wiki:TutorialSetupLXC

Version 4 (modified by admin, 5 years ago) ( diff )

--

Setting up Environment for Institutional Federated Identity Access Management

Minimum Hardware Requirement

PC or Server or VM with 8GB RAM

DNS requirement

Get following DNS added,

  1. For the host computer

iam.[your institution domain].ac.lk -> 192.248.xx.yy1

  1. for your identity database

idb.[your institution domain].ac.lk -> 192.248.xx.yy2

  1. for your identity provider

idp. [your institution domain].ac.lk -> 192.248.xx.yy3

  1. for your eduroam radius server

irs. [your institution domain].ac.lk -> 192.248.xx.yy4

Setting up the Host Computer/Server

  1. Download Ubuntu 18.04 LTS and burn to a USB stick or to a CD ROM as bootable media

You may download and free app Rufus from https://rufus.ie/ to burn IOS image to a USB stick

  1. Change your bios setting to boot up from external media
  1. install Ubuntu 18.04 LTS while setting

the host name as iam

domain as [your institution domain].ac.lk

  1. Login to Ubuntu and run following to update your system

sudo apt-get update

sudo apt-get dist-upgrade

Linux Container (LXC) Virtual Environment

LXC should be built in by default

  • lxc version
  1. Initiate LXC (single host)
  • lxd init
    Would you like to use LXD clustering? (yes/no) [default=no]:
    Do you want to configure a new storage pool? (yes/no) [default=yes]:
    Name of the new storage pool [default=default]:
    Name of the storage backend to use (btrfs, ceph, dir, lvm, zfs) [default=zfs]: dir
    Would you like to connect to a MAAS server? (yes/no) [default=no]:
    Would you like to create a new local network bridge? (yes/no) [default=yes]:
    What should the new bridge be called? [default=lxdbr0]:
    What IPv4 address should be used? (CIDR subnet notation, “auto” or “none”) [default=auto]:
    What IPv6 address should be used? (CIDR subnet notation, “auto” or “none”) [default=auto]:
    Would you like LXD to be available over the network? (yes/no) [default=no]: yes
    Would you like stale cached images to be updated automatically? (yes/no) [default=yes]
    Would you like a YAML "lxd init" preseed to be printed? (yes/no) [default=no]:
    
  • Edit network configuration: sudo nano /etc/netplan/50-cloud-init.yaml
network:
        version: 2
        ethernets:
          enp0s3:
             dhcp4: no


        bridges:
          lxdbr0:
            dhcp4: no
            addresses:
                - 192.248.xx.yy1/24
            gateway4: 192.248.xx.xyz
            nameservers:
                addresses:
                  - 192.248.1.161
            interfaces:
              - enp0s3
  • Apply new network configs: sudo netplan apply

(You may need to reboot here)

  • Check IP address of the host machine: ifconfig
  • Enter sudo lxc network edit lxdbr0 and edit,
      ipv4.address: 192.248.xx.yy/24
      ipv4.nat: "false"
    
  1. Check remote repositories
  • lxc remote list
  1. Local repositories
  • lxc image list
  1. Remote images
  • lxc image list images:
  • lxc image list images:ubuntu
  1. Create a Ubuntu Container
  • lxc launch ubuntu:18.04 test-ct
  • lxc list

Delete a container

  • lxc stop test-ct
  • lxc delete --force test-ct
  1. Create Three Production LXCs for your institute
  • lxc launch ubuntu:18.04 idb
  • lxc copy idb idp
  • lxc copy idb irs
  • lxc start idp
  • lxc start irs
  1. Using/Login to container
  • lxc exec idb bash
  • lsb_release -dirc
  • free -m
  • nproc
  • uname -r
  • exit
  1. CT info
  • lxc info idb
  • pstree -p [pid]
  1. CT configuration
  • lxc config show idp
  • lxc profile list
  • lxc profile show default
  1. Restrict Memory
  • lxc config set idb limits.memory 4096MB
  • lxc config show idb
  • lxc config set idp limits.memory 4096MB
  • lxc config set irs limits.memory 2048MB
  1. configure CT network IP
  • ifconfig
  • nano /etc/netplan/50-cloud-init.yaml
network:
        version: 2
        ethernets:
          enp0s3:
             dhcp4: no
            addresses:
                - 192.248.xx.yy2/24
            gateway4: 192.248.xx.xdfs
            nameservers:
                addresses:
                  - 192.248.1.161

  • netplan generate
  • netplan apply
  • timedatectl set-timezone Asia/Colombo
  1. SSH to CTs
  • nano /etc/ssh/sshd_config

change

PasswordAuthentication no

to

PasswordAuthentication yes

  • Add a user by
    • sudo adduser
    • sudo adduser <username> sudo
  • sudo reboot

now you can ssh to your all three CTs over the network. Then you can follow the installation instruction for LDAP, IDP and IRS for the installation of relevant CTs.

OPTIONAL

  1. Pull/Push file to CT
  • echo helle there > myfile
  • lxc file push myfile idp/root/
  • lxc file pull idp/root/myfile /tmp
  1. Snapshot
  • lxc snapshot idp idp1
  • lxc restore idp idp1
Note: See TracWiki for help on using the wiki.