Install CentOS 7
The first thing that is required is a CentOS machine - this can be physical or virtual.
- Install the operating system via usual mechanism (e.g., net boot CD, ISO in VMware/VirtualBox or the DVD image).
- Choose the following server install options: "Basic server”.
- Create/choose a secure root password and an initial system user account.
- Once installed, make sure you run a
yum updateto ensure your system is fully up to date.
We would recommend using LVM when disk partitioning to allow easier partition/disk expansion on a live system.
After install, you will want to secure/lockdown the server as best practice dictates - for both the server and any extra software installed. This is beyond the remit of this guide but there are many guides available that provide information on how to secure your CentOS servers and applications.
Configure CentOS 7
Next, there are a few CentOS configuration options that need to be set in advance.
There are currently no SELinux policies for Moonshot, and SELinux must be run in Permissive mode.
|For CentOS SELinux information please refer to the RootUsers guide to SELinux: https://www.rootusers.com/how-to-enable-or-disable-selinux-in-centos-rhel-7/|
For production deployments, it is recommended that the machine be assigned a static IP address.
|For CentOS networking information please refer to the ServerLab guide for CentOS 7: https://www.serverlab.ca/tutorials/linux/administration-linux/how-to-configure-centos-7-network-settings/|
The following ports are required to be accessible from the outside world, both in the local firewall and in any external firewalls:
- 2083/tcp (for RadSec connections to other Moonshot entities)
- 12309/tcp (for Trust Router client connections - if using the Trust Router to broker trust relationships between entities)
Add the Required Repositories
Moonshot requires three
yum repositories to be added to the system - EPEL and the Shibboleth repositories (home of some required dependencies), and the Moonshot repository itself.
Depending on your platform, the
On CentOS, it is part of the Extras repository. On RHEL, you must enable both the Optional and Extras repositories. For more information, visit the EPEL homepage.
On newer releases of Scientific Linux 7, the
Install the Moonshot repository information running the following command:
Code Block linenumbers true
yum install -y http://repository.project-moonshot.org/rpms/centos7/RPMS/noarch/moonshot-repository-2019.05.23-1.centos7.noarch.rpm
This installs the Yum repository, the current Moonshot GPG key, and a package that can update both. This is the preferred method of deploying repository information.
Note title Verifying the Moonshot GPG key
If you wish to verify the Moonshot GPG key's validity and integrity, please see the Packaging GPG Key for further details.
Install the official Shibboleth repository.
Code Block language bash
$ wget -O /etc/yum.repos.d/shibboleth.repo http://download.opensuse.org/repositories/security://shibboleth/CentOS_7/security:shibboleth.repo