This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
documentation:server-install-aducid [2018/10/31 12:11] mpospisek [File and directory preparation] |
documentation:server-install-aducid [2018/12/04 21:50] mpospisek [Installation] |
||
---|---|---|---|
Line 6: | Line 6: | ||
AAA modules need the following directories are created before installation: | AAA modules need the following directories are created before installation: | ||
<codedoc code: | <codedoc code: | ||
- | mkdir / | + | mkdir -p / |
mkdir / | mkdir / | ||
mkdir / | mkdir / | ||
Line 16: | Line 16: | ||
</ | </ | ||
- | Files for aducid-aaa-modules | + | Files for aducid-aaa-modules. **Please adjust your server hostname in these files, as indicated.** |
- | Please adjust your server hostname in these files, as indicated. | ||
<codedoc code: | <codedoc code: | ||
- | # A. File /usr/lib/systemd/ | + | vi /etc/profile.d/openaaa.sh |
- | # -------------------------------------------------- | + | </ |
- | # cat /etc/sysconfig/ | + | <sxh bash> |
- | # | + | #!/bin/bash |
- | # This file can be used to set additional environment variables for | + | export OPENAAA_PROTOCOL=aaa |
- | # the httpd process, or pass additional options to the httpd | + | export OPENAAA_HANDLER=/usr/local/bin/aducid |
- | # executable. | + | export OPENAAA_AUTHORITY=`hostname` |
- | # | + | </ |
- | # Note: With previous versions of httpd, the MPM could be changed by | + | |
- | # editing an " | + | |
- | # variable is now ignored. | + | |
- | # choice of MPM can be changed by editing the configuration file | + | |
- | # /etc/httpd/conf.modules.d/00-mpm.conf. | + | |
- | # | + | |
- | # | + | <codedoc code: |
- | # To pass additional options (for instance, -D definitions) to the | + | vi / |
- | # httpd binary at startup, set OPTIONS here. | + | </ |
- | # | + | <sxh bash> |
- | #OPTIONS= | + | |
- | + | ||
- | # | + | |
- | # This setting ensures the httpd process is started in the " | + | |
- | # by default. | + | |
- | # case-sensitive string comparisons are performed in a different | + | |
- | # locale.) | + | |
- | # | + | |
- | OPENAAA_PROTOCOL=aaa | + | |
- | OPENAAA_HANDLER=/ | + | |
- | OPENAAA_AUTHORITY=your.server.dnsname | + | |
- | + | ||
- | # cat / | + | |
[Unit] | [Unit] | ||
- | Description=The ADUCID | + | Description=The ADUCID |
After=network.target remote-fs.target nss-lookup.target | After=network.target remote-fs.target nss-lookup.target | ||
[Service] | [Service] | ||
- | # | ||
Type=forking | Type=forking | ||
EnvironmentFile=/ | EnvironmentFile=/ | ||
Line 63: | Line 44: | ||
ExecReload=/ | ExecReload=/ | ||
ExecStop=/ | ExecStop=/ | ||
- | # We want systemd to give httpd some time to finish gracefully, but still want | ||
- | # it to kill httpd after TimeoutStopSec if something went wrong during the | ||
- | # graceful stop. Normally, Systemd sends SIGTERM signal right after the | ||
- | # ExecStop, which would kill httpd. We are sending useless SIGCONT here to give | ||
- | # httpd time to finish. | ||
- | # | ||
- | # | ||
[Install] | [Install] | ||
WantedBy=multi-user.target | WantedBy=multi-user.target | ||
+ | </ | ||
- | + | <codedoc code: | |
- | # B. File / | + | vi / |
- | # --------------------------------- | + | </ |
- | # cat / | + | <sxh bash; highlight: [25]> |
# | # | ||
# This file can be used to set additional environment variables for | # This file can be used to set additional environment variables for | ||
Line 89: | Line 64: | ||
# / | # / | ||
# | # | ||
- | |||
# | # | ||
# To pass additional options (for instance, -D definitions) to the | # To pass additional options (for instance, -D definitions) to the | ||
Line 95: | Line 69: | ||
# | # | ||
#OPTIONS= | #OPTIONS= | ||
- | |||
# | # | ||
# This setting ensures the httpd process is started in the " | # This setting ensures the httpd process is started in the " | ||
Line 105: | Line 78: | ||
OPENAAA_HANDLER=/ | OPENAAA_HANDLER=/ | ||
OPENAAA_AUTHORITY=your.server.dnsname | OPENAAA_AUTHORITY=your.server.dnsname | ||
+ | </ | ||
- | + | <codedoc code: | |
- | # C. File / | + | vi / |
- | # ---------------------------------- | + | </codedoc> |
- | # cat /usr/ | + | < |
- | [Unit] | + | |
- | Description=The ADUCID Apache HTTP Server | + | |
- | After=network.target remote-fs.target nss-lookup.target | + | |
- | + | ||
- | [Service] | + | |
- | # | + | |
- | Type=forking | + | |
- | EnvironmentFile=/ | + | |
- | ExecStart=/ | + | |
- | ExecReload=/ | + | |
- | ExecStop=/ | + | |
