Intel secl-dc 环境的搭建

最新推荐文章于 2024-07-24 15:58:31 发布

spuyan

最新推荐文章于 2024-07-24 15:58:31 发布

阅读量391

点赞数

本文链接：https://blog.csdn.net/spuyan/article/details/107711495

版权

Using Subscription-Manager

To see a list of available repositories:
[root@server ~]# subscription-manager repos --list

To enable a specific repository:
[root@server ~]# subscription-manager repos --enable=rhel-6-server-optional-rpms

To disable a specific repository:
[root@server ~]# subscription-manager repos --disable=rhel-6-server-optional-rpms

安装JDK

# sudo dnf install java-1.8.0-openjdk-devel
# java -version
## 输出如下
openjdk version "1.8.0_222"
OpenJDK Runtime Environment (build 1.8.0_222-b10)
OpenJDK 64-Bit Server VM (build 25.222-b10, mixed mode)

## 配置JAVA_HOME
# 查看jdk安装的目录
which java
ls -lrt /usr/bin/java
ls -lrt /etc/alternatives/java

#添加环境变量到/etc/profile
# sudo vim /etc/profile
export JAVA_HOME=/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.262.b10-0.el8_2.x86_64
export JRE_HOME=$JAVA_HOME/jre
export CLASSPATH=$JAVA_HOME/lib:$JRE_HOME/lib:$CLASSPATH
export PATH=$JAVA_HOME/bin:$JRE_HOME/bin:$PATH

安装Maven

# Maven`, version >= `3.6.3`
wget https://archive.apache.org/dist/maven/maven-3/3.6.3/binaries/apache-maven-3.6.3-bin.tar.gz
tar zxvf apache-maven-3.x.y.tar.gz

# 添加新的环境变量
sudo vim /etc/bashrc
export M2_HOME=/home/syan10/Downloads/tools/apache-maven-3.6.3
export PATH=$M2_HOME/bin:$PATH

# 配置maven
# 在apache-maven-3.6.3/confs/settings.xml->profiles section下面添加新的profile
   <profile>
       <id>artifacts</id>
       <repositories>
       <repository>
           <id>mulesoft-releases</id>
           <name>MuleSoft Repository</name>
           <url>http://repository.mulesoft.org/releases/</url>
           <layout>default</layout>
       </repository>
       <repository>
           <id>maven-central</id>
           <snapshots><enabled>false</enabled></snapshots>
           <url>http://central.maven.org/maven2</url>
       </repository>
       </repositories>
   </profile>

  # Enable `<activeProfiles>` to include the above profile.
   <activeProfiles>
        <activeProfile>artifacts</activeProfile>
    </activeProfiles>
  
 # 修改proxy
  <proxy>
	  <id>optional</id>
	  <active>true</active>
	  <protocol>http</protocol>
	  <username>proxyuser</username>
	  <password>proxypass</password>
	  <host>proxy.host.net</host>
	  <port>80</port>
	  <nonProxyHosts>local.net|some.host.com</nonProxyHosts>
  </proxy>

安装go

#go` version > `go1.11.4` & <= `go1.14.1`
wget https://dl.google.com/go/go1.14.1.linux-amd64.tar.gz

tar -xzf go1.14.1.linux-amd64.tar.gz
sudo mv go /usr/local

# 创建一个project de workspace: ~/.go
mkdir ~/.go

# 设置环境变量
sudo vim /etc/bashrc
export GOROOT=/usr/local/go
export GOPATH=~/.go
export PATH=$GOPATH/bin:$GOROOT/bin:$PATH

[root@localhost v2.1.0]# ./isecl_bootstrap_v2.1.0.sh -b
YYY---- /usr/local/go
mkdir: cannot create directory ‘/root/.tmp’: File exists
Info: building external-artifacts with “ant”
Info: building contrib with “ant”
Info: building tpm-tools-windows with “ant”
Info: building common-java with “ant”
Info: building k8s-extensions with “make all”
Error: running “make all” on repository [k8s-extensions]
Info: building certificate-management-service with “make all”
Info: building authservice with “make all”
Info: building workload-policy-manager with “make all”
Error: running “make all” on repository [workload-policy-manager]
Info: building workload-agent with “make all”
Error: running “make all” on repository [workload-agent]
Info: building workload-service with “make all”
Info: building lib-common with “ant”
Info: building lib-privacyca with “ant”
Info: building lib-tpm-provider with “ant”
Info: building lib-platform-info with “ant”
Info: building lib-host-connector with “ant”
Info: building lib-asset-tag-creator with “ant”
Info: building lib-asset-tag-provisioner with “ant”
Info: building lib-flavor with “ant”
Info: building lib-verifier with “ant”
Info: building lib-saml with “ant”
Info: building privacyca with “ant”
Info: building trustagent with “ant”
Info: building verification-service with “ant”
Info: building attestation-hub with “ant”
Info: building key-broker-service with “ant”
Info: building go-trustagent with “make all”

编译完成后对应的生成目录

Built Binaries:
        * certificate-management-service: `certificate-management-service/out/`
        * authservice: `authservice/out/` [includes `install_pgdb.sh,create_db.sh`]
        * trustagent: `go-trustagent/out/`
        * verification-service: `verification-service/packages/host-verification-service-linux/target/`
        * attestation-hub: `attestation-hub/packages/attestation-hub/target/`
        * k8s-extensions: `k8s-extensions/out/`
        * workload-policy-manager: `workload-policy-manager/out/`
        * workload-service: `workload-service/out/`
        * key-broker-service: `key-broker-service/packages/kms/target/`
        *

安装postgresql数据库（authservice）

# add postgresql repos
sudo yum install -y https://download.postgresql.org/pub/repos/yum/11/redhat/rhel-7-x86_64/pgdg-redhat-repo-latest.noarch.rpm
yum module disable postgresql

# install the postgresql
cd authservice/out
touch iseclpgdb.env
./install_pgdb.sh

# create the users for the db
./create_db.sh aas_db aas_db_user password
./create_db.sh mw_as vs_db_user password

安装Certificate Management Service

cp v2.1.0/certificate-management-service/out/cms-v2.1.0.bin /root
cd /root
touch cms.env
# 添加如下配置
AAS_TLS_SAN=<comma-separated list of IPs and hostnames for the AAS>,127.0.0.1,localhost
SAN_LIST=<comma-separated list of IPs and hostnames for the CMS>,127.0.0.1,localhost
AAS_API_URL=https://<Authentication and Authorization Service IP or Hostname>:8444/aas

./cms-v2.1.0.bin

#检测cms的状态
cms status

cms setup cms_auth_token --force

cms tlscertsha384