[Bug 1893428] New: netinstall image requirement for using kickstart
could be made clearer
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1893428
Bug ID: 1893428
Summary: netinstall image requirement for using kickstart could
be made clearer
Product: Fedora Documentation
Version: devel
Status: NEW
Component: install-guide
Severity: low
Assignee: pbokoc(a)redhat.com
Reporter: glaebhoerl(a)gmail.com
QA Contact: docs-qa(a)lists.fedoraproject.org
CC: pbokoc(a)redhat.com, zach(a)oglesby.co
Target Milestone: ---
Classification: Fedora
Based on the
https://docs.fedoraproject.org/en-US/fedora/f33/install-guide/advanced/Ki...
page, I attempted to add an inst.ks= boot option to my Fedora Workstation
installation image (after copying its contents to a FAT32 filesystem). This
resulted, when beginning the installation, in the message:
"Kickstart is not supported on live installs. This installation will continue
interactively."
Googling for this message found single-digit hits, almost all of which were for
the several-years-old commit which originally added the message.
It was very unclear to me what I should have been doing instead, and spent most
of a day fruitlessly googling to try to find out. Every page only ever said
that I needed to add a boot option to the kernel command line of the installer
(which is what I believed myself to be doing), and went from there. The root of
the issue is that it was not apparent to me what the alternative to a "live
install" was, or how to activate it. (Maybe I needed to pass different boot
options so that it would boot directly into the installer?? I spent a while
trying different ways to achieve this.)
"Kickstart is not supported on live installs" may have been sufficient
information back in the day when live and non-live installation images were
provided side by side, but these days, at least for the Workstation version,
live is the only download option prominently visible, and it is not even called
out as being such.
Finally, after trying the twentieth combination of search terms, I found that
the page
https://docs.fedoraproject.org/en-US/fedora/f33/install-guide/install/Pre...
mentions that "Kickstart installation requires the netinstall media type, or a
direct installation booting method such as PXE; kickstarts are not supported
with live images". I admit that if I had read all of the instructions linearly
from beginning to end, then I would probably not have had this problem.
Nonetheless, I humbly suggest that if the "Automating the Installation with
Kickstart" page also made some mention of this requirement, it would be a
helpful thing. In addition, it might be helpful to extend the "kickstart is not
supported on live installs" error message with some mention of the suggested
alternatives as well.
Thank you for your work and attention.
--
You are receiving this mail because:
You are the QA Contact for the bug.
2 years, 9 months
[Bug 1901486] New: Release notes should mention fixes for older
systems impacted by security tightening in F33
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1901486
Bug ID: 1901486
Summary: Release notes should mention fixes for older systems
impacted by security tightening in F33
Product: Fedora Documentation
Version: devel
Status: NEW
Component: release-notes
Assignee: pbokoc(a)redhat.com
Reporter: russ+bugzilla-redhat(a)gloomytrousers.co.uk
QA Contact: docs-qa(a)lists.fedoraproject.org
CC: relnotes(a)fedoraproject.org, wb8rcr(a)arrl.net,
zach(a)oglesby.co
Target Milestone: ---
Classification: Fedora
Description of problem:
On booting my system after upgrade from F31 to F33, neither httpd nor dovecot
would start. This system is quite an old one that's been upgraded through many
versions of Fedora. This appears to be a result of "Strong Crypto Settings -
Phase 2" mentioned on
https://docs.fedoraproject.org/en-US/fedora/f33/release-notes/sysadmin/Se...
The relevant errors were:
* Apache (/var/log/httpd/error_log):
[Mon Nov 23 11:44:11.517501 2020] [ssl:emerg] [pid 13680:tid 13680] AH02562:
Failed to configure certificate gigalith.gloomytrousers.co.uk:443:0 (with
chain), check /etc/pki/tls/certs/localhost.crt
[Mon Nov 23 11:44:11.517525 2020] [ssl:emerg] [pid 13680:tid 13680] SSL Library
Error: error:140AB18F:SSL routines:SSL_CTX_use_certificate:ee key too small
This cert was 1024 bit, first generated in 2010. The fix was to remove
/etc/pki/tls/certs/localhost.crt and /etc/pki/tls/private/localhost.key then
run /usr/libexec/httpd-ssl-gencerts.
* Dovecot (journal):
Nov 23 12:35:27 gigalith.gloomytrousers.co.uk dovecot[31160]: config: Warning:
please set ssl_dh=</etc/dovecot/dh.pem
Nov 23 12:35:27 gigalith.gloomytrousers.co.uk dovecot[31160]: config: Warning:
You can generate it with: dd if=/var/lib/dovecot/ssl-parameters.dat bs=1
skip=88 | openssl dhparam -inform der > /etc/dovecot/dh.pem
/etc/dovecot/dh.pem was present, dating from from 2013. The recommended fix did
NOT work (I recall having run this in the past) - it just generated an
identical file. The actual fix (stumbled across in bug 1882939) was to
regenerate the DH params with `openssl dhparam -out /etc/dovecot/dh.pem 4096`
(this took 32 mins on my machine!)
I suspect Exim might also have similar problems for some people, although I
didn't have a problem (my cert was 2048 bit from 2010, although I think I
generated this in a non-default way at the time). The fix in this case would be
to remove /etc/pki/tls/certs/exim.pem and /etc/pki/tls/private/exim.pem then
run /usr/libexec/exim-gen-cert.
I suggest these workarounds which might be required for older systems be
documented on
https://docs.fedoraproject.org/en-US/fedora/f33/release-notes/sysadmin/Se...
- along with anything else that might suffer from similar issues.
--
You are receiving this mail because:
You are the QA Contact for the bug.
3 years, 4 months
[Bug 1899912] anaconda generates an undocumented timesource option
in kickstart file
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1899912
Vendula Poncova <vponcova(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |pbokoc(a)redhat.com,
| |zach(a)oglesby.co
Component|anaconda |install-guide
Version|33 |devel
Assignee|anaconda-maint-list@redhat. |pbokoc(a)redhat.com
|com |
Product|Fedora |Fedora Documentation
QA Contact|extras-qa(a)fedoraproject.org |docs-qa(a)lists.fedoraproject
| |.org
--- Comment #3 from Vendula Poncova <vponcova(a)redhat.com> ---
Thanks for checking the validator. Reassigning to the install guide.
--
You are receiving this mail because:
You are the QA Contact for the bug.
3 years, 4 months
[Bug 977051] Yum section should document using a proxy
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=977051
--- Comment #1 from Ryan <im_dracula(a)hotmail.com> ---
This should be included in the DNF section now, but most things use the system
proxy config or $http_proxy and $https_proxy env vars so it may not be as
necessary as it was back in Fedora 2x days...still, adding
proxy=http://proxy:8080 to your dnf.conf file is still a possible solution
--
You are receiving this mail because:
You are the QA Contact for the bug.
3 years, 4 months