Oplon release 10 VAPP creation from scratch

Compatibility Matrix: Operating System Modules and Services

VAPPs are provided with the services necessary for the operation of the Oplon system. Nevertheless, it is possible to install other features to the base operating system pre-verified the coexistence of modules with the services provided by the Oplon suite.

Creating a Virtual Appliance from a Linux Image

In many circumstances, it is more convenient to create a Virtual Appliance directly from operating system images provided by cloud providers. This allows you to use certified and proven Virtual Appliances in the environment in which they will operate with in most cases also the APIs that serve to make the Virtual Appliance a perfectly integrated tool.

Creating a Virtual Appliance in an already installed operating system is very simple and requires very few steps to have a fully integrated VAPP Oplon.

Installation can be done both online, if the Virtual Appliance has Internet connectivity, or offline, if the Virtual Appliance does not have Internet connectivity. Installing the Virtual Appliance plans to perform some steps to prepare for the setup that will be fully guided.

The supported operating systems for the ADC system are:

  • Linux CentOS 7

  • Linux CentOS 8

  • Linux Ubuntu 14.04 or higher

  1. Administrator User Creation (if not exists)

    groupadd administrator
    useradd -m -g administrator administrator
    
  2. Enabling the administrator user to run sudo

    vi /etc/sudoers
    ##Allow root to run any commands anywhere
    root ALL(ALL) ALL
    administrator ALL(ALL) ALL
    
  3. Creating the Support Directory

    # mkdir /share
    # chmod 777 /share
    
  4. Adjusting the host name (name is at discretion)

    # hostname OPLONR10
    
  5. Add the host name to: (the name is at your discretion)

    # vi /etc/hosts
    127.0.1.1 OPLONR10
    
    
  6. Add the host name to: (the name is at your discretion)

    # vi /etc/hostname
    OPLONR10
    
  7. Disabling Linux SE getenforce test se enforce abilitata

    # vi /etc/selinux/config
    
    # This file controls the state of SELinux on the system.
    # SELINUX= can take one of these three values:
    # enforcing - SELinux security policy is enforced.
    # permissive - SELinux prints warnings instead of enforcing.
    # disabled - No SELinux policy is loaded.
    SELINUX=disabled
    # SELINUXTYPE= can take one of three two values:
    # targeted - Targeted processes are protected,
    # minimum - Modification of targeted policy. Only selected processes are protected.
    # mls - Multi Level Security protection.\
    # SELINUXTYPE=targeted
    
  8. Firewall Stop and disable

    # systemctl stop firewalld
    # systemctl disable firewalld
    or
    # ufw disable
    
  9. Disable Link-Local Multicast Name Resolution (LLMNR) (only if it exists)

    # vi /etc/systemd/resolved.conf
    
    #[Resolve]
    #DNS=
    #FallbackDNS=
    #Domains=
    LLMNR=no
    #MulticastDNS=yes
    #DNSSEC=allow-downgrade
    #DNSOverTLS=no
    #Cache=yes
    #DNSStubListener=udp
    
  10. Restart systemd-resolved (only if /etc/systemd/resolved.conf exists)

    # service systemd-resolved restart
    or
    # systemctl restart systemd-resolved
    
  11. Make sure you can't access from root through ssh

    # vi /etc/ssh/sshd_config
    #LoginGranceTime 2m
    PermitRootLogin no
    #StrictMode yes
    #MaxAuthTries 6
    #MaxSessions 10
    
  12. Restarting the ssh service

    # systemctl restart sshd.service
    
  13. Installing the required packages (dnf versioni CentOS 8, yum CentOS 7)

    ```
    # dnf -y update
    # dnf -y install yum-utils
    # dnf -y install unzip
    # dnf -y install wget
    # dnf -y install rsync
    # dnf -y install bzip2
    # dnf -y install tar
    # dnf -y install open-vm-tools
    
       
        Ubuntu:
        ```
        # apt-get update
        # apt-get -y install unzip
        # apt-get -y install wget
        # apt-get -y install rsync
        # apt-get -y install bzip2
        # apt-get -y install tar
        # apt-get -y install open-vm-tools
    
  14. Service ntp (CentOS7) / chrony (CentOS8) CentOS 7 - ntp installation:

    # yum -y install ntp
    # vi /etc/ntp.conf
    

    //// modificare come di seguito

    interface ignore wildcard
    interface listen 127.0.0.1
    interface listen ::1
    #restrict 127.0.0.1
    #restrict ::1
    # systemctl restart ntpd.service
    

    Verifica dei listeners (ss -nlptu) Disabilitazione dei listeners:

    # systemctl stop ntpd.service
    # systemctl disable ntpd.service
    

    CentOS 8 - chrony installation:

    # dnf -y install chrony
    # systemctl stop chronyd
    # systemctl disable chronyd
    
  15. Stop and disable postfix (if any)

    # systemctl stop postfix.service
    # systemctl disable postfix.service
    
  16. Permanently disable the swap partition Commentare le righe di "mount" delle partizioni di swap

    # vi /etc/fstab
    

image1

  1. Reboot, New10
    # reboot
    
  2. CHECKING ACTIVE LISTENERS For security reasons, make sure that there are no processes with active listeners on addresses exposed to the public or 0.0.0.0. Only SSHD listeners must remain, which will need to be modified to accept connections only from trusted addresses (e.g. backend network, magement, etc.).
    # ss -nlptu
    or
    # netstat -nlptu
    

Install Virtual Appliance from the Internet

To install the Virtual Appliance from the Internet, simply do the following:

  1. From root go to /share

    # cd /share
    
  2. Download intsaller from www.oplon.net

    # wget --no-cache --no-check-certificate -N "https://www.oplon.net/OPLON_INSTALL_LASTUPDATE.sh"
    
  3. Start installer from /share

    # bash OPLON_INSTALL_LASTUPDATE.sh
    ....
    ....
    Login: vostro_login_OPLON
    Password: vostra_password_OPLON
    

    ... downloads packages...

  4. If update will appear this message, if new installation will not be prompted

    PLEASE CONSIDER A BACKUP BEFORE PERFORMING ANY UPDATE! (THIS MESSAGE ONLY IF IT IS AN UPDATE)
    Do you wish to backup TCOProject files (yes/no/y/n) ? Y
    
  5. Operating system update and upload packages from the Internet (ANSWER YES THE FIRST TIME WHY IT INSTALLS THE USEFUL PACKAGES TO OPLON)

    Do you wish to update Operating System (yes/no/y/n) ? y
    
  6. When you're done, the appliance setup screen will appear: images image2

First login from Oplon Global Distributed Gateway

From the console you can verify the current configuration and associated DHCP address through normal Linux commands (ip addr).

images image3 The Oplon Monitor and Oplon Global Distributed Gateway system are by default set to accept connections from all networks.

images image4 Then, check with the "ip addr" command for an available address and log in from Oplon Management Console, Oplon Web Console, or Oplon Global Distributed Gateway at the specified address, e.g.:

To access Oplon Global Distributed Gateway services, type:

https://x.x.x.x:4444

(where x.x.x.x is any system address if you haven't changed the address 0.0.0.0 or the address you choose with oplonsetup).

(where x.x.x.x is any system address if you haven't changed the address 0.0.0.0 or the address you choose with oplonsetup).

If not modified during setup the login is: root images image5

images image6