[Bug 891467] New: Need a section in the install guide regarding pxe booting on UEFI systems
by Red Hat Bugzilla
Product: Fedora Documentation
https://bugzilla.redhat.com/show_bug.cgi?id=891467
Bug ID: 891467
Summary: Need a section in the install guide regarding pxe
booting on UEFI systems
Product: Fedora Documentation
Version: devel
Component: uefi-secure-boot-guide
Severity: unspecified
Priority: unspecified
Reporter: jreed(a)redhat.com
Depends On: 871565
+++ This bug was initially created as a clone of Bug #871565 +++
Description of problem:
Fedora 18 will see greater use of UEFI systems, and as such we should round out
our documentation regarding how to boot UEFI systems via other common methods
besides those already addressed. Most notably the use of pxe boot in UEFI
environments will now be available with secure boot enabled via both ipv4 and
ipv6 the by using shim layer code:
https://github.com/mjg59/shim
We should further document how to boot a system and setup a pxe server to allow
booting UEFI systems in this manner
--- Additional comment from Jack Reed on 2012-11-12 01:01:52 EST ---
Thanks Neil.
Are you able to give me some details on how the procedure for setting up a PXE
server for EFI would need to be changed to account for this?
http://docs.fedoraproject.org/en-US/Fedora/17/html/Installation_Guide/s1-...
And I expect the "Booting from the Network using PXE" section needs to be
tweaked to account for EFI as well:
http://docs.fedoraproject.org/en-US/Fedora/17/html/Installation_Guide/sn-...
Are you able to tell me how this process differs on EFI systems?
And what else would you like included here or elsewhere, particularly with
regard to secure boot being enabled via via both ipv4 and ipv6 the by using
shim layer code? I'm unclear on how this affects the procedure/s.
And what are the other common methods that are not addressed that you would
like to see covered?
--- Additional comment from Neil Horman on 2012-12-18 11:19:16 EST ---
Jack
I'm sorry, the description above isn't complete. The additional need for
documentation here is not exclusively to support UEFI systems, but to support
them using PXE for IPV4 and IPV6 using non secureboot and secureboot
environments. The documentation you have covers IPV4 in a non-secureboot
environment. I'll try to touch on the general changes that need to be made in
each case:
PXE+UEFI+IPV4+NO Secureboot - You're good to go, no changes need to be made
PXE+UEFI+IPV6+No Secureboot - the server dhcp6 option is not filename, you need
to instead specify bootfile-url option, which is a text string of the form:
bootfile-url="tftp://[ipv6-address-in-brackets]/path/to/grub.efi
PXE+UEFI+[IPv4|IPV6]+Secureboot - You can't boot grub directly with secureboot
enabled, as its unsigned. We're in the process of getting the shim utility:
https://github.com/mjg59/shim
It will be signed and needs to be specified as the filename option or the
bootfile-url option on the dhcp server. The shim utility will be downloaded,
validated, and then it will be responsible for downloading the actual grub
image (which must be named grub.efi or grubx64.efi and be tftp-able from the
same location that the shim image was located at)
So, I'm not sure at how you're looking to organize the docs for fedora (if you
want to document secureboot booting procedures separately from non-secureboot
environments or not), but thats the information that I was hoping to cover in
this bz. If you feel like you have all that information in various locations,
and can ennumerate them here, I think that would satisfy this bz in my mind.
If any of it is missing however, and can be added, I would greatly appreciate
it. I've got some virtual qemu guests setup to run an IPv6+UEFI+secure boot
emulated environment here which you're welcome to poke around with to help
flesh out the instructions if need be. And of course, I'm happy to answer any
further quesstions you might have here.
Thanks!
Neil
--- Additional comment from Jack Reed on 2012-12-19 00:31:51 EST ---
Thanks for this, Neil. Having the distinct requirements for each use case
outlined is really useful.
However, I'm still not clear on the context or exact format of these
configuration changes. Are they made in /etc/dhcp/dhcpd.conf, a sample of which
is provided in step 4 of the following?
http://docs.fedoraproject.org/en-US/Fedora/17/html/Installation_Guide/s1-...
If so, I assume that 'filename "pxelinux/bootia32.efi";' should be replaced
with 'bootfile-url="tftp://[ipv6-address-in-brackets]/path/to/grub.efi' (in the
second use case you outline) or whatever is required for the third use case. Is
that correct?
But the config file in step 4 is only an example, and the filename strings in
it are relevant in case certain conditions are met, whereas the filename and
bootname-url strings you're referring to are perhaps uniform rather than
conditional.
