You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@vcl.apache.org by jf...@apache.org on 2013/01/08 17:37:56 UTC
svn commit: r1430372 [3/11] - /vcl/site/trunk/content/confluence_export/
Added: vcl/site/trunk/content/confluence_export/automated-installation-of-vcl.mdtext
URL: http://svn.apache.org/viewvc/vcl/site/trunk/content/confluence_export/automated-installation-of-vcl.mdtext?rev=1430372&view=auto
==============================================================================
--- vcl/site/trunk/content/confluence_export/automated-installation-of-vcl.mdtext (added)
+++ vcl/site/trunk/content/confluence_export/automated-installation-of-vcl.mdtext Tue Jan 8 16:37:53 2013
@@ -0,0 +1,1324 @@
+Title: Automated Installation of VCL
+
+
+
+
+
+
+I developed a set of scripts to automate the installation of VCL for my own
+purposes. I used the scripts in an advanced Linux class I taught at NCA&T
+as an example of scripting. Several student teams installed VCL on their
+individual servers, and the installation had to be repeated after the
+students experimented with the setup. The script made installation
+relatively quick and always consistent. The installation is basically one
+click.
+
+
+
+The starting point of the installation is a configured Scientific Linux 6.2
+operating system. This installation also uses scripting and a custom local
+repository I developed. The installation is either PXE or iPXE based. The
+student's starting point is an _ether-wake_ command to the target server,
+and installation is automatic from that point on. My home repository
+contains a database of configuration data for various computers of friends
+at several different geographical locations who use my repository to
+perform automated installation and configuration of LAMP servers, directory
+servers, repository servers, Plandora, Moodle, and so forth. I mirrored my
+home site at NCA&T, and added customization for some NCA&T hosts.
+
+Each student team adds their customization data, for example, host name,
+partitioning information, and application customization data. Each team
+also makes an entry in the local _dnsmasq_ TFTP/DNS/DHCP configuration.
+These one-time tasks are completed early in the semester during the study
+of enterprise configuration. This background is of interest only because my
+VCL scripts assume certain things, such as, the web directory roots for all
+named virtual hosts are in _/var/www/web_servers/_ and configuration
+snippets are in _/etc/httpd/virtual_hosts/_.
+
+
+
+Once the LAMP server is loaded, a team member opens Firefox and downloads
+*vcl_pre_commands_nn.sh* from the repo web server. The ânnâ is
+anything, but usually a â1â, or a â2â, and forth, to access a
+unique parameters file for each unique VCL installation. If you look in the
+pre_commands script, you will notice the number is just used to append to
+the filename *vcl_parameters_nn.sh*. In the scripts below, I used "13",
+since the particular target host name was "burton-research-13". Before
+starting installation, the students make a one-time instance of both the
+vcl_pre_commands file and the vcl_parameters file customized for their
+team. That is, each team could represent a different institution seeking to
+create a VCL cloud. If you look in these files, you will see the only real
+task is to set the host name of the target server to agree with the DHCP
+hostname assignment. Of course, you can vary every parameter, but since
+this is a student lab, all teams used my default settings for digital
+certificates and so forth. If you use the scripts for your own institution,
+you will wish to change additional settings to reflect your institution's
+name and login credentials. The parameters.sh file is \-\- at least to me
+\-\- documented and straightforward. I kept the students confined to a
+private LAN without outside access, so *{_}{+}we used weak
+passwords{+}{_}*. Please, use a strong password for any system with access
+from the Internet. Once the pre-commands file is downloaded, the students
+make the file executable, the run the script. About 30 minutes later, VCL
+installation is complete. Packages are installed using _yum_ (see
+*vcl_packages.sh*), and all source tarballs are downloaded directly from
+the VCL site. The main script, *install_vcl.sh*, incorporates several
+modifications to the current VCL installation instructions. Notable areas
+are sourcing the MySQL database structure, dynamically modifying the VCL
+perl script to remove Linux package installation and perl interaction, use
+of SL 6.2, and rearranging the order of installation to complete all
+package installation in one place. The use of explicit yum package
+installation will allow me to copy *vcl_packages.sh* almost directly into
+RPM requires statements. I did not use an RPM for my students because I
+wanted the students to explore and experiment with the scripts.
+
+
+
+<a name="AutomatedInstallationofVCL-SowhatisaâcompleteâVCLinstallation?"></a>
+### So what is a âcompleteâ VCL installation?
+
+In this case, it means everything required to install and configure the VCL
+web front end and the VCL management node is completed automatically. The
+script automatically launches Firefox to the VCL web interface and lists
+the few steps that must be completed through the web interface (admin
+password, initial specification of management node).
+
+
+
+What is not done (at this time) is the automated installation of VMware
+ESXi on the service nodes, nor the installation and configuration of XCAT.
+I expect I will just automate the XCAT installation and configuration, and
+let XCAT take care of the service node installation and management, since
+this will provide an arbitrarily large cloud. For my class, we just
+installed VMware ESXi manually on a service node.
+
+
+
+Images can be copied manually, of course, but in my scheme of
+infrastructure, booting a bare metal image with a PXE boot to my repository
+automatically builds Linux images. I expect XCAT can be persuaded to do the
+same.
+
+
+
+<a name="AutomatedInstallationofVCL-HowcouldthesescriptshelptheVCLproject?"></a>
+### How could these scripts help the VCL project?
+
+I mentioned the automated installation in a poster session at the first ICA-CON conference hosted by IBM in April, 2012 ( [ICA-CON](http://www.ibm.com/solutions/education/cloudacademy/us/en/cloud_academy_conference.html)
+ ). Several people expressed an interest in access to the scripts, and I
+agreed to post the scripts in support of the Apache VCL project. I suppose
+with a few tweaks the script could be embedded in a no-arch RPM (or at
+least a self-determining arch) so that those who are interested in using
+VCL, but might not have the skills or patience to wade through the
+installation, could go immediately to their own VCL cloud with a click or
+two. This could lower the barrier to entry of cloud computing, and let more
+folks get on with exploring new ways to actually *{_}use{_}* a vcl cloud.
+
+<a name="AutomatedInstallationofVCL-Thescriptsfollow:"></a>
+## The scripts follow:
+
+<a name="AutomatedInstallationofVCL- vcl_pre_commands_13.sh"></a>
+### vcl_pre_commands_13.sh
+
+
+ # Make sure time is correct, otherwise certificates will fail
+ ntpd -gq
+ service ntpd start
+ cd /root
+ wget http://linuxlab.ncat.edu/inet_boot/install_vcl.sh
+ chmod +x install_vcl.sh
+ ./install_vcl.sh "http://linuxlab.ncat.edu/inet_boot" "13"
+
+
+<a name="AutomatedInstallationofVCL-vcl_parameters_13.sh"></a>
+### vcl_parameters_13.sh
+
+
+ #
+ # + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
++ +
+ # + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
++ +
+ # +
++Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â
+Â
+ # +
++Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â
+Â
+ # + + Filename:Â Â Â Â vcl_parameters.sh
+ # + + Author:Â Â Â Â Â Â Larry Burton
+ # + + Copyright:Â Â Â Copyright 2012 Larry Burton All rights reserved.
+ # + + Revision:Â Â Â Â 20120324
+ # + +
+Description:Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â
+Â
+ # + + A script to define paramters used to install Apache VCL
+ # + + Usage:Â Â Â Â Â Â Â sourced in other files
+ # +
++Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â
+Â
+ # +
++Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â
+Â
+ # + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
++ +
+ # + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
++ +
+ #
+ this_host="burton-research-13"
+ this_domain="ncat.edu"
+ #Â + + + + + + + + VCL Installation paramters + + + + + + + + + + + +
+ #
+ # Logging file
+ export log_file="/tmp/vcllog.log"
+ # Logging device
+ export logging="| tee $log_file"
+ # Location of the VCL source tarball
+ export source_url="http://www.apache.org/dist/incubator/vcl"
+ # VCL version
+ export vcl_version="2.2.1-incubating"
+ # tarball directory
+ export vcl_source_directory="/opt/vcl"
+ # The FQDN of the VCL Management Node (Must have valid DNS entry)
+ export vcl_management_node_name="$this_host.$this_domain"
+ # The FQDN of the VCL Management Node (Must have valid DNS entry)
+ export vcl_FQDN="$this_host.$this_domain"
+ #
+ # The architecture of this machine (for Perl download)
+ export arch='i386'
+ #
+ #
+ #Â + + + + + + + + MySQL parameters + + + + + + + + + + + +
+ #
+ # The MySQL root password
+ export mysql_password='useyourownpassword'
+ # VCL database user name
+ export vcl_mysql_user_name="vcluser"
+ # VCL database user password
+ export vcl_mysql_user_password="vcluserpassword"
+ # VCL database name
+ export vcl_database_name="vcl"
+ # $mcryptkey
+ export vcl_mcryptkey="alongpassword"
+ #vcl_pemkey
+ export vcl_pemkey="alongkey"
+ # FQDN of database server (Must have valid DNS entry)
+ export vcl_database_server_name="$this_host.$this_domain"
+ #LockerWrtUser
+ export vcl_lockerwrite_user="vcluser"
+ # LockerWrtUser password
+ export vcl_lockerwrite_user_password="vcluserpassword"
+ # MySQL server name (The name used to connect, which must match the
+ # MySQL database username. Typically, localhost unless you explicitly
+ # allow external connections to the database.
+ export vcl_mysql_server_name="localhost"
+ #
+ #Â + + + + + + + + HTTP parameters + + + + + + + + + + + +
+ #
+ export host_name="$this_host.$this_domain"
+ export search_path="$this_domain"
+ export web_virtual_hosts_directory='/etc/httpd/virtual_hosts'
+ export web_content_base='/var/www/web_servers'
+ # The VCL document root for the web server
+ export vcl_web_document_root="$web_content_base/$host_name"
+ #
+ #Â + + + + + + + + CA Certificate Parameters + + + + + + + + + + + +
+ #
+ export ca_passphrase="password"
+ #
+ export ca_starting_serial_number="100"
+ export ca_country="US"
+ export ca_state='NorthCarolina'
+ export ca_city="Greensboro"
+ export ca_org="LinuxLab"
+ export ca_ou="VirtualComputingLab"
+ export ca_common_name="$this_host.$this_domain"
+ export ca_email="super@ncat.edu"
+ # File to contain the self-signed CA certificate (which contains the public
+key)
+ export ca_certificate_file_name="$ca_common_name.cer"
+ # File to contain the unencrypted, base-64 encoded, private key
+ export
+ca_certificate_private_unencrypted_key_file_name="$ca_common_name.key"
+ # The directory in which to copy the digital certificates
+ export ca_path_to_local_certs_files="/etc/pki/tls/certs"
+ # The directory in which to copy the unencrypted private certificate key
+ export ca_path_to_local_key_files="/etc/pki/tls/private"
+ #
+ #Â + + + + + + + + xmlrpc Parameters + + + + + + + + + + + +
+ #
+ # The VCL daemon uses xmlrpc (remote procedure call) to connect to the
+ # MySQL database for doing things such as creating block reservations.
