Experiences

Here, I document my latest experience installing Usher. The was written mainly as notes to myself for future installations, but may be useful to others.

Installation Experience at UCSD

WARNING: Under Construction, Do Not Use Yet

Below are the steps I took in setting up our Usher (version 0.3) installation at UCSD. The details of our Usher infrastructure are documented in the UCSD Usher Installation Details section. Hopefully, this procedure will be a bit more automated in the future (let me know if you're interested or can contribute to that effort).

Usher Controller and Servers

On a single Dell PowerEdge 1750, CentOS 5 server:

Installed Usher
1. Downloaded from the Downloads page
2. From top level package directory ran 'python setup.py install'
Installed requisite and recommended software mentioned above:
1. Python 2.4 already installed, but 'yum install python' should work if it's not there.
2. Twisted 2.5.0
  - Downloaded from http://tmrc.mit.edu/mirror/twisted/Twisted/2.5/Twisted-2.5.0.tar.bz2
  - Installation required I first go to the zope.interface-3.3.0 subdirectory in the package root and install Zope Interfaces (python setup.py install).
  - Next, in the package root I ran 'python setup.py install', and Twisted 2.5.0 was ready to go
3. python-ldap
  - This one's available as an rpm. Just did 'yum install python-ldap'.
4. pyOpenSSL
  - This clumsily named package is available as an rpm. Just did 'yum install pyOpenSSL'.
5. Psycopg2
  - Downloaded from http://www.initd.org/pub/software/psycopg/psycopg2-latest.tar.gz.
  - unpacked and ran 'python setup.py build; python setup.py install' in the top level package directory
6. dnspython
  - Downloaded from http://www.dnspython.org/kits/1.5.0/dnspython-1.5.0.tar.gz
  - unpacked and ran 'python setup.py install' in the top level package directory
7. NFS server already installed, but 'yum install nfs-utils' should work if it's not there.
8. OpenLDAP
  - Installed with 'yum install openldap-servers'
  - copied files from 'usher/services/ldap' into place. The destinations for CentOS are:
    - ldap_server.conf -> /etc/openldap/ldap.conf
    - ldap.conf -> /etc/ldap.conf
      - Note that the server doesn't actually use /etc/ldap.conf for user authentication unless pam is set to use ldap. If pam uses ldap, you'll probably want to name this something else and edit your admin_scripts to source it instead of ldap.conf. The admin scripts (in services/ldap/admin_scripts) source /etc/ldap.conf since they were written to be installed in the Usher VMs. However, the scripts work on the Controller as well for managing Usher users.
    - slapd.conf -> /etc/openldap/slapd.conf
    - usher.schema -> /etc/openldap/schema/usher.schema
  - ran a query replace on '<usher basedn>' in the /etc/openldap/slapd.conf, replacing it with the basedn for my Usher installation ('dc=usher,dc=ucsdsys,dc=net' in my case)
  - edited the 'HOST' and 'BASE' values in /etc/openldap/ldap.conf for my setup
  - generated an ldap manager password with slappasswd and added it as 'rootpw' to /etc/openldap/slapd.conf
  - generated the server key and certificate pair:
```
  # /usr/bin/openssl req -newkey rsa:1024 -keyout slapd.key -nodes -x509 -days 365 -out slapd.crt
  # chmod 600 slapd.key
```
    - copied the new keys to their destinations:
      - slapd.key -> /etc/openldap/slapd.key
      - slapd.crt -> /etc/openldap/cacerts/slapd.crt
  - did a 'chown -R ldap.ldap /etc/openldap'
  - started ldap (/etc/init.d/ldap start)
  - edited the following values in my '/etc/usher/usherctrl.conf':
    - ldap_server
    - ldap_basedn
    - ldap_bindpw
    - usher_pass
  - ran the services/ldap/usher_ldap_init.py. You must pass your LNM password to this script on the command line since the controller doesn't keep that in it's config file.
  - edited the following values in my '/etc/usher/usherctrl.conf':
    - vm_rw_dir
    - vm_rw_dir_uri
  - Used the usher_useradd script from the services/ldap/admin_scripts directory to create a few Usher accounts for my friends and myself.
9. PostgreSQL 8.1 with pl support and Indexable IPv4 range package
  - Got this from the centosplus repo (yum --enablerepo=centosplus install postgresql-server postgresql postgresql-pl postgresql-libs postgresql-devel)
  - edited the 'pg_hba.conf' and 'postgresql.conf' (in /var/lib/pgsql/data in CentOS) PostgreSQL files according to the 'services/postgresql/README' file from the Usher distribution.
  - generated the server key and certificate pair and placed them in the postgresql data directory (/var/lib/pgsql/data on CentOS). The following command sequence (as user postgres in /var/lib/pgsql/data) will accomplish this:
```
  # /usr/bin/openssl req -newkey rsa:1024 -keyout server.key -nodes -x509 -days 365 -out server.crt
  # chmod 600 server.key
```
  - downloaded and extracted the Indexable IPv4 range package (wget http://pgfoundry.org/frs/download.php/1226/ip4r-1.01.tar.gz; tar xvzf ip4r-1.01.tar.gz)
  - started up PostgreSQL (/etc/init.d/postgresql start), then ran 'make USE_PGXS=1;make USE_PGXS=1 install' in the Indexable IPv4 range package root. Finally, I did an 'su postgres', then ran 'psql -f /usr/share/pgsql/contrib/ip4r.sql template1' to make the new data types available to all new databases.
  - created the Usher database (still as user postgres) with 'psql -f usher-schema.sql', where 'usher-schema.sql' can be found in the 'services/postgresql' directory of the Usher distribution.
  - initialized the database with a few ip address ranges (as discussed in the services/postgresql/README`' file.
10. Bind Work in Progress...

Generated the Controller key/cert pair in '/etc/usher' with:

  # /usr/bin/openssl req -newkey rsa:1024 -keyout usherctrl_key.pem -nodes -x509 -days 365 -out usherctrl_cert.pem
  # chmod 600 usherctrl_key.pem

For inclusion here, please send your experiences installing Usher to Marvin McNett.

Last Updated: 2007-08-30 by mmcnett
Report problems to: Marvin McNett

Site Contents

UCSD SysNet

Page Contents

Experiences

Installation Experience at UCSD

Usher Controller and Servers