'Re: [cobbler] [cobbler-devel] Call for help: testing RPM packages'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       cobbler
Subject:    Re: [cobbler] [cobbler-devel] Call for help: testing RPM packages
From:       Michael Jansen <kde () michael-jansen ! biz>
Date:       2014-02-25 23:46:48
Message-ID: 2281030.KRJKmGYUaS () gambit
[Download RAW message or body]

Hi

This is what i came up with. Not what i had in my mind but i ended with it 
anyway :) .

I think anyone who install cobbler should be a pro. Thats why i ended up only 
pointing out the steps required and some hints where to find more information. 
Describing everything in detailed is to much. Just setting up SSL in apache2 
is something probably worth writing a book about.

Mike

["README.SUSE" (README.SUSE)]

#!/bin/sh
# Quickstart document for Cobblerd on openSUSE
#
# This is both a document and a script. Read the configuration part carefully and when finished
# you can run the script.
#
# Setting up and running cobblerd is not a easy task. Knowledge in apache configuration (setting
# up ssl, virtual hosts, apache module and wsgi) is needed. Certificates and some server
# administration knowledge is required too.
#
# Configuration
# ==============================================================================
#
# The inter process session caching module to use. Configured in /etc/apache2/ssl-global.conf.
# Possible values:
#   - shmcb             (DEFAULT)
#   - none
#   - shmht
#   - dbm
APACHE_SSL_SESSION_CACHE_MODULE=${APACHE_SSL_SESSION_CACHE_MODULE:-shmcb}

# Cobbler requires https support which in turn requires a certificate. If you are just test driving
# cobbler locally it is possible to create a self signed certificate with gensslcert. If you
# generate one add meaningful values down there.
#
# The certificate can be found at /etc/apache2/ssl*/ after running this script.
#
# Change to "true" to generate the certificate.
GENERATE_SELF_SIGNED_CERTIFICATE=${GENERATE_SELF_SIGNED_CERTIFICATE:-false}
# Empty CN gives you the default files used in /etc/apache2/vhosts.d/vhost-ssl.template
CERTIFICATE_CN=${CERTIFICATE_CN:-"local.site"}
CERTIFICATE_COMMENT=${CERTIFICATE_COMMENT:-"local self signed ssl certificate"}
CERTIFICATE_COUNTRY=${CERTIFICATE_COUNTRY:-"XY"}
CERTIFICATE_STATE=${CERTIFICATE_STATE:-"state"}
CERTIFICATE_CITY=${CERTIFICATE_CITY:-"city"}
CERTIFICATE_ORG=${CERTIFICATE_ORG:-"SUSE Linux Web Server"}
CERTIFICATE_UNIT=${CERTIFICATE_UNIT:-"web server"}
CERTIFICATE_FQDN=${CERTIFICATE_FQDN:-"$(hostname --fqdn)"}
CERTIFICATE_EMAIL=${CERTIFICATE_EMAIL:-"webmaster@${CERTIFICATE_FQDN}"}

# If you checked all configuration values uncomment the following line.
# SCRIPT_CONFIGURED="true"

# EXECUTION
# ==============================================================================

echo "Step 0) Check preferences"
if [ 0 != $(id -u) ]; then
    echo "    fail - you are not root."
    exit -1
else
    echo "    ok - you are root."
fi

if [ -z "${SCRIPT_CONFIGURED}" ]; then
    echo "    fail - script not configured."
    exit -1
else
    echo "    ok - script configured."
fi

echo ""
echo "Step 1) Enabled require apache modules (/etc/sysconfig/apache2:APACHE_MODULES)"
(
    /usr/sbin/a2enmod proxy
    /usr/sbin/a2enmod proxy_http
    /usr/sbin/a2enmod proxy_connect
    /usr/sbin/a2enmod rewrite
    /usr/sbin/a2enmod ssl
    /usr/sbin/a2enmod wsgi
    /usr/sbin/a2enmod version
    /usr/sbin/a2enmod socache_${APACHE_SSL_SESSION_CACHE_MODULE}
) | sed -e "s/^/    /"

echo ""
echo "Step 2) Enable required apache flag (/etc/sysconfig/apache2:APACHE_SERVER_FLAGS)"
(
    /usr/sbin/a2enflag SSL
) | sed -e "s/^/    /"

if [ "${GENERATE_SELF_SIGNED_CERTIFICATE}" == "true" ]; then
    echo ""
    echo "Step 3) Generate self signed certificate"
    (
        gensslcert \
            -C "${CERTIFICATE_CN}" \
            -N "${CERTIFICATE_COMMENT}" \
            -c "${CERTIFICATE_COUNTRY}" \
            -s "${CERTIFICATE_STATE}" \
            -l "${CERTIFICATE_CITY}" \
            -o "${CERTIFICATE_ORG}" \
            -u "${CERTIFICATE_UNIT}" \
            -n "${CERTIFICATE_FQDN}" \
            -e "${CERTIFICATE_EMAIL}"
    ) 2>&1 | sed -e "s/^/    /"
else
    echo ""
    echo "Step 3) Generate self signed certificate. Skipped."
fi

echo ""
echo "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"
echo "The following steps have to be done manually!"
echo ""
echo "Step 4) Review /etc/sysconfig/apache2 and configure as necessary."
echo "    see https://activedoc.opensuse.org/book/opensuse-reference/chapter-20-the-apache-http-server"
echo ""
echo "Step 5) Enable HTTPS in apache."
echo "    see https://activedoc.opensuse.org/book/opensuse-reference/chapter-20-the-apache-http-server#sec.apache2.ssl"
echo ""
echo "Step 6) Check Firewall."
echo "    Make sure the port 80 is open and available from the desired locations."
echo ""
echo "Step 7) Start/enable the apache2 and cobblerd services."
echo "    systemctl enable apache2.service"
echo "    systemctl enable cobblerd.service"
echo "    or"
echo "    systemctl start apache2.service"
echo "    systemctl start cobblerd.service"
echo ""
echo "Step 8) visit https://${CERTIFICATE_FQDN}/cobbler_web/"

[Attachment #4 (text/plain)]

_______________________________________________
cobbler mailing list
cobbler@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/cobbler

[prev in list] [next in list] [prev in thread] [next in thread] 