linux:centos:centos-ds_install

差分

このページの2つのバージョン間の差分を表示します。

この比較画面へのリンク

両方とも前のリビジョン 前のリビジョン
linux:centos:centos-ds_install [2024/02/04 13:39] – 削除 - 外部編集 (Unknown date) 非ログインユーザーlinux:centos:centos-ds_install [2024/02/04 13:39] (現在) – ↷ linux:centos-ds_install から linux:centos:centos-ds_install へページを移動しました。 ともやん
行 1: 行 1:
 +====== CentOS Directory Server のインストール ======
 + 以降は CentOS 5.5 にて CentOS Directory Server を導入した際のメモです。
 +
 +===== centos-ds のインストール =====
 +<code>
 +# yum install centos-ds
 +~省略~
 +Dependencies Resolved
 +
 +================================================================================
 + Package                 Arch      Version                      Repository
 +                                                                           Size
 +================================================================================
 +Installing:
 + centos-ds               x86_64    8.1.0-1.el5.centos.2         extras    3.4 k
 +Installing for dependencies:
 + adminutil               x86_64    1.1.8-2.el5.centos.0         extras     69 k
 + centos-admin-console    noarch    8.1.0-2.el5.centos.2         extras    222 k
 + centos-ds-admin         x86_64    8.1.0-9.el5.centos.1         extras    373 k
 + centos-ds-base          x86_64    8.1.0-0.14.el5.centos.2      extras    1.7 M
 + centos-ds-console       noarch    8.1.0-5.el5.centos.2         extras    1.4 M
 + mozldap                 x86_64    6.0.5-1.el5                  base      134 k
 + mozldap-tools           x86_64    6.0.5-1.el5                  base      146 k
 + perl-Mozilla-LDAP       x86_64    1.5.2-4.el5                  base      178 k
 +
 +Transaction Summary
 +================================================================================
 +Install       9 Package(s)
 +Upgrade       0 Package(s)
 +
 +Total download size: 4.2 M
 +Is this ok [y/N]: y
 +</code>
 +
 +===== 初期設定のバックアップ =====
 + 初期状態に戻すことを可能にするために、以下のコマンドを実行してディレクトリのバックアップを行う。
 +<code>
 +# cp -a /etc/dirsrv /etc/dirsrv.org
 +</code>
 +
 +===== setup-ds-admin.pl の実行 =====
 +<code>
 +# setup-ds-admin.pl
 +
 +==============================================================================
 +This program will set up the CentOS Directory and Administration Servers.
 +
 +It is recommended that you have "root" privilege to set up the software.
 +Tips for using this program:
 +  - Press "Enter" to choose the default and go to the next screen
 +  - Type "Control-B" then "Enter" to go back to the previous screen
 +  - Type "Control-C" to cancel the setup program
 +
 +Would you like to continue with set up? [yes]: 
 +</code>
 +セットアップを続行する場合は、そのまま Enter キーを入力する。\\
 +\\
 +<code>
 +==============================================================================
 +BY SETTING UP AND USING THIS SOFTWARE YOU ARE CONSENTING TO BE BOUND BY
 +AND ARE BECOMING A PARTY TO THE AGREEMENT FOUND IN THE
 +LICENSE.TXT FILE. IF YOU DO NOT AGREE TO ALL OF THE TERMS
 +OF THIS AGREEMENT, PLEASE DO NOT SET UP OR USE THIS SOFTWARE.
 +
 +Do you agree to the license terms? [no]: yes
 +</code>
 +ライセンス条件に同意する場合は yes と入力する。\\
 +\\
 +<code>
 +==============================================================================
 +Your system has been scanned for potential problems, missing patches,
 +etc.  The following output is a report of the items found that need to
 +be addressed before running this software in a production
 +environment.
 +
 +CentOS Directory Server system tuning analysis version 10-AUGUST-2007.
 +
 +NOTICE : System is x86_64-unknown-linux2.6.18-194.32.1.el5 (6 processors).
 +
 +NOTICE : The net.ipv4.tcp_keepalive_time is set to 7200000 milliseconds
 +(120 minutes).  This may cause temporary server congestion from lost
 +client connections.
 +
 +WARNING: There are only 1024 file descriptors (hard limit) available, which
 +limit the number of simultaneous connections.  
 +
 +WARNING: There are only 1024 file descriptors (soft limit) available, which
 +limit the number of simultaneous connections.  
 +
 +Would you like to continue? [no]: yes
 +</code>
 +警告など表示されるが、セットアップを続行する場合は、yes と入力する。\\
 +\\
 +<code>
 +==============================================================================
 +Choose a setup type:
 +
 +   1. Express
 +       Allows you to quickly set up the servers using the most
 +       common options and pre-defined defaults. Useful for quick
 +       evaluation of the products.
 +
 +   2. Typical
 +       Allows you to specify common defaults and options.
