Hi
This is what i came up with. Not what i had in my mind but i ended with it
anyway :) .
I think anyone who install cobbler should be a pro. Thats why i ended up only
pointing out the steps required and some hints where to find more information.
Describing everything in detailed is to much. Just setting up SSL in apache2
is something probably worth writing a book about.
Mike
#!/bin/sh
# Quickstart document for Cobblerd on openSUSE
#
# This is both a document and a script. Read the configuration part carefully and when finished
# you can run the script.
#
# Setting up and running cobblerd is not a easy task. Knowledge in apache configuration (setting
# up ssl, virtual hosts, apache module and wsgi) is needed. Certificates and some server
# administration knowledge is required too.
#
# Configuration
# ==============================================================================
#
# The inter process session caching module to use. Configured in /etc/apache2/ssl-global.conf.
# Possible values:
# - shmcb (DEFAULT)
# - none
# - shmht
# - dbm
APACHE_SSL_SESSION_CACHE_MODULE=${APACHE_SSL_SESSION_CACHE_MODULE:-shmcb}
# Cobbler requires https support which in turn requires a certificate. If you are just test driving
# cobbler locally it is possible to create a self signed certificate with gensslcert. If you
# generate one add meaningful values down there.
#
# The certificate can be found at /etc/apache2/ssl*/ after running this script.
#
# Change to "true" to generate the certificate.
GENERATE_SELF_SIGNED_CERTIFICATE=${GENERATE_SELF_SIGNED_CERTIFICATE:-false}
# Empty CN gives you the default files used in /etc/apache2/vhosts.d/vhost-ssl.template
CERTIFICATE_CN=${CERTIFICATE_CN:-"local.site"}
CERTIFICATE_COMMENT=${CERTIFICATE_COMMENT:-"local self signed ssl certificate"}
CERTIFICATE_COUNTRY=${CERTIFICATE_COUNTRY:-"XY"}
CERTIFICATE_STATE=${CERTIFICATE_STATE:-"state"}
CERTIFICATE_CITY=${CERTIFICATE_CITY:-"city"}
CERTIFICATE_ORG=${CERTIFICATE_ORG:-"SUSE Linux Web Server"}
CERTIFICATE_UNIT=${CERTIFICATE_UNIT:-"web server"}
CERTIFICATE_FQDN=${CERTIFICATE_FQDN:-"$(hostname --fqdn)"}
CERTIFICATE_EMAIL=${CERTIFICATE_EMAIL:-"webmaster@${CERTIFICATE_FQDN}"}
# If you checked all configuration values uncomment the following line.
# SCRIPT_CONFIGURED="true"
# EXECUTION
# ==============================================================================
echo "Step 0) Check preferences"
if [ 0 != $(id -u) ]; then
echo " fail - you are not root."
exit -1
else
echo " ok - you are root."
fi
if [ -z "${SCRIPT_CONFIGURED}" ]; then
echo " fail - script not configured."
exit -1
else
echo " ok - script configured."
fi
echo ""
echo "Step 1) Enabled require apache modules (/etc/sysconfig/apache2:APACHE_MODULES)"
(
/usr/sbin/a2enmod proxy
/usr/sbin/a2enmod proxy_http
/usr/sbin/a2enmod proxy_connect
/usr/sbin/a2enmod rewrite
/usr/sbin/a2enmod ssl
/usr/sbin/a2enmod wsgi
/usr/sbin/a2enmod version
/usr/sbin/a2enmod socache_${APACHE_SSL_SESSION_CACHE_MODULE}
) | sed -e "s/^/ /"
echo ""
echo "Step 2) Enable required apache flag (/etc/sysconfig/apache2:APACHE_SERVER_FLAGS)"
(
/usr/sbin/a2enflag SSL
) | sed -e "s/^/ /"
if [ "${GENERATE_SELF_SIGNED_CERTIFICATE}" == "true" ]; then
echo ""
echo "Step 3) Generate self signed certificate"
(
gensslcert \
-C "${CERTIFICATE_CN}" \
-N "${CERTIFICATE_COMMENT}" \
-c "${CERTIFICATE_COUNTRY}" \
-s "${CERTIFICATE_STATE}" \
-l "${CERTIFICATE_CITY}" \
-o "${CERTIFICATE_ORG}" \
-u "${CERTIFICATE_UNIT}" \
-n "${CERTIFICATE_FQDN}" \
-e "${CERTIFICATE_EMAIL}"
) 2>&1 | sed -e "s/^/ /"
else
echo ""
echo "Step 3) Generate self signed certificate. Skipped."
fi
echo ""
echo "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"
echo "The following steps have to be done manually!"
echo ""
echo "Step 4) Review /etc/sysconfig/apache2 and configure as necessary."
echo " see https://activedoc.opensuse.org/book/opensuse-reference/chapter-20-the-apache-http-server";
echo ""
echo "Step 5) Enable HTTPS in apache."
echo " see https://activedoc.opensuse.org/book/opensuse-reference/chapter-20-the-apache-http-server#sec.apache2.ssl";
echo ""
echo "Step 6) Check Firewall."
echo " Make sure the port 80 is open and available from the desired locations."
echo ""
echo "Step 7) Start/enable the apache2 and cobblerd services."
echo " systemctl enable apache2.service"
echo " systemctl enable cobblerd.service"
echo " or"
echo " systemctl start apache2.service"
echo " systemctl start cobblerd.service"
echo ""
echo "Step 8) visit https://${CERTIFICATE_FQDN}/cobbler_web/";
_______________________________________________
cobbler-devel mailing list
cobbler-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/cobbler-devel