Would you mind providing quick edited versions of that sample config file that
incorporate these IPv6 and IPv4/6 Secureboot strings? (I'm particularly unclear
on how to configure the latter.) Assuming that's where the editing needs to be
done, of course.
If it is, then explaining what is needed for IPv6 and SecureBoot in the
'Configuring for EFI' procedure may be enough, as opposed to breaking them off
into another procedure. If the steps prove too difficult to integrate though, I
will break them off.
That said, you might be interested in an F18 draft document I've just been
reminded of:
http://docs.fedoraproject.org/en-US/Fedora_Draft_Documentation/0.1/html-s...
It's only in the early stages, but the material you want to add may also be
beneficial here. Or you may feel that it is best suited to that guide alone. I
don't have the perspective on the applicability of this new material to gauge
that, so let me know what you think.
--- Additional comment from Neil Horman on 2012-12-19 09:11:43 EST ---
Sure, I'll attach my sample configs in a bit.
To answer your specific questions above:
1) When configuring pxe for IPv6 vs. IPv4, the dhcp server configuration needs
to change. Specifially, when using ipv4 you need to specify the filename dhcp
option, exactly as it appears in the current netboot document you reference
above
When configuring pxe for ipv6 (weather or not you use secure boot, or UEFI for
that matter), in addition to modifying the dhcp server configuration to serve
ipv6 addresses, pxe support requires that you, instead of using the filename
dhcp option to specify the file to download, you instead use the bootfile-url
option, which is formatted as I noted above (its also expanded on in the
dhcp-options man page).
Note this change is orthogonal to any changes required to enable secureboot
over pxe. This is just the change needed to support ipv6 pxe boot. As you not
above, your configuration example is just that, an example. I don't know if
you want to expand on it to demonstrate how pxe works differently with ipv6.
If you do however (and I think it would be a good idea), the bootfile-url
option is what you need to document.
2) Secureboot, when enabling secureboot, you have to make some additional
changes. Specifically you have to specify a special file to download (not just
the grub bootloader). This is because grub won't be signed with the master
key. The shim utility I mentioned before will. If you're trying to boot a
system via pxe in UEFI secure boot mode using ipv4, you have to use the
filename dhcp option to specify that the shim utilty file be downloaded,
whereas if you are booting a system via pxe in UEFI secure boot mode over ipv6,
then you need to specify the shim utilty file on the dhcp server using the
bootfile-url option. Note that if you are _not_ in secure boot mode, then you
can specify any pxe boot file that you want on the server. Thats the meat of
the change here: When in secure boot mode you need to specify the shim utilty
as the file to download via tftp, as opposed to operating in non-secure-boot
mode, when you can download and run any arbitrary file.
Looking at your Secure boot page, I think thats a good start. Perhaps thats
how this documentation should be split up - item (1) above can be edited into
the netboot documentation, to show how the dhcp server config changes when
using ipv6, and item (2) can be discussed in the secure boot page (since the
shim utiltiy is requried when using secure boot, regardless of weather your
booting locally or via pxe).
I'll attach my sample dhcpd6.conf file in just a moment.
--- Additional comment from Neil Horman on 2012-12-19 09:49:06 EST ---
Created attachment 666108
sample dhcpd6.conf file
Heres my example dhcpd6.conf file, which uses the bootfile-url option. Note
that it specifies the shim.efi utility. This setup was used to boot a system
in secure boot mode. If we weren't in secure boot mode, we could download any
file we wanted. As it is, the shim utility is signed, alowing it to be run in
secure boot mode. Once its validated, it will attempt to download the
grubx[32|64].efi file from the same location it was downloaded from.
--
You are receiving this mail because:
You are the QA Contact for the bug.
10 years, 9 months
[Bug 919665] New: Dead link in Install Guide pointing to yum update settings
by Red Hat Bugzilla
Product: Fedora Documentation
https://bugzilla.redhat.com/show_bug.cgi?id=919665
Bug ID: 919665
Summary: Dead link in Install Guide pointing to yum update
settings
Product: Fedora Documentation
Version: devel
Component: install-guide
Severity: medium
Priority: unspecified
Reporter: bryan.sutherland(a)gmail.com
Depends On: 901692
Section 18.1 - Updating Your System, has a link pointing to a non-existent set
of instructions for configuring daily updates with yum. The particular
paragraph is:
"If your Fedora system has a permanent network connection, you may choose to
enable daily system updates. To enable automatic updates, follow the
instructions on the webpage
http://docs.fedoraproject.org/yum/sn-updating-your-system.html."
