Re: [cobbler-devel] Call for help: testing RPM packages
Hi
This is what i came up with. Not what i had in my mind but i ended with it
anyway :) .
I think anyone who install cobbler should be a pro. Thats why i ended up only
pointing out the steps required and some hints where to find more information.
Describing everything in detailed is to much. Just setting up SSL in apache2
is something probably worth writing a book about.
Mike
#!/bin/sh
# Quickstart document for Cobblerd on openSUSE
#
# This is both a document and a script. Read the configuration part carefully and when finished
# you can run the script.
#
# Setting up and running cobblerd is not a easy task. Knowledge in apache configuration (setting
# up ssl, virtual hosts, apache module and wsgi) is needed. Certificates and some server
# administration knowledge is required too.
#
# Configuration
# ==
#
# The inter process session caching module to use. Configured in /etc/apache2/ssl-global.conf.
# Possible values:
# - shmcb (DEFAULT)
# - none
# - shmht
# - dbm
APACHE_SSL_SESSION_CACHE_MODULE=${APACHE_SSL_SESSION_CACHE_MODULE:-shmcb}
# Cobbler requires https support which in turn requires a certificate. If you are just test driving
# cobbler locally it is possible to create a self signed certificate with gensslcert. If you
# generate one add meaningful values down there.
#
# The certificate can be found at /etc/apache2/ssl*/ after running this script.
#
# Change to true to generate the certificate.
GENERATE_SELF_SIGNED_CERTIFICATE=${GENERATE_SELF_SIGNED_CERTIFICATE:-false}
# Empty CN gives you the default files used in /etc/apache2/vhosts.d/vhost-ssl.template
CERTIFICATE_CN=${CERTIFICATE_CN:-local.site}
CERTIFICATE_COMMENT=${CERTIFICATE_COMMENT:-local self signed ssl certificate}
CERTIFICATE_COUNTRY=${CERTIFICATE_COUNTRY:-XY}
CERTIFICATE_STATE=${CERTIFICATE_STATE:-state}
CERTIFICATE_CITY=${CERTIFICATE_CITY:-city}
CERTIFICATE_ORG=${CERTIFICATE_ORG:-SUSE Linux Web Server}
CERTIFICATE_UNIT=${CERTIFICATE_UNIT:-web server}
CERTIFICATE_FQDN=${CERTIFICATE_FQDN:-$(hostname --fqdn)}
CERTIFICATE_EMAIL=${CERTIFICATE_EMAIL:-webmaster@${CERTIFICATE_FQDN}}
# If you checked all configuration values uncomment the following line.
# SCRIPT_CONFIGURED=true
# EXECUTION
# ==
echo Step 0) Check preferences
if [ 0 != $(id -u) ]; then
echo fail - you are not root.
exit -1
else
echo ok - you are root.
fi
if [ -z ${SCRIPT_CONFIGURED} ]; then
echo fail - script not configured.
exit -1
else
echo ok - script configured.
fi
echo
echo Step 1) Enabled require apache modules (/etc/sysconfig/apache2:APACHE_MODULES)
(
/usr/sbin/a2enmod proxy
/usr/sbin/a2enmod proxy_http
/usr/sbin/a2enmod proxy_connect
/usr/sbin/a2enmod rewrite
/usr/sbin/a2enmod ssl
/usr/sbin/a2enmod wsgi
/usr/sbin/a2enmod version
/usr/sbin/a2enmod socache_${APACHE_SSL_SESSION_CACHE_MODULE}
) | sed -e s/^//
echo
echo Step 2) Enable required apache flag (/etc/sysconfig/apache2:APACHE_SERVER_FLAGS)
(
/usr/sbin/a2enflag SSL
) | sed -e s/^//
if [ ${GENERATE_SELF_SIGNED_CERTIFICATE} == true ]; then
echo
echo Step 3) Generate self signed certificate
(
gensslcert \
-C ${CERTIFICATE_CN} \
-N ${CERTIFICATE_COMMENT} \
-c ${CERTIFICATE_COUNTRY} \
-s ${CERTIFICATE_STATE} \
-l ${CERTIFICATE_CITY} \
-o ${CERTIFICATE_ORG} \
-u ${CERTIFICATE_UNIT} \
-n ${CERTIFICATE_FQDN} \
-e ${CERTIFICATE_EMAIL}
) 21 | sed -e s/^//
else
echo
echo Step 3) Generate self signed certificate. Skipped.
fi
echo
echo !
echo The following steps have to be done manually!
echo
echo Step 4) Review /etc/sysconfig/apache2 and configure as necessary.
echo see https://activedoc.opensuse.org/book/opensuse-reference/chapter-20-the-apache-http-server;
echo
echo Step 5) Enable HTTPS in apache.
