A virtualised laboratory that allows you to experiment with distributed systems right from your laptop.
We are going to use Docker to actually spin up multiple nodes, but so that we can have a consistent environment, we are first going to work from within a VM.
The reason for this is that Docker needs to be running in a Linux env. We can do this natively in OSX but it requires us to run “boot2docker” a script which basically runs a VM in the background. Whilst convenient it means its difficult to access from, e.g. emacs as you have to be running in the specific command terminal boot2docker starts for you.
With that in mind, we are going to do everything from a scripted VM. The other advantage to this is a completely replicatable base from which to start.
You need a few things before you can run the lab.
- Virtual Box
- Vagrant
- Homebrew
- Ansible `brew install ansible`
- `pip install passlib`
- use the mkpasswd utility
mkpasswd –method=SHA-512
The password for the image is “changeme” make sure you change it!
I needed to install the virtual box 5 guest additions but then it was fine. Unfortunately virtualbox 5 is not supported by vagrant and so I had to then downgrade virtual box but the guest additions still work!
To turn off cowsay export ANSIBLE_NOCOWS=1
export PYTHONUNBUFFERED=1
Dont put spaces in
First pull a base image with ansible already on it, e.g.
http://www.binarytides.com/linux-commands-monitor-network/
To see all VMS and clear vagrants cache… vagrant global-status –prune
If the index gets out of sync with the directories eg renaming a dir, you can update metadate here:
Users/jmdb.vagrant.d/data/machine-index
From http://www.liquidweb.com/kb/how-to-install-apache-on-centos-7/
“` sudo yum -y install httpd sudo firewall-cmd –permanent –add-port=80/tcp sudo firewall-cmd –permanent –add-port=443/tcp sudo firewall-cmd –reload
sudo systemctl start httpd sudo systemctl enable httpd # Make sure it starts at boot time
“`
It only runs on centos 7 https://docs.docker.com/installation/centos/
Once installed, you need to run it :
sudo systemctl start docker.service
also
sudo systemctl status docker.service
Want it to run automatically, can do:
sudo systemctl enable docker.service
Docker didn’t seem to like starting without the following option: –storage-opt=”dm.blocksize=64k”
https://docs.docker.com/articles/systemd/
To control the systemd files you can first see if it has an environment file set up, then do this:
sudo systemctl show docker | grep EnvironmentFile
If it shows something like this:
EnvironmentFile=/etc/sysconfig/docker (ignore_errors=yes) EnvironmentFile=/etc/sysconfig/docker-storage (ignore_errors=yes) EnvironmentFile=/etc/sysconfig/docker-network (ignore_errors=yes)
You should be able to add the following into a file at
/etc/sysconfig/docker-storage
We need to replace the file /etc/sysconfig/docker-storage
with the following:
DOCKER_STORAGE_OPTIONS=-s devicemapper –storage-opt dm.fs=xfs –storage-opt dm.thinpooldev=/dev/mapper/centos-docker–pool
Need to do this:
echo “DOCKER_STORAGE_OPTIONS=-s devicemapper –storage-opt dm.blocksize=64k –storage-opt dm.fs=xfs –storage-opt dm.thinpooldev=/dev/mapper/centos-docker–pool” >> /etc/sysconfig/docker-storage
Can then do the usual things:
to see the log files
journalctl -u docker
Then we want to add the following :
systemctl enable docker
Still doesnt work, seems it might be an issue with the kernel. I have version 3.10 latest is 3.18
https://docs.docker.com/installation/centos/
http://linoxide.com/linux-how-to/upgrade-linux-kernel-stable-3-18-4-centos/
rpm –import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org
rpm -Uvh http://www.elrepo.org/elrepo-release-7.0-2.el7.elrepo.noarch.rpm
yum –enablerepo=elrepo-kernel install kernel-ml
To see kernel version uname -r
If you get wierd locking errors make sure virtual box gui is not running.
Ok, upgrading the kernel seemed to work. So we don’t need all that stuff about setting the block size. However, we probably do want to set storage options as its not reccommended to do this.
Then you should be able to do this:
docker run -it centos:centos7 bash
use vagrant-tramp-term to get an ansi terminal straight in there.
From the ansible book
First you want to get the ansible image:
docker pull ansible/centos7-ansible
docker run -d -p 9999:80 ixcode/apache /usr/sbin/apachectl -D FOREGROUND
In order to be able to use openam for free, you need to build it from source [REF!]
To do that, you can use the github mirror.
Clone the following repo
git clone git@github.com:OpenRock/OpenAM.git
It will take some time.
Then go into OpenAm/openam
and type mvn package
You will need maven installed.
http://docs.forgerock.org/en/openam/12.0.0/getting-started/index.html
Enjoy watching the internet download.
In the mean time you can check out the web harness we have built for openam, so you don’t need to install and run tomcat to get it working.
## Switching to a particular version of openam:
Selling finance - get list of questions back from equifax which need to answer to verify security.
A bit like this:
loan.example.com
Run the server, choose “Custome configuration” accept license agreement
Create a password: openamdemonstration
need to choose a cookie domain - loan.example.com
locale en_GB
http://www.pathname.com/fhs/pub/fhs-2.3.html
Put config files in /etc/opt/openam
Set up a domain forwarding in /etc/hosts
127.0.0.1 loan.example.com
Choose the openam datastore for this example. Later can use openDJ or active directory
No to being behind a load balancer
put policy agent password in : openampolicy
OpenAM cannot be in the root context of a web app server.
https://bugster.forgerock.org/jira/browse/OPENAM-3502
The built in version of openDJ is not compatible with
System/Library/Frameworks/JavaVM.framework/Versions
JDK version 8 : https://forgerock.org/topic/opendj-2-6-does-not-compatible-with-java-8/
So the simplest thing is to run the openam server on a lower version of jdk for now.
This means downgrading jetty to
‘org.eclipse.jetty:jetty-server:9.1.5.v20140505’
from
‘org.eclipse.jetty:jetty-webapp:9.3.2.v20150730’
incidentally useful files like the install log ge tput in /etc/opt/openam
https://bugster.forgerock.org/jira/browse/OPENAM-2798
You need to make sure /etc/hosts has whatever the output of `hostname` command is on your system in it as a mapping
login as amadmin:openamdemonstration
You need to have JSP compilation enabled
/openam/console/base/AMAdminFrame.jsp
Also problem with servlets in https://bugster.forgerock.org/jira/browse/OPENAM-2853
No forced path for oauth jsp
https://bugs.eclipse.org/bugs/show_bug.cgi?id=415192
Doesn;t look like jetty 9 is fixed yet:
http://sources.forgerock.org/cru/CR-2421#c15112
So need to use jetty 8
Then it all works
Once OpenAM is up and running, we need to set it up it uses the embedded openDJ product which we want to add users to:
http://www.ldapsoft.com/download.html
https://forgerock.org/topic/can-i-connect-to-embedded-openam-opendj-ldap-data-store/
You can configure it by going into /etc/opt/openam/opends/bin and running control-panel
Connect to a remote server and use the domain name you set up in hosts file. Password is your admin password.
We can then add two users,
adminuser:adminuser worker:worker