+ # A user must exist in the vcl MySQL database with privileges suitable for
+ # acccomplishing the database queries. You may use the MySQL GRANT command
+ # to create a distinct user, or you may use the default vcl user.
+ export vcl_xmlrpc_username=$vcl_mysql_user_name
+ export vcl_xmlrpc_pass=$vcl_mysql_user_password
+
+
+<a name="AutomatedInstallationofVCL-https_setup.sh"></a>
+### https_setup.sh
+
+
+ #!/bin/bash
+ #
+ # + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
++ +
+ # + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
++ +
+ # +
++Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â
+Â
+ # +
++Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â
+Â
+ # + + Filename:Â Â Â Â https_setup.sh
+ # + + Author:Â Â Â Â Â Â Larry Burton
+ # + + Copyright:Â Â Â Copyright 2012 Larry Burton All rights reserved.
+ # + + Revision:Â Â Â Â 20120324
+ # + +
+Description:Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â
+Â
+ # + + A script to configure httpd for https
+ # + + Usage:Â Â Â Â Â Â Â https_setup.sh
+ # + +Â Â Â Â Â Â Â Â Â Â Â Â Â Â Must be run as
+root                                   Â
+Â
+ # +
++Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â
+Â
+ # + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
++ +
+ # + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
++ +
+ #
+ #Â + + + + + + + + HTTP parameters + + + + + + + + + + + +
+ #
+
+ # Note: This script assumes httpd is already setup with Larry Burton's LAMP
+ #Â Â Â Â Â Â RPMs. This means the virtual_hosts directory and the
+web_servers
+ #Â Â Â Â Â Â directories are in place and the http access on port 80 is
+already
+ #Â Â Â Â Â Â in place.
+ #
+ #Â Â Â Â Â Â This script forces ALL HTTP access to rewrite to HTTPS. If
+you wish to
+ #Â Â Â Â Â Â keep some HTTP access, you will have to edit the reqrite
+section to
+ #Â Â Â Â Â Â only rewrite selected locations, eg /location, rather than /.
+ #
+ #
+ #Â + + + + + + + + Add the https rewrite directives + + + + + + + + + + +
++
+ #
+ # ************ check for existence of cert files ***********************
+ # The line with CustomLog appears in Larry Burton's default HTTP access.
+ # Add the new location to httpd virtual host
+ #
+ sed -i -e '/CustomLog/a\ \n\
+ Â \
+ # \
+ <Location "/"> \
+ # Set the content to ALLOW Indexex to be displayed and to FOLLOW \
+ # symbolic links \
+ Options FollowSymLinks Indexes \
+ # \
+ # \
+ RewriteEngine On \
+ # This will enable the Rewrite capabilities \
+ # \
+ RewriteCond %{HTTPS} !=on \
+ # This checks to make sure the connection is not already HTTPS \
+ # \
+ RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} \
+ # \
+ # This takes http request and changes hhtp to https \
+ # \
+ # \
+ </Location> \
+ Â \
+ ' $web_virtual_hosts_directory/$host_name.conf
+ #
+ #
+ #
+ #Â + + + + + + + + Add the https access directives + + + + + + + + + + + +
+ #
+ # The </VirtualHost> tag will be the last line of some HTTP virtual host,
+ # so we may insert the https virtual host immediately afterwards.
+ # Note the escaping of the forward slash.
+ #
+ sed -i -e '/<\/VirtualHost>/a\ \n\
+ Â \
+ # \
+ # Make sure httpd listens to port 443 \
+ # \
+ NameVirtualHost *:443 \
+ # \
+ # Add an HTTPS virtual host \
+ # \
+ <VirtualHost *:443> \
+ Â \
+ DirectoryIndex home.php \
+ Â \
+ Â \
+ Â \
+ Â \
+ Â Â Â Â ServerAdmin webmaster@'"$host_name"' \
+ Â Â Â Â DocumentRoot '"$web_content_base/$host_name"' \
+ Â \
+ Â Â Â Â ServerName '"$host_name"' \
+ Â Â Â Â ErrorLog logs/'"$host_name"'-error_log \
+ Â Â Â Â CustomLog logs/'"$host_name"'-access_log common \
+ Â \
+ Â Â Â Â Â Â Â SSLEngine on \
+ Â Â Â Â Â Â Â SSLCertificateFile
+'"$ca_path_to_local_certs_files/$ca_certificate_file_name"' \
+ Â Â Â Â Â Â Â SSLCertificateKeyFile
+'"$ca_path_to_local_key_files/$ca_certificate_private_unencrypted_key_file_name"'
+\
+ Â \
+ Â Â Â Â Â Â Â <Directory /'"$web_content_base/$host_name"'> \
+ Â Â Â Â Â Â Â AllowOverride All \
+ Â Â Â Â Â Â Â </Directory> \
+ Â \
+ Â \
+ <Location \/> \
+ Options FollowSymLinks Indexes \
+ </Location> \
+ # \
+ </VirtualHost> \
+ # This ends an HTTPS virtual host definition. \
+ # \
+ Â \
+ ' $web_virtual_hosts_directory/$host_name.conf
+ #
+ #
+ #Â + + + + + + + + Restart -- not reload -- the httpd server + + + + + + +
++ +
+ #
+ # Retart the web server daemon:
+ /etc/init.d/httpd restart
+ #
+ # End of script
+
+
+<a name="AutomatedInstallationofVCL-vcl_packages.sh"></a>
+### vcl_packages.sh
+
+I placed the installation of required packages in a separate file to ease
+the transition of the script into an RPM.
+
+
+ #
+ # + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
++ +
+ # + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
++ +
+ # +
++Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â
+Â
+ # +
++Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â
+Â
+ # + + Filename:Â Â Â Â vcl_packages.sh
+ # + + Author:Â Â Â Â Â Â Larry Burton
+ # + + Copyright:Â Â Â Copyright 2012 Larry Burton All rights reserved.
+ # + + Revision:Â Â Â Â 20120324
+ # + +
+Description:Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â
+Â
+ # + + A script to define paramters used to install packages used by Apache
+VCL
+ # + + Usage:Â Â Â Â Â Â Â sourced in other files
+ # +
++Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â
+Â
+ # +
++Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â
+Â
+ # + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
++ +
+ # + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
++ +
+ #
+ #Â + + + + + + + + VCL Installation paramters + + + + + + + + + + + +
+ #
+ /bin/echo "Installing packages used by VCL" $logging
+ /bin/echo "" $logging
+ /bin/echo "Some of these packages may already be installed, but we"
+$logging
+ /bin/echo "check them anyway to see if they need updating." $logging
+ /bin/echo "" $logging
+ #
+ # Install these packages
+ #
+ /bin/echo "httpd - Apache HTTP Server" $logging
+ yum -y install httpd
+ #
+ #
+ /bin/echo "mod_ssl - SSL/TLS module for the Apache HTTP server" $logging
+ yum -y install mod_ssl
+ #
+ #
+ /bin/echo "php - The PHP HTML-embedded scripting language" $logging
+ yum -y install php
+ #
+ #
+ /bin/echo "We will not use libmcrypt - Encryption algorithms library"
+$logging
+ #yum -y install libmcrypt
+ #
+ # Required PHP Modules:
+ #
+ /bin/echo "" $logging
+ /bin/echo "We need the following PHP modules." $logging
+ /bin/echo "" $logging
+ #
+ /bin/echo "php-gd" $logging
+ yum -y install php-gd
+ #
+ #
+ /bin/echo "php-json (required if your PHP version is 5.2 or later)"
+$logging
+ yum -y install php-json
+ #
+ #
+ /bin/echo "We will not use php-mcrypt" $logging
+ #yum -y install php-mcrypt
+ #
+ #
+ /bin/echo "php-mysql" $logging
+ yum -y install php-mysql
+ #
+ #
+ /bin/echo "php-openssl" $logging
+ yum -y install php-openssl
+ #
+ #
+ /bin/echo "php-sysvsem" $logging
+ yum -y install php-sysvsem
+ #
+ #
+ /bin/echo "php-xml" $logging
+ yum -y install php-xml
+ #
+ #
+ /bin/echo "php-xmlrpc" $logging
+ yum -y install php-xmlrpc
+ #
+ #
+ /bin/echo "php-ldap" $logging
+ yum -y install php-ldap
+ #
+ #
+ # Management Node packages
+ #Required Linux Packages:
+
+ #The VCL management node daemon (vcld) requires the following Linux
+packages and Perl modules in order to run (see step 2 below for
+installation instructions):
+
+ #
+ /bin/echo "expat - A library for parsing XML" $logging
+ yum -y install expat
+ #
+ /bin/echo "expat-devel - Libraries and include files to develop XML
+applications with expat" $logging
+ yum -y install expat-devel
+ #
+ /bin/echo "gcc - Various compilers C, C++, Objective-C, Java, ..." $logging
+ yum -y install gcc
+ #
+ /bin/echo "krb5-libs - The shared libraries used by Kerberos 5" $logging
+ yum -y install krb5-libs
+ #
+ /bin/echo "krb5-devel - Development files needed to compile Kerberos 5
+programs" $logging
+ yum -y install krb5-devel
+ #
+ /bin/echo "libxml2 - Library providing XML and HTML support" $logging
+ yum -y install libxml2
+ #
+ /bin/echo "libxml2-devel - Libraries, includes, etc. to develop XML and
+HTML applications" $logging
+ yum -y install libxml2-devel
+ #
+ /bin/echo "mysql - MySQL client programs and shared libraries" $logging
+ yum -y install mysql
+ #
+ /bin/echo "nmap - Network exploration tool and security scanner" $logging
+ yum -y install nmap
+ #
+ /bin/echo "openssh - The OpenSSH implementation of SSH protocol versions 1
+and 2" $logging
+ yum -y install openssh
+ #
+ /bin/echo "openssl - The OpenSSL toolkit" $logging
+ yum -y install openssl
+ #
+ /bin/echo "openssl-devel - Files for development of applications which will
+use OpenSSL" $logging
+ yum -y install openssl-devel
+ #
+ /bin/echo "perl - The Perl programming language" $logging
+ yum -y install perl
+ #
+ /bin/echo "perl-DBD-MySQL - A MySQL interface for perl" $logging
+ yum -y install perl-DBD-MySQL
+ #
+ #Â Â Â Â Â Â Â Â Â ------------------------- /bin/echo "xmlsec1-openssl -
+OpenSSL crypto plugin for XML Security Library" $logging
+ #Â Â Â Â Â Â Â Â Â ------------------------- yum -y install
+xmlsec1-openssl
+ #
+ #
+ #
+ if [ $arch == "i386" ]
+ then
+ perlarch="i686"
+ else
+ perlarch="x86_64"
+ fi
+ /bin/echo "Perl Architecture for download is $perlarch" $logging
+ wget
+ftp://rpmfind.net/linux/epel/beta/6/$arch/xmlsec1-1.2.16-2.el6.$perlarch.rpm
+ yum -y install xmlsec1-1.2.16-2.el6.$perlarch.rpm
+ #
+ #
+ #wget
+ftp://rpmfind.net/linux/epel/beta/6/x86_64/xmlsec1-1.2.16-2.el6.x86_64.rpm
+ #yum -y install xmlsec1-1.2.16-2.el6.x86_64.rpm
+ #
+ #wget
+http://rpmfind.net/linux/epel/beta/6/i386/xmlsec1-1.2.16-2.el6.i686.rpm
+ #yum -y install xmlsec1-1.2.16-2.el6.i686.rpm
+
+
+<a name="AutomatedInstallationofVCL-create_a_new_self_signed_certificate.sh"></a>
+### create_a_new_self_signed_certificate.sh
+
+
+
+
+
+ #!/bin/bash
+ #
+ # + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
++ +
+ # + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
++ +
+ # +
++Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â
+Â
+ # +
++Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â
+Â
+ # + + Filename:Â Â Â Â create_new_self-signed_ca.sh
+ # + + Author:Â Â Â Â Â Â Larry Burton
+ # + + Copyright:Â Â Â Copyright 2012 Larry Burton All rights reserved.
