Installing and Using Lightwave on Photon OS

• 1: Installing the Lightwave Server and Configuring It as a Domain Controller on a Photon Image
• 2: Installing the Lightwave Client on a Photon Image and Joining the Client to a Domain
• 3: Installing the Photon Management Daemon on a Lightwave Client
• 4: Remotely Upgrade a Single Photon OS Machine With Lightwave Client and Photon Management Daemon Installed
• 5: Remotely Upgrade Multiple Photon OS Machines With Lightwave Client and Photon Management Daemon Installed

1 - Installing the Lightwave Server and Configuring It as a Domain Controller on a Photon Image

You can configure Lightwave server as domain controller on a Photon client. You install the Lightwave server first. After the server is installed, you configure a new domain.

Prerequisites

• Prepare a Photon OS client for the Lightwave server installation.
• Verify that the hostname of the client can be resolved.
• Verify that you have 500 MB free for the Lightwave server installation.

Procedure

1. Log in to your Photon OS client over SSH as an administrator.

2. Install the Lightwave server by running the following command.

   # tdnf install lightwave -y

3. Configure the Lightwave server as domain controller by selecting a domain name and password for the administrator user.

   The minimum required password complexity is 8 characters, one symbol, one upper case letter, and one lower case letter. Optionally, if you want to access the domain controller over IP, configure the ip under the --ssl-subject-alt-name parameter. # configure-lightwave-server --domain <your-domain> --password '<administrator-user-password>' --ssl-subject-alt-name <machine-ip-address>

4. Edit iptables rules to allow connections to and from the client.

   The default Photon OS 3.0 firewall settings block all incoming, outgoing, and forwards so that you must reconfigure them.

   # iptables -P INPUT ACCEPT

   # iptables -P OUTPUT ACCEPT

   # iptables -P FORWARD ACCEPT

5. In a browser, go to https://lightwave-server-FQDN to verify that you can log in to the newly created domain controller.

   1. On the Cascade Identity Services page, enter the domain that you configured and click Take me to Lightwave Admin.
   2. On the Welcome page, enter administrator@your-domain as user name and the password that you set during the domain controller configuration and click LOGIN.

2 - Installing the Lightwave Client on a Photon Image and Joining the Client to a Domain

After you have set up a Lightwave domain controller, you can join Photon clients to that domain. You install the Lightwave client first. After the client is installed, you join the client to the domain.

Prerequisites

• Prepare a Photon OS client for the Lightwave client installation.
• Verify that the hostname of the client can be resolved.
• Verify that you have 184 MB free for the Lightwave client installation.

Procedure

1. Log in to your Photon OS client over SSH.

2. Install the Lightwave client by running the following command.

   # tdnf install lightwave-client -y

3. Edit the iptables firewall rules configuration file to allow connections on port 2020 as a default setting.

   The default Photon OS 3.0 firewall settings block all incoming, outgoing, and forwards so that you must configure the rules.

   1. Open the iptables settings file.

   # vi /etc/systemd/scripts/iptables

   2. Add allow information over tcp for port 2020 in the end of the file, save, and close the file.

   iptables -A INPUT -p tcp -m tcp --dport 2020 -j ACCEPT

   3. Run the following command to allow the required connections without restarting the client.

   # iptables -A INPUT -p tcp -m tcp --dport 2020 -j ACCEPT

4. Join the client to the domain by running the domainjoin.sh script and configuring the domain controller FQDN, domain, and the password for the administrator user.

   # domainjoin.sh --domain-controller <lightwave-server-FQDN> --domain <your-domain> --password '<administrator-user-password>

5. In a browser, go to https://Lightwave-Server-FQDN to verify that the client appears under the tenants list for the domain.

3 - Installing the Photon Management Daemon on a Lightwave Client

After you have installed and configured a domain on Lightwave, and joined a client to the domain, you can install the Photon Management Daemon on that client so that you can remotely manage it.

Prerequisites

• Have an installed Lightwave server with configured domain controller on it.
• Have an installed Lightwave client that is joined to the domain.
• Verify that you have 100 MB free for the daemon installation on the client.

Procedure

1. Log in to a machine with installed Lightwave client over SSH as an administrator.

2. Install the Photon Management Daemon.

   # tdnf install pmd -y

3. Start the Photon Management Daemon.

   # systemctl start pmd

4. Verify that the daemon is in an active state.

   # systemctl status pmd

5. (Optional) In a new console, use curl to verify that the Photon Management Daemon returns information.

