Setting up SSL with NSS is easier than you think

At least, it is on Fedora 16

sudo yum install mod_nss

/etc/httpd/alias/ is populated already with ca and server cert self signed
/etc/httpd/conf.d/nss.conf already exists
change 8443 to 443 in two places

--- /etc/httpd/conf.d/nss.conf.orig	2012-03-29 12:59:06.319470425 -0400
+++ /etc/httpd/conf.d/nss.conf	2012-03-29 12:19:38.862721465 -0400
@@ -17,7 +17,7 @@
 # Note: Configurations that use IPv6 but not IPv4-mapped addresses need two
 #       Listen directives: "Listen [::]:8443" and "Listen"
-Listen 8443
+Listen 443
 ##  SSL Global Context
@@ -81,7 +81,7 @@
 ## SSL Virtual Host Context
 #   General setup for the virtual host
 #DocumentRoot "/etc/httpd/htdocs"

Make sure your firewall is open on the HTTPS port. Add the following line in /etc/sysconfig/iptables

-A INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT

before the statement

-A INPUT -j REJECT --reject-with icmp-host-prohibited

and restart the services

sudo systemctl restart iptables.service
sudo systemctl restart httpd.service

The documentation provides a lot more detail. Almost all of these steps are performed by the RPM install on F16 and later.

Shared Nothing Diskless Boot

It is possible to run a computer with no persistent storage for its root file system other than a single image downloaded an held in RAM. The computer does not needs a local disk. The computer also does not need a SAN or NAS device for the Root File system.

There are numerous uses for this style of booting.  A short list:

  • Debugging the installation processes of software packages
  • Running computationally intensive tasks on a large array of nodes
  • Inventorying the hardware on new servers
  • Deploying a light management framework for virtualization hypervisors

Here is a brief overview of the pieces needed to set this up for testing purposes on a workstation running KVM.

Continue reading

HATEOAS Openstack Keystone

Of all the principals of REST, perhaps the most overlooked it Hypermedia as the Engine of Application State, or HATEOAS. This term tries to encapsulate several concepts together, but the primary is the principal of discoverability.

All future actions the client may take are discovered within resource representations returned from the server.

What does this mean for Keystone?

Continue reading

F17 Openstack Test Day on Thursday.

If you want Openstack support for Fedora or RHEL, this day is for you! Once we get the F17 code stable, we will use that as the code base for EPEL, so lend a hand.

I’ll be lurking around to help out with Keystone questions, but at the same time I’ll also be involved with a local installfest so I expect to be logged in to IRC, but also very much walking around and answering questions….as well as running through test cases myself.

So join us:

IRC #fedora-test-day on Freenode