FRED Howto

Contents

Requirements
Database setup
Components installation

FRED servers Apache modules Web applications

Configuration & customization

Central registry ...

Requirements

FRED is designed to run Linux (and was tested on Linux only), but will probably run on any Unix operating system which meets the requirements. FRED requires following additional software to be installed:

You will also need usual development tools like gcc, autoconf, make, bison etc.

Download

Download FRED source tarballs from download section on FRED website. You must have following source tarballs:

Database setup

FRED uses PostgreSQL as the database for registry data storage. You need to create database structure before running all server daemons. To create it proceed through following steps:

  1. Create user fred. 
     # su postgres -c "createuser -S -D -R -l fred"
 CREATE ROLE
  2. Create database fred. 
    # su postgres -c "createdb -E UTF-8 -O fred fred"
CREATE DATABASE
  3. Unpack the package fred-db which contains basic database structure for FRED. 
    tar xzf fred-db_1.6.0.tar.gz 
cd fred-db-1.6.0/
  4. Feed the database with generated sql script by running: 
     # ./orderedsql.sh | psql -U fred -q fred

The database is now ready.
Note: Setup connection rights in pg_hba.conf file. Setup either trust or md5 autentization. 

# "local" is for Unix domain socket connections only                                                                                                         
local   all         all                               trust

or 

# "local" is for Unix domain socket connections only                                                                                                         
local   all         all                               md5

Components installation

FRED IDL

  1. Unpack IDL files to /usr/share/idl/fred/ 
       # mkdir -p /usr/share/idl/fred/
   # tar -xzf fred-idl-1.6.1.tar.gz -C /tmp
   # mv /tmp/fred-idl-1.6.1/* /usr/share/idl/fred/

FRED server

FRED server contains three C++ CORBA servers called fred_rifd, fred_pifd, fred_adifd and one Python corba server called pyfred. Install them the followinf way:

  1. Install common build toolchain On Debian: 
         # apt-get install build-essential
  2. Install postgresql development libraries: 
         # apt-get install libpq-dev
  3. Install omniORB development libraries On Debian: 
         # apt-get install omniidl4 omniidl4-python libomniorb4-dev libomnithread3-dev
  4. Install libdaemon development libraries On Debian: 
         # apt-get install libdaemon-dev
  5. Install boost development framework On Debian: 
         # apt-get install libboost-dev libboost-date-time-dev libboost-program-options-dev libboost-regex-dev
  6. Unpack fred-server package, configure the build, compile C++ servers and install them: 
         tar xzf fred-server_1.6.2.tar.gz 
     cd fred-server-1.6.2/
     ./configure --prefix=/usr && make
  7. Run make install as root: 
         # make install
  8. Create initial configuration 
         # mkdir /etc/fred
     # cp server.conf.example /etc/fred/server.conf

FRED server - python components

  1. Unpack pyfred package 
       $ tar xzf pyfred_1.6.2.tar.gz
   $ cd pyfred-1.6.2/
  2. Build IDL files 
       $ python setup.py build_idl
  3. Build pyfred 
       $ python ./setup.py build
  4. Change to root and install pyfred 
       # python ./setup.py install
  5. Create initial configuration 
       # cp pyfred.conf-example /etc/fred/pyfred.conf

Install fred2pdf

  1. Install PIL (Python Imaging Library): On Debian: 
       # apt-get install python-imaging
  2. Install ReportLab 2.0 On Debian: 
       # apt-get install python-reportlab
  3. Install TinyRML On Debian: 
       # apt-get install tinyerp-server
  4. Install xsltproc (part of libxslt) On Debian: 
       # apt-get install xsltproc
  5. Unpack fred2pdf 
       $ tar -xzf fred2pdf-1.1.0.tar.gz 
   $ cd fred2pdf-1.1.0/
  6. Build fred2pdf 
       $ python ./setup.py build
  7. Change to root and install 
       # python ./setup.py install
    If setup.py cannot find rml2pdf module, try tweaking TINYERP_PATH in setup.py according to your setup.
  8. Check created configuration Configuration was created in /etc/fred/fred2pdf.conf

