Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
documentation:server-install-aducid [2019/01/27 08:20]
mpospisek [File and directory preparation]
— (current)
Line 1: Line 1:
-====== ADUCID software ====== 
-===== File and directory preparation ===== 
- 
-**Prepare the aducid-aaa.service** 
-<sxh bash> 
-# --- AAA modules need the following directories are created before installation:​ 
- 
-mkdir -p /​opt/​aaa/​install 
-mkdir /​opt/​aaa/​logs 
-mkdir /​opt/​aaa/​conf 
-mkdir /​opt/​aaa/​conf/​aducid 
-mkdir /​opt/​aaa/​certs 
-mkdir /​opt/​aaa/​aducid-error-pages 
-mkdir /​opt/​aaa/​bin 
-mkdir -p /​usr/​lib64/​openaaa/​modules 
- 
-# --- Files for aducid-aaa-modules. ​ 
-# **Please check your server hostname in these files, as indicated.** 
- 
-# --- Export system variables 
-# /​etc/​profile.d/​openaaa.sh 
-echo \ 
-"#​!/​bin/​bash 
-export OPENAAA_PROTOCOL=aaa 
-export OPENAAA_HANDLER=/​usr/​local/​bin/​aducid 
-export OPENAAA_AUTHORITY=`hostname` ​ 
-" > /​etc/​profile.d/​openaaa.sh ​ 
- 
-# --- Define the aducid-aaa.service 
-# /​usr/​lib/​systemd/​system/​aducid-aaa.service 
-echo \ 
-"​[Unit] 
-Description=The ADUCID AAA Module 
-After=network.target remote-fs.target nss-lookup.target 
-  
-[Service] 
-Type=forking 
-EnvironmentFile=/​etc/​sysconfig/​aducid-aaa 
-ExecStart=/​opt/​aaa/​bin/​aducid-aaa.sh start 
-ExecReload=/​opt/​aaa/​bin/​aducid-aaa.sh restart 
-ExecStop=/​opt/​aaa/​bin/​aducid-aaa.sh stop 
-  
-[Install] 
-WantedBy=multi-user.target ​ 
-" >/​usr/​lib/​systemd/​system/​aducid-aaa.service 
- 
-# --- Create service files 
-# /​etc/​sysconfig/​aducid-aaa 
-echo \ 
-"​OPENAAA_PROTOCOL=aaa 
-OPENAAA_HANDLER=/​usr/​local/​bin/​aducid 
-OPENAAA_AUTHORITY=`hostname` ​ 
-" > /​etc/​sysconfig/​aducid-aaa 
- 
-# /​opt/​aaa/​bin/​aducid-aaa.sh 
-echo \ 
-"#​!/​bin/​bash -x 
-# 
-# Start stop or restart the ADUCID-AAA service 
-# 
-  
-# PATH=/​sbin:/​usr/​sbin:​$PATH 
-RETVAL=0 
-  
-# Check that networking is up. 
