Closed swtrse closed 9 months ago
As additional information. I found the reason in my case related to the AUTOCERT setting. The log shows that the XOUSER did not have permission to create the certificates in the INSTALLDIR (/opt/xo in my case since I used the default settings).
However I did get it to work on both systems by replacing
# Create installation directory if doesn't exist already
if [[ ! -d "$INSTALLDIR" ]]; then
echo
printinfo "Creating missing basedir to $INSTALLDIR"
runcmd "mkdir -p \"$INSTALLDIR\""
fi
with
# Create installation directory if doesn't exist already
if [[ ! -d "$INSTALLDIR" ]]; then
echo
printinfo "Creating missing basedir to $INSTALLDIR"
runcmd "mkdir -p \"$INSTALLDIR\""
runcmd "chown $XOUSER:$XOUSER \"$INSTALLDIR\""
fi
So far everything seems to work perfectly fine. I do not know or have tested if that solution has any side effects in other places or on other distros but my guess is it does not.
Could someone please verify and maybe update the script?
Also the script is missing a step at least for RockyLinux and I guess RHEL based distros
sudo firewall-cmd --add-service https
and
sudo firewall-cmd --add-service https`--permanent
has to be called manually since the script did not do it and the firewall service is blocking incoming packages otherwise. This is also be true for http if not using https.
Hey,
Good that you figured it out. This is mentioned in the wiki if using a non-root user: https://github.com/ronivay/XenOrchestraInstallerUpdater/wiki
Reason why installdir isn't automatically chown'd to the user by the script is that it's a higher level directory and could potentially include something else than XO if so chosen by the user. This could potentially break things or be a security risk. Choose a location to where the non-root has permissions to write.
Script is also missing firewall modifications by design for security reasons. It tells you in the end of a successful installation to open firewall if needed. It simply cannot know if one wants to open the service to everywhere or only on some interfaces, for range of source ip's etc and it becomes overly complicated so sysadmin managing the server is left in charge.
On both system I used a user with sudo rights to run the script with `sudo ./xo-install.sh'. The config I used in both OSes is
Originally posted by @swtrse in https://github.com/ronivay/XenOrchestraInstallerUpdater/issues/191#issuecomment-1761539896