elastic8

So i installed Debian Sarge on Amazon's EC2 service.

The thing is, Amazon doesn't give you a static ip address or dns name ... so either use a dynamic dns service (something like no-ip, dyndns or any other one) or do your own thing.

I chose to do my own, and found this piece of software . They offer a service too, but i used only the software and installed the daemon on another machine i use (outside amazon). Though Debian Sarge has Dhis in the package collection, it's an older release which doesn't work with bind9 so i had to install from source.

Dhis works ok and the latest version can do alot more than dns (you can have custom plugins for it made to do whatever you want).

You can get the latest version or use your system's package management tool ( yum, apt, yast, installpkg, etc).
On Debian Sarge we've got:

# apt-cache show dhis-server | grep Version
Version: 5.1-4

and

# apt-cache show dhis-client | grep Version
Version: 5.2-3

-- Installing the server --

The server should be installed on a machine outside Amazon's EC2 and preferably this machine should be your dns
server for your domains. If you're running bind9 on Debian Sarge you should install the latest server version as 5.1-4 doesn't have bind9 support (only 8).
Install the dependencies (GNU MultiPrecision library)

# aptitude -P install libgmp3 libgmp3-dev

Get the latest stable dhis server source , uncompress it, change in the soruce directory and compile.

# wget ftp://ftp.dhis.org/pub/dhis/dhisd-5.2.tar.gz
# tar -xzf dhisd-5.2.tar.gz
# cd dhisd-5.2
# make

By default the server expects its config files, log dir and bin dir to be in /etc/dhis . If you choose to
do them otherwise , skip this part and go to database creation.

# mkdir -p /etc/dhis/bin /etc/dhis/db /etc/dhis/log /etc/dhis/pid

And copy the server binary file to /etc/dhis/bin

# cp dhisd /etc/dhis/bin/

Create your database file, wich contains the dynamic clients

# touch /etc/dhis/db/dhis.db

and edit it using your favourite editor.
It should contain at least on key for every dynamic client you have (let's say every EC2 instance that will register for a DNS name).
The key is generate with genkey wich is found in the dhisd source directory.
Example:

# ./genkeys
AuthP 35423165514976489051459511338130898913672095739118
AuthP 30907751211136410319842228151436791715169263421519
AuthQ 14840625041971864884834108281212542726477220505623
AuthQ 12813936212815421346285571120488066206911466155747
AuthN 52570191720747427461702454305981725978854624344854
AuthN 38073470694885629110725445967387647256085472251055
AuthN 21900853684668056129429225657422425410041493127793
AuthN 9467824245158679412102676519824203139506965319693

You could use for authentication a clear text password, but this isn't secure, so we're using the keys as theese provide a public/private key system.

The AuthN lines go on the server and the AuthP and AuthQ go on the client side.
Edit the /etc/dhis/db/dhis.db file

1000 {
AuthN 52570191720747427461702454305981725978854624344854
AuthN 38073470694885629110725445967387647256085472251055
AuthN 21900853684668056129429225657422425410041493127793
AuthN 9467824245158679412102676519824203139506965319693
Service dns
HostName your-host-name.com
}

The service dns line tells us wich module will handle this request a succesful authentication.
Quote from the dhisd documentation:
"Any line inside a record that does not have a known keyword
is discarded and thus, may be used as a comment or additional
information.
"
The HostName line is discarded by the dhis daemon but it's taken into account by the DNS module.
By the way, keywords are case insensitive.

Now you should install the dns engine module (and any other modules you need) and create/edit the /etc/dhis/db/services.db file.

# wget ftp://ftp.dhis.org/pub/dhis/dhis-dns-engine-5.1.tar.gz
# cd dhis-dns-engine-5.1

As a dependecy you need bind8 or higher and the nsupdate tool.

# apt-file search nsupdate
bind: usr/sbin/nsupdate
dnsutils: usr/bin/nsupdate
dnsutils: usr/share/man/man8/nsupdate.8.gz

On Debian Sarge the bind package contains bind8 so probably you have installed bind9 so you'll need to have installed the dnsutils package.

# aptitude -P install dnsutils

Because by default the dhis dns engine expects to find nsupdate in /usr/sbin/nsupdate and you just
installed it in /usr/bin/nsupdate you need to edit nsupdate.c from the source dir and change NSUPDATE_CMD to the right path.

Now it's time to compile the module, and install it so:

# make
# cp dhis-dns-engine /etc/dhis/bin

Now create/edit the /etc/dhis/db/services.db file and add :

dns 2 /etc/dhis/bin/dhis-dns-engine

Where dns is the service name and 2 is the number of servers running (increase it to your needs).
The HostName line from the /etc/dhis/db/dhis.db we created earlyer tells the dns engine wich record to add/change for this client.

Now, the last step is to edit your named (Bind) configuration to allow updates.
I keep my setup in /etc/bind/named.conf.local. You should change the file wich is suited for your bind install. In the named config file edit your desired zone to something like:

zone "your-host-name.com" in {
type master;
file "db.your-host-name.com";
allow-update { 127.0.0.1; x.x.x.x; };
};

The important part is to have in the allow-update the ip of your machine wich is running the dhis daemon.
In our case it's 127.0.0.1 for security considerations.
We assume that you already had your bind config done and your zone file done and you have basic understanding of how bind/named is supposed to be configured.
Now restart your bind/named server and keep in mind that updates to that zone should be done from now on with the nsupdate tool or some similar tool, don't edit the zone file by hand, as you will have problems.
Every time you add new records to the dhisd daemon you have to restart it.
Now start the dhis daemon by doing a:

# /etc/dhis/bin/dhisd

You should add it to your system startup scripts too.

-- Installing the client --
So, we have set up the server, no we're gonna do the client machine.
Probably it would work with the dhis client from the package system, but we will use the newest one , so do a

# wget ftp://ftp.dhis.org/pub/dhis/dhid-5.3.tar.gz
# tar -xzf dhid-5.3.tar.gz
# cd dhid-5.3

install the GNU Multiprecision Library as it it's required by dhis client

# aptitude -P install libgmp3 libgmp3-dev

and compile and copy the binary someware

# make
#cp dhid /usr/local/bin

Create the config file touch /etc/dhid.conf and fill in with the following:

{
HostID 1000
AuthP 35423165514976489051459511338130898913672095739118
AuthP 30907751211136410319842228151436791715169263421519
AuthQ 14840625041971864884834108281212542726477220505623
AuthQ 12813936212815421346285571120488066206911466155747
ISAddr YOUR_DHIS-SERVER-IP_ADDRESS
}

Where HostID must be the same as in the server config file and AuthP,AuthQ are the ones that you generated in the begging and are paired with the AuthN values.

Now the only thing remaining is to start the daemon.

# mkdir -p /var/run/dhid
# /usr/local/bin/dhid -P /var/run/dhid/dhid.pid -f /etc/dhid.conf

Add the last line to your system's startup scripts.

Now you are done, you have a dynamic dns system and you can use your machine by it's name.