waynebeech
diff --git a/‎install-ch-centos.sh
+103 b/‎install-ch-centos.sh
+103
diff --git a/‎install-gcf-centos.sh
+24 b/‎install-gcf-centos.sh
+24
diff --git a/‎postgres/8.4.20/pg_hba.conf
+75 b/‎postgres/8.4.20/pg_hba.conf
+75
@@ -0,0 +1,103 @@
+#!/bin/bash
+# -*- Mode:bash -*-
+
+# Exit on error
+set -e
+# Echo commands with variables expanded
+set -x
+
+# If this script should install config files for a given host, define
+# a block for that host.  Define these variables:
+# * INSTALL_CONFIG_FILES="yes"
+# * CH_EMAIL: e-mail address of the admin for this CH
+# * CH_HOST: the FQDN to which this CH should answer
+# * PORTAL_PASSWORD: the portal user's psql database password
+# Currently, all known hosts have config files managed out of band,
+# so the EXAMPLE_CH_FQDN block has been left in as an example
+INSTALL_CONFIG_FILES="yes"
+CH_EMAIL='[email protected]'
+CH_HOST='fields.bbn.com'
+PORTAL_PASSWORD='portal'
+GCF_INI=/usr/share/geni-ch/gcf.d/gcf.ini
+APACHE_HTTPS_CH=/etc/httpd/sites-enabled/ch-ssl
+APACHE_HTTPS_PORTAL=/etc/httpd/sites-enabled/portal-ssl
+APACHE_HTTP=/etc/httpd/sites-enabled/default
+SHARE_DIR=/usr/share/geni-ch
+
+autoreconf --install
+sleep 10
+./configure --prefix=/usr --sysconfdir=/etc \
+            --bindir=/usr/local/bin --sbindir=/usr/local/sbin
+sleep 10
+make
+sleep 10
+sudo make install
+sleep 10
+
+if [ "${INSTALL_CONFIG_FILES}" = "yes" ]; then
+  sudo cp /etc/geni-ch/example-services.ini /etc/geni-ch/services.ini
+
+  # Modify recommended settings using sed
+  sudo sed -i -e "/^email=/s/=.*/=$CH_EMAIL/" /etc/geni-ch/services.ini
+  sudo sed -i -e "/^authority=/s/=.*/=$CH_HOST/" /etc/geni-ch/services.ini
+  sudo sed -i -e "/^servicehost=/s/=.*/=$CH_HOST/" /etc/geni-ch/services.ini
+else
+  test -f /etc/geni-ch/services.ini
+fi
+
+if [ -f /usr/share/geni-ch/CA/cacert.pem ]; then
+  echo "CA certificate already exists - reusing it"
+else
+  sudo geni-init-ca /etc/geni-ch/services.ini
+  sleep 10
+fi
+
+sudo geni-init-services /etc/geni-ch/services.ini --sql out.sql
+sleep 10
+
+make cleandb
+sleep 10
+
+psql -h localhost portal portal -f out.sql
+sleep 10
+
+/usr/bin/sudo /bin/cp -R portal/gcf.d ${SHARE_DIR}
+
+if [ "${INSTALL_CONFIG_FILES}" = "yes" ]; then
+  sudo cp /usr/share/geni-ch/gcf.d/example-gcf.ini $GCF_INI
+  sudo sed -i -e "/^base_name=/s/=.*/=$CH_HOST/" $GCF_INI
+  sudo sed -i -e "s,//localhost,//$CH_HOST,g" $GCF_INI
+else
+  test -f $GCF_INI
+fi
+
+sudo /bin/ln -s /usr/share/geni-ch/CA/cacert.pem /usr/share/geni-ch/gcf.d/trusted_roots/cacert.pem
+sudo /bin/ln -s /usr/share/geni-ch/ma/ma-cert.pem /usr/share/geni-ch/gcf.d/trusted_roots/ma-cert.pem
+sleep 10
+
+sudo service httpd restart
+sleep 10
+
+if [ "${INSTALL_CONFIG_FILES}" = "yes" ]; then
+  sudo /bin/cp /etc/geni-ch/example-settings.php /etc/geni-ch/settings.php
+
+  sudo sed -i -e "/^\$db_dsn =/s/=.*/= 'pgsql:\/\/portal:$PORTAL_PASSWORD@localhost\/portal';/" /etc/geni-ch/settings.php
+  sudo sed -i -e "/^\$portal_admin_email =/s/=.*/= '$CH_EMAIL';/" /etc/geni-ch/settings.php
+  sudo sed -i -e "/^\$service_registry_url =/s/=.*/= 'https:\/\/$CH_HOST:8444\/SR';/" /etc/geni-ch/settings.php
+  sudo sed -i -e "/^\$genilib_trusted_host =/s/=.*/= 'https:\/\/$CH_HOST:8444';/" /etc/geni-ch/settings.php
+else
+  test -f /etc/geni-ch/settings.php
+fi
+
+# Look in portal-cert.pem for a line like:
+#     email:[email protected], URI:urn:publicid:IDN+ch5.gpolab.bbn.com+authority+portal, URI:uuid:bb9a5610-eae5-443d-9cfa-c6970af9440c
+# and get the URN from that line
+portal_urn=$(openssl x509 -text -noout -in /usr/share/geni-ch/portal/portal-cert.pem | grep authority+portal | awk '{print $2}' | awk -F, '{print $1}' | awk -F"URI:" '{print $2}')
+test -n "${portal_urn}"
+if [ -n "${PORTAL_PASSWORD}" ]; then
+  geni-add-trusted-tool -p ${PORTAL_PASSWORD} portal "${portal_urn}"
+else
+  test -f ${PORTAL_PASSWORD_FILE}
+  sudo -u ${PORTAL_PASSWORD_FILE_USER} \
+    geni-add-trusted-tool -P ${PORTAL_PASSWORD_FILE} portal "${portal_urn}"
+fi
@@ -0,0 +1,24 @@
+#!/bin/sh
+
+# A script to configure a GPO lab VM with the right stuff
+# to allow the prototype clearinghouse to run.
