Skip to content

Configuration

Configuration of opus should take around 10 minutes.

You will:

  • Configure networking.
  • Setup an SSH key.
  • Set a strong admin password.
  • Provide an Active Directory server for user authentication.

Networking

After deploying the virtual machine it is good practice to set a static IP address for the appliance.

Note

To complete this step you will require:

  • An available static IP address
  • Routing and DNS settings

Connect to the virtual machine's Remote Console to access a command prompt.

If DHCP is configured to return settings that are applicable in a static context, helpful commands when configuring a static address include:

Command Description
ip route | grep default Print the default gateway set by DHCP
ip addr show eth0 Print the current IP address and netmask
cat /etc/resolv.conf Show the current DNS settings

Run sudo netconf to start the network setup utility:

Chrome - Netconf

Once configuration is complete, run sudo reboot from the Remote Console to restart Opus with the new address.

Securing the appliance

Once the appliance's networking is configured the next step is to secure it.

Connect to the appliance with a web-browser using the address shown in vSphere.

Opus creates a self-signed certificate on first boot that will be reported as insecure by browsers:

Chrome - Browser warning

Manually verify that the connection is secure by viewing the certificate:

Chrome - 'Not Secure'

Scroll down and verify that the SHA256 fingerprint:

Chrome - Certificate

...matches the output of the fingerprint command on the Remote Console:

Web Console - Fingerprint

Warning

The fingerprint command is not available over SSH.

When you are satisfied that the connection is secure, trust the certificate and proceed to the appliance's web UI.

Master SSH key

Opus does not use a password for SSH authentication.

The first SSH connection to Opus will set a master key. Opus will pick a random port for this initial connection.

Note

Additional keys can be added after setup.

Grab the ssh command from the web UI and run it locally:

SSH Port

If you are on Windows you will need to download putty and configure an SSH key.

On connecting, the appliance should report that your key has been added:

SSH Connection

The appliance will add your public key to /var/disk/config/authorized_keys. Append public keys to this file to allow additional administrators access.

SSH will now run on port 22 as standard.

Admin password

Back in the web-browser, Opus will ask you to choose a strong password for the admin local account:

Admin Password

The admin account has complete control over the appliance. It is recommended that you generate a strong password and store it in a vault or password manager, then switch to using an Active Directory account for everyday access to Opus.

Opus can authenticate Active Directory users using LDAPS.

Note

To complete this step you will require:

  • The active directory domain you wish to use for authentication, plus the host and LDAPS port if it is not resolvable
  • The sAMAccountNames for list of groups you wish to allow access to Opus, e.g: All Users

Login to the web interface as admin and then click on the 'Users' tab. Click the 'Configure Active Directory' button:

Configure Active Directory

This will pop-up a web form:

Configure Active Directory: Form

You will need to provide:

Setting Description Default
Domain The domain used by Active Directory None
Host The host and port LDAPS is listening on. The host returned by a DNS lookup for Domain
Server name The server name presented on the certificate (this may be different to the domain). The certificate's common name
Search scope A scope to search for users in. The Domain formatted as a distinguished name
Groups One or more sAMAccountNames of any groups that are allowed access to Opus All Users

Installing custom HTTPS certificates (advanced, optional)

Replace the files at /var/disk/certs/https.key and /var/disk/certs/https.crt.

You can use ssh:

tar -c https.key https.crt | ssh opus@<address> -C "tar -x --no-same-owner -C /tmp/"

ssh opus@<address> -C "sudo mv /tmp/https.* /var/disk/certs/https.*"

or edit the files using vim or nano.

Reboot the appliance.

Complete

After setting a password for admin you will be asked to log in.

Setup is now complete.