Integrating Openshift Enterprise with Identity Management (Idm) in Red Hat Enterprise Linux
Total Page:16
File Type:pdf, Size:1020Kb
Integrating OpenShift Enterprise with Identity Management (IdM) in Red Hat Enterprise Linux OpenShift Enterprise 2.2 IdM in Red Hat Enterprise Linux 7 Windows Server 2012 - Active Directory Integration Mark Heslin Principal Systems Engineer Version 1.1 January 2015 1801 Varsity Drive™ Raleigh NC 27606-2072 USA Phone: +1 919 754 3700 Phone: 888 733 4281 Fax: +1 919 754 3701 PO Box 13588 Research Triangle Park NC 27709 USA Linux is a registered trademark of Linus Torvalds. Red Hat, Red Hat Enterprise Linux and the Red Hat "Shadowman" logo are registered trademarks of Red Hat, Inc. in the United States and other countries. Microsoft and Windows are U.S. registered trademarks of Microsoft Corporation. UNIX is a registered trademark of The Open Group. Intel, the Intel logo and Xeon are registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries. All other trademarks referenced herein are the property of their respective owners. © 2014 by Red Hat, Inc. This material may be distributed only subject to the terms and conditions set forth in the Open Publication License, V1.0 or later (the latest version is presently available at http://www.opencontent.org/openpub/). The information contained herein is subject to change without notice. Red Hat, Inc. shall not be liable for technical or editorial errors or omissions contained herein. Distribution of modified versions of this document is prohibited without the explicit permission of Red Hat Inc. Distribution of this work or derivative of this work in any standard (paper) book form for commercial purposes is prohibited unless prior permission is obtained from Red Hat Inc. The GPG fingerprint of the [email protected] key is: CA 20 86 86 2B D6 9D FC 65 F6 EC C4 21 91 80 CD DB 42 A6 0E www.redhat.com ii [email protected] Comments and Feedback In the spirit of open source, we invite anyone to provide feedback and comments on any reference architectures. Although we review our papers internally, sometimes issues or typographical errors are encountered. Feedback allows us to not only improve the quality of the papers we produce, but allows the reader to provide their thoughts on potential improvements and topic expansion to the papers. Feedback on the papers can be provided by emailing [email protected]. Please refer to the title within the email. Staying In Touch Join us on some of the popular social media sites where we keep our audience informed on new reference architectures as well as offer related information on things we find interesting. Like us on Facebook: https://www.facebook.com/rhrefarch Follow us on Twitter: https://twitter.com/RedHatRefArch Plus us on Google+: https://plus.google.com/u/0/b/114152126783830728030/ [email protected] III www.redhat.com Table of Contents 1 Executive Summary......................................................................................... 1 2 Component Overview....................................................................................... 2 2.1 OpenShift Enterprise......................................................................................................... 2 2.1.1 Broker........................................................................................................................... 3 2.1.2 Node............................................................................................................................. 4 2.1.3 Gears........................................................................................................................... 5 2.1.4 Cartridges.................................................................................................................... 6 2.1.5 MongoDB..................................................................................................................... 6 2.1.6 ActiveMQ...................................................................................................................... 7 2.1.6.1 Network of ActiveMQ Brokers................................................................................ 8 2.1.7 Summary...................................................................................................................... 9 2.2 Identity Management (IdM) in Red Hat Enterprise Linux................................................ 10 2.2.1 Kerberos - Key Distribution Center (KDC)................................................................. 10 2.2.2 389 Directory Server (LDAP)..................................................................................... 11 2.2.3 Dogtag Certificate System......................................................................................... 11 2.2.4 Domain Name System (DNS).................................................................................... 11 2.2.5 Time Services (ntpd, chronyd)................................................................................... 12 2.2.6 IdM Replication.......................................................................................................... 12 2.2.7 Cross-realm Kerberos Trusts..................................................................................... 13 2.3 Red Hat Enterprise Virtualization (RHEV)....................................................................... 13 2.4 Red Hat Enterprise Linux (RHEL)................................................................................... 14 2.5 Windows Server 2012 R2................................................................................................ 15 2.5.1 Active Directory Domain Services (AD DS)............................................................... 16 2.6 System Security Services Daemon (SSSD).................................................................... 16 2.7 RHC Client Tools............................................................................................................. 17 2.8 IPA Admin Tools............................................................................................................... 17 3 Reference Architecture Configuration............................................................. 18 3.1 Environment.................................................................................................................... 18 3.2 Virtual Machines.............................................................................................................. 20 3.2.1 Virtual Machine Sizing............................................................................................... 20 3.2.2 Network Addresses.................................................................................................... 20 3.3 Software Configuration.................................................................................................... 21 3.3.1 Required Software Channels..................................................................................... 21 www.redhat.com iv [email protected] 3.3.2 Software Versions...................................................................................................... 22 3.3.3 Security...................................................................................................................... 24 3.3.4 Network Ports............................................................................................................ 24 3.4 Hardware Configuration.................................................................................................. 26 3.4.1 Hypervisors................................................................................................................ 26 3.4.2 Storage...................................................................................................................... 26 3.5 Component Log Files...................................................................................................... 27 4 Staging the Infrastructure............................................................................... 30 4.1 Red Hat Enterprise Virtualization (RHEV)....................................................................... 30 4.2 Install Red Hat Enterprise Linux...................................................................................... 31 4.3 Configure Network........................................................................................................... 31 4.4 Configure Domain Name System (DNS)......................................................................... 32 4.5 Configure Time Service (NTP)........................................................................................ 33 4.6 Configure SELinux........................................................................................................... 34 4.7 Update Hosts File............................................................................................................ 35 4.8 Register Hosts and Run Updates.................................................................................... 36 5 Deploying Identity Management in Red Hat Enterprise Linux........................ 37 5.1 Deploy IdM Server........................................................................................................... 37 5.1.1 Configure Firewall Ports............................................................................................ 37 5.1.2 Install Packages......................................................................................................... 39 5.1.3 Install/configure IdM Server......................................................................................