You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficcontrol.apache.org by fr...@apache.org on 2017/06/14 19:51:39 UTC
[04/11] incubator-trafficcontrol git commit: Updated TO install docs,
works with master 6/11/2017
Updated TO install docs, works with master 6/11/2017
(cherry picked from commit 2545a06a519c518df7c52aee8c70825272be5c55)
Project: http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/commit/2d5eaaeb
Tree: http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/tree/2d5eaaeb
Diff: http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/diff/2d5eaaeb
Branch: refs/heads/2.0.x
Commit: 2d5eaaeb340d5997c0765a5762c7e1e5769eb453
Parents: b8cdd62
Author: Jan van Doorn <ja...@cable.comcast.com>
Authored: Sun Jun 11 10:04:21 2017 -0600
Committer: Eric Friedrich <fr...@apache.org>
Committed: Wed Jun 14 15:50:49 2017 -0400
----------------------------------------------------------------------
docs/source/admin/traffic_ops/configuration.rst | 98 +++-
docs/source/admin/traffic_ops/installation.rst | 560 +++++--------------
2 files changed, 252 insertions(+), 406 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/blob/2d5eaaeb/docs/source/admin/traffic_ops/configuration.rst
----------------------------------------------------------------------
diff --git a/docs/source/admin/traffic_ops/configuration.rst b/docs/source/admin/traffic_ops/configuration.rst
index 14b8189..4928622 100644
--- a/docs/source/admin/traffic_ops/configuration.rst
+++ b/docs/source/admin/traffic_ops/configuration.rst
@@ -20,7 +20,103 @@ Follow the steps below to configure the newly installed Traffic Ops Instance.
Installing the SSL Cert
=======================
-By default, Traffic Ops runs as an SSL web server, and a certificate needs to be installed. TBD.
+By default, Traffic Ops runs as an SSL web server, and a certificate needs to be installed.
+
+Self-signed Certificate (Development)
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+ Example Procedure::
+
+ $ openssl genrsa -des3 -passout pass:x -out localhost.pass.key 2048
+ Generating RSA private key, 2048 bit long modulus
+ ...
+ $ openssl rsa -passin pass:x -in localhost.pass.key -out localhost.key
+ writing RSA key
+ $ rm localhost.pass.key
+
+ $ openssl req -new -key localhost.key -out localhost.csr
+ You are about to be asked to enter information that will be incorporated
+ into your certificate request.
+ What you are about to enter is what is called a Distinguished Name or a DN.
+ There are quite a few fields but you can leave some blank
+ For some fields there will be a default value,
+ If you enter '.', the field will be left blank.
+ -----
+ Country Name (2 letter code) [XX]:US<enter>
+ State or Province Name (full name) []:CO<enter>
+ Locality Name (eg, city) [Default City]:Denver<enter>
+ Organization Name (eg, company) [Default Company Ltd]: <enter>
+ Organizational Unit Name (eg, section) []: <enter>
+ Common Name (eg, your name or your server's hostname) []: <enter>
+ Email Address []: <enter>
+
+ Please enter the following 'extra' attributes
+ to be sent with your certificate request
+ A challenge password []: pass<enter>
+ An optional company name []: <enter>
+ $ openssl x509 -req -sha256 -days 365 -in localhost.csr -signkey localhost.key -out localhost.crt
+ Signature ok
+ subject=/C=US/ST=CO/L=Denver/O=Default Company Ltd
+ Getting Private key
+ $ sudo cp localhost.crt /etc/pki/tls/certs
+ $ sudo cp localhost.key /etc/pki/tls/private
+ $ sudo chown trafops:trafops /etc/pki/tls/certs/localhost.crt
+ $ sudo chown trafops:trafops /etc/pki/tls/private/localhost.key
+
+Certificate from Certificate Authority (Production)
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+.. Note:: You will need to know the appropriate answers when generating the certificate request file `trafficopss.csr` below.
+
+Example Procedure::
+
+ $ openssl genrsa -des3 -passout pass:x -out trafficops.pass.key 2048
+ Generating RSA private key, 2048 bit long modulus
+ ...
+ $ openssl rsa -passin pass:x -in trafficops.pass.key -out trafficops.key
+ writing RSA key
+ $ rm localhost.pass.key
+
+ Generate the Certificate Signing Request (CSR) file needed for Certificate Authority (CA) request.
+
+ $ openssl req -new -key trafficops.key -out trafficops.csr
+ You are about to be asked to enter information that will be incorporated
+ into your certificate request.