 +
 +   3. Custom
 +       Allows you to specify more advanced options. This is 
 +       recommended for experienced server administrators only.
 +
 +To accept the default shown in brackets, press the Enter key.
 +
 +Choose a setup type [2]: 
 +</code>
 +セットアップタイプはデフォルトのまま Enter キーを入力して続行する。\\
 +\\
 +<code>
 +==============================================================================
 +Enter the fully qualified domain name of the computer
 +on which you're setting up server software. Using the form
 +<hostname>.<domainname>
 +Example: eros.example.com.
 +
 +To accept the default shown in brackets, press the Enter key.
 +
 +Computer name [green.fireball.local]: 
 +</code>
 +コンピュータ名はデフォルトのまま Enter キーを入力して続行する。\\
 +\\
 +<code>
 +==============================================================================
 +The servers must run as a specific user in a specific group.
 +It is strongly recommended that this user should have no privileges
 +on the computer (i.e. a non-root user).  The setup procedure
 +will give this user/group some permissions in specific paths/files
 +to perform server-specific operations.
 +
 +If you have not yet created a user and group for the servers,
 +create this user and group using your native operating
 +system utilities.
 +
 +System User [nobody]: centos-ds
 +System Group [nobody]: centos-ds
 +</code>
 +サービスを特定のユーザー/グループの権限で実行するために、予め centos-ds ユーザーを作成しておき、それをここで指定する。\\
 +\\
 +<code>
 +==============================================================================
 +Server information is stored in the configuration directory server.
 +This information is used by the console and administration server to
 +configure and manage your servers.  If you have already set up a
 +configuration directory server, you should register any servers you
 +set up or create with the configuration server.  To do so, the
 +following information about the configuration server is required: the
 +fully qualified host name of the form
 +<hostname>.<domainname>(e.g. hostname.example.com), the port number
 +(default 389), the suffix, the DN and password of a user having
 +permission to write the configuration information, usually the
 +configuration directory administrator, and if you are using security
 +(TLS/SSL).  If you are using TLS/SSL, specify the TLS/SSL (LDAPS) port
 +number (default 636) instead of the regular LDAP port number, and
 +provide the CA certificate (in PEM/ASCII format).
 +
 +If you do not yet have a configuration directory server, enter 'No' to
 +be prompted to set up one.
 +
 +Do you want to register this software with an existing
 +configuration directory server? [no]: 
 +</code>
 +既存のディレクトリサーバーが存在しない場合は、Enter キーを入力して続行する。\\
 +\\
 +<code>
 +==============================================================================
 +Please enter the administrator ID for the configuration directory
 +server.  This is the ID typically used to log in to the console.  You
 +will also be prompted for the password.
 +
 +Configuration directory server
 +administrator ID [admin]: 
 +Password: 
 +Password (confirm): 
 +</code>
 +コンフィギュレーションディレクトリサーバーの管理者IDとパスワードを設定する。\\
 +管理者IDはデフォルトのまま Enter キーを入力し、任意のパスワードを入力する。\\
 +\\
 +<code>
 +==============================================================================
 +The information stored in the configuration directory server can be
 +separated into different Administration Domains.  If you are managing
 +multiple software releases at the same time, or managing information
 +about multiple domains, you may use the Administration Domain to keep
 +them separate.
 +
 +If you are not using administrative domains, press Enter to select the
 +default.  Otherwise, enter some descriptive, unique name for the
 +administration domain, such as the name of the organization
 +responsible for managing the domain.
 +
 +Administration Domain [fireball.local]: 
 +</code>
 +管理ドメインはデフォルトのまま Enter キーを入力して続行する。\\
 +\\
 +<code>
 +==============================================================================
 +The standard directory server network port number is 389.  However, if
 +you are not logged as the superuser, or port 389 is in use, the
 +default value will be a random unused port number greater than 1024.
 +If you want to use port 389, make sure that you are logged in as the
 +superuser, that port 389 is not in use.
 +
 +Directory server network port [389]: 
 +</code>
 +ディレクトリサーバーのポート番号もデフォルトのまま Enter キーを入力して続行する。\\
 +\\
 +<code>
 +==============================================================================
 +Each instance of a directory server requires a unique identifier.
 +This identifier is used to name the various
 +instance specific files and directories in the file system,
 +as well as for other uses as a server instance identifier.
 +
 +Directory server identifier [green]: 
 +</code>ディレクトリサーバーの識別子もデフォルトのまま Enter キーを入力して続行する。\\
 +\\
 +<code>
 +==============================================================================
 +The suffix is the root of your directory tree.  The suffix must be a valid DN.
 +It is recommended that you use the dc=domaincomponent suffix convention.
 +For example, if your domain is example.com,
 +you should use dc=example,dc=com for your suffix.
 +Setup will create this initial suffix for you,
 +but you may have more than one suffix.
 +Use the directory server utilities to create additional suffixes.
