Saturday, March 20, 2010

How to install GOsa2 on RedHat / CentOS (rpm based)

1.0 About this

The goal of this article is to be a base for a complete installarion of GOsa2, it will be used by future articles on what maters with integrating with others services.

2.0 What GOsa2 means?

GOsa2 is the constrict form for GOnicus System Administration.
From author’s site gosa-project.org
A mighty System-/Config-management frontend using LDAP as a backend. It is able to manage POSIX, Samba, Mail, Kolab, FAX, Asterisk and many more services.

3.0 Prerequisites

4.0 Instaling pre-requisites

As said before, I’m assuming that you already have an installation of CentOS or Red Hat, therefore, I’ll be covering the system requisites to get a functional GOsa2.

4.1 Installing the yum EPEL repository

4.2 Setting the repository for GOsa2

Go to /etc/yum.repos.d and create the file GOsa2.repo with your favorite text editor.
File: /etc/yum.repos.d/GOsa2.repo

1[GOsa]
2name=GOsa Repository
4enabled=1
5gpgcheck=0

4.3 Setting the repository for PHP 5.2

GOsa2 needs the PHP 5.2 to run, however, there’s no PHP 5.2 on official repository. With that said, we need to set up a third party repository.

For this article I’ll be using the repository from Utter Ramblings. It’s a nice and reliable repo, you can use it with no fear.

Go to /etc/yum.repos.d and with your favorite text editor create a file called utterramblings.repo.


File: /etc/yum.repos.d/utterramblings.repo

1[utterramblings]
2name=Jason's Utter Ramblings Repo
3baseurl=http://www.jasonlitka.com/media/EL$releasever/$basearch/
4enabled=1
5gpgcheck=1

This repo already have a version of Apache 2.2.x (2.2.14 at this momment) that we’ll be using.

4.4 Installing OpenLDAP Server

We’ll use the offical version (which means the one into the repository or Media).
To accomplish this, execute the following command:

1yum install openldap openldap-clients openldap-servers

5.0 Installing GOsa2 via yum

With the prerequisites satisfied, continue the installation of GOsa2

There are a couple of plugins availiable from GOsa2 respository, doing a search over it, it is possible to get an idea of which of them you really need to install. Install those that suit to your environment.

1yum search gosa

WARNING: Avoid to install the package gosa-desktop, as it will install Gnome and X.org as dependence.
Below are the packs that we will use in this article. Feel free to alter it.

1yum install gosa-schema.noarch gosa-plugin-systems.noarch gosa-plugin-sudo.noarch gosa-plugin-squid.noarch gosa-plugin-samba.noarch gosa-plugin-rolemanagement.noarch gosa-plugin-pureftpd.noarch gosa-plugin-mail.noarch gosa-plugin-log.noarch gosa-plugin-ldapmanager.noarch gosa-plugin-dns.noarch gosa-plugin-dhcp.noarch gosa-plugin-connectivity.noarch gosa-plugin-addressbook.noarch gosa-help-en.noarch gosa.noarch

5.1 Edit PHP (php.ini) params to suit GOsa2

To GOsa2 run happy, it’s necessary to alter 2 parameters in file /etc/php.ini. Edit it and save it.

Before:
  • expose_php = On
  • magic_quotes_gpc = Off
After:
  • expose_php = Off
  • magic_quotes_gpc = On

5.2 Making sure the services start at boot time

1chkconfig --levels 35 ldap on
2chkconfig --levels 35 httpd on

6.0 Setting OpenLDAP to suit GOsa2 needs

With all those work we have done so far, now it’s a critical time, but simple to do.
Will be necessary to suit OpenLDAP to talk to GOsa2, this means showing the right schemas to OpenLDAP.
Make a backup copy from the original slapd.conf file.

1cd /etc/openldap
2cp slapd.conf slapd.conf.orig

To generate the cn=Manager password hash.

1slappasswd -h {SSHA}
2New password:
3Re-enter new password:
4{SSHA}Nag4FWwXLoGO/WpdpFJUlMVCBYwB94wt

The result will be the hash from the entered password, this case I used “fogonacaixadagua”. Keep this hash, we will use it soon.