Apache2.x mod_corba

  1. Install apache2.x development libraries On Debian: 
       # apt-get install apache2-threaded-dev
  2. Install liborbit2 development libraries On Debian: 
       # apt-get install liborbit2-dev
  3. Unpack mod-corba 
       $ tar -xzf mod-corba-1.1.2.tar.gz 
   $ cd mod-corba-1.1.2/
  4. Configure and compile 
       $ ./configure --prefix /usr && make
  5. Install 
       # make install
  6. Load module into apache2.x Add following snipet to apache2.x configuration 
       LoadModule corba_module    /usr/lib/apache2/modules/mod_corba.so
    Adjust paths as necessary.

Apache2.x mod_eppd

  1. Install libxml2 development libraries: On Debian: 
       # apt-get install libxml2-dev
  2. Unpack mod_eppd 
       $ tar -xzf mod-eppd-1.4.1.tar.gz 
   $ cd mod-eppd-1.4.1/
  3. Configure and compile 
       $ ./configure --prefix /usr && make
  4. Install 
       # make install
  5. Load module into apache2.x Add following snipet to apache2.x configuration 
       LoadModule eppd_module    /usr/lib/apache2/modules/mod_eppd.so
    Adjust paths as necessary.
  6. Configure EPP service Add following snipet to apache2.x configuration 
       Listen 217.31.204.195:700

   <VirtualHost 217.31.204.195:700>

    CorbaEnable           On
    CorbaNameservice      "localhost"
    CorbaObject           "EPP"   "EPP_alias"

    EPPprotocol           On
    EPPObject             "EPP_alias"
    EPPschema             "/etc/apache2/schemas/all-1.3.xsd"
    EPPservername         "CZ.NIC's EPP server"
    EPPlog                "/var/log/apache2/eppd.log"
    EPPloglevel           error
    EPPvalidResponse      Off

    SSLEngine             on
    SSLCipherSuite        ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
    SSLVerifyClient       require
    SSLCertificateFile    /etc/apache2/ssl/mod_eppd.pem
    SSLCertificateKeyFile /etc/apache2/ssl/mod_eppd.pem
    SSLCACertificateFile  /etc/apache2/ssl/ca.pem
    SSLVerifyDepth        1

   </VirtualHost>

Apache2.x mod_whoisd

  1. Unpack mod_whoisd 
       $ tar -xzf mod-whoisd-1.3.2.tar.gz 
   $ cd mod-whoisd-1.3.2/
  2. Configure and compile 
       $ ./configure --prefix /usr && make
  3. Install 
       # make install
  4. Load module into apache2.x Add following snipet to apache2.x configuration 
       LoadModule whoisd_module    /usr/lib/apache2/modules/mod_whoisd.so
    Adjust paths as necessary.
  5. Configure whoisd service Add following snipet to apache2.x configuration 
    Listen 217.31.204.195:43

<VirtualHost 217.31.204.195:43>

  CorbaEnable           On
  CorbaNameservice      "localhost"
  CorbaObject           "Whois" "Whois_alias"

  WhoisProtocol         On
  WhoisDisclaimer       "/dev/null"
  WhoisWebURL           "http://localhost/whois/"
  WhoisDelay            100
  WhoisObject           "Whois_alias"

</VirtualHost>

Install fred_client

  1. Unpack fred_client 
       # tar -xzf fred-client-1.5.2.tar.gz 
   # cd fred-client-1.5.2
  2. Install fred_client 
       ./install.sh

