Using Subscription-Manager
To see a list of available repositories:
[root@server ~]# subscription-manager repos --list
To enable a specific repository:
[root@server ~]# subscription-manager repos --enable=rhel-6-server-optional-rpms
To disable a specific repository:
[root@server ~]# subscription-manager repos --disable=rhel-6-server-optional-rpms
安装JDK
# sudo dnf install java-1.8.0-openjdk-devel
# java -version
## 输出如下
openjdk version "1.8.0_222"
OpenJDK Runtime Environment (build 1.8.0_222-b10)
OpenJDK 64-Bit Server VM (build 25.222-b10, mixed mode)
## 配置JAVA_HOME
# 查看jdk安装的目录
which java
ls -lrt /usr/bin/java
ls -lrt /etc/alternatives/java
#添加环境变量到/etc/profile
# sudo vim /etc/profile
export JAVA_HOME=/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.262.b10-0.el8_2.x86_64
export JRE_HOME=$JAVA_HOME/jre
export CLASSPATH=$JAVA_HOME/lib:$JRE_HOME/lib:$CLASSPATH
export PATH=$JAVA_HOME/bin:$JRE_HOME/bin:$PATH
安装Maven
# Maven`, version >= `3.6.3`
wget https://archive.apache.org/dist/maven/maven-3/3.6.3/binaries/apache-maven-3.6.3-bin.tar.gz
tar zxvf apache-maven-3.x.y.tar.gz
# 添加新的环境变量
sudo vim /etc/bashrc
export M2_HOME=/home/syan10/Downloads/tools/apache-maven-3.6.3
export PATH=$M2_HOME/bin:$PATH
# 配置maven
# 在apache-maven-3.6.3/confs/settings.xml->profiles section下面添加新的profile
<profile>
<id>artifacts</id>
<repositories>
<repository>
<id>mulesoft-releases</id>
<name>MuleSoft Repository</name>
<url>http://repository.mulesoft.org/releases/</url>
<layout>default</layout>
</repository>
<repository>
<id>maven-central</id>
<snapshots><enabled>false</enabled></snapshots>
<url>http://central.maven.org/maven2</url>
</repository>
</repositories>
</profile>
# Enable `<activeProfiles>` to include the above profile.
<activeProfiles>
<activeProfile>artifacts</activeProfile>
</activeProfiles>
# 修改proxy
<proxy>
<id>optional</id>
<active>true</active>
<protocol>http</protocol>
<username>proxyuser</username>
<password>proxypass</password>
<host>proxy.host.net</host>
<port>80</port>
<nonProxyHosts>local.net|some.host.com</nonProxyHosts>
</proxy>
安装go
#go` version > `go1.11.4` & <= `go1.14.1`
wget https://dl.google.com/go/go1.14.1.linux-amd64.tar.gz
tar -xzf go1.14.1.linux-amd64.tar.gz
sudo mv go /usr/local
# 创建一个project de workspace: ~/.go
mkdir ~/.go
# 设置环境变量
sudo vim /etc/bashrc
export GOROOT=/usr/local/go
export GOPATH=~/.go
export PATH=$GOPATH/bin:$GOROOT/bin:$PATH
[root@localhost v2.1.0]# ./isecl_bootstrap_v2.1.0.sh -b
YYY---- /usr/local/go
mkdir: cannot create directory ‘/root/.tmp’: File exists
Info: building external-artifacts with “ant”
Info: building contrib with “ant”
Info: building tpm-tools-windows with “ant”
Info: building common-java with “ant”
Info: building k8s-extensions with “make all”
Error: running “make all” on repository [k8s-extensions]
Info: building certificate-management-service with “make all”
Info: building authservice with “make all”
Info: building workload-policy-manager with “make all”
Error: running “make all” on repository [workload-policy-manager]
Info: building workload-agent with “make all”
Error: running “make all” on repository [workload-agent]
Info: building workload-service with “make all”
Info: building lib-common with “ant”
Info: building lib-privacyca with “ant”
Info: building lib-tpm-provider with “ant”
Info: building lib-platform-info with “ant”
Info: building lib-host-connector with “ant”
Info: building lib-asset-tag-creator with “ant”
Info: building lib-asset-tag-provisioner with “ant”
Info: building lib-flavor with “ant”
Info: building lib-verifier with “ant”
Info: building lib-saml with “ant”
Info: building privacyca with “ant”
Info: building trustagent with “ant”
Info: building verification-service with “ant”
Info: building attestation-hub with “ant”
Info: building key-broker-service with “ant”
Info: building go-trustagent with “make all”
编译完成后对应的生成目录
Built Binaries:
* certificate-management-service: `certificate-management-service/out/`
* authservice: `authservice/out/` [includes `install_pgdb.sh,create_db.sh`]
* trustagent: `go-trustagent/out/`
* verification-service: `verification-service/packages/host-verification-service-linux/target/`
* attestation-hub: `attestation-hub/packages/attestation-hub/target/`
* k8s-extensions: `k8s-extensions/out/`
* workload-policy-manager: `workload-policy-manager/out/`
* workload-service: `workload-service/out/`
* key-broker-service: `key-broker-service/packages/kms/target/`
*
安装postgresql数据库(authservice)
# add postgresql repos
sudo yum install -y https://download.postgresql.org/pub/repos/yum/11/redhat/rhel-7-x86_64/pgdg-redhat-repo-latest.noarch.rpm
yum module disable postgresql
# install the postgresql
cd authservice/out
touch iseclpgdb.env
./install_pgdb.sh
# create the users for the db
./create_db.sh aas_db aas_db_user password
./create_db.sh mw_as vs_db_user password
安装Certificate Management Service
cp v2.1.0/certificate-management-service/out/cms-v2.1.0.bin /root
cd /root
touch cms.env
# 添加如下配置
AAS_TLS_SAN=<comma-separated list of IPs and hostnames for the AAS>,127.0.0.1,localhost
SAN_LIST=<comma-separated list of IPs and hostnames for the CMS>,127.0.0.1,localhost
AAS_API_URL=https://<Authentication and Authorization Service IP or Hostname>:8444/aas
./cms-v2.1.0.bin
#检测cms的状态
cms status
cms setup cms_auth_token --force
cms tlscertsha384