On to my next virtual machine. This one would be 'namer' who hands out and checks names and identities. It would have three services, DNS, DHCP, and LDAP. The DNS server would give names to all the static IP computers on the local network 'berkeley.local'. DHCP would hand out dynamic IP addresses to the rest of the computers and devices. And LDAP would register people and their authorizations within the network.
DNS and DHCP would be pretty simple to install, the instructions here and here sufficed. I set my main gateway computer 'servy' to be a secondary DNS and to automatically get the local DNS configuration from namer. That proved to be a fortuitous decision. LDAP proved to be a bit of a bear as usual, resisting every effort to configure it. Most of the problem stemmed from my own typos and confusing error messages. I'm the first to admit my own fallibility, but it would be nice if the software could point out my mistakes in a more direct manner. The instructions were taken from the usual source but I had to split apart the frontend directory configuration to find where the error was. My mistake was not replacing some of the example terms with my own terms, as the distinction between what is template and what is example was not perfectly clear. Eventually I had the LDAP server running and recognizing a few people.
In order to have LDAP authenticating people on the various machines, I still wanted to have a single admin user defined for each of the machines. Normally the admin user is randysr, but I wanted to have that defined in LDAP so that it could be used by other applications. So I started to create an admin user on each of my linux systems, synchronize their passwords, and use SSH keys to easy moving between machines as the admin user. The admin user is already defined by ubuntu, but with no password and no home page, so I had to set those up manually. At the same time I wanted to create a certificate authority (CA) on servy, and create certificates for each of my servers. That was pretty easy, but a lot of typing. Instructions for SSH keys are here and instructions for the certificates here I had a little trouble with the SSH keys, as the instructions didn't work on some of the machines, which had a different public key file than was created by the ssh-keygen command, so I had to look through the man page for the ssh-copy-id command to find out how to direct it to the correct public key file.
My first use of the LDAP authentication was to secure various pages of my website. Reading through the section on Apache integration I was able to configure Apache to read LDAP, but now I needed to configure LDAP to have a specific group of authorized users for Apache. The documentation showed how to do that with a web-config tool phpLDAPadmin After installing that I was able to create the group without too much trouble. Now my webpages were secured by LDAP.
I added a few webapps to the LAMP server. From the ubuntu server guide, I installed phpmyadmin, moinmoin, and mediawiki. The mediawiki looked nicer than moinmoin, so I decided to expose that and make my root URL redirect there as a nice home page.
Now my big mistake, I decided that on the new virtual machines and the virtual machine host, the randysr user was not necessary, so I removed it, and removed the home directories. Not soon after I discovered the the img files that were being used as virtual hard drives for the two virtual machines were in the home directory that I just erased, and the virtual machines wobbled and fell down. After a few minutes of trying to salvage what I could from the virtual machines, I decided it best just to start from scratch and go forward again.
But not before I took some time to relax and reflect on everything I had done so far. I had installed and configured these systems in three days (two partial days, Friday most of my time was spent with my mom in Seattle at the art museum and the symphony, and Saturday most of my time was spent a the Washington state history museum). Now it was Sunday and I had to relax a little. To help relax, I went out an got a terrarium and a little tomato frog, 'murp' to go in him. I'll post a picture in my next post.
No comments:
Post a Comment