+ # + + Revision:Â Â Â Â 20120324
+ # + +
+Description:Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â
+Â
+ # + + A script to create a new self-signed digital certificate
+ # + + Usage:Â Â Â Â Â Â Â create_new_self-signed_ca.sh
+ # + +Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â
+ # +
++Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â
+Â
+ # + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
++ +
+ # + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
++ +
+ #
+ #
+ # This script will create a new self-signed Certificate Authority (CA)
+ # digital certificate. The CA certificate can be posted on a web server for
+ # the public to download in order to verify digital certificates signed by
+ # this CA certificate.
+ #
+ # When creating the CA, we will NOT ENCRYPT the private key because we wish
+ # to store the unencrypted private key on a server for access by software
+ # such as httpd. If we encrypted the private key, we would have to type in
+the
+ # passphrase every time the software needed to use the key. The "-nodes"
+ # option specifies no encryption.
+
+ # Prepare subject text
+ # If you have a problem
+ ca_subj=/C=$ca_country/ST=$ca_state/O=$ca_org/localityName=$ca_city/commonName=$ca_common_name/organizationalUnitName=$ca_ou/emailAddress=$ca_email
+ #
+ echo "The subject text is:"
+ echo "$ca_subj"
+ #
+ # Create the self-signed certificate
+ #Â Â Â PEM format is default, but specify it to make sure we do not have
+DER format
+ openssl req -x509 \
+ Â Â Â -nodes \
+ Â Â Â -keyform PEM \
+ Â Â Â -inform PEM \
+ Â Â Â -outform PEM \
+ Â Â Â -days 3650 \
+ Â Â Â -newkey rsa:2048 \
+ Â Â Â -set_serial $ca_starting_serial_number \
+ Â Â Â -batch \
+ Â Â Â -subj "$ca_subj" \
+ Â Â Â -keyout $ca_certificate_private_unencrypted_key_file_name \
+ Â Â Â -out $ca_certificate_file_name \
+ Â Â Â -passin pass:$ca_passphrase
+ #
+ # Self-signed certificate is complete
+ /bin/echo "Here is the unencrypted private key stored in
+$ca_certificate_private_unencrypted_key_file_name:"
+ cat $ca_certificate_private_unencrypted_key_file_name
+ /bin/echo "Here is the self-signed Certificate Authority certificate stored
+in $ca_certificate_file_name:"
+ cat $ca_certificate_file_name
+ #
+ /bin/echo "Here is the information contained in the self-signed CA
+certificate:"
+ openssl x509 -text -in $ca_certificate_file_name
+ #
+ #Â + + + + + + + + Copy Cert and Key to local directory + + + + + + + + +
++ + +
+ #
+ mkdir -p $ca_path_to_local_certs_files
+ mkdir -p $ca_path_to_local_key_files
+ cp $ca_certificate_file_name
+$ca_path_to_local_certs_files/$ca_certificate_file_name
+ cp $ca_certificate_private_unencrypted_key_file_name
+$ca_path_to_local_key_files/$ca_certificate_private_unencrypted_key_file_name
+ #
+ /bin/echo "The CA certificate has been copied to
+$ca_path_to_local_certs_files"
+ /bin/echo "The CA unecrypted private key has been copied to
+$ca_path_to_local_key_files"
+ # end of script
+
+
+<a name="AutomatedInstallationofVCL-install_vcl.sh"></a>
+### install_vcl.sh
+
+
+ #!/bin/bash
+ #
+ # + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
++ +
+ # + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
++ +
+ # +
++Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â
+Â
+ # +
++Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â
+Â
+ # + + Filename:Â Â Â Â install_vcl.sh
+ # + + Author:Â Â Â Â Â Â Larry Burton
+ # + + Copyright:Â Â Â Copyright 2012 Larry Burton All rights reserved.
+ # + + Revision:Â Â Â Â 20120324
+ # + +
+Description:Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â
+Â
+ # + + A script to install Apache VCL on a LAMP server
+ # + + Usage:Â Â Â Â Â Â Â install_vcl.sh repo_url host
+ # + + Example:Â Â Â Â Â install_vcl.sh
+"http://linuxlab.ncat.edu/inet_boot" "1"
+ # + +              Must be run as root  Â
+ # + +Â Â Â Â Â Â Â Â Â Â Â Â Â Â The second parameter is appended to the
+parameters filename
+ # + +Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â to allow multiple different VCL
+installations to use the same script
+ # + +Â Â Â Â Â Â Â Â Â Â Â Â Â Â The target server, which is the computer
+upon which this
+ # + +Â Â Â Â Â Â Â Â Â Â Â Â Â Â script is executing, must have:
+ # + +Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Internet access and must
+ # + +Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â A valid forward and reverse DNS
+entry
+ # + +Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Access to a valid DS server
+ # + +Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Access to a valid DHCP
+server                                Â
+ # +
++Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â
+Â
+ # + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
++ +
+ # + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
++ +
+ #
+ repo_url=$1
+ target_host=$2
+ #
+ mkdir -p /tmp/install
+ #
+ # Get installation parameters
+ wget --no-host-directories --output-document="/tmp/install/vcl_parameters"
+$repo_url/vcl_parameters_$target_host.sh
+ #
+ # All the host paramters are now in /tmp/install/host_parameters
+ #
+ # Source the customization variables
+ . /tmp/install/vcl_parameters
+ /bin/echo "Following are the VCL installation parameters" $logging
+ cat /tmp/install/vcl_parameters
+ #
+ #
+ # Use yum to install the necessary repository packages
+ wget --no-host-directories --output-document="/tmp/install/vcl_packages"
+$repo_url/vcl_packages.sh
+ . /tmp/install/vcl_packages
+ #
+ #Â + + + + + + + + Start the VCL Installation + + + + + + + + + + + +
+ #
+ # The starting point is an installed and hardened LAMP server created by
+ # Larry Burton's RPMs
+ #
+ # Create the VCL source code directory
+ /bin/echo "Creating VCL source code directory as $vcl_source_directory"
+$logging
+ mkdir -p $vcl_source_directory
+ # Change the working directory to the source code directory
+ /bin/echo "Changing working directory to source code directory" $logging
+ pushd $vcl_source_directory
+ # Download & Extract the Apache VCL Source
+ /bin/echo "Downloading the VCL source tarball from $source_url" $logging
+ wget $source_url/apache-VCL-$vcl_version.tar.bz2
+ # Extract the files
+ /bin/echo "Extracting the VCL source tarball" $logging
+ tar -jxvf apache-VCL-2.2.1-incubating.tar.bz2
+ #
+ # Configure MySQL for VCL (MySQL is already installed and configured by
+LAMP)
+ #
+ # Make sure the firewall on the database server is configured to allow
+ # traffic from the web server and management node servers to connect to
+ # the MySQL daemon TCP port: 3306. See the firewall documentation for
+ # more information.