+ What you are about to enter is what is called a Distinguished Name or a DN.
+ There are quite a few fields but you can leave some blank
+ For some fields there will be a default value,
+ If you enter '.', the field will be left blank.
+ -----
+ Country Name (2 letter code) [XX]: <enter country code>
+ State or Province Name (full name) []: <enter state or province>
+ Locality Name (eg, city) [Default City]: <enter locality name>
+ Organization Name (eg, company) [Default Company Ltd]: <enter organization name>
+ Organizational Unit Name (eg, section) []: <enter organizational unit name>
+ Common Name (eg, your name or your server's hostname) []: <enter server's hostname name>
+ Email Address []: <enter e-mail address>
+
+ Please enter the following 'extra' attributes
+ to be sent with your certificate request
+ A challenge password []: <enter challenge password>
+ An optional company name []: <enter>
+ $ sudo cp trafficops.key /etc/pki/tls/private
+ $ sudo chown trafops:trafops /etc/pki/tls/private/trafficops.key
+
+ You must then take the output file trafficops.csr and submit a request to your Certificate Authority (CA).
+ Once you get approved and receive your trafficops.crt file:
+
+ $ sudo cp trafficops.crt /etc/pki/tls/certs
+ $ sudo chown trafops:trafops /etc/pki/tls/certs/trafficops.crt
+
+ If necessary, install the CA certificates .pem and .crt in /etc/pki/tls/certs.
+
+ You will need to update the file /opt/traffic_ops/app/conf/cdn.conf with the following changes:
+ ...
+ e.g. given trafficops.crt and trafficops.key
+ 'hypnotoad' => ...
+ 'listen' => 'https://[::]:443?cert=/etc/pki/tls/certs/trafficops.crt&key=/etc/pki/tls/private/trafficops.key&ca=/etc/pki/tls/certs/localhost.ca&verify=0x00&ciphers=AES128-GCM-SHA256:HIGH:!RC4:!MD5:!aNULL:!EDH:!ED'
+ ...
+
Content Delivery Networks
=========================
http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/blob/2d5eaaeb/docs/source/admin/traffic_ops/installation.rst
----------------------------------------------------------------------
diff --git a/docs/source/admin/traffic_ops/installation.rst b/docs/source/admin/traffic_ops/installation.rst
index d5965a5..bb114aa 100644
--- a/docs/source/admin/traffic_ops/installation.rst
+++ b/docs/source/admin/traffic_ops/installation.rst
@@ -23,351 +23,198 @@ Traffic Ops - Installing
System Requirements
-------------------
-The user must have the following for a successful install:
-
-* CentOS 6
-* 4 vCPUs
-* 32GB RAM
-* 20 GB disk space
-* YUM repository with minimally the following dependecies avaliable
-
- * apr 1.3.9-5
- * apr-util 1.3.9-3
- * apr-util-ldap 1.3.9-3
- * expat-devel 2.0.1-11
- * genisoimage 1.1.9-12
- * httpd 2.2.15
- * httpd-tools 2.2.15
- * libpcap-devel 14:1.4
- * mod_ssl 1:2.2.15-29
- * mysql 5.1.71
- * autoconf 2.63-5.1.
- * automake 1.11.1-4
- * gcc 4.4.7-4
- * gettext 0.17-16
- * libcurl-devel 7.19.7-37
- * libtool 2.2.6-15.5
- * mysql-devel 5.1.73-3
- * perl-CPAN 1.9402-136
- * libcurl 7.19.7-37
- * openssl 1.0.1e-30
- * cloog-ppl 0.15.7-1.2
- * cpp 4.4.7-4
- * cvs 1.11.23-16
- * libgomp 4.4.7-4
- * libidn-devel 1.18-2
- * m4 1.4.13-5
- * mpfr 2.4.1-6
- * perl-Digest-SHA 1:5.47-136
- * ppl 0.10.2-11
- * curl 7.19.7-37
- * openssl-devel 1.0.1e-30
-
+The user must have the following for a successful minimal install:
+
+* CentOS 7
+* 2 VMs with at least 2 vCPUs, 4GB RAM, 20 GB disk space each
+* Access to Centos Base and epel repositories
* Access to `The Comprehensive Perl Archive Network (CPAN) <http://www.cpan.org/>`_
-.. Note:: The above versions are known to work on CentOS 6.5. Higher versions may work.