Is anyone aware of where this doc set may have gone?
--
You are receiving this mail because:
You are the QA Contact for the bug.
10 years, 9 months
[Bug 896318] New: duplicated word.
by Red Hat Bugzilla
Product: Fedora Documentation
https://bugzilla.redhat.com/show_bug.cgi?id=896318
Bug ID: 896318
Summary: duplicated word.
Product: Fedora Documentation
Version: devel
Component: power-management-guide
Severity: low
Priority: unspecified
Reporter: cickumqt(a)gmail.com
I just found this string:
<function>Fsync</function> is known as an I/O expensive operation, but this is
is not completely true.
Well,two "is" appear.
--
You are receiving this mail because:
You are the QA Contact for the bug.
10 years, 9 months
[Bug 965612] New: New Bugzilla component for Fedora Virtualization Deployment and Administration Guide
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=965612
Bug ID: 965612
Summary: New Bugzilla component for Fedora Virtualization
Deployment and Administration Guide
Product: Fedora Documentation
Version: devel
Component: docs-requests
Severity: unspecified
Priority: unspecified
Assignee: nobody(a)fedoraproject.org
Reporter: lnovich(a)redhat.com
QA Contact: docs-qa(a)lists.fedoraproject.org
CC: oglesbyzm(a)gmail.com, sparks(a)redhat.com,
stickster(a)gmail.com
Document URL:
Section Number and Name:
Describe the issue:
Suggestions for improvement:
Additional information:
--
You are receiving this mail because:
You are the QA Contact for the bug.
10 years, 10 months
[Bug 947458] New: Duplicate sentence
by Red Hat Bugzilla
Product: Fedora Documentation
https://bugzilla.redhat.com/show_bug.cgi?id=947458
Bug ID: 947458
Summary: Duplicate sentence
Product: Fedora Documentation
Version: devel
Component: user-guide
Severity: low
Priority: unspecified
Assignee: fnadge(a)redhat.com
Reporter: Geodebay(a)gmail.com
QA Contact: docs-qa(a)lists.fedoraproject.org
CC: danielsmw(a)gmail.com, jmbabich(a)gmail.com,
oglesbyzm(a)gmail.com, rlandman(a)redhat.com
Category: ---
Description of problem:
In the file Tour_of_the_GNOME_desktop.xml, the same sentence (pretty much the
same) is duplicated line #11 and line #17. You may suppress the first.
Version-Release number of selected component (if applicable):
How reproducible:
Steps to Reproduce:
1.
2.
3.
Actual results:
Expected results:
Additional info:
--
You are receiving this mail because:
You are the QA Contact for the bug.
10 years, 10 months
[Bug 956280] New: Some typos
by Red Hat Bugzilla
Product: Fedora Documentation
https://bugzilla.redhat.com/show_bug.cgi?id=956280
Bug ID: 956280
Summary: Some typos
Product: Fedora Documentation
Version: devel
Component: user-guide
Severity: unspecified
Priority: unspecified
Assignee: dhensley(a)redhat.com
Reporter: Geodebay(a)gmail.com
QA Contact: docs-qa(a)lists.fedoraproject.org
CC: danielsmw(a)gmail.com, jmbabich(a)gmail.com,
oglesbyzm(a)gmail.com, rlandman(a)redhat.com
Category: ---
Description of problem:
Media.xml:
line 8 typo "enviroments" > "environments"
line 45 typo "burn and Audio CD" > "burn an Audio CD"
typo "plus icon to add open" > "plus icon to open"
line 56 wording "...from the Gnome Live CD or the DVD." > "...from the Live CD
or the DVD."
line 243 Docbook tag missing
su -c 'livecd-iso-to-disk the_image.iso
/dev/<replaceable>sdX1</replaceable>'
> su -c 'livecd-iso-to-disk <replaceable>the_image.iso</replaceable> /dev/<replaceable>sdX1</replaceable>'
Accessing_the_Web.xml
line 269 Docbook error <replaceable>scp</replaceable> scp is not replaceable.
Communications.xml
line 257 error "cannot find the Application Data
>> "cannot find the AppData folder</title>"
line 259 error "..cannot find the <filename>Application Data</filename>
folder.."