-. /​etc/​sysconfig/​network 
-  ​ 
-usage () 
-{ 
-        echo $\"​Usage:​ $0 {start|stop|restart}\"​ 1>&2 
-        RETVAL=2 
-} 
-  ​ 
-start () 
-{ 
-/​usr/​bin/​aaa -s -vv & 
-} 
-  
-stop () 
-{ 
-kill -9 `cat /​var/​run/​aaad.pid` 
-} 
-  
-restart () 
-{ 
-        stop 
-        start 
-} 
-  ​ 
-case \"​$1\"​ in 
-    stop) stop ;; 
-    status) status ;; 
-    start|restart|reload|force-reload) restart ;; 
-    *) usage ;; 
-esac 
-  
-exit $RETVAL 
-" > /​opt/​aaa/​bin/​aducid-aaa.sh 
-</​sxh>​ 
- 
-**Directory to import mypeig.aducid.com info** 
-<sxh> 
-mkdir -p ~/​psqltools/​myPEIG 
-</​sxh>​ 
-Put the following files into the above directory and strip the "​.file"​ extension: 
-  * {{ :​documentation:​install:​insert_home_aim_mypeig.sql.file |insert_home_aim_mypeig.sql.file}} 
-  * {{ :​documentation:​install:​mypeig.aducid.com.crt.file |mypeig.aducid.com.crt.file}} 
-<sxh> 
-cd ~/​psqltools/​myPEIG ​ 
-mv insert_home_aim_mypeig.sql.file insert_home_aim_mypeig.sql 
-mv mypeig.aducid.com.crt.file mypeig.aducid.com.crt 
-</​sxh>​ 
- 
-  
-===== Installation ===== 
- 
- 
-Do one of the following: 
- 
-  * Connect the ADUCID Server Kit DVD to virtual machine and mount it to /​media/​ADUCID 
-  * Copy the repository directory from the ADUCID Server Kit DVD to  /​media/​ADUCID 
- 
-Install and run the aducid-installer script 
-<codedoc code:​bash>​ 
-# in this directory, rpm files are located 
-cd /​media/​ADUCID/​repository/​el7/​x86_64 
-# find the exact filename using the TAB key in the command prompt 
-yum localinstall aducid-repository-1.0-4.el7.centos.noarch.rpm 
-# dtto as above 
-yum localinstall aducid-installer-4.1.0-1.rc1.el7.centos.noarch.rpm ​   
-# now, the install script will be in the path (/​usr/​local/​bin),​ invoke it 
-aducid-installer 
-</​codedoc>​ 
- 
-The aducid-installer script (see /​usr/​local/​bin/​aducid-installer.sh) asks about AIM server parameters: 
- 
-| hostname | Preferably whole DNS name | 
-| service provider ID | AIM machine inner identification. DNS hostname is a good candidate. | 
-| icon file | 100x100 .png file that will be seen on client PEIGs. This can be changed anytime, files are located in /​usr/​share/​pixmaps | 
-| replication password | In fact, DB access password for account created during install | 
- 
-===== Post-install checks ===== 
-==== Certificates ==== 
- 
-Certificates for SSL comunication (like other parameters of SSL/TLS comunication) need to be set in /​opt/​aaa/​conf/​aducid-aaa.conf. It may happen that the install script rewrites your previous settings. Having corrected this settings, please restart the httpd24-httpd service. 
-<codedoc code:​bash>​ 
-SSLCertificateFile ​     /​opt/​aaa/​certs/​wild.aducid.com.crt 
-SSLCertificateKeyFile ​  /​opt/​aaa/​certs/​wild.aducid.com.key 
-SSLCertificateChainFile /​opt/​aaa/​certs/​Thawte.CA.Intermediate.SHA256.crt 
-SSLCACertificateFile ​   /​opt/​aaa/​certs/​Thawte.CA.Primary.Root.G3.crt 
-</​codedoc>​ 
- 
-Other certificates used by ADUCID server are listed in /​opt/​tomcat/​conf/​ADUCID.properties. After you set this parameters to your certificate files, restart of the tomcat9.service is needed. 
-<sxh bash> 
-PUBLIC_KEY=/​opt/​aaa/​certs/​wild.aducid.com.crt 
-PRIVATE_KEY=/​opt/​aaa/​certs/​wild.aducid.com.key 
-</​sxh>​ 
- 
-It is recommended to restart the server after installation. 
-==== Component checks ==== 
- 
- 
-After restart, check main status of main components. 