+As of version 2.0 only Postgres is supported as the database. This documentation assumes CentOS 7.2 and Postgresql 9.6.3. For a production install
-.. Note:: Although Traffic Ops supports both MySQL and Postgres as a database, support for MySQL is more mature and better tested. It is best to use MySQL when first getting started, and the rest of this guide assumes MySQL as the database.
+.. highlight:: none
Navigating the Install
-----------------------
To begin the install:
-1. Install Traffic Ops:
+1. Install Postgres
- Download the traffic_ops rpm package from http://trafficcontrol.apache.org/downloads/index.html
-
- ``sudo rpm -ivh traffic_ops-1.*.*-****.x86_64.rpm``
+ For a production install it is best to install postgres on it's own server/VM. To install postgres, on the postgres host (pg) ::
+ pg-$ sudo su -
+ pg-# yum -y update
+ pg-# yum -y install https://download.postgresql.org/pub/repos/yum/9.6/redhat/rhel-7-x86_64/pgdg-centos96-9.6-3.noarch.rpm
+ pg-# yum -y install postgresql96-server
+ pg-$ su - postgres
+ pg-$ /usr/pgsql-9.6/bin/initdb -A md5 -W #-W forces the user to provide a superuser (postgres) password
+ Edit ``/var/lib/pgsql/9.6/data/pg_hba.conf`` to allow your traffic ops app server access. For example if you are going to install traffic ops on ``99.33.99.1`` add::
+ host all all 99.33.99.1/32 md5
-2. After installation of Traffic Ops rpm enter the following command: ``sudo /opt/traffic_ops/install/bin/postinstall``
+ to the appropriate section of this file. Edit the ``/var/lib/pgsql/9.6/data/postgresql.conf`` file to add the approriate listen_addresses or ``listen_addresses = '*'``, and start the database: ::
- Example output::
+ pg-$ exit
+ pg-# systemctl start postgresql-9.6
+ pg-# systemctl status postgresql-9.6
+2. Install Traffic Ops
- trafficops-vm # /opt/traffic_ops/install/bin/postinstall
+ Install the postgres1l 9.6 dev libraries, and then download the traffic_ops rpm package from http://trafficcontrol.apache.org/downloads/index.html or from our jenkins builds, and install it (update URL as approriate), on the traffic ops host (to): ::
+
+ to-$ sudo su -
+ to-# yum update
+ to-# yum -y install https://download.postgresql.org/pub/repos/yum/9.6/redhat/rhel-7-x86_64/pgdg-centos96-9.6-3.noarch.rpm
+ to-# yum install postgresql96-devel
+ to-# wget -q https://builds.apache.org/view/S-Z/view/TrafficControl/job/incubator-trafficcontrol-master-build/lastSuccessfulBuild/artifact/dist/traffic_ops-2.1.0-6388.20de6ae2.el7.x86_64.rpm
+ to-# yum -y install traffic_ops-2.0.0-5608.afd8fd30.el7.x86_64.rpm
- This script will build and package the required Traffic Ops perl modules.
- In order to complete this operation, Development tools such as the gcc
- compiler must be installed on this machine.
- Hit ENTER to continue:
+ Install some additional packages that it depends on that were not installed as dependecies in the previous step (these are for the 2.1 dev install, this may change, but the pre-installs won't hurt): ::
+ to-# yum -y install git
+ to-# wget -q https://storage.googleapis.com/golang/go1.8.3.linux-amd64.tar.gz
+ to-# tar -C /usr/local -xzf go1.8.3.linux-amd64.tar.gz
+ to-# PATH=$PATH:/usr/local/go/bin # go bins are needed in the path for postinstall
+ to-# go get bitbucket.org/liamstask/goose/cmd/goose
- The first thing postinstall will do is install additional packages needed from the yum repo.
+ At this point you should be able to login to the database from the ``to`` host to the ``pg`` host like: ::
- Ater that, it will automatically proceed to installing the required Perl packages from CPAN.
+ to-# psql -h 99.33.99.1 -U postgres
+ Password for user postgres:
+ psql (9.2.18, server 9.6.3)
+ WARNING: psql version 9.2, server version 9.6.
+ Some psql features might not work.
+ Type "help" for help.
+
+ postgres=#
- .. Note:: Especially when installing Traffic Ops for the first time on a system this can take a long time, since many dependencies for the Mojolicous application need to be downloaded. Expect 30 minutes.
+ Use this connectivity to create the user and database. In this example, we use user: ``traffic_ops``, password: ``tcr0cks``, database: ``traffic_ops``: ::
- If there are any prompts in this phase, please just answer with the defaults (some CPAN installs can prompt for install questions).
