Antitheft:Public Server: Difference between revisions

From OLPC
Jump to navigation Jump to search
Line 77: Line 77:


chkconfig xsactivation off
chkconfig xsactivation off

With xs-activation configured, the basic service will be working. Additional functionality is available installing and configuring moodle-xs.


==Moodle==
==Moodle==

Revision as of 20:40, 26 February 2010

Setting up and running the public server for a deployment.

Pre-requisites

  • You have read and followed the Antitheft_HowTo page, and have a Master Signing Server (MSS) with your local private keys.
  • You have defined a domain name for your antitheft server -- for example antitheft.yourproject.foo.tld
  • XOs have been keyjected (or manufactured) with your public keys
  • XOs have an OS build that includes delegation support -- that is OS 8.2.2 or newer, and builds based on F11.
  • XOs have a localised OS build that sets the domain if your antitheft server.

Setup Public Server

The recommended distribution is Fedora-11 or newer. At time of this writing, F-12 is available, and RHEL6 seems to be close to release -- it is advisable to install on F-12 and upgrade to RHEL6 or CentOS6 when they are available. RHEL/CentOS provide Long Term Support appropriate for the antitheft server role.

Add packages from XS repository

Add the current XS stable yum repository to your yum configuration -- create a file /etc/yum.repos.d/olpcxs.repo with the configuration present in http://dev.laptop.org/git/users/martin/xs-release.git/tree/olpcxs.repo?h=xs-0.6

Install the required packages:

yum install xs-activation-server moodle-xs olpc-bios-crypto

Create Public Server keys, load initial delegations

On the public server,

  • Use obc-makekey to create "server.private" and "server.public"
  • Place them in /library/xs-activation/keys
  • Copy server.public to a directory in the MSS -- /root/publicserver/server.public

On the MSS, create initial delegations towards the server key.

  • Prepare a CSV file ("allxos.csv") with the following 3 fields:
    • "Server" - which must contain 'server'
    • SN
    • UUID
  • mkdir /root/publicserver/delegations/
  • Create the following create-public-server-delegations.sh script to make the delegations. Set the correct path to the "allxos.csv" file.
 #/bin/bash -e
 ALLXOSCSV=/path/to/allxos.csv
 DAYS=90
 obc-make-server-delagations --csv $ALLXOSCSV --serverkeys /root/publicserver \
    --outdir /root/publicserver/delegations $DAYS /root/masterkeys/oats
 mv /root/publicserver/delegations/{server.sig,d-oats.sig}
 obc-make-server-delagations --act --csv $ALLXOSCSV --serverkeys /root/publicserver \
    --outdir /root/publicserver/delegations $DAYS /root/masterkeys/lease
 mv /root/publicserver/delegations/{server.sig,d-lease.sig}
 pushd /root/publicserver/delegations/
 sha1sum d-*.sig > manifest.sha1
 popd
  • Run the script!
  • Copy the resulting delegations to a USB stick
 rm -fr /media/mydisk/xs-activation/*
 mkdir /media/mydisk/xs-activation/
 cp /root/publicserver/delegations/* /media/mydisk/xs-activation/

Now inserting this USB stick on the Public Server will load up the delegations under /library/xs-activation/lease-delegations and /library/xs-activation/oats-delegations. Executing find library/xs-activation/*-delegations -type f will show the delegation files.

Configure Services

xs-activation XML-RPC

The xs-activation service is an XML-RPM service, offered via apache+mod_python. To ensure it works

  • chkconfig must show httpd service is on
  • Test that the XML-RPC code is runnign and answering requests
    • HEAD http://[servername]/antitheft/1 must be reachable from internet-connected machines.
    • On an XO connected through an ISP or the school, running olpc-update-query -v must show the connection working
    • Requests will be logged in /var/log/httpd/

The xs-activation service also talks on port 191, this must be disabled (as is only relevant on the XS):

chkconfig xsactivation off

With xs-activation configured, the basic service will be working. Additional functionality is available installing and configuring moodle-xs.

Moodle

Monthly update of delegations

Usage and maintenance