+ #
+ # Create a VCL database
+ /bin/echo "Creating VCL database" $logging
+
+ #mysql --user=root --password=$mysql_password -e 'DROP DATABASE vcl;'
+ mysql --user=root --password=$mysql_password -e 'CREATE DATABASE vcl; USE
+vcl; source apache-VCL-2.2.1-incubating/mysql/vcl.sql; SHOW TABLES;'
+
+
+ mysql --user=root --password=$mysql_password -e "GRANT
+SELECT,INSERT,UPDATE,DELETE,CREATE TEMPORARY TABLES ON vcl.* TO
+'$vcl_mysql_user_name'@'localhost' IDENTIFIED BY
+'$vcl_mysql_user_password';"
+
+ mysql --user=root --password=$mysql_password -e "USE mysql; SELECT * FROM
+user WHERE User='vcluser';"
+
+
+ # Create the VCL user for the MySQL database
+ # Note this user is created with access from the localhost only since the
+ # database server is assumed to be on the same physical machine as the vcl
+daemon
+
+ /bin/echo "These are the tables in the VCL database:" $logging
+ mysql --user=root --password=$mysql_password -e "USE vcl;SHOW TABLES;"
+ #
+ # At this point, VCL support in MySQL is complete
+ /bin/echo "" $logging
+ #
+ /bin/echo "MySQL configuration for VCL complete" $logging
+ /bin/echo "" $logging
+ #
+ #Â NOTE ----------- Change http.conf document root to correct document
+root
+ sed -i -e "s:DocumentRoot \"/var/www/html\":DocumentRoot
+\"$web_content_base/$vcl_FQDN\":g" /etc/httpd/conf/httpd.conf
+ #
+ #Â + + + + + + + + Set up Apache httpd for https + + + + + + + + + + + +
+ #
+ /bin/echo "Creating digital certificates for web server" $logging
+ # Download and run the https configuration script
+ wget --no-host-directories
+--output-document="/tmp/install/create_new_self-signed_ca.sh"
+$repo_url/create_new_self-signed_ca.sh
+ sh /tmp/install/create_new_self-signed_ca.sh
+
+ #
+ # Note: The certificates must be in place before trying to start https
+ #
+ /bin/echo "Beginning httpd configuration for VCL" $logging
+ # Download and run the https configuration script
+ wget --no-host-directories --output-document="/tmp/install/https_setup.sh"
+$repo_url/https_setup.sh
+ sh /tmp/install/https_setup.sh
+ #
+ # At this point, VCL support in httpd is complete
+ /bin/echo "" $logging
+ /bin/echo "httpd configuration for VCL complete" $logging
+ /bin/echo "" $logging
+ #
+
+ #4. If SELinux is enabled, run the following command to allow the web
+server to connect to the database:
+ #/usr/sbin/setsebool -P httpd_can_network_connect=1
+ #5. If the iptables firewall is being used, port 80 and 443 should be
+opened up:
+ #vi /etc/sysconfig/iptables
+ #
+ #-A RH-Firewall-1-INPUT -m state --state NEW -p tcp --dport 80 -j ACCEPT
+ #-A RH-Firewall-1-INPUT -m state --state NEW -p tcp --dport 443 -j ACCEPT
+ #service iptables restart
+ #
+ #
+ #
+ #Â + + + + + + + + Install the VCL Frontend Web Code + + + + + + + + + + +
++
+ #
+ #
+ /bin/echo "Beginning VCL Frontend Web Code Installation" $logging
+ #
+ # Copy the web directory to a location under the web root of your web
+server
+ # and navigate to the destination .ht-inc subdirectory
+ # Create the VCL web server document root directory
+ mkdir -p $vcl_web_document_root
+ # Copy the VCL web documents to the VCL web server document root
+ cp -r apache-VCL-$vcl_version/web/ $vcl_web_document_root/vcl
+ # Change the working directory to the web server document root patch file
+directory
+ pushd $vcl_web_document_root/vcl/.ht-inc
+ # Apply patch to fix editing reservations
+ wget
+https://issues.apache.org/jira/secure/attachment/12477101/utils_virtual_undefined.patch
+ patch < utils_virtual_undefined.patch
+ # Apply patch to fix processing of block allocations
+ wget
+https://issues.apache.org/jira/secure/attachment/12485328/vmhostcheck_fix.patch
+ patch < vmhostcheck_fix.patch
+ #
+ # Configure the PHP secrets file
+ #
+
+ # Copy secrets-default.php to secrets.php:
+ cp secrets-default.php secrets.php
+ # Edit the secrets.php file
+ /bin/echo "Editing the PHP secrets.php file" $logging
+ # Set the VCL hostname
+ ####### default is ok sed -i -e "s/\$vclhost = 'localhost'; # name of mysql
+server/###\$vclhost = 'localhost'; # name of mysql server/g" \
+ ####### default is ok       -e "/\$vclhost = 'localhost'; # name of
+mysql server/a\ \n\
+ ####### default is ok ####### default is ok \$vclhost = '$host_name'; #
+name of mysql server/
+ ####### default is ok \
+ ####### default is ok " \
+ ####### default is ok secrets.php
+ #
+ # Set the VCL database name
+ ####### default is ok sed -i -e "s/\$vcldb = 'vcl';Â Â Â Â Â Â Â Â # name
+of mysql database/###\$vcldb = 'vcl';Â Â Â Â Â Â Â Â # name of mysql
+database/g" \
+ ####### default is ok       -e "/\$vcldb = 'vcl';        #
+name of mysql database/a\ \n\
+ ####### default is ok \$vcldb = '$vcl_database_name';Â Â Â Â Â Â Â Â #
+name of mysql database/
+ ####### default is ok \
+ ####### default is ok " \
+ ####### default is ok secrets.php
+ #
+ # Set the VCL user name
+ sed -i -e "s/\$vclusername = '';Â Â Â Â Â # username to access
+database/###\$vclusername = '';Â Â Â Â Â # username to access database/g"
+\
+ Â Â Â Â Â Â -e "/\$vclusername = '';Â Â Â Â Â # username to access
+database/a\ \n\
+ \$vclusername = '$vcl_mysql_user_name';Â Â Â Â Â # username to access
+database/
+ Â \
+ " \
+ secrets.php
+ #
+ # Set the VCL password
+ sed -i -e "s/\$vclpassword = '';Â Â Â Â Â # password to access
+database/###\$vclpassword = '';Â Â Â Â Â # password to access database/g"
+\
+ Â Â Â Â Â Â -e "/\$vclpassword = '';Â Â Â Â Â # password to access
+database/a\ \n\
+ \$vclpassword = '$vcl_mysql_user_password';Â Â Â Â Â # password to access
+database/
+ Â \
+ " \
+ secrets.php
+ #
+ # Set the VCL password
+ sed -i -e "s/\$mcryptkey = '';Â # random password - won't ever have to
+type it so make it long/###\$mcryptkey = '';Â # random password - won't
+ever have to type it so make it long/g" \
+ Â Â Â Â Â Â -e "/\$mcryptkey = '';Â # random password - won't ever have
+to type it so make it long/a\ \n\
+ \$mcryptkey = '$vcl_mcryptkey';Â # random password - won't ever have to
+type it so make it long/
+ Â \
+ " \
+ secrets.php
+ #
+ # $mcryptiv = '12345678'; // must be 8 hex chars
+ #
+ # Set the VCL passphrase
+ sed -i -e "s/\$pemkey = ''; # random passphrase - same as given to
+genkeys.sh - should be long/###\$pemkey = ''; # random passphrase - same as
+given to genkeys.sh - should be long/g" \
+ Â Â Â Â Â Â -e "/\$pemkey = ''; # random passphrase - same as given to
+genkeys.sh - should be long/a\ \n\
+ \$pemkey = '$vcl_pemkey'; # random passphrase - same as given to genkeys.sh
+- should be long/
+ Â \
+ " \
+ secrets.php
+ #
+
+ #
+ #Â + + Create the public and private keys for the vcl user + + + + + + + +
++
+ #
+ /bin/echo "Creating the public and private keys for the vcl user" $logging
+ # The 2048 MUST come after the passphrase
+
+ echo "openssl genrsa -aes256 -out keys.pem -passout pass:$vcl_pemkey 2048"
+ openssl genrsa -aes256 -out keys.pem -passout pass:$vcl_pemkey 2048
+ echo "openssl rsa -pubout -in keys.pem -out pubkey.pem -passin
+pass:$vcl_pemkey"
+ openssl rsa -pubout -in keys.pem -out pubkey.pem -passin pass:$vcl_pemkey
+ #
+ #
+ #
+ #Â + + Configure the PHP conf.php + + + + + + + + +
+ #
+ /bin/echo "Configuring the PHP conf.php" $logging
+ #
+
+ # Copy conf-default.php to conf.php:
+ cp conf-default.php conf.php
+ #
+ # Modify conf.php to match your site
+ # Basically this consists of specifying the FQDN and domain name of the
+server.
+ # NOTE: use = as delimiter instead of slash to avoid escaping slashes
+ sed -i -e "s:define(\"COOKIEDOMAIN\", \".example.org\");Â Â Â Â Â Â //
+domain in which cookies are set:define(\"COOKIEDOMAIN\",
+\"$vcl_FQDN\");Â Â Â Â Â Â // domain in which cookies are set:g" conf.php
+ sed -i -e "s=define(\"BASEURL\",
+\"https:\/\/vcl.example.org\");=define(\"BASEURL\",
+\"https:\/\/$vcl_FQDN/vcl\");=g" conf.php
+ sed -i -e "s=define(\"HOMEURL\",
+\"http:\/\/vcl.example.org\/\");=define(\"HOMEURL\",
+\"http:\/\/$vcl_FQDN\/vcl\/\");=g" conf.php
+ sed -i -e "s=vcl.example.org=$vcl_FQDN=g" conf.php
+ sed -i -e "s=example.org=$search_path=g" conf.php
+ # Did not set timezone
+ #
+ # Â
+ #
+ #
+ # Set the owner of the .ht-inc/maintenance directory to the web server user
+(normally 'apache'):
+ chown apache maintenance
+ #
+ #
+ #
+ #Â + + Install phpseclib and apply a patch to remove the requirement of
+having mcrypt installed + + + + + + + + +
+ #
+ # Optionally, you can install phpseclib and apply a patch to remove the
+requirement of having mcrypt installed
+ /bin/echo "Patching to remove the mcrypt dependency" $logging
+ #Here are the steps to remove the dependency:
+ #Download phpseclib to /tmp (version 0.2.2 was used for testing)
+ pushd /tmp
+ wget http://downloads.sourceforge.net/project/phpseclib/phpseclib0.2.2.zip
+ #Create a directory named phpseclib in your .ht-inc directory
+ mkdir $vcl_web_document_root/vcl/.ht-inc/phpseclib
+ #unzip phpseclib in the phpseclib directory
+ pushd $vcl_web_document_root/vcl/.ht-inc/phpseclib
+ unzip /tmp/phpseclib0.2.2.zip
+ #Download no_mcrypt.patch to your .ht-inc directory
+ pushd $vcl_web_document_root/vcl/.ht-inc
+ wget http://people.apache.org/~jfthomps/no_mcrypt.patch
+ #Apply the patch
+ patch < no_mcrypt.patch
+ #
+ /bin/echo "The VCL web server is now set up" $logging
+ #
+ #
+ #
+ # Test the webserver
+ # Open the testsetup.php page in a web browser
+ firefox https://$host_name/vcl/testsetup.php &
+
+ # ---------------------------- Must manually use web interface to setup
+management node !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+ # Right now, before completing remaining steps
+ # It is easier to just let the script run, then use the web interface, and
+then restart vcld
+
+ pushd $vcl_web_document_root/vcl/.ht-inc
+
+
+ #
+ # At this point, the VCL webserver is configured
+ #
+ #
+ #
+ #
+ #Â + + Install the Management Node + + + + + + + + +
+ #
+ /bin/echo "Installing VCL Management Node" $logging
+ popd
+ popd
+ popd
+ cd
+ # Change the working directory to the source code directory
+ /bin/echo "Changing working directory to source code directory" $logging
+ pushd $vcl_source_directory
+ #
+ cp -r apache-VCL-2.2.1-incubating/managementnode /usr/local/vcl
+ #
+ /bin/echo "Installing perl modules" $logging
+ # Skip the Linux package installation in the perl script and say YES
+ sed -i -e "s=install_linux_packages();=###install_linux_packages()=g"
+/usr/local/vcl/bin/install_perl_libs.pl
+ sed -i -e "s:my \$input = <>;:my \$input = 'YES';:g"
+/usr/local/vcl/bin/install_perl_libs.pl
+ #sed -i -e "s=my @ERRORS;=###my @ERRORS;=g"
+/usr/local/vcl/bin/install_perl_libs.pl
+
+
+ # Now install the perl modules
+ perl /usr/local/vcl/bin/install_perl_libs.pl
+ #
+ #Â + + Configure vcld.conf + + + + + + + + +
+ #
+ /bin/echo "Configuring /etc/vcld.conf" $logging
+ #Create the */etc/vcl* directory:
+ mkdir /etc/vcl
+ #Copy the stock *vcld.conf* file to */etc/vcl*:
+ cp /usr/local/vcl/etc/vcl/vcld.conf /etc/vcl
+ #Edit */etc/vcl/vcld.conf*:
+ #
+ vcl_conf_file="/etc/vcl/vcld.conf"
+ #
+ echo $vcl_management_node_name
+ # You can use any delimiter you like in an address by prepending a \ i.e.
