Differences

This shows you the differences between two versions of the page.

--- documentation:server-install-aducid [2018/10/31 12:11]
mpospisek [File and directory preparation]
+++ documentation:server-install-aducid [2019/08/01 09:09]
tjotov removed
@@ Line 2: / Line 2: @@
 ===== File and directory preparation =====
-Directories for aducid-aaa-modules
+**Prepare the aducid-aaa.service**
+<sxh bash>
+# --- AAA modules need the following directories are created before installation:
-AAA modules need the following directories are created before installation:
+mkdir -p /opt/aaa/install
-<codedoc code:bash>
-mkdir /opt/aaa/install
 mkdir /opt/aaa/logs
 mkdir /opt/aaa/conf
@@ Line 14: / Line 14: @@
 mkdir /opt/aaa/bin
 mkdir -p /usr/lib64/openaaa/modules
-</codedoc>
-Files for aducid-aaa-modules
+# --- Files for aducid-aaa-modules.
+# **Please check your server hostname in these files, as indicated.**
-Please adjust your server hostname in these files, as indicated.
+# --- Export system variables
-<codedoc code:bash>
+# /etc/profile.d/openaaa.sh
-# A. File /usr/lib/systemd/system/aducid-aaa.service
+echo \
-# --------------------------------------------------
+"#!/bin/bash
-# cat /etc/sysconfig/aducid-aaa
+export OPENAAA_PROTOCOL=aaa
-#
+export OPENAAA_HANDLER=/usr/local/bin/aducid
-# This file can be used to set additional environment variables for
+export OPENAAA_AUTHORITY=`hostname`
-# the httpd process, or pass additional options to the httpd
+" > /etc/profile.d/openaaa.sh
-# executable.
-#
+# --- Define the aducid-aaa.service
-# Note: With previous versions of httpd, the MPM could be changed by
+# /usr/lib/systemd/system/aducid-aaa.service
-# editing an "HTTPD" variable here.  With the current version, that
+echo \
-# variable is now ignored.  The MPM is a loadable module, and the
+"[Unit]
-# choice of MPM can be changed by editing the configuration file
+Description=The ADUCID AAA Module
-# /etc/httpd/conf.modules.d/00-mpm.conf.
-#
-#
-# To pass additional options (for instance, -D definitions) to the
-# httpd binary at startup, set OPTIONS here.
-#
-#OPTIONS=
-#
-# This setting ensures the httpd process is started in the "C" locale
-# by default.  (Some modules will not behave correctly if
-# case-sensitive string comparisons are performed in a different
-# locale.)
-#
-OPENAAA_PROTOCOL=aaa
-OPENAAA_HANDLER=/usr/local/bin/aducid
-OPENAAA_AUTHORITY=your.server.dnsname
-# cat /usr/lib/systemd/system/aducid-aaa.service
-[Unit]
-Description=The ADUCID Apache HTTP Server
 After=network.target remote-fs.target nss-lookup.target
 [Service]
-#Type=notify
 Type=forking
 EnvironmentFile=/etc/sysconfig/aducid-aaa
@@ Line 63: / Line 40: @@
 ExecReload=/opt/aaa/bin/aducid-aaa.sh restart
 ExecStop=/opt/aaa/bin/aducid-aaa.sh stop
-# We want systemd to give httpd some time to finish gracefully, but still want
-# it to kill httpd after TimeoutStopSec if something went wrong during the
-# graceful stop. Normally, Systemd sends SIGTERM signal right after the
-# ExecStop, which would kill httpd. We are sending useless SIGCONT here to give
-# httpd time to finish.
-#KillSignal=SIGCONT
-#PrivateTmp=true
 [Install]
 WantedBy=multi-user.target
+" >/usr/lib/systemd/system/aducid-aaa.service
-# B. File /etc/sysconfig/aducid-aaa
+# --- Create service files
-# ---------------------------------
+# /etc/sysconfig/aducid-aaa
-# cat /etc/sysconfig/aducid-aaa
+echo \
-#
+"OPENAAA_PROTOCOL=aaa
-# This file can be used to set additional environment variables for
-# the httpd process, or pass additional options to the httpd
-# executable.
-#
-# Note: With previous versions of httpd, the MPM could be changed by
-# editing an "HTTPD" variable here.  With the current version, that
-# variable is now ignored.  The MPM is a loadable module, and the
-# choice of MPM can be changed by editing the configuration file
-# /etc/httpd/conf.modules.d/00-mpm.conf.
-#
-#
-# To pass additional options (for instance, -D definitions) to the
