This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision | |||
| documentation:server-install-aducid [2019/08/01 09:09] tjotov removed | — (current) | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ====== ADUCID software ====== | ||
| - | ===== File and directory preparation ===== | ||
| - | |||
| - | **Prepare the aducid-aaa.service** | ||
| - | <sxh bash> | ||
| - | # --- AAA modules need the following directories are created before installation: | ||
| - | |||
| - | mkdir -p / | ||
| - | mkdir / | ||
| - | mkdir / | ||
| - | mkdir / | ||
| - | mkdir / | ||
| - | mkdir / | ||
| - | mkdir / | ||
| - | mkdir -p / | ||
| - | |||
| - | # --- Files for aducid-aaa-modules. | ||
| - | # **Please check your server hostname in these files, as indicated.** | ||
| - | |||
| - | # --- Export system variables | ||
| - | # / | ||
| - | echo \ | ||
| - | "# | ||
| - | export OPENAAA_PROTOCOL=aaa | ||
| - | export OPENAAA_HANDLER=/ | ||
| - | export OPENAAA_AUTHORITY=`hostname` | ||
| - | " > / | ||
| - | |||
| - | # --- Define the aducid-aaa.service | ||
| - | # / | ||
| - | echo \ | ||
| - | " | ||
| - | Description=The ADUCID AAA Module | ||
| - | After=network.target remote-fs.target nss-lookup.target | ||
| - | |||
| - | [Service] | ||
| - | Type=forking | ||
| - | EnvironmentFile=/ | ||
| - | ExecStart=/ | ||
| - | ExecReload=/ | ||
| - | ExecStop=/ | ||
| - | |||
| - | [Install] | ||
| - | WantedBy=multi-user.target | ||
| - | " >/ | ||
| - | |||
| - | # --- Create service files | ||
| - | # / | ||
| - | echo \ | ||
| - | " | ||
| - | OPENAAA_HANDLER=/ | ||
| - | OPENAAA_AUTHORITY=`hostname` | ||
| - | " > / | ||
| - | </ | ||
| - | < | ||
| - | vi / | ||
| - | </ | ||
| - | <sxh> | ||
| - | #!/bin/bash -x | ||
| - | # | ||
| - | # Start stop or restart the ADUCID-AAA service | ||
| - | # | ||
| - | |||
| - | # PATH=/ | ||
| - | RETVAL=0 | ||
| - | |||
| - | # Check that networking is up. | ||
| - | . / | ||
| - |  | ||
| - | usage () | ||
| - | { | ||
| - | echo $" | ||
| - | RETVAL=2 | ||
| - | } | ||
| - |  | ||
| - | start () | ||
| - | { | ||
| - | / | ||
| - | } | ||
| - | |||
| - | stop () | ||
| - | { | ||
| - | kill -9 `cat / | ||
| - | } | ||
| - | |||
| - | restart () | ||
| - | { | ||
| - | stop | ||
| - | start | ||
| - | } | ||
| - |  | ||
| - | case " | ||
| - | stop) stop ;; | ||
| - | status) status ;; | ||
| - | start|restart|reload|force-reload) restart ;; | ||
| - | *) usage ;; | ||
| - | esac | ||
| - | |||
| - | exit $RETVAL | ||
| - | </ | ||
| - | |||
| - | **Directory to import mypeig.aducid.com info** | ||
| - | <sxh> | ||
| - | mkdir -p ~/ | ||
| - | </ | ||
| - | Put the following files into the above directory and strip the " | ||
| - | * {{ : | ||
| - | * {{ : | ||
| - | <sxh> | ||
| - | cd ~/ | ||
| - | mv insert_home_aim_mypeig.sql.file insert_home_aim_mypeig.sql | ||
| - | mv mypeig.aducid.com.crt.file mypeig.aducid.com.crt | ||
| - | </ | ||
| - | |||
| - | |||
| - | ===== Installation ===== | ||
| - | |||
| - | |||
| - | Do one of the following: | ||
| - | |||
| - | * Connect the ADUCID Server Kit DVD to virtual machine and mount it to / | ||
| - | * Copy the repository directory from the ADUCID Server Kit DVD to  / | ||
| - | |||
| - | Install and run the aducid-installer script | ||
| - | <sxh> | ||
| - | # in this directory, rpm files are located | ||
| - | cd / | ||
| - | # find the exact filename using the TAB key in the command prompt | ||
| - | yum localinstall aducid-repository-1.0-4.el7.centos.noarch.rpm | ||
| - | # dtto as above | ||
| - | yum localinstall aducid-installer-4.1.0-1.rc1.el7.centos.noarch.rpm | ||
| - | # now, the install script will be in the path (/ | ||
| - | aducid-installer | ||
| - | </ | ||
| - | |||
| - | The aducid-installer script (see / | ||
| - | |||
| - | | hostname | Preferably whole DNS name | | ||
| - | | service provider ID | AIM machine inner identification. DNS hostname is a good candidate. | | ||
| - | | icon file | 100x100 .png file that will be seen on client PEIGs. This can be changed anytime, files are located in / | ||
