VM0017: current enterprise, next gen ?· VM0017: current enterprise, next gen ejbca Note: This next…

  • Published on
    21-Mar-2019

  • View
    212

  • Download
    0

Transcript

VM0017: current enterprise, next gen ejbca Note: This next gen ejbca is capable of running under jbos-7 and java-7.However, during transition it is advisable to change just one parameter at the time.Application Used at training More recentEjbca Ejbca-3.10.1 Ejbca-3.11.5

Ejbca-4.0.12Ejbca-4.0.16Ejbca-6.0.3

Application-server jboss-4.2.3.GA-jdk6 jboss-5.1.0.GA-jdk6jboss-as-distribution-6.0.0.Finaljboss-as-distribution-6.1.0.Finaljboss-as-7.0.2.Final, jboss-as-7.1.1.Final

Java development kit jdk-6u20-linux-i586 jdk-6u38-ea-bin-b04-linux-amd64-31_oct_2012.binjdk-6u38-ea-bin-b04-linux-i586-31_oct_2012.binjava-1_6_0-ibm-1.6.0_sr12.0-0.5.1java-1_6_0-openjdk-1.6.0.0_b24.1.11.5-2.1java-1_7_0-openjdk, java-1_7_0-openjdk-devel

Java crypto env jce_policy-6Mysql connector mysql-connector-java-5.1.13 mysql-connector-java-5.1.22Java-dev-tool apache-ant-1.8.1-bin apache-ant-1.8.4-bin

ant-1.8.2-11.1.1.noarch

Fedora or OpenSUSE are great for developping and testing, but production should be either on RedHat-ES or Suse Linux Enterprise Server (SLES11sp3)

First, building of virtual machine. lvcreate -L 5GB -n vm0017 mainorion:/etc/xen/vm # lvcreate -L 5GB -n vm0017 main Logical volume "vm0017" created

time dd if=/dev/main/sles11sp3 of=/dev/mapper/main-vm0017 bs=1Morion:/etc/xen/vm # time dd if=/dev/main/sles11sp3 of=/dev/mapper/main-vm0017 bs=1M5120+0 records in5120+0 records out5368709120 bytes (5.4 GB) copied, 151.741 s, 35.4 MB/s

real 2m31.760suser 0m0.004ssys 0m9.573s

Create vm startup file: cp -v sles11sp3 vm0017orion:/etc/xen/vm # cp -v sles11sp3 vm0017sles11sp3 -> vm0017

Change: name, description, disk-ID, disk and MAC-address vi vm0017

Check differences diff sles11sp3 vm0017 orion:/etc/xen/vm # diff sles11sp3 vm0017 1,3c1,2< name="sles11sp3"< description="template"< uuid="a552dd33-b0c2-b07f-d9a6-753f7a232c71"

---> name="vm0017"> description="vm0017-ejbca-4.0.16"8c7< on_reboot="destroy"---> on_reboot="restart"13,18c12,16< #kernel="/tmp/kernel.nGFrL9"< #ramdisk="/tmp/install-initrd.SIREem"< extra="xencons=tty install=hd:/dev/xvdb "< disk=[ 'phy:/dev/mapper/main-sles11sp3,xvda,w', 'file:/root/DEPOT/SLES-11-SP3-DVD-x86_64-GM-DVD1.iso,xvdb:cdrom,r', ]< vif=[ 'mac=00:16:3e:51:b4:8a,bridge=br0', ]< ---> bootloader="/usr/bin/pygrub"> bootargs=""> extra=" "> disk=[ 'phy:/dev/mapper/main-vm0017,xvda,w' ]> vif=[ 'mac=00:16:3e:00:16:00,bridge=br0', ]

Show resultorion:/etc/xen/vm # cat vm0017name="vm0017"description="vm0017-ejbca-6.0.3"memory=1024maxmem=2048vcpus=1on_poweroff="destroy"on_reboot="restart"on_crash="destroy"localtime=0keymap="en-us"builder="linux"bootloader="/usr/bin/pygrub"bootargs=""extra=" "disk=[ 'phy:/dev/mapper/main-vm0017,xvda,w' ]vif=[ 'mac=00:16:3e:00:17:00,bridge=br0', ]nographic=1vfb=['type=vnc,vncunused=1']

Modify config on dhcp and dns server, machine will get unique name&addressDon't forget kicking dhcp and dns server process...

