This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
documentation:server-install-aducid [2018/12/04 21:50] mpospisek [Installation] |
— (current) | ||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== ADUCID software ====== | ||
- | ===== File and directory preparation ===== | ||
- | |||
- | Directories for aducid-aaa-modules | ||
- | |||
- | AAA modules need the following directories are created before installation: | ||
- | <codedoc code: | ||
- | mkdir -p / | ||
- | mkdir / | ||
- | mkdir / | ||
- | mkdir / | ||
- | mkdir / | ||
- | mkdir / | ||
- | mkdir / | ||
- | mkdir -p / | ||
- | </ | ||
- | |||
- | Files for aducid-aaa-modules. **Please adjust your server hostname in these files, as indicated.** | ||
- | |||
- | <codedoc code: | ||
- | vi / | ||
- | </ | ||
- | <sxh bash> | ||
- | #!/bin/bash | ||
- | export OPENAAA_PROTOCOL=aaa | ||
- | export OPENAAA_HANDLER=/ | ||
- | export OPENAAA_AUTHORITY=`hostname` | ||
- | </ | ||
- | |||
- | |||
- | |||
- | <codedoc code: | ||
- | vi / | ||
- | </ | ||
- | <sxh bash> | ||
- | [Unit] | ||
- | Description=The ADUCID AAA Module | ||
- | After=network.target remote-fs.target nss-lookup.target | ||
- | |||
- | [Service] | ||
- | Type=forking | ||
- | EnvironmentFile=/ | ||
- | ExecStart=/ | ||
- | ExecReload=/ | ||
- | ExecStop=/ | ||
- | |||
- | [Install] | ||
- | WantedBy=multi-user.target | ||
- | </ | ||
- | |||
- | <codedoc code: | ||
- | vi / | ||
- | </ | ||
- | <sxh bash; highlight: [25]> | ||
- | # | ||
- | # This file can be used to set additional environment variables for | ||
- | # the httpd process, or pass additional options to the httpd | ||
- | # executable. | ||
- | # | ||
- | # Note: With previous versions of httpd, the MPM could be changed by | ||
- | # editing an " | ||
- | # variable is now ignored. | ||
- | # choice of MPM can be changed by editing the configuration file | ||
- | # / | ||
- | # | ||
- | # | ||
- | # To pass additional options (for instance, -D definitions) to the | ||
- | # httpd binary at startup, set OPTIONS here. | ||
- | # | ||
- | #OPTIONS= | ||
- | # | ||
- | # This setting ensures the httpd process is started in the " | ||
- | # by default. | ||
- | # case-sensitive string comparisons are performed in a different | ||
- | # locale.) | ||
- | # | ||
- | OPENAAA_PROTOCOL=aaa | ||
- | OPENAAA_HANDLER=/ | ||
- | OPENAAA_AUTHORITY=your.server.dnsname | ||
- | </ | ||
- | |||
- | <codedoc code: | ||
- | vi / | ||
- | </ | ||
- | <sxh bash> | ||
- | #!/bin/bash -x | ||
- | # | ||
- | # Start stop or restart the ADUCID-AAA service | ||
- | # | ||
- | |||
- | # PATH=/ | ||
- | RETVAL=0 | ||
- | |||
- | # Check that networking is up. | ||
- | . / | ||
- | |||
- | |||
- | usage () | ||
- | { | ||
- | echo $" | ||
- | RETVAL=2 | ||
- | } | ||
- | |||
- | |||
- | start () | ||
- | { | ||
- | / | ||
- | } | ||
- | |||
- | stop () | ||
- | { | ||
- | kill -9 `cat / | ||
- | } | ||
- | |||
- | |||
- | restart () | ||
- | { | ||
- | stop | ||
- | start | ||
- | } | ||
- | |||
- | |||
- | case " | ||
- | stop) stop ;; | ||
- | status) status ;; | ||
- | start|restart|reload|force-reload) restart ;; | ||
- | *) usage ;; | ||
- | esac | ||
- | |||
- | exit $RETVAL | ||
- | </ | ||
- | |||
- | |||
- | ===== Installation ===== | ||
- | |||
- | |||
- | Do one of the following: | ||
- | |||
- | * Connect the ADUCID Server Kit DVD to virtual machine and mount it to / | ||
- | * Copy the repository directory from the ADUCID Server Kit DVD to / | ||
- | |||
- | Install and run the aducid-installer script | ||
- | <codedoc code: | ||
- | # in this directory, rpm files are located | ||
- | cd / | ||
- | # find the exact filename using the TAB key in the command prompt | ||
- | yum localinstall aducid-repository-1.0-4.el7.centos.noarch.rpm | ||
- | # dtto as above | ||
- | yum localinstall aducid-installer-4.1.0-1.rc1.el7.centos.noarch.rpm | ||
- | # now, the install script will be in the path (/ | ||
- | aducid-installer | ||
- | </ | ||
- | |||
- | The aducid-installer script (see / | ||
- | |||
- | | hostname | Preferably whole DNS name | | ||
