24.09.02
Mold Security certification Install
- Network bridge config
- management server
- host

Network bridge config
cockpit start(ip:9090) > create bridge0 > cockpit stop

management server
1. Create vm

	 Rocky-9.3-x86_64-gui

2. Download file

	https://images.ablecloud.io/mold/security_certification_rpm/

	install_prepare-4.0.15-1.el9.x86_64.rpm
	
	ABLESTACK-V4.0-4.0.15-1.el9.x86_64.rpm


3. Rpm install

	dnf -y install install_prepare-4.0.15-1.el9.x86_64.rpm

	tail -f /var/log/mold_install_preparation.log

	dnf -y install ABLESTACK-V4.0-4.0.15-1.el9.x86_64.rpm

4. bootstrap.sh
	
	sh /opt/ABLESTACK-V4.0-4.0.15/bootstrap.sh

	tail -f /var/log/mold_install.log

	/opt/ABLESTACK-V4.0-4.0.15/after_setting.sh

5. Delete specified ip

| id | account_id | name                    | value         |
+----+------------+-------------------------+---------------+
|  1 |          2 | api.allowed.source.ip   | 10.10.254.103 |
|  2 |          2 | api.allowed.source.cidr | 32            |
+----+------------+-------------------------+--------------

DELETE FROM cloud.account_details WHERE id='1';
DELETE FROM cloud.account_details WHERE id='2';
FLUSH PRIVILEGES;

6. Register Systemvm user
Register system user
INSERT INTO `user` (`id`, `uuid`, `username`, `password`, `account_id`, `firstname`, `lastname`, `email`, `state`, `api_key`, `secret_key`, `created`, `removed`, `timezone`, `registration_token`, `is_registered`, `incorrect_login_attempts`, `default`, `source`, `external_entity`, `is_user_2fa_enabled`, `key_for_2fa`, `user_2fa_provider`)
VALUES
	(1, 'a854e344-4d6e-11ef-a0a5-0024814f33c3', 'system', '0.9972264748040833', 1, 'system', 'cloud', NULL, 'enabled', NULL, NULL, '2024-07-29 14:51:53', NULL, NULL, NULL, 0, 0, 1, 'UNKNOWN', NULL, 0, NULL, NULL);

7. Mold start
	mold stop / mold start

8. Mold connection
	https://ip:8443

* logfile
mold log4j
	/etc/cloudstack/management/log4j-cloud.xml



host
1. Download file

	https://images.ablecloud.io/mold/security_certification_rpm/

	install_hypervisor_prepare-4.0.15-1.el9.x86_64.rpm


	dnf -y install install_hypervisor_prepare-4.0.15-1.el9.x86_64.rpm

	tail -f /var/log/mold_install_hypervisor_preparation.log 

	systemctl restart cloudstack-agent.service