+\|...| for the substitute command the \ is not necessary.
+ #
+ # Set the FQDN for the management server (vcld)
+ sed -i -e "s/FQDN=/###FQDN=/g" \
+ Â Â Â Â Â Â -e "/###FQDN=/a \
+ FQDN=$vcl_management_node_name
+ Â \
+ " \
+ $vcl_conf_file
+ #
+ #
+ # Set the MySQL database name for the management server (vcld)
+ sed -i -e "s/database=vcl/###database=vcl/g" \
+ Â Â Â Â Â Â -e "/##database=vcl/a \
+ database=$vcl_database_name
+ Â \
+ " \
+ $vcl_conf_file
+ #
+ # Set the MySQL database name for the management server (vcld)
+ sed -i -e "s/server=/###server=/g" \
+ Â Â Â Â Â Â -e "/###server=/a \
+ server=$vcl_mysql_server_name
+ Â \
+ " \
+ $vcl_conf_file
+ #
+ # Set the MySQL database name for the management server (vcld)
+ sed -i -e "s/LockerWrtUser=vcl-wr/###LockerWrtUser=vcl-wr/g" \
+ Â Â Â Â Â Â -e "/###LockerWrtUser=vcl-wr/a \
+ LockerWrtUser=$vcl_mysql_user_name
+ Â \
+ " \
+ $vcl_conf_file
+ #
+ # Set the MySQL database name for the management server (vcld)
+ sed -i -e "s/wrtPass=/###wrtPass=/g" \
+ Â Â Â Â Â Â -e "/###wrtPass=/a \
+ wrtPass=$vcl_mysql_user_password
+ Â \
+ " \
+ $vcl_conf_file
+ #
+ #
+ # Set the MySQL database name for the management server (vcld)
+ sed -i -e "s/xmlrpc_username=vclsystem/###xmlrpc_username=vclsystem/g" \
+ Â Â Â Â Â Â -e "/###xmlrpc_username=vclsystem/a \
+ xmlrpc_username=$vcl_mysql_user_name
+ Â \
+ " \
+ $vcl_conf_file
+ #
+ # Set the MySQL database name for the management server (vcld)
+ sed -i -e "s/xmlrpc_pass=insecureDefault/###xmlrpc_pass=insecureDefault/g"
+\
+ Â Â Â Â Â Â -e "/###xmlrpc_pass=insecureDefault/a \
+ xmlrpc_pass=$vcl_mysql_user_password
+ Â \
+ " \
+ $vcl_conf_file
+ #
+ #
+ # Set the MySQL database name for the management server (vcld)
+ sed -i -e "s/xmlrpc_url=/###xmlrpc_url=/g" \
+ Â Â Â Â Â Â -e "/###xmlrpc_url=/a \
+ xmlrpc_url=https:\/\/$vcl_management_node_name\/vcl\/index.php\?mode=xmlrpccall
+ Â \
+ " \
+ $vcl_conf_file
+ #
+ #
+ #Â + + Configure the SSH Client + + + + + + + + +
+ #
+ /bin/echo "Configuring SSH Client" $logging
+ #
+ # Locate the UserKnownHostsFile and StrictHostKeyChecking lines and change
+them to the following:
+ # Note: These lines may not exist, so just comment them out if they do
+exist
+ #Â Â Â Â Â Â and add the new lines at the end of the file.
+ sed -i -e "s/UserKnownHostsFile/###UserKnownHostsFile/g" \
+ Â Â Â Â Â Â -e "$ a\ \n\
+ UserKnownHostsFile \/dev\/null
+ Â \
+ " \
+ /etc/ssh/ssh_config
+ #
+ sed -i -e "s/StrictHostKeyChecking/###StrictHostKeyChecking/g" \
+ Â Â Â Â Â Â -e "$ a\ \n\
+ StrictHostKeyChecking no
+ Â \
+ " \
+ /etc/ssh/ssh_config
+ #
+ #
+ #Â + + Install and Start the VCL Daemon (vcld) Service + + + + + + + + +
+ #
+ /bin/echo "Install and Start the VCL Daemon (vcld) Service" $logging
+ #
+ # Copy the vcld service script to /etc/init.d and name it vcld:
+ cp /usr/local/vcl/bin/S99vcld.linux /etc/init.d/vcld
+ # Add the vcld service using chkconfig:
+ /sbin/chkconfig --add vcld
+ # Configure the vcld service to automatically run at runtime levels 3-5:
+ /sbin/chkconfig --level 345 vcld on
+ # Start the vcld service:
+ /sbin/service vcld start
+ #
+ #Â Â Â Â Â Â You should see output similar to the following:
+ #
+ #Â Â Â Â Â Â Starting vcld daemon:
+ #Â Â Â Â Â Â
+============================================================================
+ #Â Â Â Â Â Â VCL Management Node Daemon (vcld) | 2011-03-15 10:23:04
+ #Â Â Â Â Â Â
+============================================================================
+ #Â Â Â Â Â Â bin path:Â Â Â Â Â /usr/local/vcl/bin
+ #Â Â Â Â Â Â config file:Â Â /etc/vcl/vcld.conf
+ #Â Â Â Â Â Â log file:Â Â Â Â Â /var/log/vcld.log
+ #Â Â Â Â Â Â pid file:Â Â Â Â Â /var/run/vcld.pid
+ #Â Â Â Â Â Â daemon mode:Â Â 1
+ #Â Â Â Â Â Â setup mode:Â Â Â 0
+ #Â Â Â Â Â Â verbose mode:Â 1
+ #Â Â Â Â Â Â
+============================================================================
+ #Â Â Â Â Â Â Created VCL daemon process: 8465
+ #Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â [Â OKÂ ]
+ #
+ # The vcld service can also be started by running the service script
+directly: /etc/init.d/vcld start
+ # Check the vcld service by monitoring the vcld.log file:
+ tail -f /var/log/vcld.log
+ #
+ # You should see the following being added to the log file every few
+seconds if
+ # the management node is checking in with the database:
+ #
+ #Â Â Â Â Â Â 2009-06-16 16:57:15|15792|vcld:main(165)|lastcheckin time
+updated for management node 18: 2009-06-16 16:57:15
+ #
+
+ # Print instructions for web setup
+ #
+ cat << WEBSETUP
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
++ +
+ + + Â
+ + +Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â VCL Web Set Up Instructions
+ + +
+ + + All VCL installation is now complete except for a few administrative
+tasks
+ + + you must complete using the VCL web-based administration tools.
+ + +
+ + + Please use a web browser to complete the following steps.
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
++ +
+
+ Step 1: Log In to the VCL Website with the following URL
+
+ Â Â Â Â Â Â Â https://$vcl_FQDN/vcl/index.php
+
+ Â Â Â Â Â Â Â Then select "Local Account"
+ Â Â Â Â Â Â Â The username is:Â Â Â admin
+ Â Â Â Â Â Â Â The password is:Â Â Â adminVc1passw0rd
+
+ Â Â Â Â Â Â Â (Note: You may change the password at this time, but be
+certain to
+ Â Â Â Â Â Â Â Â Â Â Â Â Â Â REMEMBER your new password!)
+
+ Step 2: Click the Management Nodes link
+
+ Â Â Â Â Â Â Â Click Add
+ Â Â Â Â Â Â Â Fill in these required fields:
+ # Owner - admin@Local
+ Â Â Â Â Â Â Â Â Â Â Â Â Hostname = $vcl_FQDN
+ Â Â Â Â Â Â Â Â Â Â Â Â IP address = $(hostname -i)
+ Â Â Â Â Â Â Â Â Â Â Â Â SysAdmin Email Address = sysadmin@$search_path
+ Â Â Â Â Â Â Â Â Â Â Â Â Install Path = /var/data
+ Â Â Â Â Â Â Â Â Â Â Â Â End Node SSH Identity Key Files = /etc/vcl/vcl.key
+
+ Â Â Â Â Â Â Â Click Confirm Management Node
+ Â Â Â Â Â Â Â Click Submit
+
+ Step 3: Click the Management Nodes link
+ Â Â Â Â Â Â Â Â Â Â Â Â ( Note: You must click the anagement Nodes link to
+get out of
+ Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â of the previous screen state.)
+ Â Â Â Â Â Â Â Select Edit Management Node Grouping
+ Â Â Â Â Â Â Â Click Submit
+ Â Â Â Â Â Â Â Select the checkbox for your management node
+ Â Â Â Â Â Â Â Click Submit Changes
+
+ Congratualations! You VCL head node installation is complete!
+
+ Now, restart the vcld daemon with the following command:
+
+ /sbin/service vcld restart
+
+ You may monitor vlcd with this command
+
+ tail -f /var/log/vcld.log
+
+
+ WEBSETUP
+
+ #
+ #
+ #Â + + Install and Start the DHCP Service + + + + + + + + +
+ # Note: We use dnsmasq rather than dhcpd
+ #
+ exit
+ #
+ # End of script
+
+Larry Burton 3 May 2012
Added: vcl/site/trunk/content/confluence_export/backend.mdtext
URL: http://svn.apache.org/viewvc/vcl/site/trunk/content/confluence_export/backend.mdtext?rev=1430372&view=auto
==============================================================================
--- vcl/site/trunk/content/confluence_export/backend.mdtext (added)
+++ vcl/site/trunk/content/confluence_export/backend.mdtext Tue Jan 8 16:37:53 2013
@@ -0,0 +1 @@
+Title: Backend
Added: vcl/site/trunk/content/confluence_export/base-image-creation.mdtext
URL: http://svn.apache.org/viewvc/vcl/site/trunk/content/confluence_export/base-image-creation.mdtext?rev=1430372&view=auto
==============================================================================
--- vcl/site/trunk/content/confluence_export/base-image-creation.mdtext (added)
+++ vcl/site/trunk/content/confluence_export/base-image-creation.mdtext Tue Jan 8 16:37:53 2013
@@ -0,0 +1,7 @@
+Title: Base Image Creation
+{excerpt}These pages describe how to create base images.{excerpt}
+
+[Windows OS](vcl:create-a-windows-base-image.html)
+[Linux OS](vcl:create-a-linux-base-image.html)
+[Adding Standalone machines Lab provisioning module](vcl:lab.pm-provisioning-module.html)
+[Adding xCAT kickstart based image](adding-xcat-kickstart-based-image.html)
Added: vcl/site/trunk/content/confluence_export/becoming-a-committer.mdtext
URL: http://svn.apache.org/viewvc/vcl/site/trunk/content/confluence_export/becoming-a-committer.mdtext?rev=1430372&view=auto
==============================================================================
--- vcl/site/trunk/content/confluence_export/becoming-a-committer.mdtext (added)
+++ vcl/site/trunk/content/confluence_export/becoming-a-committer.mdtext Tue Jan 8 16:37:53 2013
@@ -0,0 +1,38 @@
+Title: Becoming a Committer
+{excerpt}This page explains the process someone must go through to become
+an official committer to Apache VCL.{excerpt}
+
+There are 4 steps you need to go through to become an official committer.