echo see https://activedoc.opensuse.org/book/opensuse-reference/chapter-20-the-apache-http-server#sec.apache2.ssl;
echo
echo Step 6) Check Firewall.
echo Make sure the port 80 is open and available from the desired locations.
echo
echo Step 7) Start/enable the apache2 and cobblerd services.
echo systemctl enable apache2.service
echo systemctl enable cobblerd.service
echo or
echo systemctl start apache2.service
echo systemctl start cobblerd.service
echo
echo Step 8) visit https://${CERTIFICATE_FQDN}/cobbler_web/;
___
cobbler-devel mailing list
cobbler-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/cobbler-devel
Re: [cobbler-devel] Call for help: testing RPM packages
Hey Mike,
Thinking about this some more i tend to agree. I also found out that in the
systemd world starting services is controlled by the distribution/spin
systemd presets; this is also the case for Fedora.
I agree that enabling services (cobblerd) or modifying configurations of
running services (apache) is something the user should do manually and
thoughtfully. This is also better from a security point of view, as added
bonus it will make the spec file somewhat easier to maintain ;-). But i do
think we should cleanup properly after package removal, so that stuff
should remain in the packages...
I will cleanup the spec file to match above statements *after* the proper
procedures haven documented.
Besides a README.${distro} which should go in /usr/share/doc/cobbler i want
this to be in the manual as well.
I will start work on the 2.6 manual one of these days
Thanks!
On Mon, Feb 24, 2014 at 8:33 PM, Michael Jansen k...@michael-jansen.bizwrote:
On Monday 24 February 2014 06:42:07 Jörgen Maas wrote:
Hi Michael,
Yes, this would not have been possible without your many patches to the
Cobbler build system, so thanks again! :)
My hopes for this packaging effort is to get more direct involvement from
downstream users developers to give the development of Cobbler another
boost.
I think its a step in the right direction.
If you are willing to contribute a README for SUSE that would be great!
Regarding the a2enmod/a2enflag stuff, we currently do those things in the
%post section.
Is it against openSUSE's packaging policy to do this?
I think it would be best to align our packages as close as possible with
the downstream packaging policies.
I talked with guys on #obs and they said its not done in opensuse. The
subversion package for example only has a README explaining what is needed
to
activate a subversion server. No automatic enabling/disabling of apache
modules.
And i found nothing at all in the suse package guide so i guess that is
correct. We will be unable to configure a system correctly for cobbler
anyway
(SSL Certificate for example) so i guess it makes sense to not enable
anything
at all. Cobbler is not for the casual user. Those that enable it should
take
care to get it right manually.
Mike
--
Grtz,
Jörgen Maas
___
cobbler-devel mailing list
cobbler-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/cobbler-devel
Re: [cobbler-devel] Call for help: testing RPM packages
Hi, I've just run `make rpms` on version f317176 then I tried to install the result on Fedora 20: Transaction check error: file /var/log/httpd from install of cobbler-2.5.0-1.fc20.noarch conflicts with file from package httpd-2.4.6-6.fc20.x86_64 Cheers, Cristian Ciupitu ___ cobbler-devel mailing list cobbler-devel@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/cobbler-devel
Re: [cobbler-devel] Call for help: testing RPM packages
Hi Christian, I found the issue and resolved it, the fix has been pushed to master and new packages have been build. Thanks for reporting! On Sun, Feb 23, 2014 at 5:37 PM, Cristian Ciupitu cristian.ciup...@yahoo.com wrote: Hi, I've just run `make rpms` on version f317176 then I tried to install the result on Fedora 20: Transaction check error: file /var/log/httpd from install of cobbler-2.5.0-1.fc20.noarch conflicts with file from package httpd-2.4.6-6.fc20.x86_64 Cheers, Cristian Ciupitu ___ cobbler-devel mailing list cobbler-devel@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/cobbler-devel -- Grtz, Jörgen Maas ___ cobbler-devel mailing list cobbler-devel@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/cobbler-devel
Re: [cobbler-devel] Call for help: testing RPM packages
On Sunday, February 23, 2014 9:19 PM, Jörgen Maas jorgen.m...@gmail.com wrote: I found the issue and resolved it, the fix has been pushed to master and new packages have been build. I can confirm that it has been fixed. Thanks! ___ cobbler-devel mailing list cobbler-devel@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/cobbler-devel
Re: [cobbler-devel] Call for help: testing RPM packages