   Use the root credentials for the local client to authenticate against the daemon service. # curl https://<lightwave-client-FQDN>:2081/v1/info -u root

6. (Optional) Create an administrative user for the Photon Management Daemon for your domain and assign it the domain administrator role.

   1. In a browser, go to https://lightwave-server-FQDN.
   2. On the Cascade Identity Services page, enter your domain name and click Take me to Lightwave Admin.
   3. On the Welcome page, enter administrative credentials for your domain and click Login.
   4. Click Users & Groups and click Add to create a new user.
   5. On the Add New User page, enter user name, at least one name, password, and click Save.
   6. Click the Groups tab, select the Administrators group, and click Membership to add the new user to the group.
   7. On the View Members page, select the user that you created, click Add Member, click Save, and click Cancel to return to the previous page.

4 - Remotely Upgrade a Single Photon OS Machine With Lightwave Client and Photon Management Daemon Installed

After you have a configured the Photon Management Daemon on a machine, you can remotely upgrade any installed package on that machine. You can use the root user credentials.

Upgrade process uses pmd-cli that is supported from both Lightwave and Photon Management Daemon. You can initiate the upgrade process from any machine that has Photon Management Daemon CLI installed.

Prerequisites

• Have an installed Lightwave server with configured domain controller on it.
• Have an installed Lightwave client that is joined to the domain.
• Have an installed Photon Management Daemon on the client.
• Have in installed Photon Management Daemon CLI (pmd-cli) on a machine from which you perform the updates.

Procedure

1. To initiate remote upgrade, log in to a machine that has Photon Management Daemon CLI installed over SSH.

2. Identify packages that can be upgraded on the client machine. 2. List the available updates for the machine.

    `# pmd-cli --server-name <machine-IP-address> --user root pkg list updates`
   

   3. Verify the currently installed version of a package, for example sed.

      # # pmd-cli –server-name –user root pkg installed sed` The installed version number shows as earlier than the one listed under the available updates.

3. Initiate the upgrade, in this example of the sed package, enter password, and wait for the command to complete.

   # pmd-cli --server-name <machine-IP-address> --user root pkg update sed

4. (Optional) Verify that the client machine package was upgraded successfully.

   1. Log in to the machine that was upgraded over SSH.

   2. List the installed version of the sed package.

      # pmd-cli --server-name <machine-IP-address> --user root pkg installed sed

5 - Remotely Upgrade Multiple Photon OS Machines With Lightwave Client and Photon Management Daemon Installed

After you have a configured the Photon Management Daemon (PMD) on multiple machines, you can remotely upgrade any installed package on these machines.

Upgrade process uses copenapi_cli that is supported from both Lightwave and Photon Management Daemon. You can initiate the upgrade process from any machine that has Photon Management Daemon installed.

Prerequisites

• Have an installed Lightwave server with configured domain controller on it.
• Have installed Lightwave clients that are joined to the domain.
• Have installed Photon Management Daemon on the clients.

Procedure

1. To initiate remote upgrade, log in to a Photon OS machine over SSH to install the Photon Management Daemon CLI.

   # tdnf install pmd-cli

2. Edit the copenapi_cli spec files so that you can specify the machines you want to upgrade and credentials to be used.

   1. Edit the .netrc file to specify machines to be upgraded and credentials for the PMD service.

      # vi ~/.netrc

   2. In the file, enter the IP addresses for the machines and administrative credentials, save and close the file.

      # machine <IP-address> login <pmd-administrative-user> password <pmd-administrative user-password>

   3. (Optional) Get the location of the restapispec.json file.

      # cat ~/.copenapi

      This command returns apispec=/root/restapispec.json as path for the spec file.

   4. Edit the restapispec.json file to enter the IP address of the machine to be upgraded.

      # vi /root/restapispec.json

   5. Change the host value to the IP address or the hostname of the machine, leave the port number, and save and close the file.

      "host":"<ip-address>:2081"

3. Initiate the upgrade, in this example of the sed package and wait for the command to complete.

   Specify -k to force blind trust of certificates and -n to use the credentials from the .netrc file. # copenapi_cli pkg update --packages sed -kn

4. (Optional) Verify that the package was upgraded successfully.

   1. Log in to the machine that was upgraded over SSH.

   2. List the installed version of the sed package.

      # tdnf list installed sed