Start new machine xm create -c vm0017 pyGRUB version 0.6 Xen -- SUSE Linux Enterprise Server 11 SP3 - 3.0.76-0.11 Use the ^ and keys to select which entry is highlighted. Press enter to boot the selected OS, 'e' to edit the commands before booting, 'a' to modify the kernel arguments before booting, or 'c' for a command line.

Will boot selected entry in 1 seconds

Started domain vm0017 (id=8) [ 0.000000] Initializing cgroup subsys cpuset[ 0.000000] Initializing cgroup subsys cpu[ 0.000000] Linux version 3.0.76-0.11-xen (geeko@buildhost) (gcc version 4.3.4 [gcc-4_3-branch revision 152973] (SUSE Linux) ) #1 SMP Fri Jun 14 08:21:43 UTC 2013 (ccab990)[ 0.000000] Command line: root=/dev/xvda3 xencons=tty resume=/dev/xvda2 splash=silent crashkernel=256M-:128M showopts [ 0.000000] Xen-provided physical RAM map:[ 0.000000] Xen: 0000000000000000 - 0000000080800000 (usable)Starting smartd unusedMaster Resource Control: runlevel 3 has been reachedSkipped services in runlevel 3: microcode.ctl nfs irq_balancer smartd

Welcome to SUSE Linux Enterprise Server 11 SP3 (x86_64) - Kernel 3.0.76-0.11-xen (tty1).

vm0017 login:

Networking: check own addresses (ifconfig is depreciated) ip addr show dev eth0vm0017 login: rootPassword: Last login: Wed Nov 27 23:21:30 CET 2013 from orion on pts/0vm0017:~ # ip addr show dev eth02: eth0: mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000 link/ether 00:16:3e:00:17:00 brd ff:ff:ff:ff:ff:ff inet 192.168.0.137/24 brd 192.168.0.255 scope global eth0 inet6 2001:470:1f01:3785:216:3eff:fe00:1700/64 scope global dynamic valid_lft 2591992sec preferred_lft 604792sec inet6 fe80::216:3eff:fe00:1700/64 scope link valid_lft forever preferred_lft forevervm0017:~ #

Test if sshd is properly working, and the address ssh vm0017orion:~ # ssh vm0017The authenticity of host 'vm0017 (192.168.0.137)' can't be established.ECDSA key fingerprint is df:b6:3c:d9:c5:d6:f8:37:e7:70:b1:bb:ed:a8:eb:df.Are you sure you want to continue connecting (yes/no)? yesWarning: Permanently added 'vm0017,192.168.0.137' (ECDSA) to the list of known hosts.Password: Last login: Sun Jan 5 13:16:34 2014vm0017:~ #

Seems OK.

Check mount point repositories zypper lr -uvm0017:~ # zypper lr -u# | Alias | Name | Enabled | Refresh | URI --+--------+------+---------+---------+---------------------------------------------1 | oss | oss | Yes | No | http://suse.minoss.nl/sles11sp3/install/oss/2 | update | oss | Yes | Yes | http://suse.minoss.nl/sles11sp3/update/ vm0017:~ #

echo "192.168.0.2 storage" >> /etc/hostsvm0017:~ # echo "192.168.0.2 storage" >> /etc/hostsvm0017:~ #

mkdir -p /data/software/distro/suse/sles11sp3vm0017:~ # mkdir -p /data/software/distro/suse/sles11sp3vm0017:~ #

mount -o nolock storage:/data/software/distro/suse/sles11sp3 /data/software/distro/suse/sles11sp3Not done: using local online repository

zypper addrepo --refresh --check -n "update" dir:/data/software/distro/suse/sles11sp3 updatenot needed, done in template

zypper lr -uvm0017:~ # zypper lr -u# | Alias | Name | Enabled | Refresh | URI --+--------------------------------------------------+--------------------------------------------------+---------+---------+-------------------------------------------1 | SUSE-Linux-Enterprise-Server-11-SP2 11.2.2-1.234 | SUSE-Linux-Enterprise-Server-11-SP2 11.2.2-1.234 | Yes | Yes | hd:///?device=/dev/xvdb&filesystem=auto 2 | update | update | Yes | Yes | dir:///data/software/distro/suse/sles11sp2

Refresh repositories zypper refvm0017:~ # zypper refRepository 'oss' is up to date.Retrieving repository 'oss' metadata [\]File 'repomd.xml' from repository 'oss' is unsigned, continue? [yes/no] (no): yesRetrieving repository 'oss' metadata [done]Building repository 'oss' cache [done]All repositories have been refreshed.

zypper upvm0017:~ # zypper upLoading repository data...Reading installed packages...

