Changeset 2318 for trunk/server/doc

Timestamp:

Sep 5, 2012, 11:41:51 PM (12 years ago)

Author:

ezyang

Message:

Notes for setting up XVM test server.

Location:

trunk/server/doc

Files:

• install-howto.sh (modified) (5 diffs)
• install-xvm (modified) (2 diffs)

trunk/server/doc/install-howto.sh

@@ -307 +307 @@
 
 # [PROD] Create fedora-ds user (needed for credit-card)
+# [TEST] too if you want to run a local dirsrv instance
 useradd -r -d /var/lib/dirsrv fedora-ds
 
@@ -319 +320 @@
 # This is superseded by credit-card, which works for [PRODUCTION] and
 # [WIZARD].  We don't have an easy way of running credit-card for XVM...
+#b
 #
 #   # All types of servers will have an /etc/daemon.keytab file, however,
@@ -387 +389 @@
     find / -xdev -not -perm -o=x -prune -o -type f -perm /ug=s -print | grep -Fxvf /etc/scripts/allowed-setugid.list
     find / -xdev -not -perm -o=x -prune -o -type f -print0 | xargs -0r /usr/sbin/getcap | cut -d' ' -f1 | grep -Fxvf /etc/scripts/allowed-filecaps.list
-    # You can prune binaries using 'chmod u-s' and 'chmod g-s'
+    # You can prune the first set of binaries using 'chmod u-s' and 'chmod g-s'
+    # and remove capabilities using 'setcap -r'
+
+# XXX check for selinux gunk
 
 # Fix etc by making sure none of our config files got overwritten
@@ -430 +435 @@
 # XXX: Someone should write sed scripts to do this
 # This involves editing the following files:
-        \rm /etc/sysconfig/network-scripts/ifcfg-lo:{0,1,2,3}
-        \rm /etc/sysconfig/network-scripts/route-eth1 # [TESTSERVER] only
+        svn rm /etc/sysconfig/network-scripts/ifcfg-lo:{0,1,2,3}
+        svn rm /etc/sysconfig/network-scripts/route-eth1 # [TESTSERVER] only
 #   o /etc/nslcd.conf
 #       replace: uri ldapi://%2fvar%2frun%2fdirsrv%2fslapd-scripts.socket/
@@ -454 +459 @@
 # [TESTSERVER]
 #   - You need a self-signed SSL cert or Apache will refuse to start
-#     or do SSL.  Generate with:
-    openssl req -new -x509 -keyout /etc/pki/tls/private/scripts.key -out /etc/pki/tls/certs/scripts.cert -nodes
+#     or do SSL.  Generate with: (XXX recommended CN?)
+    openssl req -new -x509 -keyout /etc/pki/tls/private/scripts.key -out /etc/pki/tls/certs/scripts-cert.pem -nodes
     ln -s /etc/pki/tls/private/scripts.key /etc/pki/tls/private/scripts-1024.key
-#     Also make /etc/pki/tls/certs/ca.pem match up
-    openssl rsa -in /etc/pki/tls/private/scripts.key -pubout > /etc/pki/tls/certs/ca.pem
+#     Also make the various public keys match up
+    openssl rsa -in /etc/pki/tls/private/scripts.key -pubout > /etc/pki/tls/certs/star.scripts.pem
+    openssl rsa -in /etc/pki/tls/private/scripts.key -pubout > /etc/pki/tls/certs/scripts.pem
+    openssl rsa -in /etc/pki/tls/private/scripts.key -pubout > /etc/pki/tls/certs/scripts-cert.pem
+#     Nuke the CSRs since they will all mismatch
+#     XXX alternate strategy replace all the pem's as above
+    cd /etc/httpd/vhosts.d
+    svn rm *.conf
+
+# [TESTSERVER]
+#   Remove vhosts.d which we don't have rights for XXX
 
 # [TESTSERVER] More stuff for test servers

trunk/server/doc/install-xvm

@@ -35 +35 @@
 bet is to use the Netboot CD from the latest version of Fedora that
 XVM has (since XVM is sort of bad about keeping their boot CDs up to
-date.)
+date.)  Since you're doing an install CD, it's going to be an HVM.
 
 You will need VNC access to perform the installation process.  If you have
@@ -62 +62 @@
 scripts-root password.  We have a password in
 /mit/scripts/Private/scripts-test-passwd which we tend to use.
+
+We don't know how to convert to ParaVM yet, because latest Fedora
+uses Grub2 but XVM's bootloader doesn't understand how to read it
+(see also the Scripts patches we manually applied to our hosts.)
+
+3. Debugging
+------------
+
+Get dropped into dracut:#/ ?  Check for 'Warn' in dmesg (dmesg | grep Warn)
+and fix any problems that are stopping Dracut from proceeding.