-# httpd binary at startup, set OPTIONS here.
-#
-#OPTIONS=
-#
-# This setting ensures the httpd process is started in the "C" locale
-# by default.  (Some modules will not behave correctly if
-# case-sensitive string comparisons are performed in a different
-# locale.)
-#
-OPENAAA_PROTOCOL=aaa
 OPENAAA_HANDLER=/usr/local/bin/aducid
-OPENAAA_AUTHORITY=your.server.dnsname
+OPENAAA_AUTHORITY=`hostname`
+" > /etc/sysconfig/aducid-aaa
+</sxh>
-# C. File /opt/aaa/bin/aducid-aaa.sh
+<codedoc>
-# ----------------------------------
+vi /opt/aaa/bin/aducid-aaa.sh
-# cat /usr/lib/systemd/system/aducid-aaa.service
+</codedoc>
-[Unit]
+<sxh>
-Description=The ADUCID Apache HTTP Server
-After=network.target remote-fs.target nss-lookup.target
-[Service]
-#Type=notify
-Type=forking
-EnvironmentFile=/etc/sysconfig/aducid-aaa
-ExecStart=/opt/aaa/bin/aducid-aaa.sh start
-ExecReload=/opt/aaa/bin/aducid-aaa.sh restart
-ExecStop=/opt/aaa/bin/aducid-aaa.sh stop
-# We want systemd to give httpd some time to finish gracefully, but still want
-# it to kill httpd after TimeoutStopSec if something went wrong during the
-# graceful stop. Normally, Systemd sends SIGTERM signal right after the
-# ExecStop, which would kill httpd. We are sending useless SIGCONT here to give
-# httpd time to finish.
-#KillSignal=SIGCONT
-#PrivateTmp=true
-[Install]
-WantedBy=multi-user.target
-# D. File /etc/profile.d/openaaa.sh
-# ---------------------------------
-# cat /etc/profile.d/openaaa.sh
-#!/bin/bash
-export OPENAAA_PROTOCOL=aaa
-export OPENAAA_HANDLER=/usr/local/bin/aducid
-export OPENAAA_AUTHORITY=`hostname`
-# E. Just check contents of the file /opt/aaa/bin/aducid-aaa.sh
-# -------------------------------------------------------------
-# cat /opt/aaa/bin/aducid-aaa.sh
 #!/bin/bash -x
 #
@@ Line 154: / Line 67: @@
 # Check that networking is up.
 . /etc/sysconfig/network
 usage ()
 {
@@ Line 161: / Line 73: @@
         RETVAL=2
 }
 start ()
 {
 /usr/bin/aaa -s -vv &
-/opt/aaa/bin/httpd -k start
 }
 stop ()
 {
-/opt/aaa/bin/httpd -k stop
 kill -9 `cat /var/run/aaad.pid`
 }
 restart ()
@@ Line 181: / Line 89: @@
         start
 }
 case "$1" in
     stop) stop ;;
@@ Line 191: / Line 98: @@
 exit $RETVAL
-</codedoc>
+</sxh>
+**Directory to import mypeig.aducid.com info**
+<sxh>
+mkdir -p ~/psqltools/myPEIG
+</sxh>
+Put the following files into the above directory and strip the ".file" extension:
+  * {{ :documentation:install:insert_home_aim_mypeig.sql.file |insert_home_aim_mypeig.sql.file}}
+  * {{ :documentation:install:mypeig.aducid.com.crt.file |mypeig.aducid.com.crt.file}}
+<sxh>
+cd ~/psqltools/myPEIG
+mv insert_home_aim_mypeig.sql.file insert_home_aim_mypeig.sql
+mv mypeig.aducid.com.crt.file mypeig.aducid.com.crt
+</sxh>
 ===== Installation =====
@@ Line 203: / Line 123: @@
 Install and run the aducid-installer script
-<codedoc code:bash>
+<sxh>
 # in this directory, rpm files are located
 cd /media/ADUCID/repository/el7/x86_64
 # find the exact filename using the TAB key in the command prompt
-yum localinstall aducid-repository-
+yum localinstall aducid-repository-1.0-4.el7.centos.noarch.rpm
 # dtto as above
-yum localinstall aducid-installer-
+yum localinstall aducid-installer-4.1.0-1.rc1.el7.centos.noarch.rpm
 # now, the install script will be in the path (/usr/local/bin), invoke it
 aducid-installer
-</codedoc>
+</sxh>
 The aducid-installer script (see /usr/local/bin/aducid-installer.sh) asks about AIM server parameters:
@@ Line 233: / Line 153: @@
 Other certificates used by ADUCID server are listed in /opt/tomcat/conf/ADUCID.properties. After you set this parameters to your certificate files, restart of the tomcat9.service is needed.
-<codedoc code:bash>
+<sxh bash>
 PUBLIC_KEY=/opt/aaa/certs/wild.aducid.com.crt
 PRIVATE_KEY=/opt/aaa/certs/wild.aducid.com.key
-</codedoc>
+</sxh>
 It is recommended to restart the server after installation.
@@ Line 245: / Line 165: @@
 postinstall checks
 <codedoc code:bash>