Install FRED whois

  1. Chdir to /opt 
        # cd /opt
  2. Unpack fred-whois 
       # tar -xzf fred-whois-1.5.3.tar.gz
  3. Symlink current version to /opt/whois 
       # ln -s fred-whois-1.5.3 whois
  4. Configure IDL file location in /opt/whois/whois.conf 
       # $EDITOR /opt/whois/whois.conf
   # edit:: idl: /usr/share/idl/fred/ccReg.idl
  5. Install python modules: cherrypy simpletal omniorb2 On Debian: 
       # apt-get install python-cherrypy python-simpletal python-omniorb2 omniidl4-python
  6. Install mod-python On Debian: 
       # apt-get install libapache2-mod-python
  7. Configure apache: Add this to your virtual host: 
            Alias /whois /opt/whois

        <Directory /opt/whois>
                Options FollowSymLinks +Includes
                AllowOverride None
                Order allow,deny
                Allow from all

                DirectoryIndex whois.py
                AddHandler mod_python .py
                PythonHandler whois
                PythonDebug On
        </Directory>

Install FRED WebAdmin

  1. Chdir to /opt
  2. Unpack fred-webadmin-<latest>.tar.gz
  3. Symlink latest version to /opt/fred-webadmin 
           ln -sf /opt/fred-webadmin-<latest> /opt/fred-webadmin
  4. Install cherrypy and omniorb2 modules: On Debian: 
       # apt-get install python-cherrypy python-omniorb2
  5. Configure cherrypy in /opt/fred-webadmin/cherry.conf 
       #
   # CherryPy specific config parts
   #
   
   [global]
   server.socket_port = 18456
   server.socket_host = "localhost"
   server.thread_pool = 10
   server.environment = "production"
   session_filter.on = True
   tools.sessions.on = True
   static_filter.root = "/opt/fred-webadmin/data"
   server.log_to_screen = False
   server.log_file = "/var/log/fred-webadmin.log"
   
   [/css]
   static_filter.on = True
   static_filter.dir = "css"
   
   [/img]
   static_filter.on = True
   static_filter.dir = "img"
   
   [/js]
   static_filter.on = True
   static_filter.dir = "js"
   
   #
   # Application specific config parts
   #
  6. Configure webadmin in /opt/fred-webadmin/admin.conf 
       [application]
   debug = False
   
   [templates]
   # templates location
   path = /opt/fred-webadmin/templates/
   
   [cherry_config]
   # cherry.conf location
   path = /opt/fred-webadmin/
   
   [lib]
   # additional program files location (corba.py, corbaparser.py, exposed.py, ..)
   path = /opt/fred-webadmin/
   
   [html]
   title = FRED Webadmin
   header = FREDWebAdmin-Location
   tablesize = 45
   
   [corba]
   idl = /usr/share/idl/fred/ccReg.idl
   ior = corbaname::db-s-01.nic.cz
   
   [gettext]
   domain: adif
   localepath: /opt/fred-webadmin/locale
   pattern: :([\-_a-zA-Z0-9]*):
   #lang: cs_CZ
   lang: en_US

Ride the BEAST

Install and run omniorb nameservice

  1. Install omniorb nameserver and tools On Debian: 
         apt-get install omniorb4-nameserver omniorb4
  2. Run omniorb nameservice On Debian (should be started when installed): 
         /usr/sbin/invoke-rc.d omniorb4-nameserver start
  3. Check if it is running: 
         nameclt list
    Should return empty listing

Start CORBA servers

Default configuration is sufficient with trust autentization and should work out of the box. However it is strongly suggest you check both /etc/fred/server.conf and /etc/fred/pyfred.conf before running CORBA servers.