On Sunday 23 February 2014 17:13:11 Jörgen Maas wrote: Hey all, Just finished some work on packaging Cobbler for multiple distro's and versions. This work is targeted on 2.5.0 (master) which will be the 2.6.0 release rather soonish. There are currently packages for: - CenOS 6 - RHEL 6 - Fedora 18, 19, 20 - openSUSE 12.3, 13.1, Factory I just tried to install the opensuse 13.1 rpm into a a freshly setup opensuse 13.1 minimal server installation. I had much less problems than i expected. Most parts seem to work. Its now up and running, just finished importing the opensuse 13.1 dvd. tomorrow i will check to setup and install some vms with koan to see if it works. I am not a power user though. But judging from my problems back in October the problems were minimal this time. So my patches improved stuff and i have seen someone else contributed some fixes for opensuse too. I will contribute a README.SUSE that details the necessary steps to activate cobbler after installing it. Just for reference (and others trying this) the steps i had to do: # Starting point is opensuse 13.1 minimal server configuration uninstall patterns-openSUSE-minimal_base-conflicts # install cobbler and cobbler-web from repo zypper ar http://download.opensuse.org/repositories/home:/libertas-ict:/cobbler-master/openSUSE_13.1/ cobbler-master zypper install cobbler cobbler-web # Enable mod_version (Usage has to be wrapped in ifmodule mod_version btw) a2enmod mod_version a2enmod mod_socache_shmcb # Enable and setup a development ssl localhost a2enmod ssl # Not sure if this is needed. a2enflag SSL # configure ssl host (edit and adapt , hostname for example) cp /etc/apache2/vhosts.d/vhost-ssl.template /etc/apache2/vhosts.d/vhost- ssl.conf # WARNING: this creates the minimal certificate neeeded with the minimal amount of configuration possible (none) gensslcert # WARNING: firewall was up. either configure it or put it down SuSEfirewall2 stup # Configure cobble /etc/cobbler/settings - servername systemctl start apache2 systemctl start cobblerd That stuff should go into a README.SUSE because its not allowed to do anything of that in the post installation step. User has to do it manually. Mike -- Michael Jansen http://michael-jansen.biz ___ cobbler-devel mailing list cobbler-devel@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/cobbler-devel
Re: [cobbler-devel] Call for help: testing RPM packages
Hi Michael, Yes, this would not have been possible without your many patches to the Cobbler build system, so thanks again! :) My hopes for this packaging effort is to get more direct involvement from downstream users developers to give the development of Cobbler another boost. If you are willing to contribute a README for SUSE that would be great! Regarding the a2enmod/a2enflag stuff, we currently do those things in the %post section. Is it against openSUSE's packaging policy to do this? I think it would be best to align our packages as close as possible with the downstream packaging policies. On Mon, Feb 24, 2014 at 1:07 AM, Michael Jansen k...@michael-jansen.bizwrote: On Sunday 23 February 2014 17:13:11 Jörgen Maas wrote: Hey all, Just finished some work on packaging Cobbler for multiple distro's and versions. This work is targeted on 2.5.0 (master) which will be the 2.6.0 release rather soonish. There are currently packages for: - CenOS 6 - RHEL 6 - Fedora 18, 19, 20 - openSUSE 12.3, 13.1, Factory I just tried to install the opensuse 13.1 rpm into a a freshly setup opensuse 13.1 minimal server installation. I had much less problems than i expected. Most parts seem to work. Its now up and running, just finished importing the opensuse 13.1 dvd. tomorrow i will check to setup and install some vms with koan to see if it works. I am not a power user though. But judging from my problems back in October the problems were minimal this time. So my patches improved stuff and i have seen someone else contributed some fixes for opensuse too. I will contribute a README.SUSE that details the necessary steps to activate cobbler after installing it. Just for reference (and others trying this) the steps i had to do: # Starting point is opensuse 13.1 minimal server configuration uninstall patterns-openSUSE-minimal_base-conflicts # install cobbler and cobbler-web from repo zypper ar http://download.opensuse.org/repositories/home:/libertas-ict:/cobbler-master/openSUSE_13.1/cobbler-master zypper install cobbler cobbler-web # Enable mod_version (Usage has to be wrapped in ifmodule mod_version btw) a2enmod mod_version a2enmod mod_socache_shmcb # Enable and setup a development ssl localhost a2enmod ssl # Not sure if this is needed. a2enflag SSL # configure ssl host (edit and adapt , hostname for example) cp /etc/apache2/vhosts.d/vhost-ssl.template /etc/apache2/vhosts.d/vhost- ssl.conf # WARNING: this creates the minimal certificate neeeded with the minimal amount of configuration possible (none) gensslcert # WARNING: firewall was up. either configure it or put it down SuSEfirewall2 stup # Configure cobble /etc/cobbler/settings - servername systemctl start apache2 systemctl start cobblerd That stuff should go into a README.SUSE because its not allowed to do anything of that in the post installation step. User has to do it manually. Mike -- Michael Jansen http://michael-jansen.biz -- Grtz, Jörgen Maas ___ cobbler-devel mailing list cobbler-devel@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/cobbler-devel