+
+1. Actively answer questions on the vcl-dev/vcl-user lists
+By answering questions on the community lists, you show an interest in the
+community. Your answers provide a metric of how well you understand VCL and
+how the Apache VCL community works.
+1. Sign an Individual Contributor License Agreement (ICLA)
+To contribute any code or documentation, you must have an ICLA on file with
+the Apache Software Foundation. More information about the ICLA is
+available on the [licenses page](http://www.apache.org/licenses/#clas)
+. Once you have done this, you should express interest on the vcl-dev list
+that you are interested in becoming a committer.
+1. [\[1\](\[1\.html)
+|Becoming a Committer#skip3] Contribute non-trivial code by attaching
+patches to JIRA issues
+Before being granted commit access to the code respository, you need to
+demonstrate some level of understanding of the code and some level of
+coding proficiency. This is done by contributing patches to JIRA issues. We
+realize "non-trivial" is a subjective term, but simple one-liner patches
+don't allow you to be evaluated at all. (Don't worry we need more
+committers; so we're not strict!)
+1. Be voted in as a new committer on the vcl-private list
+There is a private VCL list for members of the Podling Project Management
+Committee (PPMC) to discuss whether or not someone should be given the
+rights of a committer. A formal vote must happen on this list for you to be
+accepted as a committer.
+
+Once you have been accepted, your next step is to start contributing stuff!
+
+{anchor:skip3}\[1\](1\.html)
+ If you only want to contribute documentation, you can skip step #3.
+However, if you later want to start contributing code, you will still need
+to go through step #3 and have a new vote in step #4 before being granted
+commit access to the code repository.
Added: vcl/site/trunk/content/confluence_export/board-reports.mdtext
URL: http://svn.apache.org/viewvc/vcl/site/trunk/content/confluence_export/board-reports.mdtext?rev=1430372&view=auto
==============================================================================
--- vcl/site/trunk/content/confluence_export/board-reports.mdtext (added)
+++ vcl/site/trunk/content/confluence_export/board-reports.mdtext Tue Jan 8 16:37:53 2013
@@ -0,0 +1,52 @@
+Title: Board Reports
+<a name="BoardReports-BoardReportingSchedule"></a>
+## Board Reporting Schedule
+
+The Apache VCL project must submit quarterly board reports in February,
+May, August, and November. Reports are due the 2nd Wednesday of
+the month:
+* November 9, 2011
+* February 8, 2012
+* May 9, 2012
+* August 8, 2012
+
+The incubator project board reporting schedule is at:
+[http://wiki.apache.org/incubator/ReportingSchedule](http://wiki.apache.org/incubator/ReportingSchedule)
+
+
+
+
+<a name="BoardReports-ReportingGuidelines"></a>
+## Reporting Guidelines
+
+1. A community member should volunteer to make an initial draft of the board
+report a minimum of 1 week prior to the due date. Send a message to [vcl-dev@incubator.apache.org](mailto:vcl-dev@incubator.apache.org.html)
+.
+1. Create a new Confluence page which is a child of this page. The
+title should match the form of previous reports:
+yyyy-mm Incubator VCL Report
+1. * The first line should contain:
+VCL has been incubating since December 2008. VCL is a cloud
+computing platform for the management of physical and virtual machines.
+1. * Inlude a section with the project's top 2 or 3 issues to resolve prior
+to graduation
+1. * Include a summary of the major issues and developments that
+occurred since the last board report was submitted
+1. * The last line should contain:
+Signed off by mentor:
+1. * You can actually copy the last report to use as a base for the new one.
+View a previous report, and then click Info under Page Operations. Finally,
+click Copy on that page. Make sure to change the title of the new
+page.
+1. Send a message to [vcl-dev@incubator.apache.org](mailto:vcl-dev@incubator.apache.org.html)
+ notifying the community that the report is ready to be discussed
+1. * Specify a date and time when the report will be submitted
+1. * there doesn't need to be an official vote to approve the report; if you
+don't get any feedback from anyone, consider it approved
+1. Once the community has approved the report, send a message to [vcl-dev@incubator.apache.org](mailto:vcl-dev@incubator.apache.org.html)
+1. * cc the project mentors asking them to review the report and
+complete the "Signed off by mentor:" line
+1. After the report is signed off by the mentor, copy the contents of the
+report to the appropriate monthy page linked from:
+
+
Added: vcl/site/trunk/content/confluence_export/capture-a-base-image.mdtext
URL: http://svn.apache.org/viewvc/vcl/site/trunk/content/confluence_export/capture-a-base-image.mdtext?rev=1430372&view=auto
==============================================================================
--- vcl/site/trunk/content/confluence_export/capture-a-base-image.mdtext (added)
+++ vcl/site/trunk/content/confluence_export/capture-a-base-image.mdtext Tue Jan 8 16:37:53 2013
@@ -0,0 +1,65 @@
+Title: Capture A Base Image
+<a name="CaptureABaseImage-Runvcld\-setup"></a>
+### Run vcld \-setup
+
+1. Run the following command on the management node:
+{tip}/usr/local/vcl/bin/vcld \-setup{tip}
+1. Navigate the menu options
+(Note: the names and numbers of the menu items may not match your
+installation):
+1. # {color:#808080}Select a module to configure:{color} *VCL Image State
+Module*
+1. # {color:#808080}Choose an operation:{color} *Capture Base Image*
+1. # {color:#808080}Enter the VCL login name or ID of the user who will own
+the image:{color}
+Enter your VCL user ID or the user ID of the user you want to own the
+image. Pressing Enter without entering a user login ID will cause
+admin to be the owner of the new base image.
+1. # {color:#808080}Enter the hostname or IP address of the computer to be
+captured:{color}
+Enter the name or private IP address of the computer which has already
+added to the VCL database.
+1. # {color:#808080}Select the OS to be captured:{color}
+{color:#888888}1. VMware Linux{color}
+{color:#888888}2. VMware Windows 2003 Server{color}
+{color:#888888}3. VMware Windows 7{color}
+{color:#888888}4. VMware Windows Server 2008{color}
+{color:#888888}5. VMware Windows Vista{color}
+{color:#888888}6. VMware Windows XP{color}
+1. # {color:#808080}Image architecture:{color}
+{color:#888888}1. x86{color}
+{color:#888888}2. x86_64{color}
+1. # {color:#808080}Use Sysprep:{color}
+{color:#888888}1. Yes{color}
+{color:#888888}2. No{color}
+Sysprep is usually only required if the image will be loaded on bare
+metal computers with varying different hardware.
+1. # {color:#808080}Enter the name of the image to be captured:{color}
+The name you enter is the name that will be displayed in the list of
+environments. It may contain spaces but including
+other special characters is not recommended.
+
+The following happens once you enter an image name and press enter:
+* A new image is added to the VCL database
+* An imaging request is added to the VCL database
+* The vcld \-setup automatically initiates 'tail \-f /var/log/vcld.log' to
+monitor the vcld log file. The output should be displayed on the
+screen.
+
+Watch the vcld logfile output to determine if the image capture process is
+successful or terminated because a problem occurred. When the capture
+process terminates, there will either be a message near the end of the
+output saying "image capture successful" or there will be several WARNING
+messages, the last of which says something to the effect "image failed to
+be captured". Further troubleshooting is required if the image fails
+to be captured.
+
+<a name="CaptureABaseImage-AddtheBaseImagetoanImageGroup"></a>
+### Add the Base Image to an Image Group
+
+The vcld \-setup utility does not add the new base image to any image
+groups. You must add the image to an image group using the VCL
+website after the image capture process is complete. Reservations for
+the image cannot be made until this is done. To add the image to an
+image group, browse to the VCL website and select Manage Images > Edit
+Image Grouping.
Added: vcl/site/trunk/content/confluence_export/configuration-management.mdtext
URL: http://svn.apache.org/viewvc/vcl/site/trunk/content/confluence_export/configuration-management.mdtext?rev=1430372&view=auto
==============================================================================
--- vcl/site/trunk/content/confluence_export/configuration-management.mdtext (added)
+++ vcl/site/trunk/content/confluence_export/configuration-management.mdtext Tue Jan 8 16:37:53 2013
@@ -0,0 +1,270 @@
+Title: Configuration Management
+This page describes a new configuration system that will be added to VCL
+that can be used to dynamically configure deployed systems.
+
+<a name="ConfigurationManagement-DatabaseSchema"></a>
+## Database Schema
+
+!config_schema.jpg|thumbnail,border=1!
+config:
+* id - id of record
+* name - name of record
+* ownerid - owner of this record (reference to user.id)
+* configtypeid - type of record (reference to configtype.id)
+* data - any data associated with this (ex. puppet manifest)
+* optional - 0/1 - when this config is mapped to something, can the user
+specify to apply it or not
+
+configtype:
+* id - id of record
+* name - name of record
+* moduleid - id of module that handles this type of record (reference to
+module.id)initial types: puppet, subimage, shellcommand, perlfunction,
+software
+configvariable:
+* id - id of record
+* name - name of record
+* configid - config this is associated with (reference to config.id)
+* value - default value of this variable
+* required - 0/1 - when mapped to something, is this variable always
+applied
+* ask - 0/1 - will the user be prompted for a value for this variable, or
+will the default value always be used
+* key - string in config.data to replace with the value of this variable
+* datatype - enum(int, multiint, string) - type of this variable so that
+the frontend knows how to validate it
+
+
+There are some initial, special names:
+** subimage - used for clusters, specifies a subimage to be deployed; when
+deployed, configinstancevariable.value will be reservation.id of the
+subimage
+** min - used in conjunction with subimage to specify a minimum number of
+those subimages
+** max - used in conjunction with subimage to specify a maximum number of
+those subimages
+** runbefore - used to relate to other configs to specify that this should
+be run before the ones specified in 'value'
+** runafter - used to relate to other configs to specify that this should
+be run after the ones specified in 'value'
+** getdata - ??
+
+configinstance:This is similar to the config table, but is for deployed
+systems.\* id - id of record
+* reservationid - reservation this is associated with (references
+reservation.id)
+* configid - config entry being applied (references config.id)
+* status - new/processing/completed??
