Assumptions and Prerequisites
This guide assumes you have a RHEL, CentOS, or Scientific Linux system (a minimal install will do) and that you have a Moonshot RP Proxy available to connect to.
1. System Preparation
1.1. Network configuration
For production deployments, it is recommended that the machine be assigned a static IP address.
For CentOS networking information please refer to the official Red Hat guide:
1.2. Firewall configuration
The following ports are required to be accessible to the outside world in the local firewall:
- 2083/tcp (for RadSec connections to other Moonshot entities, including the RP proxy).
1.3. Add the Required Repositories
At the moment, CentOS/RHEL/SL 6, 8, and 8 are supported.
Moonshot requires three
yum repositories to be added to the system - EPEL and the Shibboleth repositories (home of some required dependencies), and the Moonshot repository itself.
Install EPEL by running the following command:
Depending on your platform, the
epel-releasepackage is part of one of the optional repositories.
On CentOS, it is part of the Extras repository. On RHEL, you must enable both the Optional and Extras repositories. For more information, visit the EPEL homepage.
On newer releases of Scientific Linux 7, the
epel-releasepackage does not exist. Use
yum install yum-conf-epelinstead. For more information, see the Scientific Linux 7.2 release notes.
Install the Moonshot repository information running one of the the following commands depending on your CentOS version:
This installs the Yum repository, the current Moonshot GPG key, and a package that can update both. This is the preferred method of deploying repository information.
Verifying the Moonshot GPG key
If you wish to verify the Moonshot GPG key's validity and integrity, please see the Packaging GPG Key for further details.
Install the official Shibboleth repository using one of the following commands, according to your CentOS version:.
2. Install Moonshot
We are now ready to install the Moonshot software and its required dependencies. Install the software by running the following command:
3. Next Steps
3.1. Configure your Moonshot Libraries to connect to an RP Proxy
The Moonshot GSS-EAP mechanism needs to connect to a local Moonshot RP Proxy (RADIUS server) via RADIUS or RadSec in order to create the first hop between the service and the user's home IdP to allow authentication to happen. See the Configure a Linux Server to Connect to an RP Proxy page for instructions on how to do this.
3.2. Configure your Application/Service to use Moonshot
Finally, you may have to install/configure that application/service as necessary.