Virtual Appliance Installation and Configuration ================================================ Download and import the Virtual Appliance ----------------------------------------- A .zip Archive containing the virtual appliance's disk image and VM configuration can be obtained from the following URL: \http://s3download.teamdrive.net/HostServer/TD-Host-Server-CentOS6-64bit-|release|.zip Download and unzip the archive. The archive contains four files, a virtual disk image (``.vmdk``), two virtual machine description files (``.ovf``) and a manifest file (``.mf``), containing the file names and SHA1 checksums. Import the virtual machine image according to the documentation of your virtualization technology and adjust the VM parameters (e.g. number of virtual CPUs, RAM) based on your requirements, if necessary. Start up the virtual machine and observe the virtual machine's console output. First Boot and Initial Configuration ------------------------------------ When you boot up the VM image for the first time, the Operating System will perform a number of initial configuration steps, to customize the virtual machine for your environment. For more details on these individual steps, please refer to the *Red Hat Enterprise Linux 6 Installation Guide* at https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Installation_Guide/index.html The first screen will prompt you to select your keyboard layout. Use the cursor keys to select the appropriate layout and press :kbd:`Tab` to select the **OK** button. Press :kbd:`Space` or :kbd:`Enter` to proceed. .. image:: images/TD-Host-Server-VMInstall-Keyboard.png After loading the appropriate keymap, you will now be prompted to enter the password for the *root* user account. Choose a strong password here |---| the *root* user has full administrative privileges on a Linux system. The password won't be printed on the screen for security reasons, therefore you need to enter it twice to avoid typos. .. image:: images/TD-Host-Server-VMInstall-RootPW.png Next, you are required to configure the network device and DNS. .. image:: images/TD-Host-Server-VMInstall-NetConfig.png Press :kbd:`Enter` to enter the device configuration screen. Select the network device which is usually named **eth0**. The hardware description (e.g. **AMD PCnet32** or **Ethernet**) depends on the virtual network card that your virtual machine has been configured with. Press :kbd:`Enter` to get to the device configuration details. .. image:: images/TD-Host-Server-VMInstall-NetDevSelect.png The network configuration screen allows you to specify the IP address and other network-related settings. Adjust these to your local environment, keeping the requirements outlined in chapter :ref:`network-requirements` in mind. the :kbd:`Tab` key to move between elements. Select the **Ok** button and press :kbd:`Space` or :kbd:`Enter` to apply your changes. In the device selection screen, select the **Save** button to save the device configuration. .. note:: Note that you should not use dynamic IP addresses (DHCP) for the TeamDrive Host Server. The TeamDrive Service depends on static IP addresses and requires a resolvable fully qualified domain name. .. image:: images/TD-Host-Server-VMInstall-NetDevConfig.png Next, select the **DNS configuration** screen from the network configuration and adjust the DNS settings to match your environment. Enter your Host Server's host name (e.g. ``hostserver.yourdomain.com``) in the **Hostname** field and add your DNS server's IP address(es). Select the **Ok** button to apply the DNS changes. .. image:: images/TD-Host-Server-VMInstall-DNSConfig.png Select the **Save&Quit** button to proceed with the installation. .. note:: A cloned CentOS image in a VMWare environment might exhibit problems updating the network interface. If you are observing issues when configuring the network interface, please follow these instructions: http://alexcline.net/2011/11/15/reconfiguring-network-interfaces-in-centosrhel-systems-cloned-with-vcenter/ The next screen allows you to modify the local user authentication configuration. Unless you have specific requirements for your local environment, it's safe to keep the proposed defaults and proceed with the installation by selecting the **Next** button. .. image:: images/TD-Host-Server-VMInstall-AuthConfig.png The following screen will ask you to select which services should be started at system bootup time. Adjust these based on your requirements and local policies. Also make sure that the MySQL database (service ``mysqld``) is enabled. Select the **Ok** button to proceed. .. note:: Do not enable the Apache http Server (``httpd``) yet |---| this should only be done after the Host Server has been configured correctly. .. image:: images/TD-Host-Server-VMInstall-Services.png The system will now proceed with the bootup process until you reach the login prompt. Log in as the ``root`` user, providing the login password you defined during the initial installation. Changing default passwords -------------------------- The TeamDrive Host Server Virtual Appliance uses the following default passwords for user accounts of the different software components. The following list shows the accounts in question and their passwords. .. note:: We strongly suggest changing the passwords of the OS and MySQL ``root`` user accounts before connecting this system to a public network. .. table:: Default accounts and passwords +-----------------------+--------------+------------------------+------------------+ | Account type | Username | Password (default) | New Password | | | | | | +=======================+==============+========================+==================+ | MySQL Database Server | root | teamdrive | | +-----------------------+--------------+------------------------+------------------+ | MySQL Database Server | teamdrive | teamdrive | | +-----------------------+--------------+------------------------+------------------+ | Admin Console | HostAdmin | (defined during setup) | | +-----------------------+--------------+------------------------+------------------+ Changing the MySQL Database Passwords ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ To change the passwords for the MySQL ``root`` and ``teamdrive`` user, please use the following commands. First change the password for the root user:: [root@hostserver ~] mysqladmin -u root -pteamdrive password New password: Confirm new password: Next, log into the MySQL database as the ``root`` user (using the new password) and change the password for the user ``teamdrive``:: [root@hostserver ~]# mysql -u root -p Enter password: [...] mysql> SET PASSWORD FOR 'teamdrive'@'localhost' = PASSWORD(''); Query OK, 0 rows affected (0.00 sec) mysql> quit Bye .. note:: Take note of the new MySQL password for the ``teamdrive`` user, as you will need to update that password in a configuration file as outlined the following chapter. Updating the MySQL Database Connection Information -------------------------------------------------- The default Host Server Appliance installation assumes a MySQL database instance running on ``localhost`` that can be accessed using the user ``teamdrive`` and password ``teamdrive``. If you changed the password of the ``teamdrive`` the following change need to be performed. The Host Server Apache modules ``mod_pspace`` and ``mod_yvva`` as well as the ``yvvad`` daemon that performs the ``td-hostserver`` background tasks need to be able to communicate with the MySQL management database of the Host Server. To change the MySQL login credentials, edit the file ``/etc/td-hostserver.my.cnf``. The password for the ``teamdrive`` MySQL user in the ``[p1db]`` option group must match the one you defined earlier:: [p1db] database=pspace user=teamdrive password= host=127.0.0.1 Firewall Configuration ---------------------- The ``iptables``-based OS firewall on the TeamDrive Host Server Virtual Appliance has been configured to only allow access to the following services: - SSH (TCP Port 22) - Secure WWW (HTTPS, TCP Port 443) - WWW (HTTP, TCP Port 80) If necessary, you can change the firewall configuration using the following utility:: [root@hostserver install]# system-config-firewall-tui Follow the instructions to configure the firewall and to enable additional protections based on your local requirements or security policies. More complex firewall settings need to be performed by editing the firewall rules in file ``/etc/sysconfig/iptables`` directly. SELinux Configuration --------------------- Please note that the TeamDrive Host Server currently can not be run when SELinux is enabled. Therefore SELinux has been disabled by setting ``SELINUX=disabled`` in file ``/etc/selinux/config``. It is important to leave it disabled, otherwise the correct functionality of the Host Server can not be ensured.