+
+configinstancevariable:This is similar to the configvariable table, but is
+for deployed systems.\* configinstanceid - config instance this is
+associated with (references configinstance.id)
+* configvariableid - config variable being applied (references
+configvariable.id)
+* value - similar to configvariable.value, but can be set by user to
+different value if configvariable.ask is set to 1
+
+configmap:This is for mapping configs to various resources or other items
+in VCL.\* configid - config being mapped (references config.id)
+* subid - id from specific resource table (ex. image.id)
+* configmaptypeid - type of resource or other item in VCL this is mapped to
+ (references configmaptype.id)
+* affiliationid - allows configs to only be mapped for a specific
+affiliation, use the Global affilation to map to all (references
+affiliation.id)
+* disabled - 0/1 (a little complicated, normally 0) allows exceptions to a
+config being applied; set to 1 if a config would be mapped due to a general
+ mapping, but want to disable for a specific instance (ex. if a config is
+applied for everything deployed by a certain provisioning module, but you
+don't want it applied for a certain image, you would have an entry in this
+table mapping it to the provisioning module with disabled set to 0, then
+you would also have an entry for the image with disabled set to 1)
+* stage - start_load/post_load/(others?) which stage in the provisioning
+process where this record should be applied
+
+configmaptype:
+* id - id of this record
+* name - name of this record
+
+
+Initial types:
+** image
+** OStype
+** provisioning
+
+<a name="ConfigurationManagement-Examples"></a>
+## Examples
+
+
+<a name="ConfigurationManagement-AssigningaVLANtoanimage"></a>
+### Assigning a VLAN to an image
+
+This example shows how to assign a VLAN to an image.
+
+For this example, we'll use the following values from other tables:
+* module.id for handling VLAN config type: 67
+* image.id for the image in this example: 524
+* affiliation.id for the desired affiliation: 6
+* reservation.id for the image: 2748
+* user.id that owns the configs: 54
+
+configtype:
+<table>
+<tr><th> id </th><th> name </th><th> moduleid </th></tr>
+<tr><td> 5 </td><td> VLAN </td><td> 67 </td></tr>
+config:
+<tr><th> id </th><th> name </th><th> ownerid </th><th> configtypeid </th><th> data </th><th> optional </th></tr>
+<tr><td> 77 </td><td> VLAN 30 </td><td> 54 </td><td> 5 </td><td> 30 </td><td> 0 </td></tr>
+configvariable:
+<tr><th> id </th><th> name </th><th> configid </th><th> value </th><th> required </th><th> ask </th><th> key </th><th> datatype </th></tr>
+<tr><td> 486 </td><td> VLAN </td><td> 77 </td><td> 30 </td><td> 1 </td><td> 0 </td><td> (empty) </td><td> int </td></tr>
+configmaptype:
+<tr><th> id </th><th> name </th></tr>
+<tr><td> 1 </td><td> image </td></tr>
+configmap:
+<tr><th> configid </th><th> subid </th><th> configmaptypeid </th><th> affiliationid </th><th> disabled </th><th>
+stage </th></tr>
+<tr><td> 77 </td><td> 524 </td><td> 1 </td><td> 6 </td><td> 0 </td><td> post_load </td></tr>
+configinstance:
+<tr><th> id </th><th> reservationid </th><th> configid </th><th> status </th></tr>
+<tr><td> 6854 </td><td> 2748 </td><td> 77 </td><td> new </td></tr>
+configinstancevariable:
+<tr><th> configinstanceid </th><th> configvariableid </th><th> value </th></tr>
+<tr><td> 6854 </td><td> 486 </td><td> 30 </td></tr>
+</table>
+
+<a name="ConfigurationManagement-Hadoopclusterwithvariableamountofslavenodes"></a>
+### Hadoop cluster with variable amount of slave nodes
+
+This example shows how a hadoop cluster can be requested with 5-10 slave
+nodes. It can be useful to have the variable amount because 10 nodes may be
+ desired, but you may want to cluster anyway if only 5 nodes are available
+or if 10 are requested, but 2 of them fail at deploy time.
+
+For this example, we'll use the following values from other tables:
+* module.id for handling subimage config type: 58
+* image.id for the Hadoop master image: 453
+* image.id for the Hadoop slave image: 454
+* affiliation.id for the desired affiliation: 5
+* reservation.id for the Hadoop master image: 2351
+* reservation.id for the Hadoop slave images: 2352-2361
+* user.id that owns the configs: 9
+
+configtype:
+<table>
+<tr><th> id </th><th> name </th><th> moduleid </th></tr>
+<tr><td> 2 </td><td> subimage </td><td> 58 </td></tr>
+config:
+<tr><th> id </th><th> name </th><th> ownerid </th><th> configtypeid </th><th> data </th><th> optional </th></tr>
+<tr><td> 59 </td><td> hadoop cluster </td><td> 9 </td><td> 2 </td><td> (empty) </td><td> 0 </td></tr>
+configvariable:
+<tr><th> id </th><th> name </th><th> configid </th><th> value </th><th> required </th><th> ask </th><th> key </th><th> datatype </th></tr>
+<tr><td> 146 </td><td> subimage </td><td> 59 </td><td> 454 </td><td> 1 </td><td> 0 </td><td> (empty) </td><td> int </td></tr>
+<tr><td> 147 </td><td> min </td><td> 59 </td><td> 1 </td><td> 1 </td><td> 1 </td><td> (empty) </td><td> int </td></tr>
+<tr><td> 148 </td><td> max </td><td> 59 </td><td> 50 </td><td> 1 </td><td> 1 </td><td> (empty) </td><td> int </td></tr>
+configmaptype:
+<tr><th> id </th><th> name </th></tr>
+<tr><td> 1 </td><td> image </td></tr>
+configmap:
+<tr><th> configid </th><th> subid </th><th> configmaptypeid </th><th> affiliationid </th><th> disabled </th><th>
+stage </th></tr>
+<tr><td> 59 </td><td> 453 </td><td> 1 </td><td> 5 </td><td> 0 </td><td> start_load </td></tr>
+configinstance:
+<tr><th> id </th><th> reservationid </th><th> configid </th><th> status </th></tr>
+<tr><td> 5023 </td><td> 2351 </td><td> 59 </td><td> new </td></tr>
+configinstancevariable:
+<tr><th> configinstanceid </th><th> configvariableid </th><th> value </th></tr>
+<tr><td> 5023 </td><td> 146 </td><td> 2352 </td></tr>
+<tr><td> 5023 </td><td> 146 </td><td> 2353 </td></tr>
+<tr><td> 5023 </td><td> 146 </td><td> 2354 </td></tr>
+<tr><td> 5023 </td><td> 146 </td><td> 2355 </td></tr>
+<tr><td> 5023 </td><td> 146 </td><td> 2356 </td></tr>
+<tr><td> 5023 </td><td> 146 </td><td> 2357 </td></tr>
+<tr><td> 5023 </td><td> 146 </td><td> 2358 </td></tr>
+<tr><td> 5023 </td><td> 146 </td><td> 2359 </td></tr>
+<tr><td> 5023 </td><td> 146 </td><td> 2360 </td></tr>
+<tr><td> 5023 </td><td> 146 </td><td> 2361 </td></tr>
+<tr><td> 5023 </td><td> 147 </td><td> 5 </td></tr>
+<tr><td> 5023 </td><td> 148 </td><td> 10 </td></tr>
+</table>
+
+<a name="ConfigurationManagement-SAScluster"></a>
+### SAS cluster
+
+This example shows how to configure a SAS cluster of 3 nodes: meta,
+midtier, and apps so that they are all deployed and then started in the
+correct order.
+
+For this example, we'll use the following values from other tables:
+* module.id for handling puppet config type: 57
+* module.id for handling subimage config type: 58
+* module.id for handling shellcommand config type: 59
+* image.id for the SAS meta image: 728
+* image.id for the SAS midtier image: 729
+* image.id for the SAS apps image: 730
+* affiliation.id for the desired affiliation: 7
+* reservation.id for the SAS meta image: 2466
+* reservation.id for the SAS midtier image: 2467
+* reservation.id for the SAS apps image: 2468
+* user.id that owns the configs: 15
+
+configtype:
+<table>
+<tr><th> id </th><th> name </th><th> moduleid </th></tr>
+<tr><td> 1 </td><td> puppet </td><td> 57 </td></tr>
+<tr><td> 2 </td><td> subimage </td><td> 58 </td></tr>
+<tr><td> 3 </td><td> shellcommand </td><td> 59 </td></tr>
+config:
+<tr><th> id </th><th> name </th><th> ownerid </th><th> configtypeid </th><th> data </th><th> optional </th></tr>
+<tr><td> 76 </td><td> SAS apps </td><td> 15 </td><td> 2 </td><td> (empty) </td><td> 0 </td></tr>
+<tr><td> 77 </td><td> SAS midtier </td><td> 15 </td><td> 2 </td><td> (empty) </td><td> 0 </td></tr>
+<tr><td> 78 </td><td> SAS meta config </td><td> 15 </td><td> 1 </td><td> (puppet manifest) </td><td> 0 </td></tr>
+<tr><td> 79 </td><td> SAS apps config </td><td> 15 </td><td> 1 </td><td> (puppet manifest) </td><td> 0 </td></tr>
+<tr><td> 80 </td><td> SAS midtier config </td><td> 15 </td><td> 1 </td><td> (puppet manifest) </td><td> 0 </td></tr>
+<tr><td> 81 </td><td> SAS meta start </td><td> 15 </td><td> 3 </td><td> (startup commands) </td><td> 0 </td></tr>
+<tr><td> 82 </td><td> SAS apps start </td><td> 15 </td><td> 3 </td><td> (startup commands) </td><td> 0 </td></tr>
+<tr><td> 83 </td><td> SAS midtier start </td><td> 15 </td><td> 3 </td><td> (startup commands) </td><td> 0 </td></tr>
+configvariable:
+<tr><th> id </th><th> name </th><th> configid </th><th> value </th><th> required </th><th> ask </th><th> key </th><th> datatype </th></tr>
+<tr><td> 268 </td><td> subimage </td><td> 76 </td><td> 729 </td><td> 1 </td><td> 0 </td><td> (empty) </td><td> int </td></tr>
+<tr><td> 269 </td><td> subimage </td><td> 77 </td><td> 730 </td><td> 1 </td><td> 0 </td><td> (empty) </td><td> int </td></tr>
+<tr><td> 270 </td><td> runafter </td><td> 78 </td><td> 268,269 </td><td> 1 </td><td> 0 </td><td> (empty) </td><td> int </td></tr>
+<tr><td> 271 </td><td> runafter </td><td> 79 </td><td> 270 </td><td> 1 </td><td> 0 </td><td> (empty) </td><td> int </td></tr>
+<tr><td> 272 </td><td> runafter </td><td> 80 </td><td> 271 </td><td> 1 </td><td> 0 </td><td> (empty) </td><td> int </td></tr>
+<tr><td> 273 </td><td> runafter </td><td> 81 </td><td> 272 </td><td> 1 </td><td> 0 </td><td> (empty) </td><td> int </td></tr>
+<tr><td> 274 </td><td> runafter </td><td> 82 </td><td> 273 </td><td> 1 </td><td> 0 </td><td> (empty) </td><td> int </td></tr>