 +
 +Suffix [dc=fireball, dc=local]: 
 +</code>
 +ディレクトリサーバーのサフィックスもデフォルトのまま Enter キーを入力して続行する。\\
 +\\
 +<code>
 +==============================================================================
 +Certain directory server operations require an administrative user.
 +This user is referred to as the Directory Manager and typically has a
 +bind Distinguished Name (DN) of cn=Directory Manager.
 +You will also be prompted for the password for this user.  The password must
 +be at least 8 characters long, and contain no spaces.
 +Press Control-B or type the word "back", then Enter to back up and start over.
 +
 +Directory Manager DN [cn=Directory Manager]: 
 +Password: 
 +Password (confirm): 
 +</code>
 +ディレクトリマネージャのDN(識別名)とパスワードを設定する。\\
 +DNはデフォルトのまま Enter キーを入力し、任意のパスワードを入力する。\\
 +\\
 +<code>
 +==============================================================================
 +The Administration Server is separate from any of your web or application
 +servers since it listens to a different port and access to it is
 +restricted.
 +
 +Pick a port number between 1024 and 65535 to run your Administration
 +Server on. You should NOT use a port number which you plan to
 +run a web or application server on, rather, select a number which you
 +will remember and which will not be used for anything else.
 +
 +Administration port [9830]: 
 +</code>
 +管理サーバーのポート番号もデフォルトのまま Enter キーを入力して続行する。\\
 +\\
 +<code>
 +==============================================================================
 +The interactive phase is complete.  The script will now set up your
 +servers.  Enter No or go Back if you want to change something.
 +
 +Are you ready to set up your servers? [yes]: 
 +</code>
 +問い合わせに対して Enter キーを入力して続行する。\\
 +\\
 +<code>Creating directory server . . .
 +Your new DS instance 'green' was successfully created.
 +Creating the configuration directory server . . .
 +Beginning Admin Server creation . . .
 +Creating Admin Server files and directories . . .
 +Updating adm.conf . . .
 +Updating admpw . . .
 +Registering admin server with the configuration directory server . . .
 +Updating adm.conf with information from configuration directory server . . .
 +Updating the configuration for the httpd engine . . .
 +Starting admin server . . .
 +The admin server was successfully started.
 +Admin server was successfully created, configured, and started.
 +Exiting . . .
 +Log file is '/tmp/setupDQwVmT.log'
 +
 +</code>
 +ディレクトリサーバーの作成、管理サーバーの構成が行われて、サービスが起動される。\\
 +\\
 +===== ディレクトリサーバーと管理サーバーの起動確認 =====
 + 以下のコマンドを実行してプロセスが起動していることを確認する。
 +<code>
 +# ps ax | grep dirsrv
 + 7471 ?        Sl     0:00 ./ns-slapd -D /etc/dirsrv/slapd-green -i /var/run/dirsrv/slapd-green
 +.pid -w /var/run/dirsrv/slapd-green.startpid
 + 7556 ?        Ssl    0:00 /usr/sbin/httpd.worker -k start -f /etc/dirsrv/admin-serv/httpd.conf
 + 7557 ?        S      0:00 /usr/sbin/httpd.worker -k start -f /etc/dirsrv/admin-serv/httpd.conf
 + 7559 ?        Sl     0:00 /usr/sbin/httpd.worker -k start -f /etc/dirsrv/admin-serv/httpd.conf
 + 8485 pts/2    S+     0:00 grep dirsrv
 +</code>
 +^  プロセスの説明  ^^
 +|ns-slapd  |CentOS Directory Server のプロセス  |
 +|httpd.worker -k start -f /etc/dirsrv/admin-serv/httpd.conf |管理サーバー用HTTPデーモン  |
 +\\
 + プロセスが正常に起動していない場合は、以下のパスに存在するログファイルの内容を確認して対処を行う。
 +<code>
 +/var/log/dirsrv/admin-serv -> 管理サーバーログ
 +/var/log/dirsrv/slapd-xxxx(ホスト名) -> ディレクトリサーバーのログ
 +</code>
 +
 +===== サービス自動起動設定 =====
 + CentOSが起動するときに、ディレクトリサーバーと管理サーバーを自動起動するには、以下のコマンドにてサービスの設定を on にしておく。
 +<code>
 +# chkconfig dirsrv on
 +# chkconfig dirsrv-admin on
 +</code>
 +
 +===== 参考文献 =====
 +[[https://gihyo.jp/admin/serial/01/ldap/0012?page=1|そろそろLDAPにしてみないか?:第12回 Fedora Directory Serverを使ってみよう - gihyo.jp]]\\
 +[[http://gihyo.jp/admin/serial/01/ldap/0013?page=1|そろそろLDAPにしてみないか?:第13回 LDAPで管理するメールサーバ|gihyo.jp - gihyo.jp]]\\
 +[[http://japan.internet.com/linuxtutorial/20060929/2.html|Fedora Directory Server を使って簡単に LDAP 構築―パート2――2 - japan.internet.com]]\\