The following NEW package is going to be installed: libtevent0

The following packages are going to be upgraded: apache2 apache2-doc apache2-example-pages apache2-prefork apache2-utils apparmor-docs apparmor-parser apparmor-utils bash bash-doc bind-libs bind-libs-32bit bind-utils binutils coreutils coreutils-lang cups-client cups-libs cups-libs-32bit curl elilo ethtool facter fastjar glib2 glib2-lang gpg2 gpg2-lang grub gvfs gvfs-backends gvfs-fuse gvfs-lang hal hal-32bit ipmitool iproute2 irqbalance kdump kernel-firmware kernel-xen kernel-xen-base kpartx krb5 krb5-32bit ksh lcms libapparmor1 libcurl4 libcurl4-32bit libfprint0 libgcrypt11 libgcrypt11-32bit libgio-2_0-0 libgio-2_0-0-32bit libglib-2_0-0 libglib-2_0-0-32bit libgmodule-2_0-0 libgmodule-2_0-0-32bit libgnutls26 libgobject-2_0-0 libgobject-2_0-0-32bit libgthread-2_0-0 libgvfscommon0 liblcms1 liblcms1-32bit libpixman-1-0 libpixman-1-0-32bit libpython2_6-1_0 libreadline5 libsmbclient0 libsnmp15 libtalloc2 libtdb1 libtiff3 libtiff3-32bit libudev0 libudev0-32bit libwbclient0 libxslt libxslt-32bit libzypp mcelog microcode_ctl mkinitrd multipath-tools mysql mysql-client perl-Bootloader perl-apparmor postfix puppet python python-base python-xml readline-doc release-notes-sles rsh ruby sblim-sfcb snmp-mibs supportutils suseRegister timezone udev xen-libs xen-tools-domU xorg-x11-libX11 xorg-x11-libX11-32bit xorg-x11-libXext xorg-x11-libXext-32bit xorg-x11-libXfixes xorg-x11-libXfixes-32bit xorg-x11-libXp xorg-x11-libXp-32bit xorg-x11-libXrender xorg-x11-libXrender-32bit xorg-x11-libXt xorg-x11-libXt-32bit xorg-x11-libXv xorg-x11-libXv-32bit xorg-x11-libs xorg-x11-libs-32bit yast2 yast2-ldap-client zypper zypper-log

The following packages are not supported by their vendor: apache2 apache2-doc apache2-example-pages apache2-prefork apache2-utils apparmor-docs apparmor-parser apparmor-utils bash bash-doc bind-libs bind-libs-32bit bind-utils binutils coreutils coreutils-lang cups-client cups-libs cups-libs-32bit curl elilo ethtool facter fastjar glib2 glib2-lang gpg2 gpg2-lang grub gvfs gvfs-backends gvfs-fuse gvfs-lang hal hal-32bit ipmitool iproute2 irqbalance kdump kernel-firmware kernel-xen kernel-xen-base kpartx krb5 krb5-32bit ksh lcms libapparmor1 libcurl4 libcurl4-32bit libfprint0 libgcrypt11 libgcrypt11-32bit libgio-2_0-0 libgio-2_0-0-32bit libglib-2_0-0 libglib-2_0-0-32bit libgmodule-2_0-0 libgmodule-2_0-0-32bit libgnutls26 libgobject-2_0-0 libgobject-2_0-0-32bit libgthread-2_0-0 libgvfscommon0 liblcms1 liblcms1-32bit libpixman-1-0 libpixman-1-0-32bit libpython2_6-1_0 libreadline5 libsmbclient0 libsnmp15 libtalloc2 libtdb1 libtevent0 libtiff3 libtiff3-32bit libudev0

