Configuring Secure64 x86 Support
A note on Ports
ProVision uses port 22 to communicate with and configure Secure64 infrastructure - please ensure that this is addressed in any ACLs/firewalls
ProVision also uses port 53 to do zone checks if the DNS Module is enabled and in use. Please ensure that your Secure64 infrastructure is configured to accept DNS lookups from the ProVision server
The initial setup of the Secure64 x86 Authoritative server is as follows:
Configuring Secure64 x86 Authority Server
- Using the terminal, SSH to the desired S64 x86 server. All the configurations and zones will be pushed in /srv/knot/6c/
Create new user "provision"
sudo useradd provision sudo passwd provision
Create a directory called "6c" that will be used for the ProVision exports and set the permissions, so that we can push the configurations in /srv/knot/
sudo mkdir --mode=u+rwx,g+wrs,o-rwx /srv/knot/6c sudo chown provision.knot /srv/knot/6c
In order to properly reload the server without asking for a password from ProVision, we must edit the sudoers file to let the user "provision" execute "sudo knotc reload" after push. So, add the following line at the end of /etc/sudoers:
provision ALL=(ALL) NOPASSWD: /sbin/knotc reload
Add knot to be inside the "provision" group by editing the /etc/group as follows:
provision:x:120:knot
Add provision to be a part of the knot group (in case knot replaces a zone), so that Provision is able to replace it again on push. So, we must once again edit /etc/group, as follows:
knot:x:119:provision
Configure ProVision in the S64 server and add the include directive in /etc/knot/knot.conf:
include: /srv/knot/6c/6c_knot.conf
- Open the ProVision UI and navigate to the DNS section to add the S64x86 server. While adding server settings, you must verify that Post Command is set to “sudo knotc reload” and the configuration path to “/srv/knot/6c/6c_knot.conf”
- An example server configuration for the S64 x86 server is shown below: