Current Version of the Development and Testing Image

Systems - Development Image (VMWare)

Get your local Testserver VM

  1. Download the image

  2. Import it into your VM player (usually you can just do a double click on the file you just downloaded)
  3. If you know you will need the signer (i.e. if you want to produce certificates on the test server) you should now set up the serial connection as described below.

  4. Start the imported VM
  5. Start your web browser and navigate to http://cacert1/ if you can already see the web site the VM has successfully configured itself using DHCP and you're done. Congratulations.

  6. If you're still reading this then probably something went wrong in the automatic network setup, but fear not it's probably just a minor problem. Just bear with me for a second.
  7. Log in to the server as "root" using the password "it-sls".

    The VM might use a different keyboard layout than your normal operating system so it's best to use the minus from the number block on your keyboard rather than the one near the letters

    If you haven't set up the serial connection the console will probably print annoying stuff all the time (ttyS0: LSR safety check engaged!). Just ignore it and keep on typing. Once you have logged in you can type "/etc/init.d/commmodule stop" and after that "/etc/init.d/commmodule-signer stop" (using the division and minus sign from the number block) and the noise will stop for now.

  8. Execute "dpkg-reconfigure console-data", choose "Select keymap from arch list" and in the following screens select the keyboard layout that comes as close to yours as possible. From now on you should be able to type as you're used to.

  9. Execute "ifconfig | head -n20". If there are two sections called ethX (even -> cacert1, odd -> secure1) both having a line starting with inet addr: (not inet6). You need to put that ip address into your local (i.e. non-VM) /etc/hosts (Linux, probably MacOS too) or C:\Windows\system32\drivers\etc\hosts (Windows) see the Wikipedia entry for more information (mapping the hostname cacert1 to the IP shown for the interface with the even number and secure1 to the one with the odd number).

  10. If there were no such entries in the ifconfig listing then the interfaces couldn't be configured using DHCP and you have to set an IP address manually:

    1. Start an editor to work on the file /etc/network/interfaces (e.g. by typing "nano /etc/network/interfaces")

    2. On the lines "map foo cacert1-dhcp" and "map foo secure1-dhcp" replace the dhcp with static

    3. In the sections "iface cacert1-static" and "iface secure1-static" adjust the IP adresses, netmasks and gateway according to your needs

    4. Save the file and exit the editor (for nano you can do that by hitting CTRL+X and then confirming with Y and ENTER)

    5. Restart the network interfaces by executing "/etc/init.d/networking restart" which may print some errors but that's normal for this setup, try "ifconfig | head -n20" to see whether it worked

    6. Put the mapping from the hosts (cacert1 and secure1, it's important that they are mapped exactly as in the /etc/network/interfaces) to the configured IPs in your local (i.e. non-VM) /etc/hosts as mentioned above.

  11. You're done. All other settings will automatically update themselves, no need to fiddle with the apache configuration and such

Putting the entries into the /etc/hosts is essential if it can't be resolved automatically. You can't use the IP address directly in your browser as the server will redirect you to the host name if you don't use the right one (which is configured to be cacert1/secure1 not your IP) and if that's not present in the /etc/hosts your browser can't resolve that hostname and show you an error

configuration virtual machine for host only / for nat

Configure USB / Serial device

VirtualBox

  1. Open the virtual machine settings
  2. Go to the "Serial Ports" section
  3. Check "Enable Serial Port" and choose the "Port Mode" as "Host Pipe"
  4. Check "Create Pipe"
  5. Enter /path/to/virtual_machine/cacert1.it-sls.de/serial.pipe

  6. Open a command line and execute
    cd /path/to/virtual_machine/cacert1.it-sls.de/
    ln -s serial.pipe serial.pipe.lnk
  7. Go to the second tab of the serial port settings of VirtualBox ("Port 2")

  8. Check "Enable Serial Port" and choose the "Port Mode" as "Host Pipe"
  9. Do NOT check "Create Pipe"

  10. Enter /path/to/virtual_machine/cacert1.it-sls.de/serial.pipe.lnk

VMWare

serial-ports-configuration-under-vmware.png

serial-port1-configuration.png serial-port2-configuration.png

Alternate Manual Modification Options on RAW ESX VM for local use

Additional optional modifications

Developer Image in kvm/qemu

  1. Convert the ova image to a qcow2 image, a guide to do this can be found at http://blog.bodhizazen.net/linux/convert-virtualbox-vdi-to-kvm-qcow/

  2. Import the qcow image into a new virtual machine
  3. Configure the virtual machine with 2 network interfaces
  4. In the grub menu, change the root block device from sda1 to vda1
  5. Boot the machine
  6. Log in and stop the commmodule processes to remove the spam from the console (see some sections above)
  7. Change the entries in /etc/fstab from sda to vda
  8. Change the entries in /boot/grub/menu.lst from sda to vda (you can also try to run grub-mkdevicemap && update-grub - haven't tried that yet)

  9. Remove the /etc/udev/rules.d/70-persistent-net.rules to have your network cards mapped as eth0 and eth1
  10. Depending on your requirements, you can also adjust /etc/network/interfaces to assign IPs

Changes to testserver image T8 (**)

adjust ip settings on vm

changes for git on vm to allow an automatic update push of testserver-stable branch

Testserver Certs period changes

Logs and places within system

How to prepare an image that was just exported from ESX

Rev

State

VM HW level1

Link

login

T8
M8

2013-08-22

4

http://cacert.nhng.de/cacert-testserver/20130821/cacert1.it-sls.de.ova
http://cacert.nhng.de/cacert-testserver/20130821/cacert1-mgr.ova

Modified image, root password: it-sls (**)

http://www.avintec.com/it-sls/20130821/cacert1.it-sls.de/
http://www.avintec.com/it-sls/20130821/cacert1-mgr/

Original image, password unknown, boot with a live CD and chroot virtual hard disk to change root password

T7
M7
G7

2012-04-04
(removed stamp service)

4

http://cacert.nhng.de/cacert-testserver/20120404/cacert1.it-sls.de.ova

Modified image, root password: it-sls

http://www.avintec.com/it-sls/20120404/cacert1.it-sls.de/
http://www.avintec.com/it-sls/20120404/cacert1-mgr/
http://www.avintec.com/it-sls/20120404/git-cacert/

Original image, password unknown

T6

2011-10-26

4

http://cacert.nhng.de/cacert-testserver/20111026/cacert1.it-sls.de/

Modified image, root password: it-sls

http://www.avintec.com/it-sls/CAcert-T6/

Modified image, root password: CA-Test

http://www.avintec.com/it-sls/20111026/

Original image, password unknown

T5

2011-09-07

4

http://cacert.nhng.de/cacert-testserver/20110907/cacert1.it-sls.de/
http://www.avintec.com/it-sls/20110907/cacert1.it-sls.de/

Original image, password unknown

M1

2011-09-07

4

http://cacert.nhng.de/cacert-testserver/20110907/ca-mgr1.it-sls.de/
http://www.avintec.com/it-sls/20110907/ca-mgr1.it-sls.de/

Original image, password unknown

T4

2011-04-21

4

http://cacert.nhng.de/cacert-testserver/20110421/
http://www.avintec.com/it-sls/20110421/cacert1.it-sls.de/

Original image, password unknown

T3

2010-04-07

7

ftp://newsys.gun.de/VMWare-Images/CAcert-Developer/

root/CA-Test

T2

2009-08-24

4

http://cacert.quarkus.de/

root/lale..

T1

2009-06-28

emu

test1.cacert.at

unknown

remark WIN7 vmplayer 3.1 must run in WindowsXP mode see http://www.infernodevelopment.com/forum/Thread-VMWare-Player-Windows-7-Internet-Not-Working

1 vmware-host is running on a VMware ESX Server 3i 3.5.0 build-207095 revision. vm-versionhw-levels defines 3i 3.5.0 as HW level 4.


SystemAdministration/Systems/Development (last edited 2016-06-28 11:09:55 by dirkastrath)