+ to-# psql -U postgres -h 99.33.99.1 -c "CREATE USER traffic_ops WITH ENCRYPTED PASSWORD 'tcr0cks';"
+ Password for user postgres:
+ CREATE ROLE
+ to-# createdb traffic_ops --owner traffic_ops -U postgres -h 99.33.99.1
+ Password:
+ to-#
- When this phase is complete, you will see::
- ...
- Successfully installed Test-Differences-0.63
- Successfully installed DBIx-Class-Schema-Loader-0.07042
- Successfully installed Time-HiRes-1.9726 (upgraded from 1.9719)
- Successfully installed Mojolicious-Plugin-Authentication-1.26
- 113 distributions installed
- Complete! Modules were installed into /opt/traffic_ops/app/local
- Linking perl libraries...
- Installing perl scripts
+ Now, run the following command as root: ``/opt/traffic_ops/install/bin/postinstall``
+ The postinstall will first get all packages needed from CPAN. This may take a while, expect up to 30 minutes on the first install.
+ If there are any prompts in this phase, please just answer with the defaults (some CPAN installs can prompt for install questions).
- This script will initialize the Traffic Ops database.
- Please enter the following information in order to completely
- configure the Traffic Ops mysql database.
-
-
- Database type [mysql]:
-
+ When this phase is complete, you will see::
- The next phase of the install will ask you about the local environment for your CDN.
+ Complete! Modules were installed into /opt/traffic_ops/app/local
- .. Note:: Before proceeding to this step, the database has to have at least a root password, and needs to be started. When using mysql, please type ``service mysqld start`` as root in another terminal and follow the instructions on the screen to set the root password.
+ Some additional files will be installed, and then it will proceed with the next phase of the install, where it will ask you about the local environment for your CDN. Please make sure you remember all your answers and the database answers match the database information previously used to create the database.
- .. Note:: CentOS files note.
Example output::
- Database type [mysql]:
- Database name [traffic_ops_db]:
- Database server hostname IP or FQDN [localhost]:
- Database port number [3306]:
+ ===========/opt/traffic_ops/app/conf/production/database.conf===========
+ Database type [Pg]:
+ Database type: Pg
+ Database name [traffic_ops]:
+ Database name: traffic_ops
+ Database server hostname IP or FQDN [localhost]: 99.33.99.1
+ Database server hostname IP or FQDN: 99.33.99.1
+ Database port number [5432]:
+ Database port number: 5432
Traffic Ops database user [traffic_ops]:
- Password for traffic_ops:
- Re-Enter password for traffic_ops:
-
- Error: passwords do not match, try again.
-
- Password for traffic_ops:
- Re-Enter password for traffic_ops:
-
- Database server root (admin) user name [root]:
- Database server root password:
- Database Type: mysql
- Database Name: traffic_ops_db
- Hostname: localhost
- Port: 3306
- Database User: traffic_ops
- Is the above information correct (y/n) [n]: y
-
- The database properties have been saved to /opt/traffic_ops/app/conf/production/database.conf
-
- The database configuration has been saved. Now we need to set some custom
- fields that are necessary for the CDN to function correctly.
-
-
- Traffic Ops url [https://localhost]: https://traffic-ops.kabletown.net
- Human-readable CDN Name. (No whitespace, please) [kabletown_cdn]:
- DNS sub-domain for which your CDN is authoritative [cdn1.kabletown.net]:
- Fully qualified name of your CentOS 6.5 ISO kickstart tar file, or 'na' to skip and add files later [/var/cache/centos65.tgz]: na
- Fully qualified location to store your ISO kickstart files [/var/www/files]:
-
- Traffic Ops URL: https://traffic-ops.kabletown.net
- Traffic Ops Info URL: https://traffic-ops.kabletown.net/info
- Domainname: cdn1.kabletown.net
- CDN Name: kabletown_cdn
- GeoLocation Polling URL: https://traffic-ops.kabletown.net/routing/GeoIP2-City.mmdb.gz
- CoverageZone Polling URL: https://traffic-ops.kabletown.net/routing/coverage-zone.json
-
- Is the above information correct (y/n) [n]: y
- Install information has been saved to /opt/traffic_ops/install/data/json/post_install.json
-
-
- Adding an administration user to the Traffic Ops database.
-
- Administration username for Traffic Ops: admin
- Password for the admin user admin:
- Verify the password for admin:
- Do you wish to create an ldap configuration for access to traffic ops [y/n] ? [n]: n
- creating database
- Creating database...
- Creating user...
