Release notes for version 1.0

A few words on VirtualBox

  • If you are not familiar with VirtualBox, you can read the documentation and download the software from Oracle's web site.
  • Once VirtualBox is installed and running, you import the .ovm distribution image using the File / Import Appliance function.
  • The default network connection for the Virtual Machines is NAT. This will work well for the case of logging in and examing the VM and containers. To connect to services hosted by the VM from the outside, you'll likely want to switch the network to bridged mode. This will give the VM an IP address from your network's DHCP server and provide you with the ability to access services from a browser. Remember, if you are on a public network, the VM will be exposed to the world and we publish the password on this web site.  When you complete the process below, you'll be able to see the COmanage login web page.

Initial Testing Process

A quick test of the environment includes the following steps:

  1. Download the COmanage-1.0.ova file (or the most recent version) from the distribution site.
  2. Import the image into virtual box.
  3. Potentially change the network setting from NAT to Bridged - see above comments on VirtualBox.
  4. Start the virtual machine.
  5. Login to the VM:
    1. LoginId: comanage
    2. password: comanage
  6. Create a self-signed certificate for use in the test.  (See this sample output on the right)
  7. Fill in appropriate answers for Country and City.
  8. Be sure to keep track of the domain name that you put into the CN field.
    1. openssl req -x509 -nodes -days 365 -sha256  -newkey rsa:2048 -keyout coman.key -out coman.crt
  9. Copy the certificate files to the appropriate locations for the installer
    1. cp coman.key coman.crt /home/comanage/ssl/httpd
    2. cp coman.crt /home/comanage/ssl/httpd/incommon_chain.pem
  10. Run the configuration script:  ./bin/configure.sh
    1. As you answer the questions, make sure that the FQDN you specify now matches the CN value used when you created the certificate.  For this reason - you may just want to use IP addresses if they will be the same each time you run the virtual machine (as one might on a laptop virtual machine)
    2. You can safely put in fake answers to the email questions as that feature will not work as part of this simple test.
  11. Start comanage: ./bin/comanage.sh
    1. You will see the final build/configuration process.
    2. When this command returns, the Docker version of COmanage will be up and running.
  12. Verify that two containers are running via the command: docker ps
  13. If you enabled bridge mode described above
    1. Obtain the IP address of your virtual machine if you haven't done so already.
      1. ip addr | grep -i "inet" and look for and address from your campus network
    2. With a web browser, connect to: https://ip_addr/registry/
    3. Ignore the SSL warnings.
    4. You should connect to a login page.  Do not expect the login function to actually work, that requires InCommon integration and this quick test does not perform any InCommon integration.

 

 

 

Hints for Setting up your Sandbox

You may want to be certain about your virtual machine's IP address prior to starting this step.

BLACK - Commands you enter

RED - Sample Responses to Prompts

GREEN - System Generated Responses

BLUE - Narrative comment

The sample network used in this transcript is "olive.local"
and a DNS entry was pre-built for the Virtual Machine host
named "comanage1"

[comanage@Hostname]$ openssl req -x509 -nodes -days 365 -sha256  -newkey rsa:2048 -keyout coman.key -out coman.crt

Generating a 2048 bit RSA private key
............+++
...........................+++
writing new private key to 'coman1.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:US
State or Province Name (full name) []:California
Locality Name (eg, city) [Default City]:Emeryville
Organization Name (eg, company) [Default Company Ltd]:Internet2
Organizational Unit Name (eg, section) []:Trust and Identity
Common Name (eg, your name or your server's hostname) []:comanage1.olive.local
Email Address []:tieradmin@internet2.edu

Please note that you may want to find out your virtual machine's IP address PRIOR to getting to this point as it may be more straightforward running and connecting to the virtual machine and COmanage once the build is complete.

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:Leave Blank
An optional company name []:Optional

[comanage@Hostname]$ cp coman.key coman.crt /home/comanage/ssl/httpd

[comanage@Hostname]$ cp coman.crt /home/comanage/ssl/httpd/incommon_chain.pem



Full Testing Process

Planning for a full deployment of COmanage is beyond the scope of these release notes but the work starts the same way as above.  You will need a fixed ip address for the VM along with a hostname in DNS, a certificate from a commercial CA, and the addition of the SP into the InCommon metadata.  Once these components are in place and the configuration and startup scripts run, you will be able to login and work with COmanage. Please refer to the COmanage documentation for how to proceed after your inital login.

Release One Known Issues

  1. The default enrollment mechanism relies on email and that is not functioning in the initial version 1 release VM.
  2. Enrollment flows can be configured instead, just be sure not to use flows that require email.

 

 

  • No labels