# How to setup selinux-friendly HTTP/FTP/NFS/VNC/HDD for respin testing
# -zcat
# TODO: convert notes into setup script(s).

# HTTP
# 1) open port 80
#   -A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
# 2) mount ISOs with httpd_sys_content_t context into /var/www
mkdir -p /var/www/respin/f9{32,64}
mount -o loop,context=unconfined_u:object_r:httpd_sys_content_t:s0 /0safe/fedoraunity/spins/f9-20080718/Fedora-Unity-20080718-9-x86_64-DVD.iso /var/www/respin/f964
mount -o loop,context=unconfined_u:object_r:httpd_sys_content_t:s0 /0safe/fedoraunity/spins/f9-20080718/Fedora-Unity-20080718-9-i386-DVD.iso /var/www/respin/f932
# 3) add httpd alias conf to install from a shortcut "http://hostname/f964/"
cat << EOF > /etc/httpd/conf.d/furespin.conf
Alias /f964/ "/var/www/respin/f964/"
<Directory "/var/www/respin/f964/">
        Options Indexes
</Directory>
Alias /f932/ "/var/www/respin/f932/"
<Directory "/var/www/respin/f932/">
        Options Indexes
</Directory>
EOF
# 4) /etc/init.d/httpd reload


# FTP
# 1) open ftp port 21
#   -A INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT
# 2) mount isos with appropriate selinux context for pub ftp
mkdir /var/ftp/pub/f9{64,32}
mount -o loop,context=unconfined_u:object_r:public_content_t:s0 /0safe/fedoraunity/spins/f9-20080718/Fedora-Unity-20080718-9-x86_64-DVD.iso /var/ftp/pub/f964
mount -o loop,context=unconfined_u:object_r:public_content_t:s0 /0safe/fedoraunity/spins/f9-20080718/Fedora-Unity-20080718-9-i386-DVD.iso /var/ftp/pub/f932
# 3) /etc/init.d/vsftpd start


# NFS & NFS Image
# 1) open nfs3 ports (system-config-firewall only opens the nfs4 ports, but
# anaconda uses nfs3)
# add to /etc/sysconfig/iptables:
#   -A INPUT -m state --state NEW -m tcp -p tcp --dport 2049 -j ACCEPT
#   -A INPUT -m state --state NEW -m udp -p udp --dport 2049 -j ACCEPT
#   -A INPUT -m state --state NEW -m tcp -p tcp --dport 111 -j ACCEPT
#   -A INPUT -m state --state NEW -m udp -p udp --dport 111 -j ACCEPT
#   -A INPUT -m state --state NEW -m tcp -p tcp --dport 892 -j ACCEPT
#   -A INPUT -m state --state NEW -m udp -p udp --dport 892 -j ACCEPT
# /etc/init.d/iptables restart
# 2) edit /etc/sysconfig/nfs to set the following static ports (not using nfslock):
#   MOUNTD_PORT=892
# 3) mount ISOs. selinux doesn't seem to care about the context
mkdir ./f9{64,32}{,nfsimage}
mount -o loop Fedora-Unity-20080718-9-x86_64-DVD.iso f964
mount -o loop Fedora-Unity-20080718-9-i386-DVD.iso f932
# 3) /etc/init/nfs start
# 4) add entries to /etc/exports for arch and nfs tree + nfs iso image
#  /0safe/fedoraunity/spins/f9-20080718/f964    *(ro)
#  /0safe/fedoraunity/spins/f9-20080718/f964nfsimage    *(ro)
#  /0safe/fedoraunity/spins/f9-20080718/f932    *(ro)
#  /0safe/fedoraunity/spins/f9-20080718/f932nfsimage    *(ro)
# 5) hardlink the iso image into the f9nfsimage dirs. this is so we KNOW it's
# the only thing found in that base directory:
#    ln Fedora-Unity-20080718-9-x86_64-DVD.iso f964nfsimage/
#    ln Fedora-Unity-20080718-9-i386-DVD.iso f932nfsimage/
# 6) # if denyhosts is installed, it may be necessary to fix the context on /etc/hosts.deny
# chcon system_u:object_r:etc_t:s0 /etc/hosts.deny


# VNC
#1) open port 5500
#   -A INPUT -m state --state NEW -m udp -p udp --dport 5500 -j ACCEPT
#2) run "vncviewer --listen 5500" on the host
#3) anaconda: pass options "vnc vncconnect=192.168.1.10"


# HDD
# VMware:
# 1) add an extra 5GB vmware disk
# 2) boot rescue mode of installer
# 3) fdisk sdb, then mkfs.vfat or mkfs.ext3 sdb1, and mount it
# 4) ftp or sftp the ISO from the host into the sdb1 fs
# 5) reboot into installer and specify sdb as the HDD install source



# Cleanup
# stop all services if not used normally
for s in httpd vsftpd nfs; do service $s stop; done
# unmount all mounted Fedora-Unity ISOs
egrep -i 'Unity.*iso9660' /etc/mtab | awk '{print $2}' | while read mp; do echo "Unmounting \"$mp\" ..."; umount "$mp"; done