Changeset 2318 for trunk

Sep 5, 2012, 11:41:51 PM (10 years ago)
Notes for setting up XVM test server.
2 edited


  • trunk/server/doc/

    r2316 r2318  
    308308# [PROD] Create fedora-ds user (needed for credit-card)
     309# [TEST] too if you want to run a local dirsrv instance
    309310useradd -r -d /var/lib/dirsrv fedora-ds
    319320# This is superseded by credit-card, which works for [PRODUCTION] and
    320321# [WIZARD].  We don't have an easy way of running credit-card for XVM...
    322324#   # All types of servers will have an /etc/daemon.keytab file, however,
    387389    find / -xdev -not -perm -o=x -prune -o -type f -perm /ug=s -print | grep -Fxvf /etc/scripts/allowed-setugid.list
    388390    find / -xdev -not -perm -o=x -prune -o -type f -print0 | xargs -0r /usr/sbin/getcap | cut -d' ' -f1 | grep -Fxvf /etc/scripts/allowed-filecaps.list
    389     # You can prune binaries using 'chmod u-s' and 'chmod g-s'
     391    # You can prune the first set of binaries using 'chmod u-s' and 'chmod g-s'
     392    # and remove capabilities using 'setcap -r'
     394# XXX check for selinux gunk
    391396# Fix etc by making sure none of our config files got overwritten
    430435# XXX: Someone should write sed scripts to do this
    431436# This involves editing the following files:
    432         \rm /etc/sysconfig/network-scripts/ifcfg-lo:{0,1,2,3}
    433         \rm /etc/sysconfig/network-scripts/route-eth1 # [TESTSERVER] only
     437        svn rm /etc/sysconfig/network-scripts/ifcfg-lo:{0,1,2,3}
     438        svn rm /etc/sysconfig/network-scripts/route-eth1 # [TESTSERVER] only
    434439#   o /etc/nslcd.conf
    435440#       replace: uri ldapi://%2fvar%2frun%2fdirsrv%2fslapd-scripts.socket/
    454459# [TESTSERVER]
    455460#   - You need a self-signed SSL cert or Apache will refuse to start
    456 #     or do SSL.  Generate with:
    457     openssl req -new -x509 -keyout /etc/pki/tls/private/scripts.key -out /etc/pki/tls/certs/scripts.cert -nodes
     461#     or do SSL.  Generate with: (XXX recommended CN?)
     462    openssl req -new -x509 -keyout /etc/pki/tls/private/scripts.key -out /etc/pki/tls/certs/scripts-cert.pem -nodes
    458463    ln -s /etc/pki/tls/private/scripts.key /etc/pki/tls/private/scripts-1024.key
    459 #     Also make /etc/pki/tls/certs/ca.pem match up
    460     openssl rsa -in /etc/pki/tls/private/scripts.key -pubout > /etc/pki/tls/certs/ca.pem
     464#     Also make the various public keys match up
     465    openssl rsa -in /etc/pki/tls/private/scripts.key -pubout > /etc/pki/tls/certs/star.scripts.pem
     466    openssl rsa -in /etc/pki/tls/private/scripts.key -pubout > /etc/pki/tls/certs/scripts.pem
     467    openssl rsa -in /etc/pki/tls/private/scripts.key -pubout > /etc/pki/tls/certs/scripts-cert.pem
     468#     Nuke the CSRs since they will all mismatch
     469#     XXX alternate strategy replace all the pem's as above
     470    cd /etc/httpd/vhosts.d
     471    svn rm *.conf
     473# [TESTSERVER]
     474#   Remove vhosts.d which we don't have rights for XXX
    462476# [TESTSERVER] More stuff for test servers
  • trunk/server/doc/install-xvm

    r2317 r2318  
    3535bet is to use the Netboot CD from the latest version of Fedora that
    3636XVM has (since XVM is sort of bad about keeping their boot CDs up to
    37 date.)
     37date.)  Since you're doing an install CD, it's going to be an HVM.
    3939You will need VNC access to perform the installation process.  If you have
    6262scripts-root password.  We have a password in
    6363/mit/scripts/Private/scripts-test-passwd which we tend to use.
     65We don't know how to convert to ParaVM yet, because latest Fedora
     66uses Grub2 but XVM's bootloader doesn't understand how to read it
     67(see also the Scripts patches we manually applied to our hosts.)
     693. Debugging
     72Get dropped into dracut:#/ ?  Check for 'Warn' in dmesg (dmesg | grep Warn)
     73and fix any problems that are stopping Dracut from proceeding.
Note: See TracChangeset for help on using the changeset viewer.