Deploying a perfSONAR Toolkit

Issue/Question

How do I deploy a perfSONAR toolkit?

How do I use ansible to deploy perfSONAR?

Environment

  • perfSONAR
  • CentOS

Resolution

ITS STAFF ONLY

  1. Install Centos7 with a GUI
    1. Setup ansible.svc as a root capable user with the password stored in RDM.
    2. set the IP address, hostname, and DNS records as appropriate.
  2. Create a DHCP reservation and DNS record for the new node.
  3. Copy the public SSH key from usd-ansible.usd.edu for the ansible.svc user
  4. On usd-ansible.usd.edu, add the hostname to /home/ansible.svc/ansible-playbook-perfsonar/inventory/hosts underneath [Toolkit]
  5. Ensure that hostnames you do not want to push an update to are commented out typing a # in front of the hostname
  6. Test ansible by typing ansible all -m ping
    Note: A successfully ping will display text like: perfsonarX.usd.edu | SUCCESS
  7. Navigate to /home/ansible.svc/ansible-playbook-perfsonar on usd-ansible.usd.edu
  8. Type ansible-playbook perfsonar.yml
    Note: It may need to be run several times before all services report "OK"
  9. SSH to the deployed node
  10. Gain root by typing sudo su
  11. When prompted for a new user, hit enter, then, create the ansible user with the password listed in RDM.
  12. Type setenforce Permissive
  13. Type sed -i -e 's/^SELINUX=enforcing/SELINUX=permissive/' /etc/selinux/config
  14. Reboot the machine
  15. On the node, edit /etc/httpd/conf.d/apache-toolkit_web_gui.conf
  16. On a new line one line before the line that says RedirectMatch ^/$ /toolkit/, type Redirect permanent / https://nodename.usd.edu. Save the file.
  17. Navigate to /etc/pki/tls/private/
  18. Type openssl req -newkey rsa:2048 -keyout PRIVATEKEY.key -out YYYYMMDD.csr
  19. Request the certificates using the .csr file
  20. Copy the certificate only file (PEM encoded) and the certificate Root/Intermediate(s) only (PEM encoded) file to /etc/pki/tls/certs
  21. Edit /etc/httpd/conf.d/ssl.conf file. Set the values for SSLCertificateFile, SSLCertificateKeyFile, and SSLCertificateChainFile
  22. Type systemctl restart httpd
  23. In a web browser, navigate to the node's hostname
  24. Login using the psadmin (Perfsonar Web Admin) credentials in RDM
  25. Click Configuration
  26. Enter University of South Dakota in the Organization Name field.
  27. Enter server@usd.edu in the Administrator email field.
  28. Enter the city in which the node is located.
  29. Select the state in which the node is located.
  30. Enter in the ZIP/Postal code in which the node is located.
  31. Fill in the Latitude/Longitude with approximate values from a Google Maps pin.
  32. Set the node role and node access policy as appropriate
  33. Agree to the privacy policy
  34. Click Save
Print Article