficult to explain if you need it or
not,
+ but if you do, add the following:
+
+ TLS_CACERT /etc/pki/tls/certs/ca-bundle.crt
+
+ 3. Adding LDAP Authentication to the Web Code
+
+ * You will need to manually add an entry to the affiliation table in
+ the VCL database. Choose a name for the affiliation. This will be
+ appended to all userids for the affiliation to distinguish them from
+ other affiliations you may configure later. Do not use the Global
+ affiliation for this. Initials or a short name of your organization
+ are a good idea. The affiliation name cannot contain spaces. Use the
+ following to add the affiliation, replacing 'EXAMPLE' with the name
+ you chose. Take note of the id from the 2nd SQL statement as you
will
+ need it later. It is the numerical id for this affiliation.
+
+ mysql vcl
+ INSERT INTO affiliation (name) VALUES ('EXAMPLE');
+ SELECT id FROM affiliation WHERE name = 'EXAMPLE';
+ exit
+
+ * Edit conf.php and search for "EXAMPLE1 LDAP"
+ * Uncomment the "EXAMPLE1 LDAP" section by removing the '/*' before it
+ and the '*/' at the end of 'to use this login mechanism'
+ * Change 'EXAMPLE1 LDAP' to something to match your location, for
+ example at NCSU, it is 'NCSU LDAP'. This string is what users will
+ see where they select the authentication mechanism to use when
+ logging in.
+ * Modify the following fields:
+ * server - this is the hostname of your LDAP server - this must
match
+ the hostname in the certificate
+ * binddn - typically, you'll want to use the base DN of your LDAP
+ server; for Active Directory, this is usually dc= for each of your
+ domain name components. For example, your your domain name was
+ ad.example.org, it would be "dc=ad,dc=example,dc=org"
+ * userid - this is a string that is added to the userid a user
enters
+ on the login page. Place a '%s' where the entered userid should
go.
+ Some examples are:
+ * %s...@example.org
+ * %s...@ad.example.org
+ * uid=%s,ou=accounts,dc=example,dc=org'
+ * unityid - this is the ldap field that contains a user's login id
+ (for Active Directory, this is usually sAMAccountName)
+ * firstname - this is the ldap field that contains a user's first
+ name
+ * lastname - this is the ldap field that contains a user's last name
+ * email - this is the ldap field that contains a user's email
address
+ * defaultemail - if an email address is not provided by the ldap
+ server, this will be appended to the end of the userid to create
an
+ email address. In this case, email notifications will be disabled
+ by default
+ * masterlogin - this is the vcllookup account referred to in the
+ "Prerequisites for your LDAP server" section - comment out this
+ line if using anonymous binds
+ * masterpwd - password for the masterlogin account - comment out
this
+ line if using anonymous binds
+ * affiliationid - this is the id from the SELECT statement in the
+ first step
+ * lookupuserbeforeauth - Some LDAP servers will only allow the full
+ DN of a user to be used when authenticating. If this is the case,
+ you will need to set this to 1 and set a value for
lookupuserfield.
+ You can probably start out with this set to 0. If your LDAP server
+ has users in multiple containers, you will probably need to set
+ this to 1.
+ * lookupuserfield - If you need to set lookupuserbeforeauth to 1,
set
+ this to the attribute to use to search for the user in ldap.
+ Typical values are 'cn', 'uid', and 'samaccountname'.
+ * help - this is some text that will show up on the page where users
+ select the authentication method explaining why they would select
+ this option
+ * uncomment the require_once line for ldapauth.php toward the bottom
of
+ the file
