Changeset 2318 for trunk/server/doc
- Timestamp:
- Sep 5, 2012, 11:41:51 PM (12 years ago)
- Location:
- trunk/server/doc
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/server/doc/install-howto.sh
r2316 r2318 307 307 308 308 # [PROD] Create fedora-ds user (needed for credit-card) 309 # [TEST] too if you want to run a local dirsrv instance 309 310 useradd -r -d /var/lib/dirsrv fedora-ds 310 311 … … 319 320 # This is superseded by credit-card, which works for [PRODUCTION] and 320 321 # [WIZARD]. We don't have an easy way of running credit-card for XVM... 322 #b 321 323 # 322 324 # # All types of servers will have an /etc/daemon.keytab file, however, … … 387 389 find / -xdev -not -perm -o=x -prune -o -type f -perm /ug=s -print | grep -Fxvf /etc/scripts/allowed-setugid.list 388 390 find / -xdev -not -perm -o=x -prune -o -type f -print0 | xargs -0r /usr/sbin/getcap | cut -d' ' -f1 | grep -Fxvf /etc/scripts/allowed-filecaps.list 389 # You can prune binaries using 'chmod u-s' and 'chmod g-s' 391 # You can prune the first set of binaries using 'chmod u-s' and 'chmod g-s' 392 # and remove capabilities using 'setcap -r' 393 394 # XXX check for selinux gunk 390 395 391 396 # Fix etc by making sure none of our config files got overwritten … … 430 435 # XXX: Someone should write sed scripts to do this 431 436 # This involves editing the following files: 432 \rm /etc/sysconfig/network-scripts/ifcfg-lo:{0,1,2,3}433 \rm /etc/sysconfig/network-scripts/route-eth1 # [TESTSERVER] only437 svn rm /etc/sysconfig/network-scripts/ifcfg-lo:{0,1,2,3} 438 svn rm /etc/sysconfig/network-scripts/route-eth1 # [TESTSERVER] only 434 439 # o /etc/nslcd.conf 435 440 # replace: uri ldapi://%2fvar%2frun%2fdirsrv%2fslapd-scripts.socket/ … … 454 459 # [TESTSERVER] 455 460 # - You need a self-signed SSL cert or Apache will refuse to start 456 # or do SSL. Generate with: 457 openssl req -new -x509 -keyout /etc/pki/tls/private/scripts.key -out /etc/pki/tls/certs/scripts .cert-nodes461 # or do SSL. Generate with: (XXX recommended CN?) 462 openssl req -new -x509 -keyout /etc/pki/tls/private/scripts.key -out /etc/pki/tls/certs/scripts-cert.pem -nodes 458 463 ln -s /etc/pki/tls/private/scripts.key /etc/pki/tls/private/scripts-1024.key 459 # Also make /etc/pki/tls/certs/ca.pem match up 460 openssl rsa -in /etc/pki/tls/private/scripts.key -pubout > /etc/pki/tls/certs/ca.pem 464 # Also make the various public keys match up 465 openssl rsa -in /etc/pki/tls/private/scripts.key -pubout > /etc/pki/tls/certs/star.scripts.pem 466 openssl rsa -in /etc/pki/tls/private/scripts.key -pubout > /etc/pki/tls/certs/scripts.pem 467 openssl rsa -in /etc/pki/tls/private/scripts.key -pubout > /etc/pki/tls/certs/scripts-cert.pem 468 # Nuke the CSRs since they will all mismatch 469 # XXX alternate strategy replace all the pem's as above 470 cd /etc/httpd/vhosts.d 471 svn rm *.conf 472 473 # [TESTSERVER] 474 # Remove vhosts.d which we don't have rights for XXX 461 475 462 476 # [TESTSERVER] More stuff for test servers -
trunk/server/doc/install-xvm
r2317 r2318 35 35 bet is to use the Netboot CD from the latest version of Fedora that 36 36 XVM has (since XVM is sort of bad about keeping their boot CDs up to 37 date.) 37 date.) Since you're doing an install CD, it's going to be an HVM. 38 38 39 39 You will need VNC access to perform the installation process. If you have … … 62 62 scripts-root password. We have a password in 63 63 /mit/scripts/Private/scripts-test-passwd which we tend to use. 64 65 We don't know how to convert to ParaVM yet, because latest Fedora 66 uses Grub2 but XVM's bootloader doesn't understand how to read it 67 (see also the Scripts patches we manually applied to our hosts.) 68 69 3. Debugging 70 ------------ 71 72 Get dropped into dracut:#/ ? Check for 'Warn' in dmesg (dmesg | grep Warn) 73 and fix any problems that are stopping Dracut from proceeding.
Note: See TracChangeset
for help on using the changeset viewer.