-orange-d3:~ root$ systemctl -l status httpd24-httpd.service
+orange-d3:~ root$ systemctl -l status httpd.service
-● httpd24-httpd.service - The Apache HTTP Server
+● httpd.service - The Apache HTTP Server
-   Loaded: loaded (/usr/lib/systemd/system/httpd24-httpd.service; enabled; vendor preset: disabled)
+   Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
-   Active: active (running) since Mon 2018-06-25 22:54:51 CEST; 9min ago
+   Active: active (running) since Wed 2018-11-07 23:11:21 CET; 2h 50min ago
- Main PID: 913 (httpd)
+ Main PID: 4800 (httpd)
-   Status: "Total requests: 11; Idle/Busy workers 100/0;Requests/sec: 0.0187; Bytes served/sec:  37 B/sec"
+   Status: "Total requests: 38; Idle/Busy workers 100/0;Requests/sec: 0.00373; Bytes served/sec:   7 B/sec"
-   CGroup: /system.slice/httpd24-httpd.service
+   CGroup: /system.slice/httpd.service
-           ├─ 913 /opt/rh/httpd24/root/usr/sbin/httpd -DFOREGROUND
+           ├─4800 /usr/sbin/httpd -DFOREGROUND
-           ├─1129 /opt/rh/httpd24/root/usr/sbin/httpd -DFOREGROUND
+           ├─4801 /usr/sbin/httpd -DFOREGROUND
-           ├─1130 /opt/rh/httpd24/root/usr/sbin/httpd -DFOREGROUND
+           ├─4802 /usr/sbin/httpd -DFOREGROUND
-           ├─1131 /opt/rh/httpd24/root/usr/sbin/httpd -DFOREGROUND
+           ├─4803 /usr/sbin/httpd -DFOREGROUND
-           ├─1132 /opt/rh/httpd24/root/usr/sbin/httpd -DFOREGROUND
+           ├─4804 /usr/sbin/httpd -DFOREGROUND
-           ├─1133 /opt/rh/httpd24/root/usr/sbin/httpd -DFOREGROUND
+           ├─4806 /usr/sbin/httpd -DFOREGROUND
-           └─1697 /opt/rh/httpd24/root/usr/sbin/httpd -DFOREGROUND
+           └─5528 /usr/sbin/httpd -DFOREGROUND
-Jun 25 23:03:03 orange-d3.aducid.com [1697]: msg:accept:SSLv3 read certificate verify A
-Jun 25 23:03:03 orange-d3.aducid.com [1697]: msg:accept:SSLv3 read finished A
-Jun 25 23:03:03 orange-d3.aducid.com [1697]: msg:accept:SSLv3 write change cipher spec A
-Jun 25 23:03:03 orange-d3.aducid.com [1697]: msg:accept:SSLv3 write finished A
-Jun 25 23:03:03 orange-d3.aducid.com [1697]: msg:accept:SSLv3 flush data
-Jun 25 23:03:03 orange-d3.aducid.com [1697]: msg:negotiate:SSL negotiation finished successfully
-Jun 25 23:03:03 orange-d3.aducid.com [1697]: id=a6ae3724b541fb22127a207882e99ee2d1b0c762922ceff78dd4839872a712ab hash=8112 index=0
-Jun 25 23:03:03 orange-d3.aducid.com [1697]: 127.0.0.1:8888 sent 94 byte(s)
-Jun 25 23:03:03 orange-d3.aducid.com [1697]: 127.0.0.1:8888 recv 168 byte(s)
-Jun 25 23:03:03 orange-d3.aducid.com [1697]: msg:alert write:warning:close notify
-# do not be confused with the following message: "The ADUCID Apache HTTP Server"
 orange-d3:~ root$ systemctl -l status aducid-aaa.service
-● aducid-aaa.service - The ADUCID Apache HTTP Server
+● aducid-aaa.service - The ADUCID AAA Module
    Loaded: loaded (/usr/lib/systemd/system/aducid-aaa.service; enabled; vendor preset: disabled)
    Active: active (running) since Mon 2018-06-25 22:54:50 CEST; 11min ago
@@ Line 332: / Line 240: @@
 Other log files:
-  * AIM: /opt/tomcat/log/aim.log
+| AIM | /opt/tomcat/log/aim.log |
-  * tomcat9.service:	/opt/tomcat/logs/*
+| tomcat9.service | /opt/tomcat/logs/* |
-  * aducid-aaa.service	/var/log/messages
+| aducid-aaa.service | /var/log/messages |
-  * httpd24-httpd.service	/var/log/httpd24/*
+| httpd.service	| /var/log/httpd/* |
 RPM Component summary
-aducid-configurator.rpm	installation and config script
+| aducid-configurator.rpm | installation and config script |
-aducid-repository.rpm	yum repository file
+| aducid-repository.rpm	| yum repository file |
-aducid-aaa-modules.rpm	Apache settings for ADUCID components
+| aducid-aaa-modules.rpm | Apache settings for ADUCID components |
-aim.rpm	AIM and all basic components
+| aim.rpm | AIM and all basic components |
-aducid-proof.rpm	Identity proofing apps
+| aducid-proof.rpm | Sample identity proofing apps |
-aducid-demo.rpm	Demo apps

ADUCID 4.x

User Tools

Site Tools

Differences

Page Tools