-postinstall checks 
-<codedoc code:​bash>​ 
-orange-d3:~ root$ systemctl -l status httpd.service 
-● httpd.service - The Apache HTTP Server 
-   ​Loaded:​ loaded (/​usr/​lib/​systemd/​system/​httpd.service;​ enabled; vendor preset: disabled) 
-   ​Active:​ active (running) since Wed 2018-11-07 23:11:21 CET; 2h 50min ago 
- Main PID: 4800 (httpd) 
-   ​Status:​ "Total requests: 38; Idle/Busy workers 100/​0;​Requests/​sec:​ 0.00373; Bytes served/​sec: ​  7 B/sec" 
-   ​CGroup:​ /​system.slice/​httpd.service 
-           ​├─4800 /​usr/​sbin/​httpd -DFOREGROUND 
-           ​├─4801 /​usr/​sbin/​httpd -DFOREGROUND 
-           ​├─4802 /​usr/​sbin/​httpd -DFOREGROUND 
-           ​├─4803 /​usr/​sbin/​httpd -DFOREGROUND 
-           ​├─4804 /​usr/​sbin/​httpd -DFOREGROUND 
-           ​├─4806 /​usr/​sbin/​httpd -DFOREGROUND 
-           ​└─5528 /​usr/​sbin/​httpd -DFOREGROUND 
- 
-orange-d3:~ root$ systemctl -l status aducid-aaa.service 
-● aducid-aaa.service - The ADUCID AAA Module 
-   ​Loaded:​ loaded (/​usr/​lib/​systemd/​system/​aducid-aaa.service;​ enabled; vendor preset: disabled) 
-   ​Active:​ active (running) since Mon 2018-06-25 22:54:50 CEST; 11min ago 
-  Process: 890 ExecStart=/​opt/​aaa/​bin/​aducid-aaa.sh start (code=exited,​ status=0/​SUCCESS) 
- Main PID: 901 (aaa) 
-   ​CGroup:​ /​system.slice/​aducid-aaa.service 
-           ​├─901 aaad 
-           ​├─905 aaa/1 
-           ​├─906 aaa/2 
-           ​├─907 aaa/3 
-           ​└─908 aaa/4 
-  
-Jun 25 23:03:03 orange-d3.aducid.com aaa[906]: sess.created:​1529960583 
-Jun 25 23:03:03 orange-d3.aducid.com aaa[906]: sess.modified:​1529960583 
-Jun 25 23:03:03 orange-d3.aducid.com aaa[906]: sess.expires:​1529967783 
-Jun 25 23:03:03 orange-d3.aducid.com aaa[906]: 127.0.0.1:​36274 sent 168 byte(s) 
-Jun 25 23:03:03 orange-d3.aducid.com aaa[905]: 127.0.0.1:​52677 recv 94 byte(s) 
-Jun 25 23:03:03 orange-d3.aducid.com aaa[905]: sess.id:​a6ae3724b541fb22127a207882e99ee2d1b0c762922ceff78dd4839872a712ab 
-Jun 25 23:03:03 orange-d3.aducid.com aaa[905]: sess.created:​1529960583 
-Jun 25 23:03:03 orange-d3.aducid.com aaa[905]: sess.modified:​1529960583 
-Jun 25 23:03:03 orange-d3.aducid.com aaa[905]: sess.expires:​1529967783 
-Jun 25 23:03:03 orange-d3.aducid.com aaa[905]: 127.0.0.1:​52677 sent 168 byte(s) 
-  
-orange-d3:~ root$ systemctl -l status tomcat9.service 
-● tomcat9.service - Apache Tomcat 9.0.6 Servlet Container 
-   ​Loaded:​ loaded (/​usr/​lib/​systemd/​system/​tomcat9.service;​ enabled; vendor preset: disabled) 
-   ​Active:​ active (running) since Mon 2018-06-25 22:54:50 CEST; 12min ago 
-  Process: 887 ExecStart=/​opt/​tomcat/​bin/​tomcat-startup.sh (code=exited,​ status=0/​SUCCESS) 
- Main PID: 921 (java) 
-   ​CGroup:​ /​system.slice/​tomcat9.service 
-           ​└─921 /​usr/​java/​default/​bin/​java -Djava.util.logging.config.file=/​opt/​tomcat/​conf/​logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Djdk.tls.ephemeralDHKeySize=2048 -Djava.protocol.handler.pkgs=org.apache.catalina.webresources -server -Dcom.sun.management.jmxremote.port=8086 -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=false -Djava.security.egd=file:/​dev/​./​urandom -Djava.awt.headless=true -Xms2g -Xmx2g -XX:​+UseG1GC -XX:​+UseStringDeduplication -XX:​MaxGCPauseMillis=100 -Dignore.endorsed.dirs= -classpath /​opt/​tomcat/​bin/​bootstrap.jar:/​opt/​tomcat/​bin/​tomcat-juli.jar -Dcatalina.base=/​opt/​tomcat -Dcatalina.home=/​opt/​tomcat -Djava.io.tmpdir=/​opt/​tomcat/​temp org.apache.catalina.startup.Bootstrap start 
-  
-Jun 25 22:54:50 orange-d3.aducid.com systemd[1]: Starting Apache Tomcat 9.0.6 Servlet Container... 
