= Setting up Environment for Institutional Federated Identity Access Management = == Minimum Hardware Requirement == PC or Server or VM with 8GB RAM == DNS requirement == Get following DNS added, 1. For the host computer iam.[your institution domain].ac.lk -> 192.248.xx.yy1 2. for your identity database idb.[your institution domain].ac.lk -> 192.248.xx.yy2 3. for your identity provider idp. [your institution domain].ac.lk -> 192.248.xx.yy3 4. for your eduroam radius server irs. [your institution domain].ac.lk -> 192.248.xx.yy4 == Setting up the Host !Computer/Server == 1. Download Ubuntu 18.04 LTS and burn to a USB stick or to a CD ROM as bootable media You may download and free app '''Rufus''' from https://rufus.ie/ to burn IOS image to a USB stick 2. Change your bios setting to boot up from external media 3. install Ubuntu 18.04 LTS while setting the host name as '''iam''' domain as [your institution domain].ac.lk 4. Login to Ubuntu and run following to update your system sudo apt update sudo apt upgrade == Linux Container (LXC) Virtual Environment == LXC should be built in by default. (You need to run these commands as sudo ) * `lxc version` 1. Initiate LXC (single host) * `lxd init` {{{ Would you like to use LXD clustering? (yes/no) [default=no]: Do you want to configure a new storage pool? (yes/no) [default=yes]: Name of the new storage pool [default=default]: Name of the storage backend to use (btrfs, ceph, dir, lvm, zfs) [default=zfs]: dir Would you like to connect to a MAAS server? (yes/no) [default=no]: Would you like to create a new local network bridge? (yes/no) [default=yes]: What should the new bridge be called? [default=lxdbr0]: What IPv4 address should be used? (CIDR subnet notation, “auto” or “none”) [default=auto]: What IPv6 address should be used? (CIDR subnet notation, “auto” or “none”) [default=auto]: Would you like LXD to be available over the network? (yes/no) [default=no]: yes Would you like stale cached images to be updated automatically? (yes/no) [default=yes] Would you like a YAML "lxd init" preseed to be printed? (yes/no) [default=no]: }}} * Edit network configuration: `sudo nano /etc/netplan/50-cloud-init.yaml` {{{ network: version: 2 ethernets: enp0s3: dhcp4: no bridges: lxdbr0: dhcp4: no addresses: - 192.248.xx.yy1/24 gateway4: 192.248.xx.zz nameservers: addresses: - 192.248.1.161 interfaces: - enp0s3 }}} * Apply new network configs: `sudo netplan apply` (You may need to reboot here) * Check IP address of the host machine: `ifconfig` * Enter `sudo lxc network edit lxdbr0` and edit, {{{ ipv4.address: 192.248.xx.yy/24 ipv4.nat: "false" }}} 2. Check remote repositories * `lxc remote list` 3. Local repositories * `lxc image list` 4. Remote images * `lxc image list images:` * `lxc image list images:ubuntu` 5. Create a Ubuntu Container * `lxc launch ubuntu:18.04 test-ct` * `lxc list` Delete a container * `lxc stop test-ct` * `lxc delete --force test-ct` 6. Create Three Production LXCs for your institute * `lxc launch ubuntu:18.04 idb` * `lxc copy idb idp` * `lxc copy idb irs` * `lxc start idp` * `lxc start irs` 7. !Using/Login to container * `lxc exec idb bash` * `lsb_release -dirc` * `free -m` * `nproc` * `uname -r` * `exit` 8. CT info * `lxc info idb` * `pstree -p [pid]` 9. CT configuration * `lxc config show idp` * `lxc profile list` * `lxc profile show default` 10. Restrict Memory * `lxc config set idb limits.memory 4096MB` * `lxc config show idb` * `lxc config set idp limits.memory 4096MB` * `lxc config set irs limits.memory 2048MB` 11. configure CT network IP * Log in to your container `lxc exec bash` * `ifconfig` * `nano /etc/netplan/50-cloud-init.yaml` {{{ network: version: 2 ethernets: eth0: dhcp4: no addresses: - 192.248.xx.yy2/24 gateway4: 192.248.xx.zz nameservers: addresses: - 192.248.1.161 }}} * `netplan apply` * `timedatectl set-timezone Asia/Colombo` 12. SSH to CTs * `nano /etc/ssh/sshd_config` change `PasswordAuthentication no` to `PasswordAuthentication yes` * Add a user by * `sudo adduser ` Make that user a '''sudo''' user * `sudo adduser sudo` * `sudo reboot` now you can ssh to your all three CTs over the network. Then you can follow the installation instruction for LDAP, IDP and IRS for the installation of relevant CTs. === OPTIONAL === 1. !Pull/Push file to CT * `echo helle there > myfile` * `lxc file push myfile idp/root/` * `lxc file pull idp/root/myfile /tmp` 2. Snapshot * `lxc snapshot idp idp1` * `lxc restore idp idp1`