Now, make your /etc/openldap/slapd.conf look like the one below:


File: /etc/openldap/slapd.conf

01include         /etc/openldap/schema/corba.schema
02include         /etc/openldap/schema/core.schema
03include         /etc/openldap/schema/cosine.schema
04include         /etc/openldap/schema/dyngroup.schema
05include         /etc/openldap/schema/inetorgperson.schema
06include         /etc/openldap/schema/java.schema
07include         /etc/openldap/schema/misc.schema
08include         /etc/openldap/schema/nis.schema
09include         /etc/openldap/schema/openldap.schema
10include         /etc/openldap/schema/ppolicy.schema
11 
12include /etc/openldap/schema/gosa/samba3.schema
13include /etc/openldap/schema/gosa/pureftpd.schema
14include /etc/openldap/schema/gosa/gofon.schema
15include /etc/openldap/schema/gosa/gosystem.schema
16include /etc/openldap/schema/gosa/goto.schema
17include /etc/openldap/schema/gosa/gosa-samba3.schema
18include /etc/openldap/schema/gosa/gofax.schema
19include /etc/openldap/schema/gosa/goserver.schema
20include /etc/openldap/schema/gosa/goto-mime.schema
21include /etc/openldap/schema/gosa/trust.schema
22include /etc/openldap/schema/gosa/dnszone.schema
23include /etc/openldap/schema/gosa/gosa_custom.schema
24 
25pidfile     /var/run/openldap/slapd.pid
26argsfile    /var/run/openldap/slapd.args
27 
28database    bdb
29suffix      "dc=FogoNaCaixadAgua"
30rootdn      "cn=Manager,dc=FogoNaCaixadAgua"
31 
32# Senha gerada pelo comando slappasswd -h {SSHA}
33rootpw      {SSHA}Nag4FWwXLoGO/WpdpFJUlMVCBYwB94wt
34 
35directory   /var/lib/ldap
36 
37index entryCSN,entryUUID eq
38index uid,mail eq
39index gosaMailAlternateAddress,gosaMailForwardingAddress eq
40index cn,sn,givenName,ou pres,eq,sub
41index objectClass pres,eq
42index uidNumber,gidNumber,memberuid eq
43index gosaSubtreeACL,gosaObject,gosaUser pres,eq
44index sambaSID eq
45index sambaPrimaryGroupSID eq
46index sambaDomainName eq
47 
48cachesize 100000
To copy some schemas that aren’t on schemas’ dir:

1cp /usr/share/gosa/plugins/pureftpd/contrib/pureftpd.schema /etc/openldap/schema/gosa
2cp /usr/share/gosa/plugins/dns/contrib/dnszone.schema /etc/openldap/schema/gosa

Create the file /etc/openldap/schema/gosa_custom.schema with the following content:

File: /etc/openldap/schema/gosa_custom.schema

01#$Id: authldap.schema,v 1.8 2005/03/20 19:10:30 mrsam Exp $
02#
03# OID prefix: 1.3.6.1.4.1.25981
04#
05# Attributes: 1.3.6.1.4.1.25981.1.1
06#
07# Depends on: gosa.schema and cosine.schema
08 
09attributetype ( 1.3.6.1.4.1.25981.1.1.1 NAME 'gosaMailHome'
10    DESC 'The absolute path to the mail message stor directory in a virtual mail setup.'
11        EQUALITY caseExactIA5Match
12        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
13 
14#
15# Objects: 1.3.6.1.4.1.25981.1.2
16#
17 
18objectclass ( 1.3.6.1.4.1.25981.1.2.1 NAME 'gosaVirtualMailAccount' SUP top AUXILIARY
19    DESC 'Objectclass to mark Virtual MailAccounts for GOsa (v2.4)'
20        MAY ( gosaMailHome ) )

7.0 Starting OpenLDP

With OpenLDAP server configured and the schemas on the right place, copy DB_CONFIG.example to LDAP’s dir:

1cd /etc/openldap
2cp DB_CONFIG.example /var/lib/ldap/DB_CONFIG

Now, you can start OpenLDAP and you can verify if it’s gonna ok.