>> "...cannot find the <filename>AppData</filename> folder..."
line 332 you must cut <menuchoice><guimenu>Edit</guimenu><guisubmenu>Select
All</guisubmenu><guisubmenu>Edit</guisubmenu><guisubmenu>Copy</guisubmenu></menuchoice>
>> <menuchoice><guimenu>Edit</guimenu><guisubmenu>Select
All</guisubmenu></menuchoice> and
<menuchoice><guisubmenu>Edit</guisubmenu><guisubmenu>Copy</guisubmenu></menuchoice>
line 947 typo "button to ad your choice." >> "button to add your choice."
Version-Release number of selected component (if applicable):
draft
How reproducible:
Steps to Reproduce:
1.
2.
3.
Actual results:
Expected results:
Additional info:
--
You are receiving this mail because:
You are the QA Contact for the bug.
10 years, 10 months
[Bug 922608] New: Setting up named-chroot using setup-named-chroot not documented
by Red Hat Bugzilla
Product: Fedora Documentation
https://bugzilla.redhat.com/show_bug.cgi?id=922608
Bug ID: 922608
Summary: Setting up named-chroot using setup-named-chroot not
documented
Product: Fedora Documentation
Version: devel
Component: deployment-guide
Severity: high
Priority: unspecified
Assignee: jhradile(a)redhat.com
Reporter: harker-redhat(a)harker.com
QA Contact: docs-qa(a)lists.fedoraproject.org
CC: dhensley(a)redhat.com, oglesbyzm(a)gmail.com
Description of problem:
In FC18 completely changed you configure the named-chroot package.
In RHEL when you install the named-chroot package, the /var/named/chroot
environment gets setup automatically.
In FC18 installing named-chroot package does not set up the /var/named/chroot
environment.
In FC18 you need to initialize the /var/named/chroot environment by running:
/usr/libexec/setup-named-chroot.sh /var/named/chroot on
I suspect this change was made with the transition to systemd.
Version-Release number of selected component (if applicable):
bind-chroot.x86_64 32:9.9.2-8.P1.fc18
How reproducible:
www.google.com/search?q=setup-named-chroot&as_sitesearch=fedoraproject.org
Steps to Reproduce:
Search:
www.google.com/search?q=setup-named-chroot&as_sitesearch=fedoraproject.org
Actual results:
No results
Expected results:
Some documentation
Additional info:
Here are a set of steps I wrote about setting named-chroot in FC18:
# Steps to set up a named in a chroot environment in FC18
# Install the packages
yum install bind bind-chroot
# Enable chroot environment
# Note: This is a significant change (in FC18)/(relating to systemd)
/usr/libexec/setup-named-chroot.sh /var/named/chroot on
# Check chroot environment
ls -l /var/named/chroot/etc /var/named/chroot/var/named
# Optional:
# You may also want to hard link named.conf and rndc.key from
/var/named/chroot/etc to /etc.
# Check with
ls -li /etc/named.conf /var/named/chroot/etc/named.conf
ls -li /etc/rndc.key /var/named/chroot/etc/rndc.key
# Create hard links with (ln with no -s)
ln /var/named/chroot/etc/named.conf /etc/named.conf
ln /var/named/chroot/etc/rndc.key /etc/rndc.key
# Enable the named-chroot service
# Note: If you are running named-chroot.service you do not run named.service
# Note: This is a significant change (in FC18)/(relating to systemd)
systemctl enable named-chroot.service
systemctl start named-chroot.service
# Check with
systemctl status named-chroot.service
# For ease in named administration add yourself to group named
useradd ???
Note: FC18 still uses the rndc command to manage named. Systemd only
start/stops the named daemon
--
You are receiving this mail because:
You are the QA Contact for the bug.
10 years, 10 months
[Bug 967696] New: [Security Guide] Trasnsifex client config file bug
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=967696
Bug ID: 967696
Summary: [Security Guide] Trasnsifex client config file bug
Product: Fedora Documentation
Version: devel
Component: security-guide
Severity: low
Priority: unspecified
Assignee: sparks(a)redhat.com
Reporter: tomo(a)dream.daynight.jp
QA Contact: docs-qa(a)lists.fedoraproject.org
CC: oglesbyzm(a)gmail.com, pkennedy(a)redhat.com,
security-guide-list(a)redhat.com, sparks(a)redhat.com
Created attachment 753731
--> https://bugzilla.redhat.com/attachment.cgi?id=753731&action=edit
patch for .tx/config
Description of problem:
xml files of "managing confined services" is put under subdirectory.
However, po files is put right under directory.
Po files do not match with xml files.
So, when I run publican, I got untranslated strings.
Please check an attachment.
Version-Release number of selected component (if applicable):
Fedora 19 trunk
--
You are receiving this mail because:
You are the QA Contact for the bug.
10 years, 11 months