[Server-devel] Roadblocks for a central OATS server
Martin Langhoff
martin.langhoff at gmail.com
Fri Apr 23 14:50:23 EDT 2010
On Fri, Apr 23, 2010 at 2:04 PM, Daniel Drake <dsd at laptop.org> wrote:
> As discussed we're planning on putting a central internet-accessible
> OATS server in La Rioja, in addition to the ones in the schools.
Excellent!
> 1. Our central internet-accessible server for this task runs Fedora 12
> and will need to be kept up to date with any security fixes, distro
> EOLs, etc.
Yep - and they have the option to move it to something slower-moving
(RHEL6, CentOS6)...
> Your olpc-bios-crypto package does not install on F12 (dependency hell).
Ugh. I'll make a rebuild of that.
> OLPC really needs to get olpc-bios-crypto into Fedora...
Easier said than done! :-) If we could get audited libtomcrypt in
there in the first place...
> 2. Installing an OATS server
> We need to actually install an OATS server on this F12 system and...well...how?
See http://wiki.laptop.org/go/Antitheft:Public_Server - Moodle is
entirely optional, and I would probably not recommend it for a
deployment with a good inventory system.
xs-activation dependencies are pretty strict :-)
> Guillermo decided
> that we can't put the OATS master key on this server so we have to
> produce keys for it, and give it delegations for all 60k laptops.
That's my recommendation too. xs-activation is written to support this
role. No need to sweat with oatslite, unless you want to :-)
m
--
martin.langhoff at gmail.com
martin at laptop.org -- School Server Architect
- ask interesting questions
- don't get distracted with shiny stuff - working code first
- http://wiki.laptop.org/go/User:Martinlanghoff
More information about the Server-devel
mailing list