1service ldap start
2Checking configuration files for slapd:  config file testing succeeded
3                                                           [  OK  ]
4Starting slapd:                                            [  OK  ]

8.0 Starting Apache

Apache was installed with the GOsa2. The GOsa2 package created the config file to apache, this file can be found at /etc/httpd/conf.d/gosa-apache.conf

File: /etc/httpd/conf.d/gosa-apache.conf

01# Include GOsa to your web service
02Alias /gosa /usr/share/gosa/html
03 
04
05
06    php_admin_flag engine on
07    php_admin_flag register_globals off
08    php_admin_flag allow_call_time_pass_reference off
09    php_admin_flag expose_php off
10    php_admin_flag zend.ze1_compatibility_mode off
11    php_admin_flag register_long_arrays off
12    php_admin_flag magic_quotes_gpc on
13    php_admin_value upload_tmp_dir /var/spool/gosa/
14    php_admin_value session.cookie_lifetime 0
15    include /etc/gosa/gosa.secrets
16
17
18 
19
20   PHP_Fix_Pathinfo_Enable 1
21   
22     Options +ExecCGI
23     AddHandler fcgid-script .php
24     FCGIWrapper /var/www/php-fcgi/php-fcgi-starter .php
25     include /etc/gosa/gosa.secrets
26   
27
Isnt’ recommended to edit it, do it only if it’s really necessary.


Time to start Apache:

1service httpd start
2Starting httpd:                                            [  OK  ]

9.0 Setting GOsa2 through Web interface

After starting Apache, access through of server IP.

9.1 Initial screen of GOsa2 set up

http://192.168.11.13/gosa/


Note the highlighted part on image, it’s necessary to execute the above command to GOsa2 installer know that you have control over server.

1echo -n 93esjraq6baopmpchl1qsksc84 > /tmp/gosa.auth
After you executed the command, click “Next”.

9.2 Language selection


Pick up the correct one and Click “Next”.

9.3 Environment checking



If you got any error here, get back to: 5.1 Edit PHP (php.ini) params to suit GOsa2.
After all field being marked with Ok, click “Next”.

License agreement

This screen you must accept the license.



After you check it, click “Next.

9.4 LDAP Connection

Here you set the connection between GOsa2 and OpenLDAP that we configured before.



The parts tha need to be changed are marked in 1 and 2:
1. Put the conext to Manager user: “cn=Manager,dc=FogoNaCaixadAgua”
2. Password hash, “fogonacaixadagua”
Click “Next”".

9.5 Schema validation

Yeah!



Click “Next”.

9.6 Setting GOsa2 1/3

Let the default ones and click “Next”.

9.7 Setting GOsa2 2/3

Some settings to GOsa2.

Below I’ll explain the changes done, based on the number into above picture, change them as show.
1. the context that will have the Workstations info from Windows Domain.
2. Timezone for GOsa2.
3. Enable Copy & Paster, it’s a nice function, very interesting when you change some entry into an Organizational Unit, for example.
4. Enable snapshots, they are useful to revert some bat change, for example
5. Put the Manager password, “fogonacaixadagua”.
Click “Next” after you finish it.

9.8 Setting GOsa2 3/3

Last part on setting GOsa2.

1. Enter your SNMP community, if you have one in your network, otherwise put ‘public’.
2. To enable the SUDO config from GOsa2 Interface
Click “Next”.

9.9 Inspecting OpenLDAP

In this screen will have a full check to verify if you have some tree in LDAP, as we started from scratch, it have nothing, because of this you see a lot of “Fails”.

Do not worry, soon it will be all Green ;)
To create a root object, click the button as highlighted on pic below:


After clicking “Try to create a root object” look that the things are starting to getting better :D


First click the button “Migrate”, in “Inspecting object classes in root object” then you will be redirected to the following page:

Click “Migrate”.
Getting back to LDAP Inspection page, click the unique button shown.



This time it’s to create a password for the user ‘admin’ that will log into GOsa2 interface. Enter a password, here is “fogonacaixadagua” then click “Apply”


All nice and green, as I promised you.


Time to go to the last part. Click “Next”.

9.10 Send a feedback

You are on your own.
Finnished, click “Next”.

9.11 Almost END



Download the config file to your computer and then copy it to /etc/gosa on server side, apply the permissions as shown by installer.

1scp ~/temp/gosa.conf root@192.168.11.13:/etc/gosa
After, on GOsa2 server

1chown root:apache /etc/gosa/gosa.conf
2chmod 640 /etc/gosa/gosa.conf

Click “Next” on final step to confirm that the config file is there.

You will be awarded with the login screen, use the ‘admin’ user and the password defined in the install process to login.


No comments:

Post a Comment

Post a Comment