libudev0-32bit libwbclient0 libxslt libxslt-32bit libzypp mcelog microcode_ctl mkinitrd multipath-tools mysql mysql-client perl-Bootloader perl-apparmor postfix puppet python python-base python-xml readline-doc release-notes-sles rsh ruby sblim-sfcb snmp-mibs supportutils suseRegister timezone udev xen-libs xen-tools-domU xorg-x11-libX11 xorg-x11-libX11-32bit xorg-x11-libXext xorg-x11-libXext-32bit xorg-x11-libXfixes xorg-x11-libXfixes-32bit xorg-x11-libXp xorg-x11-libXp-32bit xorg-x11-libXrender xorg-x11-libXrender-32bit xorg-x11-libXt xorg-x11-libXt-32bit xorg-x11-libXv xorg-x11-libXv-32bit xorg-x11-libs xorg-x11-libs-32bit yast2 yast2-ldap-client zypper zypper-log

127 packages to upgrade, 1 new.Overall download size: 114.6 MiB. After the operation, additional 891.0 KiB will be used.Continue? [y/n/?] (y): che2-doc-2.2.12-1.40.1.x86_64 (1/128), 1.7 MiB (10.3 MiB unpacked)Retrieving: apache2-doc-2.2.12-1.40.1.x86_64.rpm [done]Retrieving package apache2-example-pages-2.2.12-1.40.1.x86_64 (2/128), 64.0 KiB (11.0 KiB unpacked)Retrieving: apache2-example-pages-2.2.12-1.40.1.x86_64.rpm [done]Retrieving package apparmor-docs-2.5.1.r1445-55.64.1.x86_64 (3/128), 183.0 KiB (318.0 KiB unpacked)Retrieving: apparmor-docs-2.5.1.r1445-55.64.1.x86_64.rpm [done]Installing: gpg2-lang-2.0.9-25.33.37.1 [error]Installation of gpg2-lang-2.0.9-25.33.37.1 failed:(with --nodeps --force) Error: Subprocess failed. Error: RPM failed: error: unpacking of archive failed on file /usr/share/locale/zh_TW/LC_MESSAGES/gnupg2.mo;52c94ed0: cpio: read failed - Bad file descriptorAbort, retry, ignore? [a/r/i] (a): iInstalling: gvfs-fuse-1.4.3-0.17.19.1 [done]Installing: gvfs-backends-1.4.3-0.17.19.1 [done]Update notifications were received from the following packages:puppet-2.6.18-0.8.1.x86_64 (/var/adm/update-messages/puppet-2.6.18-0.8.1-CVE-2011-3872.msg.txt)View the notifications now? [y/n] (n): nThere are some running programs that use files deleted by recent upgrade. You may wish to restart some of them. Run 'zypper ps' to list these programs.vm0017:~ #

Sometimes due to kernel patch reboot is required.

Check if critical parts were updated, requiring an reboot:vm0017:~ # zypper psThe following running processes use deleted files:

PID | PPID | UID | Login | Command | Service | Files -----+------+-----+-------+--------------------+---------+-----------------------------------------------1132 | 1 | 0 | root | console-kit-daemon | | /usr/lib64/libgobject-2.0.so.0.2200.5;52c94f95 | | | | | | /usr/lib64/libgthread-2.0.so.0.2200.5;52c94f95 | | | | | | /usr/lib64/libglib-2.0.so.0.2200.5;52c94f70 3067 | 1 | 0 | root | sshd | sshd | /usr/lib64/libkrb5support.so.0.1 | | | | | | /usr/lib64/libkrb5.so.3.3 | | | | | | /usr/lib64/libk5crypto.so.3.1 | | | | | | /usr/lib64/libgssapi_krb5.so.2.2 3334 | 3210 | 0 | root | bash | | /lib64/libreadline.so.5.2 | | | | | | /bin/bash (deleted) 3366 | 3067 | 0 | root | sshd | sshd | /usr/lib64/libkrb5support.so.0.1 | | | | | | /usr/lib64/libkrb5.so.3.3 | | | | | | /usr/lib64/libk5crypto.so.3.1 | | | | | | /usr/lib64/libgssapi_krb5.so.2.2 3369 | 3366 | 0 | root | bash | | /lib64/libreadline.so.5.2 | | | | | | /bin/bash (deleted)

You may wish to restart these processes.See 'man zypper' for information about the meaning of values in the above table.

Although nothing critical here, found out previously that a fresh reboot avoid funny situations...

(on co...