Difference between revisions of "Ops535-389-ds-install"
(→Requirements for running the setup-ds.pl program) |
(→Warning message for system resources) |
||
| Line 104: | Line 104: | ||
Would you like to continue? [no]: | Would you like to continue? [no]: | ||
</pre> | </pre> | ||
| − | |||
Update the files "/etc/sysctl.conf" and "/etc/security/limits.conf" and run the "setup-ds-admin.pl" again: | Update the files "/etc/sysctl.conf" and "/etc/security/limits.conf" and run the "setup-ds-admin.pl" again: | ||
= Post-installation = | = Post-installation = | ||
Revision as of 14:07, 15 November 2016
Note: this wiki page is a work-in-progress
Contents
OS and virtual hardware configure on VM
- Minimal CentOS 7.x installation
- 2 NICs - one on NAT network (192.168.122.0/24), one on isolated private network (192.168.x.0/24)
- enable "epel" repository - yum install epel-release
- Hostname: ds389.cp.net
- IP address: 192.168.x.20/24 on isolated private network
System Software Configuration
Host name resolution
- Primary DNS server for your domain:
- Add A resource record: ds389.cp.net. IN A 192.168.x.20
- Add PTR resource record: 20.x.168.192.in-addr.arpa. IN PTR ds389.cp.net.
- If you don't have DNS, add the following record to /etc/hosts
- 192.168.x.20 ds389.cp.net ds389
Firewall configuration
You need to open tcp ports 389, 636 and 9830 for external access to your 389 directory server.
firewalld.service
Run the following commands to open the ports:
firewall-cmd --permanent --add-port=389/tcp firewall-cmd --permanent --add-port=636/tcp firewall-cmd --permanent --add-port=9830/tcp
You need to run the following command to update the current firewall settings:
firewall-cmd --reload
Please confirm your firewall settings with the following command:
firewall-cmd --list-ports
iptables.service
Run the following command to open the ports
iptables -I INPUT -p tcp --dport 389 -j ACCEPT iptables -I INPUT -p tcp --dport 636 -j ACCEPT iptables -I INPUT -p tcp --dport 9830 -j ACCEPT
Run the command to save the current firewall settings:
service iptables save
System resource configuration
- Add the following lines to /etc/sysctl.conf
net.ipv4.tcp_keepalive_time = 300
- Add the following lines to /etc/security/limits.conf
* soft nofile 8192 * hard nofile 8192
389-DS rpm packages
- yum install 389-ds*
389-ds-console-doc 389-ds-base 389-ds-console 389-ds-base-libs 389-ds-base-devel 389-ds 389-dsgw
Will install the above rpm packages and their dependencies.
Requirements for running the setup-ds.pl program
Warning message for system resources
[root@ds389 ~]# setup-ds-admin.pl ============================================================================== This program will set up the 389 Directory and Administration Servers. It is recommended that you have "root" privilege to set up the software. Tips for using this program: - Press "Enter" to choose the default and go to the next screen - Type "Control-B" then "Enter" to go back to the previous screen - Type "Control-C" to cancel the setup program Would you like to continue with set up? [yes]: ============================================================================== Your system has been scanned for potential problems, missing patches, etc. The following output is a report of the items found that need to be addressed before running this software in a production environment. 389 Directory Server system tuning analysis version 23-FEBRUARY-2012. NOTICE : System is x86_64-unknown-linux3.10.0-327.36.3.el7.x86_64 (1 processor). NOTICE : The net.ipv4.tcp_keepalive_time is set to 7200000 milliseconds (120 minutes). This may cause temporary server congestion from lost client connections. WARNING: There are only 1024 file descriptors (soft limit) available, which limit the number of simultaneous connections. WARNING : The warning messages above should be reviewed before proceeding. Would you like to continue? [no]:
Update the files "/etc/sysctl.conf" and "/etc/security/limits.conf" and run the "setup-ds-admin.pl" again:
