= Setting up Environment for Institutional Federated Identity Access Management = == Minimum Hardware Requirement == PC or Server or VM with 8GB RAM == DNS requirement == Get following DNS added, 1. For the host computer iam.[your institution domain].ac.lk -> 192.248.xx.yy1 2. for your identity database idb.[your institution domain].ac.lk -> 192.248.xx.yy2 3. for your identity provider idp. [your institution domain].ac.lk -> 192.248.xx.yy3 4. for your eduroam radius server irs. [your institution domain].ac.lk -> 192.248.xx.yy4 == Setting up the Host !Computer/Server == 1. Download Ubuntu 18.04 LTS and burn to a USB stick or to a CD ROM as bootable media You may download and free app '''Rufus''' from https://rufus.ie/ to burn IOS image to a USB stick 2. Change your bios setting to boot up from external media 3. install Ubuntu 18.04 LTS while setting the host name as '''iam''' domain as [your institution domain].ac.lk 4. Login to Ubuntu and run following to update your system sudo apt update sudo apt upgrade == Linux Container (LXC) Virtual Environment == LXC should be built in by default. (You need to run these commands as sudo ) * `sudo lxc version` 1. Initiate LXC (single host) * `sudo lxd init` {{{ Would you like to use LXD clustering? (yes/no) [default=no]: Do you want to configure a new storage pool? (yes/no) [default=yes]: Name of the new storage pool [default=default]: Name of the storage backend to use (btrfs, dir, lvm) [default=btrfs]: dir Would you like to connect to a MAAS server? (yes/no) [default=no]: Would you like to create a new local network bridge? (yes/no) [default=yes]: no Would you like to configure LXD to use an existing bridge or host interface? (yes/no) [default=no]: no Would you like LXD to be available over the network? (yes/no) [default=no]: Would you like stale cached images to be updated automatically? (yes/no) [default=yes] Would you like a YAML "lxd init" preseed to be printed? (yes/no) [default=no]: }}} * Edit network configuration: `sudo nano /etc/netplan/50-cloud-init.yaml` Make sure you edit the network interfaces as per your installation details. (Don't Copy - Paste) {{{ network: version: 2 ethernets: enp0s3: dhcp4: no bridges: lxdbr0: dhcp4: no addresses: - 192.248.xx.yy/cc gateway4: 192.248.xx.zz nameservers: addresses: - 192.248.1.161 interfaces: - enp0s3 }}} * Next step is to apply network configuration. Before applying please verify the configuration with an instructor. Applying with wrong configuration will DISCONNECT you from the SSH connection so that you are unable to connect again from the Workshop. Once network configuration is verified enter `sudo netplan apply`. ( You can also try `sudo netplay try` command verify the network configuration. Once you enter this command configuration will be applied for 120 seconds and roll back.Meanwhile you can test network connection using `ping` by opening another terminal window. Don't ENTER until you satisfy with the new configuration. If you want to roll back configuration earlier type Ctrl + C ) (If you see any error, please check the yaml file. Do not reboot under any circumstances if you are connected via SSH ) * Check IP address of the host machine: `ifconfig` {{{#!comment * Enter `sudo lxc network edit lxdbr0` and edit, ipv4.address: 192.248.xx.yy/24 ipv4.nat: "false" }}} * Modify the default container profile to add bridged network: `lxc profile edit default` {{{ config: {} description: Default LXD profile devices: eth0: nictype: bridged parent: lxdbr0 type: nic root: path: / pool: default type: disk name: default used_by: [] }}} 2. Check remote repositories * `sudo lxc remote list` 3. Local repositories * `sudo lxc image list` 4. Remote images * `sudo lxc image list images:` * `sudo lxc image list images:ubuntu` 5. Create a Ubuntu Container * `sudo lxc launch ubuntu:18.04 test-ct` * `sudo lxc list` Delete a container * `sudo lxc stop test-ct` * `sudo lxc delete --force test-ct` 6. Create Three Production LXCs for your institute * `lxc launch ubuntu:18.04 idb` * `lxc copy idb idp` * `lxc copy idb irs` * `lxc start idp` * `lxc start irs` 7. !Using/Login to container * `lxc exec idb bash` * `lsb_release -dirc` * `free -m` * `nproc` * `uname -r` * `exit` 8. CT info * `lxc info idb` * `pstree -p [pid]` 9. CT configuration * `lxc config show idp` * `lxc profile list` * `lxc profile show default` 10. Restrict Memory * `lxc config set idb limits.memory 4096MB` * `lxc config show idb` * `lxc config set idp limits.memory 4096MB` * `lxc config set irs limits.memory 2048MB` 11. configure CT network IP * Log in to your container `lxc exec bash` * `ifconfig` * `nano /etc/netplan/50-cloud-init.yaml` {{{ network: version: 2 ethernets: eth0: dhcp4: no addresses: - 192.248.xx.yy2/24 gateway4: 192.248.xx.zz nameservers: addresses: - 192.248.1.161 }}} * `netplan apply` * `timedatectl set-timezone Asia/Colombo` 12. SSH to CTs * `nano /etc/ssh/sshd_config` change `PasswordAuthentication no` to `PasswordAuthentication yes` * Restart the ssh service `service sshd restart` * Add a user by * `adduser ` Make that user a '''sudo''' user * `adduser sudo` * `reboot` now you can ssh to your all three CTs over the network. Then you can follow the installation instruction for LDAP, IDP and IRS for the installation of relevant CTs. === OPTIONAL === 1. !Pull/Push file to CT * `echo helle there > myfile` * `lxc file push myfile idp/root/` * `lxc file pull idp/root/myfile /tmp` 2. Snapshot * `lxc snapshot idp idp1` * `lxc restore idp idp1`