+<tr><td> 275 </td><td> runafter </td><td> 83 </td><td> 274 </td><td> 1 </td><td> 0 </td><td> (empty) </td><td> int </td></tr>
+configmaptype:
+<tr><th> id </th><th> name </th></tr>
+<tr><td> 1 </td><td> image </td></tr>
+configmap:
+<tr><th> configid </th><th> subid </th><th> configmaptypeid </th><th> affiliationid </th><th> disabled </th><th>
+stage </th></tr>
+<tr><td> 76 </td><td> 728 </td><td> 1 </td><td> 7 </td><td> 0 </td><td> start_load </td></tr>
+<tr><td> 77 </td><td> 728 </td><td> 1 </td><td> 7 </td><td> 0 </td><td> start_load </td></tr>
+<tr><td> 78 </td><td> 728 </td><td> 1 </td><td> 7 </td><td> 0 </td><td> post_load </td></tr>
+<tr><td> 79 </td><td> 728 </td><td> 1 </td><td> 7 </td><td> 0 </td><td> post_load </td></tr>
+<tr><td> 80 </td><td> 728 </td><td> 1 </td><td> 7 </td><td> 0 </td><td> post_load </td></tr>
+<tr><td> 81 </td><td> 728 </td><td> 1 </td><td> 7 </td><td> 0 </td><td> post_load </td></tr>
+<tr><td> 82 </td><td> 728 </td><td> 1 </td><td> 7 </td><td> 0 </td><td> post_load </td></tr>
+<tr><td> 83 </td><td> 728 </td><td> 1 </td><td> 7 </td><td> 0 </td><td> post_load </td></tr>
+configinstance:
+<tr><th> id </th><th> reservationid </th><th> configid </th><th> status </th></tr>
+<tr><td> 6005 </td><td> 2466 </td><td> 76 </td><td> new </td></tr>
+<tr><td> 6006 </td><td> 2466 </td><td> 77 </td><td> new </td></tr>
+<tr><td> 6007 </td><td> 2466 </td><td> 78 </td><td> new </td></tr>
+<tr><td> 6008 </td><td> 2466 </td><td> 79 </td><td> new </td></tr>
+<tr><td> 6009 </td><td> 2466 </td><td> 80 </td><td> new </td></tr>
+<tr><td> 6010 </td><td> 2466 </td><td> 81 </td><td> new </td></tr>
+<tr><td> 6011 </td><td> 2466 </td><td> 82 </td><td> new </td></tr>
+<tr><td> 6012 </td><td> 2466 </td><td> 83 </td><td> new </td></tr>
+configinstancevariable:
+<tr><th> configinstanceid </th><th> configvariableid </th><th> value </th></tr>
+<tr><td> 6005 </td><td> 268 </td><td> 2467 </td></tr>
+<tr><td> 6006 </td><td> 269 </td><td> 2468 </td></tr>
+<tr><td> 6007 </td><td> 270 </td><td> 6005,6006 </td></tr>
+<tr><td> 6008 </td><td> 271 </td><td> 6007 </td></tr>
+<tr><td> 6009 </td><td> 272 </td><td> 6008 </td></tr>
+<tr><td> 6010 </td><td> 273 </td><td> 6009 </td></tr>
+<tr><td> 6011 </td><td> 274 </td><td> 6010 </td></tr>
+<tr><td> 6012 </td><td> 275 </td><td> 6011 </td></tr>
Added: vcl/site/trunk/content/confluence_export/configure-the-default-profile.mdtext
URL: http://svn.apache.org/viewvc/vcl/site/trunk/content/confluence_export/configure-the-default-profile.mdtext?rev=1430372&view=auto
==============================================================================
--- vcl/site/trunk/content/confluence_export/configure-the-default-profile.mdtext (added)
+++ vcl/site/trunk/content/confluence_export/configure-the-default-profile.mdtext Tue Jan 8 16:37:53 2013
@@ -0,0 +1,160 @@
+Title: Configure the Default Profile
+{excerpt}A Windows profile is the desktop environment configured for a
+particular user. It contains various settings such as desktop colors,
+backgrounds, icon placement, and Windows Explorer settings. The default
+profile is a template profile that is used when a user logs on to a Windows
+computer for the first time. The default profile can be customized by the
+image creator.{excerpt}
+
+
+
+
+<a name="ConfiguretheDefaultProfile-Createaprofileconfigurationaccount:"></a>
+#### Create a profile configuration account:
+
+1. While logged on as *Administrator* , create a local Windows user account
+named *Profile* and add it to the *Administrators* group
+1. Configure the profile:
+1. # Log on as *Profile*
+1. # Make desired profile, desktop, and application changes
+1. # Log out
+
+<a name="ConfiguretheDefaultProfile-Copytheprofileto"DefaultUser":"></a>
+#### Copy the profile to "Default User":
+
+1. Log back on as *Administrator*
+1. Rename the *C:\Documents and Settings\Default User* directory to
+something like *Default User Original*
+1. Open the *Control Panel*
+1. Open *System Properties*
+1. Select the *Advanced* tab
+1. Click the *Settings* button next to User Profiles
+1. Select Profile's profile, click *Copy To* :
+Copy profile to: *C:\Documents and Settings\Default User*
+Permitted to use: add the *Everyone* group
+1. Click *OK*
+
+<a name="ConfiguretheDefaultProfile-Cleanuptheprofileconfigurationaccount:"></a>
+#### Clean up the profile configuration account:
+
+1. Delete the *Profile* user
+1. Delete *C:\Documents and Settings\Profile*
+
+You can then create another account and log in using it to make sure your
+profile settings take affect for new users. Be sure to delete it once
+you're done testing.
+
+
+
+
+Microsoft does not support copying profiles under Windows 7 and Windows
+Server 2008. The "Copy To" button is grayed out for all profiles except
+the default profile. The only supported method is built into Sysprep and
+this method is itself very problematic. The following steps are not
+supported or recommended by Microsoft but seem to work:
+
+<a name="ConfiguretheDefaultProfile-AllowDesktopBackgrounds"></a>
+#### Allow Desktop Backgrounds
+
+1. Download and edit the RDP file for your imaging reservation from the VCL
+website to allow desktop backgrounds or else you wonât be able to change
+the desktop background color
+1. # Right-click on the .rdp file and select *Edit*
+1. # Click on the *Experience* tab
+1. # *Enable* the checkbox next to *Desktop background*
+1. # Click on the *General* tab
+1. # Click *Save*
+1. Login as Administrator
+1. Configure Windows Explorer to show hidden and system file
+1. # Open *Windows Explorer*
+1. # Click *Organize > Folder and search options*
+1. # Select the *View* tab
+1. # Select the radio button next to *Show hidden files, folders, and drives*
+1. # Click *OK*
+
+<a name="ConfiguretheDefaultProfile-Createaprofileconfigurationaccount:"></a>
+#### Create a profile configuration account:
+
+1. Create a new local user account named Profile
+1. # Open *Control Panel > Add or remove user accounts*
+1. # If there is already an account named *Profile* and you want to start
+over with a new account, delete the existing account and then create a new
+one:
+1. ## Click on the *Profile* user
+1. ## Click *Delete the account*
+1. ## Click *Delete Files*
+1. ## Click *Delete Account*
+1. # Click *Create a new account*
+1. # Enter the account name: *Profile*
+1. # Click the radio button next to *Administrator*
+1. # Click *Create Account*
+1. Set the password for the Profile account
+1. # Click on the Profile account
+1. # Click *Create a password*
+1. # Enter the password and click *Create password*
+1. Configure the user profile for the Profile account
+1. # Logout as Administrator and login as Profile
+1. # Customize the user profile for the Profile account
+1. # Logout as Profile
+
+<a name="ConfiguretheDefaultProfile-Copytheprofileto"Default":"></a>
+#### Copy the profile to "Default":
+
+1. Rename the *Profile* user profile folder to *Default*
+1. # Login as Administrator
+1. # Open a Windows Explorer window and navigate to *C:\Users*
+1. # Rename the original default profile folder: C:\Users\{*}Default* \->
+C:\Users\{*}Default Original*
+1. # Rename the customized profile folder: C:\Users\{*}Profile* \->
+C:\Users\{*}Default*
+_Note: if you are unable to rename the Profile folder, reboot the computer,
+login as Administrator, and try again. Run the following command from a
+command prompt to reboot the computer:_
+shutdown.exe \-r \-f \-t 0
+1. Copy the customized profile folder using the Windows profile copying
+utility
+_Note: Windows 7 only allows its built-in profile copying utility to be
+used to copy the default profile, not profiles of other user accounts. The
+profile you customized now resides in the default profile location
+(C:\Users\Default) so the utility can now be used to make a copy of it._
+1. # Open *Control Panel > System and Security > System*
+1. # Click *Advanced system settings* on the left
+1. # Click the *Settings...* button under User Profiles
+1. # Highlight *Default Profile*
+1. # Click *Copy Toâ¦*
+1. ## Copy profile to: *C:\Users\Default Copy*
+1. ## Click *Change* under Permitted to use
+1. ## Enter *Everyone* and click OK
+1. ## Click OK
+1. Replace the original customized profile directory with the one created by
+the Windows profile copying utility
+_Note: C:\Users\Default contains the original customized profile. The same
+profile also resides in C:\Users\Default Copy. The Default Copy folder is
+the one which has had the Windows profile copying utility transformations
+applied to it._
+1. # Open *Windows Explorer*
+1. # Delete the âC:\Users\{*}Default* folder
+1. # Rename the folder: C:\Users\{*}Default Copy* \-> C:\Users\{*}Default*
+1. Delete the Profile account
+1. # Open *Control Panel > Add or remove user accounts*
+1. # Click on the *Profile* account
+1. # Click *Delete the account*
+1. # Click *Delete Files*
+1. # Click *Delete Account*
+
+
+Any new local user accounts created on the computer should receive a user
+profile configured with the customizations you made to the Profile account.
+
+h3. *How to Force the Desktop Background to Appear on Windows 7 & Windows
+Server 2008*
+
+1. Run *gpedit.msc*
+1. # Navigate to *User Configuration* > *Scripts*
+1. # Double-click *Logon*
+1. # Click *Add*
+1. ## Script Name: reg.exe
+1. ## Script Parameters: *DELETE "HKCU\Remote\1\Control Panel\Desktop" /v
+Wallpaper /f*
+1. # Click *OK*
+1. # Run *gpupdate.exe /force*