  1. Install python omniorb bindings On Debian: 
       # apt-get install python-omniorb2
  2. Install clearsilver, dnspython and pygresql python modules On Debian: 
       # apt-get install python-clearsilver python-dnspython python-pygresql
  3. Install fpdns, whois and openssl On Debian: 
       # apt-get install fpdns whois openssl
  4. Start pyfred server 
       # /usr/bin/pyfred_server.py 
   File /etc/fred/pyfred.conf used as config file
   Check appropriate log file if pyfred was started successfully
   Logging to syslog since now
  5. Run CORBA servers 
       fred-rifd -ORBnativeCharCodeSet UTF-8 -ORBendPoint giop:tcp:localhost:2222
   fred-adifd -ORBnativeCharCodeSet UTF-8 -ORBendPoint giop:tcp:localhost:2223
   fred-pifd -ORBnativeCharCodeSet UTF-8 -ORBendPoint giop:tcp:localhost:2224
    PID files are created in /var/run/
  6. Run WebAdmin 
       /opt/fred-webadmin/adif.py
    NOTE: WebAdmin doesn't fork itself to background, so you have to ensure it by some other means.

Create certificates

  1. Setup CA.pl from openssl
  2. Install CA certificate to /etc/apache2/ssl/ca.pem
  3. Create server certificate and install it to /etc/apache2/ssl/eppd.pem
  4. Create client certificate for FRED client and put it to home directory ~/fred.pem
  5. (Re)start apache2.x

Create your first registrar

  1. Get MD5 hash from client certificate:
  2. Choose handle (REG-REGISTRAR)
  3. Choose password for registrar
  4. Full script 
    #!/bin/bash
MD5=$((openssl x509 -noout -fingerprint -md5 -in ~/fred.pem))
HANDLE=REG-REGISTRAR
PASSWD=change_me
NAME="Registrar Name"
psql -U fred fred << _EOF_
INSERT INTO registrar (handle,name) VALUES ('${HANDLE}','${NAME}');
INSERT INTO registraracl (registrarid,cert,password) VALUES (currval('registrar_id_seq'),'${MD5}','${PASSWORD}');
_EOF_
  5. Create new zone: 
    #!/bin/bash
ZONE=change_me
PRIMARY=primary.ns.change_me
HOSTMASTER=hostmaster.change_me
fred -U fred fred << _EOF_
INSERT INTO zone (fqdn,ex_period_min,ex_period_max,val_period,dots_max) VALUES('${ZONE}', 12, 12, 0, 1);
INSERT INTO zone_soa (Zone, TTL, Hostmaster, Serial, Refresh, Update_retr, Expiry, Minimum, ns_fqdn) VALUES (curval('zone_id_seq'), 18000, '${HOSTMASTER}', NULL, 10600, 3600, 1209600, 7200, '${PRIMARY}');
INSERT INTO zone_ns (Zone, fqdn, addrs) VALUES (curval('zone_id_seq'), '${PRIMARY}', '{}');
INSERT INTO registrarinvoice (registrarid,zone,fromdate) VALUES (currval('registrar_id_seq'),curval('zone_id_seq'),NOW());
_EOF_

Configure fred_client

  1. Create first configuration in ~/.fred_client.conf 
    [connect]
dir=/root/
host = localhost
port = 700
ssl_cert = %(dir)s/fred.pem
ssl_key  = %(dir)s/fred.pem
username = REG-REGISTRAR
password = change_me

;; Every XML namespace can have the version independent to others:
schema_version_contact = 1.2
schema_version_nsset   = 1.2
schema_version_domain  = 1.2
schema_version_enum    = 1.1
schema_version_fred    = 1.0
schema_version_epp     = 1.0

;; socket timeout in sec. In MS Windows MUST be set to 0.0 (timeout bug)
timeout = 10.0

;; turn off automatic login process after start up
nologin = n

[session]
schema = /etc/apache2/schemas/all-1.2.xsd

;; send "poll ack" right after to "poll req"
poll_autoack = off

;; confirm all editable commands
confirm_send_commands = on

;; enable/disable xmllint
validate = on

;; display colors on tty console
colors = yes

;; set verbose level 1,2,3
verbose = 1

1,2,3...LAUNCH

  1. Start fred_client 
       fred_client
  2. Point your webbrowser to http://localhost:18456/ to get webadmin, user is superuser with password superuser123.