- Flushing privileges...
- setting up database
- Executing 'drop database traffic_ops_db'
- Executing 'create database traffic_ops_db'
- Creating database tables...
- Migrating database...
- goose: migrating db environment 'production', current version: 0, target: 20150316100000
- OK 20141222103718_extension.sql
- OK 20150108100000_add_job_deliveryservice.sql
- OK 20150205100000_cg_location.sql
- OK 20150209100000_cran_to_asn.sql
- OK 20150210100000_ds_keyinfo.sql
- OK 20150304100000_add_ip6_ds_routing.sql
- OK 20150310100000_add_bg_fetch.sql
- OK 20150316100000_move_hdr_rw.sql
- Seeding database...
- Database initialization succeeded.
- seeding profile data...
- name EDGE1 description Edge 1
- name TR1 description Traffic Router 1
- name TM1 description Traffic Monitor 1
- name MID1 description Mid 1
- seeding parameter data...
-
- Explanation of the information that needs to be provided:
-
- +----------------------------------------------------+-----------------------------------------------------------------------------------------------+
- | Field | Description |
- +====================================================+===============================================================================================+
- | Database type | mysql or postgres |
- +----------------------------------------------------+-----------------------------------------------------------------------------------------------+
- | Database name | The name of the database Traffic Ops uses to store the configuration information |
- +----------------------------------------------------+-----------------------------------------------------------------------------------------------+
- | Database server hostname IP or FQDN | The hostname of the database server |
- +----------------------------------------------------+-----------------------------------------------------------------------------------------------+
- | Database port number | The database port number |
- +----------------------------------------------------+-----------------------------------------------------------------------------------------------+
- | Traffic Ops database user | The username Traffic Ops will use to read/write from the database |
- +----------------------------------------------------+-----------------------------------------------------------------------------------------------+
- | Password for traffic ops | The password for the above database user |
- +----------------------------------------------------+-----------------------------------------------------------------------------------------------+
- | Database server root (admin) user name | Privileged database user that has permission to create the database and user for Traffic Ops |
- +----------------------------------------------------+-----------------------------------------------------------------------------------------------+
- | Database server root (admin) user password | The password for the above privileged database user |
- +----------------------------------------------------+-----------------------------------------------------------------------------------------------+
- | Traffic Ops url | The URL to connect to this instance of Traffic Ops, usually https://<traffic ops host FQDN>/ |
- +----------------------------------------------------+-----------------------------------------------------------------------------------------------+
- | Human-readable CDN Name | The name of the first CDN traffic Ops will be managing |
- +----------------------------------------------------+-----------------------------------------------------------------------------------------------+
- | DNS sub-domain for which your CDN is authoritative | The DNS domain that will be delegated to this Traffic Control CDN |
- +----------------------------------------------------+-----------------------------------------------------------------------------------------------+
- | name of your CentOS 6.5 ISO kickstart tar file | See :ref:`Creating-CentOS-Kickstart` |
- +----------------------------------------------------+-----------------------------------------------------------------------------------------------+
- | Administration username for Traffic Ops | The Administration (highest privilege) Traffic Ops user to create; |
- | | use this user to login for the first time and create other users |
- +----------------------------------------------------+-----------------------------------------------------------------------------------------------+
- | Password for the admin user | The password for the above user |
- +----------------------------------------------------+-----------------------------------------------------------------------------------------------+
-
-
- The postinstall script will now seed the database with some inital configuration settings for the CDN and the servers in the CDN.
-
- The next phase is the download of the geo location database and configuration of information needed for SSL certificates.
-
- Example output::
-
- Downloading MaxMind data.
- --2015-04-14 02:14:32-- http://geolite.maxmind.com/download/geoip/database/GeoLite2-City.mmdb.gz
- Resolving geolite.maxmind.com... 141.101.115.190, 141.101.114.190, 2400:cb00:2048:1::8d65:73be, ...
- Connecting to geolite.maxmind.com|141.101.115.190|:80... connected.
- HTTP request sent, awaiting response... 200 OK
- Length: 17633433 (17M) [application/octet-stream]
- Saving to: "GeoLite2-City.mmdb.gz"
-
- 100%[==================================================================================================================================================================>] 17,633,433 7.03M/s in 2.4s
-
- 2015-04-14 02:14:35 (7.03 MB/s) - "GeoLite2-City.mmdb.gz" saved [17633433/17633433]
-
- Copying coverage zone file to public dir.
-
- Installing SSL Certificates.
-
- We're now running a script to generate a self signed X509 SSL certificate.