-Jun 25 22:54:50 orange-d3.aducid.com tomcat-startup.sh[887]:​ + cd /opt/tomcat 
-Jun 25 22:54:50 orange-d3.aducid.com tomcat-startup.sh[887]:​ + ./​bin/​startup.sh 
-Jun 25 22:54:50 orange-d3.aducid.com systemd[1]: Started Apache Tomcat 9.0.6 Servlet Container. 
-</​codedoc>​ 
- 
-==== Compoment log checks ==== 
- 
- 
-The system is fully ready after tomcat server start. This can be checked by looking into tomcat'​s catalina.out. 
-tomcat log 
- 
-<codedoc code:​bash>​ 
-orange-d3:~ root$ tail -f /​opt/​tomcat/​logs/​catalina.out 
-Not found in '​org.owasp.esapi.resources'​ directory or file not readable: /​opt/​apache-tomcat-9.0.6/​validation.properties 
-Not found in SystemResource Directory/​resourceDirectory:​ .esapi/​validation.properties 
-Not found in '​user.home'​ (/​opt/​tomcat) directory: /​opt/​tomcat/​esapi/​validation.properties 
-Loading validation.properties via file I/O failed. 
-Attempting to load validation.properties via the classpath. 
-SUCCESSFULLY LOADED validation.properties via the CLASSPATH from '/ (root)'​ using current thread context class loader! 
-25-Jun-2018 22:​57:​07.841 INFO [main] org.apache.catalina.startup.HostConfig.deployWAR Deployment of web application archive [/​opt/​apache-tomcat-9.0.6/​webapps/​qrtest.war] has finished in [3,228] ms 
-25-Jun-2018 22:​57:​07.861 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler ["​http-nio-8080"​] 
-25-Jun-2018 22:​57:​07.884 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler ["​ajp-nio-8009"​] 
-25-Jun-2018 22:​57:​07.889 INFO [main] org.apache.catalina.startup.Catalina.start Server startup in 133079 ms 
-</​codedoc>​ 
- 
-Other log files: 
-| AIM | /​opt/​tomcat/​log/​aim.log | 
-| tomcat9.service | /​opt/​tomcat/​logs/​* | 
-| aducid-aaa.service | /​var/​log/​messages | 
-| httpd.service | /​var/​log/​httpd/​* | 
- 
- 
-RPM Component summary 
-| aducid-configurator.rpm | installation and config script | 
-| aducid-repository.rpm | yum repository file | 
-| aducid-aaa-modules.rpm | Apache settings for ADUCID components | 
-| aim.rpm | AIM and all basic components | 
-| aducid-proof.rpm | Sample identity proofing apps | 
- 
- 
- 
  
  • documentation/server-install-aducid.1548577232.txt.gz
  • Last modified: 2019/01/27 08:20
  • by mpospisek