Installing, configuring, and running the Rendezvous server
Install the fdo-rendezvous-server RPM package to enable the systems to
receive the voucher generated by the Manufacturing server during the first
device boot. The Rendezvous server then matches the device UUID with the
target platform or cloud and informs the device about which Owner server
endpoint the device must use.
-
You created a
manufacturer_cert.pemcertificate. See Generating key and certificates. -
You copied the
manufacturer_cert.pemcertificate to the/etc/fdo/keysdirectory in the Rendezvous server.
-
Install the
fdo-rendezvous-serverRPM packages:# dnf install -y fdo-rendezvous-server
-
Create the
rendezvous-server.ymlconfiguration file, including the path to the manufacturer certificate. You can find an example in/usr/share/doc/fdo/rendezvous-server.yml. The following example shows a configuration file that is saved in/etc/fdo/rendezvous-server.yml.storage_driver: Directory: path: /etc/fdo/stores/rendezvous_registered session_store_driver: Directory: path: /etc/fdo/stores/rendezvous_sessions trusted_manufacturer_keys_path: /etc/fdo/keys/manufacturer_cert.pem max_wait_seconds: ~ bind: "0.0.0.0:8082" -
Check the Rendezvous server service status:
# systemctl list-unit-files | grep fdo | grep rende fdo-rendezvous-server.service disabled disabled
-
If the service is stopped and disabled, enable and start it:
# systemctl enable --now fdo-rendezvous-server.service
-
-
Check that the server is listening on the default configured port 8082:
# ss -ltn
-
Open the port if you have a firewall configured on this server:
# firewall-cmd --add-port=8082/tcp --permanent # systemctl restart firewalld
Want to help? Learn how to contribute to Fedora Docs ›