- When prompted to enter a pass phrase, just enter 'pass' each time. The
- pass phrase will be stripped from the private key before installation.
-
- When prompted to enter a 'challenge password', just hit the ENTER key.
-
- The remaining enformation Country, State, Locality, etc... are required to
- generate a properly formatted SSL certificate.
+ Traffic Ops database user: traffic_ops
+ Password for Traffic Ops database user:
+ Re-Enter Password for Traffic Ops database user:
+ Writing json to /opt/traffic_ops/app/conf/production/database.conf
+ Database configuration has been saved
+ ===========/opt/traffic_ops/app/db/dbconf.yml===========
+ Database server root (admin) user [postgres]:
+ Database server root (admin) user: postgres
+ Password for database server admin:
+ Re-Enter Password for database server admin:
+ Download Maxmind Database? [yes]:
+ Download Maxmind Database?: yes
+ ===========/opt/traffic_ops/app/conf/cdn.conf===========
+ Generate a new secret? [yes]:
+ Generate a new secret?: yes
+ Number of secrets to keep? [10]:
+ Number of secrets to keep?: 10
+ Not setting up ldap
+ ===========/opt/traffic_ops/install/data/json/users.json===========
+ Administration username for Traffic Ops [admin]:
+ Administration username for Traffic Ops: admin
+ Password for the admin user:
+ Re-Enter Password for the admin user:
+ Writing json to /opt/traffic_ops/install/data/json/users.json
+ ===========/opt/traffic_ops/install/data/json/openssl_configuration.json===========
+ Do you want to generate a certificate? [yes]:
+ Country Name (2 letter code): US
+ State or Province Name (full name): CO
+ Locality Name (eg, city): Denver
+ Organization Name (eg, company): Super CDN, Inc
+ Organizational Unit Name (eg, section):
+ Common Name (eg, your name or your server's hostname):
+ RSA Passphrase:
+ Re-Enter RSA Passphrase:
+ ===========/opt/traffic_ops/install/data/json/profiles.json===========
+ Traffic Ops url [https://localhost]:
+ Traffic Ops url: https://localhost
+ Human-readable CDN Name. (No whitespace, please) [kabletown_cdn]: blue cdn
+ Human-readable CDN Name. (No whitespace, please): blue cdn
+ DNS sub-domain for which your CDN is authoritative [cdn1.kabletown.net]: blue-cdn.supercdn.net
+ DNS sub-domain for which your CDN is authoritative: blue-cdn.supercdn.net
+ Writing json to /opt/traffic_ops/install/data/json/profiles.json
+ Downloading Maxmind data
+ --2017-06-11 15:32:41-- http://geolite.maxmind.com/download/geoip/database/GeoLite2-City.mmdb.gz
+ Resolving geolite.maxmind.com (geolite.maxmind.com)... 2400:cb00:2048:1::6810:262f, 2400:cb00:2048:1::6810:252f, 104.16.38.47, ...
+ Connecting to geolite.maxmind.com (geolite.maxmind.com)|2400:cb00:2048:1::6810:262f|:80... connected.
+
+ ... much SQL output skipped
+
+ Starting Traffic Ops
+ Restarting traffic_ops (via systemctl): [ OK ]
+ Waiting for Traffic Ops to restart
+ Success! Postinstall complete.
+
+ to-# ifconfig
- Hit Enter when you are ready to continue:
- Postinstall SSL Certificate Creation.
- Generating an RSA Private Server Key.
-
- Generating RSA private key, 1024 bit long modulus
- ..........................++++++
- .....................++++++
- e is 65537 (0x10001)
- Enter pass phrase for server.key:
- Verifying - Enter pass phrase for server.key:
-
- The server key has been generated.
-
- Creating a Certificate Signing Request (CSR)
-
- Enter pass phrase for server.key:
- You are about to be asked to enter information that will be incorporated
- into your certificate request.
- What you are about to enter is what is called a Distinguished Name or a DN.
- There are quite a few fields but you can leave some blank
- For some fields there will be a default value,
- If you enter '.', the field will be left blank.
- -----
- Country Name (2 letter code) [XX]:US
- State or Province Name (full name) []:CO
- Locality Name (eg, city) [Default City]:Denver
- Organization Name (eg, company) [Default Company Ltd]:
- Organizational Unit Name (eg, section) []:
- Common Name (eg, your name or your server's hostname) []:
- Email Address []:
-
- Please enter the following 'extra' attributes
- to be sent with your certificate request
- A challenge password []:pass
- An optional company name []:
-
- The Certificate Signing Request has been generated.
