Antitheft:Public Server: Difference between revisions

From OLPC
Jump to navigation Jump to search
Line 27: Line 27:


=Create Server Keys, Configure services=
=Create Server Keys, Configure services=

On the public server,
* Use obc-makekey to create "server.private" and "server.public"
* Place them in /library/xs-activation/keys
* Copy server.public to a directory in the MSS -- /root/publicserver/server.public

On the MSS, create initial delegations towards the server key.

* Prepare a CSV file ("allxos.csv") with the following 3 fields:
** "Server" - which must contain 'server'
** SN
** UUID
* <code>mkdir /root/publicserver/delegations/</code>
* Generate the delegations thus
obc-make-server-delagations --csv /path/to/allxos.csv --serverkeys /root/publicserver \
--outdir /root/publicserver/delegations 90 /root/masterkeys/oats
obc-make-server-delagations --act --csv /path/to/allxos.csv --serverkeys /root/publicserver \
--outdir /root/publicserver/delegations 90 /root/masterkeys/lease
* Copy the delegations to a USB stick
rm -fr /media/mydisk/xs-activation/*
mkdir /media/mydisk/xs-activation/
cp /root/publicserver/delegations/d-*.sig /media/mydisk/xs-activation/
cd /media/mydisk/xs-activation/
sha1sum * > /tmp/manifest.sha1
mv /tmp/manifest.sha1 ./


=Monthly update of delegations=
=Monthly update of delegations=

Revision as of 17:42, 26 February 2010

Setting up and running the public server for a deployment.

Pre-requisites

  • You have read and followed the Antitheft_HowTo page, and have a Master Signing Server (MSS) with your local private keys.
  • You have defined a domain name for your antitheft server -- for example antitheft.yourproject.foo.tld
  • XOs have been keyjected (or manufactured) with your public keys
  • XOs have an OS build that includes delegation support -- that is OS 8.2.2 or newer, and builds based on F11.
  • XOs have a localised OS build that sets the domain if your antitheft server.

Setup Public Server

The recommended distribution is Fedora-11 or newer. At time of this writing, F-12 is available, and RHEL6 seems to be close to release -- it is advisable to install on F-12 and upgrade to RHEL6 or CentOS6 when they are available. RHEL/CentOS provide Long Term Support appropriate for the antitheft server role.

Add packages from XS repository

Add the current XS stable yum repository to your yum configuration -- create a file /etc/yum.repos.d/olpcxs.repo with the configuration present in http://dev.laptop.org/git/users/martin/xs-release.git/tree/olpcxs.repo?h=xs-0.6

Install the required packages:

yum install xs-activation-server moodle-xs olpc-bios-crypto

Create Server Keys, Configure services

On the public server,

  • Use obc-makekey to create "server.private" and "server.public"
  • Place them in /library/xs-activation/keys
  • Copy server.public to a directory in the MSS -- /root/publicserver/server.public

On the MSS, create initial delegations towards the server key.

  • Prepare a CSV file ("allxos.csv") with the following 3 fields:
    • "Server" - which must contain 'server'
    • SN
    • UUID
  • mkdir /root/publicserver/delegations/
  • Generate the delegations thus
 obc-make-server-delagations --csv /path/to/allxos.csv --serverkeys /root/publicserver \
    --outdir /root/publicserver/delegations 90 /root/masterkeys/oats
 obc-make-server-delagations --act --csv /path/to/allxos.csv --serverkeys /root/publicserver \
    --outdir /root/publicserver/delegations 90 /root/masterkeys/lease
  • Copy the delegations to a USB stick
 rm -fr /media/mydisk/xs-activation/*
 mkdir /media/mydisk/xs-activation/
 cp /root/publicserver/delegations/d-*.sig /media/mydisk/xs-activation/
 cd /media/mydisk/xs-activation/
 sha1sum * > /tmp/manifest.sha1
 mv /tmp/manifest.sha1 ./

Monthly update of delegations

Usage and maintenance