| - | | replication password | In fact, DB access password for account created during install | | ||
| - | |||
| - | ===== Post-install checks ===== | ||
| - | ==== Certificates ==== | ||
| - | |||
| - | Certificates for SSL comunication (like other parameters of SSL/TLS comunication) need to be set in / | ||
| - | <codedoc code: | ||
| - | SSLCertificateFile | ||
| - | SSLCertificateKeyFile | ||
| - | SSLCertificateChainFile / | ||
| - | SSLCACertificateFile | ||
| - | </ | ||
| - | |||
| - | Other certificates used by ADUCID server are listed in / | ||
| - | <sxh bash> | ||
| - | PUBLIC_KEY=/ | ||
| - | PRIVATE_KEY=/ | ||
| - | </ | ||
| - | |||
| - | It is recommended to restart the server after installation. | ||
| - | ==== Component checks ==== | ||
| - | |||
| - | |||
| - | After restart, check main status of main components. | ||
| - | postinstall checks | ||
| - | <codedoc code: | ||
| - | orange-d3:~ root$ systemctl -l status httpd.service | ||
| - | ● httpd.service - The Apache HTTP Server | ||
| - |  | ||
| - |  | ||
| - | Main PID: 4800 (httpd) | ||
| - |  | ||
| - |  | ||
| - |  | ||
| - |  | ||
| - |  | ||
| - |  | ||
| - |  | ||
| - |  | ||
| - |  | ||
| - | |||
| - | orange-d3:~ root$ systemctl -l status aducid-aaa.service | ||
| - | ● aducid-aaa.service - The ADUCID AAA Module | ||
| - |  | ||
| - |  | ||
| - | Process: 890 ExecStart=/ | ||
| - | Main PID: 901 (aaa) | ||
| - |  | ||
| - |  | ||
| - |  | ||
| - |  | ||
| - |  | ||
| - |  | ||
| - | |||
| - | Jun 25 23:03:03 orange-d3.aducid.com aaa[906]: sess.created: | ||
| - | Jun 25 23:03:03 orange-d3.aducid.com aaa[906]: sess.modified: | ||
| - | Jun 25 23:03:03 orange-d3.aducid.com aaa[906]: sess.expires: | ||
| - | Jun 25 23:03:03 orange-d3.aducid.com aaa[906]: 127.0.0.1: | ||
| - | Jun 25 23:03:03 orange-d3.aducid.com aaa[905]: 127.0.0.1: | ||
| - | Jun 25 23:03:03 orange-d3.aducid.com aaa[905]: sess.id: | ||
| - | Jun 25 23:03:03 orange-d3.aducid.com aaa[905]: sess.created: | ||
| - | Jun 25 23:03:03 orange-d3.aducid.com aaa[905]: sess.modified: | ||
| - | Jun 25 23:03:03 orange-d3.aducid.com aaa[905]: sess.expires: | ||
| - | Jun 25 23:03:03 orange-d3.aducid.com aaa[905]: 127.0.0.1: | ||
| - | |||
| - | orange-d3:~ root$ systemctl -l status tomcat9.service | ||
| - | ● tomcat9.service - Apache Tomcat 9.0.6 Servlet Container | ||
| - |  | ||
| - |  | ||
| - | Process: 887 ExecStart=/ | ||
| - | Main PID: 921 (java) | ||
| - |  | ||
| - |  | ||
| - | |||
| - | Jun 25 22:54:50 orange-d3.aducid.com systemd[1]: Starting Apache Tomcat 9.0.6 Servlet Container... | ||
| - | Jun 25 22:54:50 orange-d3.aducid.com tomcat-startup.sh[887]: | ||
| - | Jun 25 22:54:50 orange-d3.aducid.com tomcat-startup.sh[887]: | ||
| - | Jun 25 22:54:50 orange-d3.aducid.com systemd[1]: Started Apache Tomcat 9.0.6 Servlet Container. | ||
| - | </ | ||
| - | |||
| - | ==== Compoment log checks ==== | ||
| - | |||
| - | |||
| - | The system is fully ready after tomcat server start. This can be checked by looking into tomcat' | ||
| - | tomcat log | ||
| - | |||
| - | <codedoc code: | ||
| - | orange-d3:~ root$ tail -f / | ||
| - | Not found in ' | ||
| - | Not found in SystemResource Directory/ | ||
| - | Not found in ' | ||
| - | Loading validation.properties via file I/O failed. | ||
| - | Attempting to load validation.properties via the classpath. | ||
| - | SUCCESSFULLY LOADED validation.properties via the CLASSPATH from '/ (root)' | ||
| - | 25-Jun-2018 22: | ||
| - | 25-Jun-2018 22: | ||
| - | 25-Jun-2018 22: | ||
| - | 25-Jun-2018 22: | ||
| - | </ | ||
| - | |||
| - | Other log files: | ||
| - | | AIM | / | ||
| - | | tomcat9.service | / | ||
| - | | aducid-aaa.service | / | ||
| - | | httpd.service	| / | ||
| - | |||
| - | |||
| - | RPM Component summary | ||
| - | | aducid-configurator.rpm | installation and config script | | ||
| - | | aducid-repository.rpm | yum repository file | | ||
| - | | aducid-aaa-modules.rpm | Apache settings for ADUCID components | | ||
| - | | aim.rpm | AIM and all basic components | | ||
| - | | aducid-proof.rpm | Sample identity proofing apps | | ||
| - | |||
| - | |||
| - | |||