- Removing the pass phrase from the server key.
- Enter pass phrase for server.key.orig:
- writing RSA key
-
- The pass phrase has been removed from the server key.
-
- Generating a Self-signed certificate.
- Signature ok
- subject=/C=US/ST=CO/L=Denver/O=Default Company Ltd
- Getting Private key
-
- A server key and self signed certificate has been generated.
-
- Installing the server key and server certificate.
-
- The private key has been installed.
-
- Installing the self signed certificate.
-
- Saving the self signed csr.
-
- The self signed certificate has now been installed.
-
- You may obtain a certificate signed by a Certificate Authority using the
- server.csr file saved in the current directory. Once you have obtained
- a signed certificate, copy it to /etc/pki/tls/certs/localhost.crt and
- restart Traffic Ops.
-
-
-
- SSL Certificates have been installed.
-
- Starting Traffic Ops.
-
- Starting Traffic Ops
-
- Subroutine TrafficOps::has redefined at /opt/traffic_ops/app/local/lib/perl5/Mojo/Base.pm line 38.
- Subroutine TrafficOps::has redefined at /opt/traffic_ops/app/local/lib/perl5/Mojo/Base.pm line 38.
- Loading config from /opt/traffic_ops/app/conf/cdn.conf
- Reading log4perl config from /opt/traffic_ops/app/conf/production/log4perl.conf
- Starting hot deployment for Hypnotoad server 32192.
-
- Waiting for Traffic Ops to start.
-
-
- Shutdown Traffic Ops [y/n] [n]: n
+ Explanation of the information that needs to be provided:
- To start Traffic Ops: service traffic_ops start
- To stop Traffic Ops: service traffic_ops stop
+ +----------------------------------------------------+----------------------------------------------------------------------------------------------+
+ | Field | Description |
+ +====================================================+==============================================================================================+
+ | Database type | Pg |
+ +----------------------------------------------------+----------------------------------------------------------------------------------------------+
+ | Database name | The name of the database Traffic Ops uses to store the configuration information |
+ +----------------------------------------------------+----------------------------------------------------------------------------------------------+
+ | Database server hostname IP or FQDN | The hostname of the database server |
+ +----------------------------------------------------+----------------------------------------------------------------------------------------------+
+ | Database port number | The database port number |
+ +----------------------------------------------------+----------------------------------------------------------------------------------------------+
+ | Traffic Ops database user | The username Traffic Ops will use to read/write from the database |
+ +----------------------------------------------------+----------------------------------------------------------------------------------------------+
+ | Password for traffic ops | The password for the above database user |
+ +----------------------------------------------------+----------------------------------------------------------------------------------------------+
+ | Database server root (admin) user name | Privileged database user that has permission to create the database and user for Traffic Ops |
+ +----------------------------------------------------+----------------------------------------------------------------------------------------------+
+ | Database server root (admin) user password | The password for the above privileged database user |
+ +----------------------------------------------------+----------------------------------------------------------------------------------------------+
+ | Traffic Ops url | The URL to connect to this instance of Traffic Ops, usually https://<traffic ops host FQDN>/ |
+ +----------------------------------------------------+----------------------------------------------------------------------------------------------+
+ | Human-readable CDN Name | The name of the first CDN traffic Ops will be managing |
+ +----------------------------------------------------+----------------------------------------------------------------------------------------------+
+ | DNS sub-domain for which your CDN is authoritative | The DNS domain that will be delegated to this Traffic Control CDN |
+ +----------------------------------------------------+----------------------------------------------------------------------------------------------+
+ | Administration username for Traffic Ops | The Administration (highest privilege) Traffic Ops user to create; |
+ | | use this user to login for the first time and create other users |
+ +----------------------------------------------------+----------------------------------------------------------------------------------------------+
+ | Password for the admin user | The password for the above user |
+ +----------------------------------------------------+----------------------------------------------------------------------------------------------+
- traffic_ops #
Traffic Ops is now installed!
@@ -375,110 +222,13 @@ Upgrading Traffic Ops
=====================
To upgrade:
+.. Note:: TODO : review for > 2.0
+
1. Enter the following command:``service traffic_ops stop``
2. Enter the following command:``yum upgrade traffic_ops``
3. See :ref:`rl-ps` to run postinstall.
4. Enter the following command:``service traffic_ops start``
-Manually Generating and Installing the SSL Certificate
-------------------------------------------------------
-
-.. Note:: This section is valid for traffic-control 2.0.0 and later.