- | # We want systemd to give httpd some time to finish gracefully, but still want | + | |
- | # it to kill httpd after TimeoutStopSec if something went wrong during the | + | |
- | # graceful stop. Normally, Systemd sends SIGTERM signal right after the | + | |
- | # ExecStop, which would kill httpd. We are sending useless SIGCONT here to give | + | |
- | # httpd time to finish. | + | |
- | # | + | |
- | # | + | |
- | + | ||
- | [Install] | + | |
- | WantedBy=multi-user.target | + | |
- | + | ||
- | # D. File / | + | |
- | # --------------------------------- | + | |
- | # cat / | + | |
- | #!/bin/bash | + | |
- | export OPENAAA_PROTOCOL=aaa | + | |
- | export OPENAAA_HANDLER=/ | + | |
- | export OPENAAA_AUTHORITY=`hostname` | + | |
- | + | ||
- | # E. Just check contents of the file / | + | |
- | # ------------------------------------------------------------- | + | |
- | + | ||
- | # cat / | + | |
#!/bin/bash -x | #!/bin/bash -x | ||
# | # | ||
Line 166: | Line 106: | ||
{ | { | ||
/ | / | ||
- | / | ||
} | } | ||
stop () | stop () | ||
{ | { | ||
- | / | ||
kill -9 `cat / | kill -9 `cat / | ||
} | } | ||
Line 191: | Line 129: | ||
exit $RETVAL | exit $RETVAL | ||
- | </codedoc> | + | </sxh> |
Line 207: | Line 145: | ||
cd / | cd / | ||
# find the exact filename using the TAB key in the command prompt | # find the exact filename using the TAB key in the command prompt | ||
- | yum localinstall aducid-repository- | + | yum localinstall aducid-repository-1.0-4.el7.centos.noarch.rpm |
# dtto as above | # dtto as above | ||
- | yum localinstall aducid-installer- | + | yum localinstall aducid-installer-4.1.0-1.rc1.el7.centos.noarch.rpm |
# now, the install script will be in the path (/ | # now, the install script will be in the path (/ | ||
aducid-installer | aducid-installer | ||
Line 233: | Line 171: | ||
Other certificates used by ADUCID server are listed in / | Other certificates used by ADUCID server are listed in / | ||
- | <codedoc code:bash> | + | <sxh bash> |
PUBLIC_KEY=/ | PUBLIC_KEY=/ | ||
PRIVATE_KEY=/ | PRIVATE_KEY=/ | ||
- | </codedoc> | + | </sxh> |
It is recommended to restart the server after installation. | It is recommended to restart the server after installation. | ||
Line 245: | Line 183: | ||
postinstall checks | postinstall checks | ||
<codedoc code: | <codedoc code: | ||
- | orange-d3:~ root$ systemctl -l status | + | orange-d3:~ root$ systemctl -l status httpd.service |
- | ● httpd24-httpd.service - The Apache HTTP Server | + | ● httpd.service - The Apache HTTP Server |
- | | + | |
- | | + | |
- | Main PID: 913 (httpd) | + | Main PID: 4800 (httpd) |
- | | + | |
- | | + | |
- | | + | |
- | | + | |
- | | + | |
- | | + | |
- | | + | |
- | | + | |
- | | + | |
- | + | ||
- | Jun 25 23:03:03 orange-d3.aducid.com [1697]: msg: | + | |
- | Jun 25 23:03:03 orange-d3.aducid.com [1697]: msg: | + | |
- | Jun 25 23:03:03 orange-d3.aducid.com [1697]: msg: | + | |
- | Jun 25 23:03:03 orange-d3.aducid.com [1697]: msg: | + | |
- | Jun 25 23:03:03 orange-d3.aducid.com [1697]: msg: | + | |
- | Jun 25 23:03:03 orange-d3.aducid.com [1697]: msg: | + | |
- | Jun 25 23:03:03 orange-d3.aducid.com [1697]: id=a6ae3724b541fb22127a207882e99ee2d1b0c762922ceff78dd4839872a712ab hash=8112 index=0 | + | |
- | Jun 25 23:03:03 orange-d3.aducid.com [1697]: 127.0.0.1: | + | |
- | Jun 25 23:03:03 orange-d3.aducid.com [1697]: 127.0.0.1: | + | |
- | Jun 25 23:03:03 orange-d3.aducid.com [1697]: msg:alert write: | + | |
- | + | ||
- | # do not be confused with the following message: "The ADUCID Apache HTTP Server" | + | |
orange-d3:~ root$ systemctl -l status aducid-aaa.service | orange-d3:~ root$ systemctl -l status aducid-aaa.service | ||
- | ● aducid-aaa.service - The ADUCID | + | ● aducid-aaa.service - The ADUCID |
| | ||
| | ||
Line 332: | Line 258: | ||
Other log files: | Other log files: | ||
- | * AIM: / | + | | AIM | / |
- | | + | | tomcat9.service |
- | | + | | aducid-aaa.service |
- | * httpd24-httpd.service / | + | | httpd.service | /var/log/httpd/* | |
RPM Component summary | RPM Component summary | ||
- | aducid-configurator.rpm installation and config script | + | | aducid-configurator.rpm |
- | aducid-repository.rpm yum repository file | + | | aducid-repository.rpm | yum repository file | |
- | aducid-aaa-modules.rpm Apache settings for ADUCID components | + | | aducid-aaa-modules.rpm |
- | aim.rpm AIM and all basic components | + | | aim.rpm |
- | aducid-proof.rpm Identity | + | | aducid-proof.rpm |
- | aducid-demo.rpm Demo apps | + | |