- | | service provider ID | AIM machine inner identification. DNS hostname is a good candidate. | | ||
- | | icon file | 100x100 .png file that will be seen on client PEIGs. This can be changed anytime, files are located in / | ||
- | | replication password | In fact, DB access password for account created during install | | ||
- | |||
- | ===== Post-install checks ===== | ||
- | ==== Certificates ==== | ||
- | |||
- | Certificates for SSL comunication (like other parameters of SSL/TLS comunication) need to be set in / | ||
- | <codedoc code: | ||
- | SSLCertificateFile | ||
- | SSLCertificateKeyFile | ||
- | SSLCertificateChainFile / | ||
- | SSLCACertificateFile | ||
- | </ | ||
- | |||
- | Other certificates used by ADUCID server are listed in / | ||
- | <sxh bash> | ||
- | PUBLIC_KEY=/ | ||
- | PRIVATE_KEY=/ | ||
- | </ | ||
- | |||
- | It is recommended to restart the server after installation. | ||
- | ==== Component checks ==== | ||
- | |||
- | |||
- | After restart, check main status of main components. | ||
- | postinstall checks | ||
- | <codedoc code: | ||
- | orange-d3:~ root$ systemctl -l status httpd.service | ||
- | ● httpd.service - The Apache HTTP Server | ||
- | | ||
- | | ||
- | Main PID: 4800 (httpd) | ||
- | | ||
- | | ||
- | | ||
- | | ||
- | | ||
- | | ||
- | | ||
- | | ||
- | | ||
- | |||
- | orange-d3:~ root$ systemctl -l status aducid-aaa.service | ||
- | ● aducid-aaa.service - The ADUCID AAA Module | ||
- | | ||
- | | ||
- | Process: 890 ExecStart=/ | ||
- | Main PID: 901 (aaa) | ||
- | | ||
- | | ||
- | | ||
- | | ||
- | | ||
- | | ||
- | |||
- | Jun 25 23:03:03 orange-d3.aducid.com aaa[906]: sess.created: | ||
- | Jun 25 23:03:03 orange-d3.aducid.com aaa[906]: sess.modified: | ||
- | Jun 25 23:03:03 orange-d3.aducid.com aaa[906]: sess.expires: | ||
- | Jun 25 23:03:03 orange-d3.aducid.com aaa[906]: 127.0.0.1: | ||
- | Jun 25 23:03:03 orange-d3.aducid.com aaa[905]: 127.0.0.1: | ||
- | Jun 25 23:03:03 orange-d3.aducid.com aaa[905]: sess.id: | ||
- | Jun 25 23:03:03 orange-d3.aducid.com aaa[905]: sess.created: | ||
- | Jun 25 23:03:03 orange-d3.aducid.com aaa[905]: sess.modified: | ||
- | Jun 25 23:03:03 orange-d3.aducid.com aaa[905]: sess.expires: | ||
- | Jun 25 23:03:03 orange-d3.aducid.com aaa[905]: 127.0.0.1: | ||
- | |||
- | orange-d3:~ root$ systemctl -l status tomcat9.service | ||
- | ● tomcat9.service - Apache Tomcat 9.0.6 Servlet Container | ||
- | | ||
- | | ||
- | Process: 887 ExecStart=/ | ||
- | Main PID: 921 (java) | ||
- | | ||
- | | ||
- | |||
- | Jun 25 22:54:50 orange-d3.aducid.com systemd[1]: Starting Apache Tomcat 9.0.6 Servlet Container... | ||
- | Jun 25 22:54:50 orange-d3.aducid.com tomcat-startup.sh[887]: | ||
- | Jun 25 22:54:50 orange-d3.aducid.com tomcat-startup.sh[887]: | ||
- | Jun 25 22:54:50 orange-d3.aducid.com systemd[1]: Started Apache Tomcat 9.0.6 Servlet Container. | ||
- | </ | ||
- | |||
- | ==== Compoment log checks ==== | ||
- | |||
- | |||
- | The system is fully ready after tomcat server start. This can be checked by looking into tomcat' | ||
- | tomcat log | ||
- | |||
- | <codedoc code: | ||
- | orange-d3:~ root$ tail -f / | ||
- | Not found in ' | ||
- | Not found in SystemResource Directory/ | ||
- | Not found in ' | ||
- | Loading validation.properties via file I/O failed. | ||
- | Attempting to load validation.properties via the classpath. | ||
- | SUCCESSFULLY LOADED validation.properties via the CLASSPATH from '/ (root)' | ||
- | 25-Jun-2018 22: | ||
- | 25-Jun-2018 22: | ||
- | 25-Jun-2018 22: | ||
- | 25-Jun-2018 22: | ||
- | </ | ||
- | |||
- | Other log files: | ||
- | | AIM | / | ||
- | | tomcat9.service | / | ||
- | | aducid-aaa.service | / | ||
- | | httpd.service | / | ||
- | |||
- | |||
- | RPM Component summary | ||
- | | aducid-configurator.rpm | installation and config script | | ||
- | | aducid-repository.rpm | yum repository file | | ||
- | | aducid-aaa-modules.rpm | Apache settings for ADUCID components | | ||
- | | aim.rpm | AIM and all basic components | | ||
- | | aducid-proof.rpm | Sample identity proofing apps | | ||
- | |||
- | |||
- | |||