-
-Self-signed Certificate (Development)
-=====================================
-
- Example Procedure::
-
- $ openssl genrsa -des3 -passout pass:x -out localhost.pass.key 2048
- Generating RSA private key, 2048 bit long modulus
- ...
- $ openssl rsa -passin pass:x -in localhost.pass.key -out localhost.key
- writing RSA key
- $ rm localhost.pass.key
-
- $ openssl req -new -key localhost.key -out localhost.csr
- You are about to be asked to enter information that will be incorporated
- into your certificate request.
- What you are about to enter is what is called a Distinguished Name or a DN.
- There are quite a few fields but you can leave some blank
- For some fields there will be a default value,
- If you enter '.', the field will be left blank.
- -----
- Country Name (2 letter code) [XX]:US<enter>
- State or Province Name (full name) []:CO<enter>
- Locality Name (eg, city) [Default City]:Denver<enter>
- Organization Name (eg, company) [Default Company Ltd]: <enter>
- Organizational Unit Name (eg, section) []: <enter>
- Common Name (eg, your name or your server's hostname) []: <enter>
- Email Address []: <enter>
-
- Please enter the following 'extra' attributes
- to be sent with your certificate request
- A challenge password []: pass<enter>
- An optional company name []: <enter>
- $ openssl x509 -req -sha256 -days 365 -in localhost.csr -signkey localhost.key -out localhost.crt
- Signature ok
- subject=/C=US/ST=CO/L=Denver/O=Default Company Ltd
- Getting Private key
- $ sudo cp localhost.crt /etc/pki/tls/certs
- $ sudo cp localhost.key /etc/pki/tls/private
- $ sudo chown trafops:trafops /etc/pki/tls/certs/localhost.crt
- $ sudo chown trafops:trafops /etc/pki/tls/private/localhost.key
-
-Certificate from Certificate Authority (Production)
-===================================================
-
-.. Note:: You will need to know the appropriate answers when generating the certificate request file `trafficopss.csr` below.
-
- Example Procedure::
-
- $ openssl genrsa -des3 -passout pass:x -out trafficops.pass.key 2048
- Generating RSA private key, 2048 bit long modulus
- ...
- $ openssl rsa -passin pass:x -in trafficops.pass.key -out trafficops.key
- writing RSA key
- $ rm localhost.pass.key
-
- Generate the Certificate Signing Request (CSR) file needed for Certificate Authority (CA) request.
-
- $ openssl req -new -key trafficops.key -out trafficops.csr
- You are about to be asked to enter information that will be incorporated
- into your certificate request.
- What you are about to enter is what is called a Distinguished Name or a DN.
- There are quite a few fields but you can leave some blank
- For some fields there will be a default value,
- If you enter '.', the field will be left blank.
- -----
- Country Name (2 letter code) [XX]: <enter country code>
- State or Province Name (full name) []: <enter state or province>
- Locality Name (eg, city) [Default City]: <enter locality name>
- Organization Name (eg, company) [Default Company Ltd]: <enter organization name>
- Organizational Unit Name (eg, section) []: <enter organizational unit name>
- Common Name (eg, your name or your server's hostname) []: <enter server's hostname name>
- Email Address []: <enter e-mail address>
-
- Please enter the following 'extra' attributes
- to be sent with your certificate request
- A challenge password []: <enter challenge password>
- An optional company name []: <enter>
- $ sudo cp trafficops.key /etc/pki/tls/private
- $ sudo chown trafops:trafops /etc/pki/tls/private/trafficops.key
-
- You must then take the output file trafficops.csr and submit a request to your Certificate Authority (CA).
- Once you get approved and receive your trafficops.crt file:
-
- $ sudo cp trafficops.crt /etc/pki/tls/certs
- $ sudo chown trafops:trafops /etc/pki/tls/certs/trafficops.crt
-
- If necessary, install the CA certificates .pem and .crt in /etc/pki/tls/certs.
-
- You will need to update the file /opt/traffic_ops/app/conf/cdn.conf with the following changes:
- ...
- e.g. given trafficops.crt and trafficops.key
- 'hypnotoad' => ...
- 'listen' => 'https://[::]:443?cert=/etc/pki/tls/certs/trafficops.crt&key=/etc/pki/tls/private/trafficops.key&ca=/etc/pki/tls/certs/localhost.ca&verify=0x00&ciphers=AES128-GCM-SHA256:HIGH:!RC4:!MD5:!aNULL:!EDH:!ED'
- ...