+
+set -x 
+set -e 
+#
+# gcf installation
+#
+SHARE_DIR=/usr/share/geni-ch
+
+# Make a directory for gcf to live in
+if [ ! -d "${SHARE_DIR}" ]; then
+  /usr/bin/sudo /bin/mkdir -p "${SHARE_DIR}"
+fi
+
+GCF=gcf-2.5
+GCF_PKG=${GCF}.tar.gz
+/usr/bin/wget http://www.gpolab.bbn.com/internal/projects/proto-ch/${GCF_PKG}
+/usr/bin/sudo /bin/tar xzfC "${GCF_PKG}" "${SHARE_DIR}"
+/usr/bin/sudo /bin/ln -s -f ${SHARE_DIR}/${GCF} ${SHARE_DIR}/gcf
+
+exit 0
@@ -0,0 +1,75 @@
+# PostgreSQL Client Authentication Configuration File
+# ===================================================
+#
+# Refer to the "Client Authentication" section in the
+# PostgreSQL documentation for a complete description
+# of this file.  A short synopsis follows.
+#
+# This file controls: which hosts are allowed to connect, how clients
+# are authenticated, which PostgreSQL user names they can use, which
+# databases they can access.  Records take one of these forms:
+#
+# local      DATABASE  USER  METHOD  [OPTIONS]
+# host       DATABASE  USER  CIDR-ADDRESS  METHOD  [OPTIONS]
+# hostssl    DATABASE  USER  CIDR-ADDRESS  METHOD  [OPTIONS]
+# hostnossl  DATABASE  USER  CIDR-ADDRESS  METHOD  [OPTIONS]
+#
+# (The uppercase items must be replaced by actual values.)
+#
+# The first field is the connection type: "local" is a Unix-domain socket,
+# "host" is either a plain or SSL-encrypted TCP/IP socket, "hostssl" is an
+# SSL-encrypted TCP/IP socket, and "hostnossl" is a plain TCP/IP socket.
+#
+# DATABASE can be "all", "sameuser", "samerole", a database name, or
+# a comma-separated list thereof.
+#
+# USER can be "all", a user name, a group name prefixed with "+", or
+# a comma-separated list thereof.  In both the DATABASE and USER fields
+# you can also write a file name prefixed with "@" to include names from
+# a separate file.
+#
+# CIDR-ADDRESS specifies the set of hosts the record matches.
+# It is made up of an IP address and a CIDR mask that is an integer
+# (between 0 and 32 (IPv4) or 128 (IPv6) inclusive) that specifies
+# the number of significant bits in the mask.  Alternatively, you can write
+# an IP address and netmask in separate columns to specify the set of hosts.
+#
+# METHOD can be "trust", "reject", "md5", "password", "gss", "sspi", "krb5",
+# "ident", "pam", "ldap" or "cert".  Note that "password" sends passwords
+# in clear text; "md5" is preferred since it sends encrypted passwords.
+#
+# OPTIONS are a set of options for the authentication in the format
+# NAME=VALUE. The available options depend on the different authentication
+# methods - refer to the "Client Authentication" section in the documentation
+# for a list of which options are available for which authentication methods.
+#
+# Database and user names containing spaces, commas, quotes and other special
+# characters must be quoted. Quoting one of the keywords "all", "sameuser" or
+# "samerole" makes the name lose its special character, and just match a
+# database or username with that name.
+#
+# This file is read on server startup and when the postmaster receives
+# a SIGHUP signal.  If you edit the file on a running system, you have
+# to SIGHUP the postmaster for the changes to take effect.  You can use
+# "pg_ctl reload" to do that.
+
+# Put your actual configuration here
+# ----------------------------------
+#
+# If you want to allow non-local connections, you need to add more
+# "host" records. In that case you will also need to make PostgreSQL listen
+# on a non-local interface via the listen_addresses configuration parameter,
+# or via the -i or -h command line switches.
+#
+
+
+
+# TYPE  DATABASE    USER        CIDR-ADDRESS          METHOD
+
+# "local" is for Unix domain socket connections only
+local   all         all                               ident
+# IPv4 local connections:
+host    all         all         127.0.0.1/32          md5
+# IPv6 local connections:
+host    all         all         ::1/128               md5
+host    all         all         0.0.0.0/0             md5