1 | # This document is a how-to for installing a Fedora scripts.mit.edu server. |
---|
2 | |
---|
3 | # Helper files for the install are located in server/fedora/config. |
---|
4 | |
---|
5 | # Start with a normal install of Fedora. |
---|
6 | |
---|
7 | # When the initial configuration screen comes up, under "Firewall |
---|
8 | # configuration", disable the firewall, and under "System services", leave |
---|
9 | # enabled (as of Fedora 9) acpid, anacron, atd, cpuspeed, crond, |
---|
10 | # firstboot, fuse, haldaemon, ip6tables, iptables, irqbalance, |
---|
11 | # kerneloops, mdmonitor, messagebus, microcode_ctl, netfs, network, nscd, ntpd, |
---|
12 | # sshd, udev-post, and nothing else. |
---|
13 | |
---|
14 | # Edit /etc/selinux/config so it has SELINUX=disabled and reboot. |
---|
15 | |
---|
16 | # Check out the scripts.mit.edu svn repository. Configure svn not to cache |
---|
17 | # credentials. |
---|
18 | |
---|
19 | # cd to server/fedora in the svn repository. |
---|
20 | |
---|
21 | # Run "make install-deps" to install various prereqs. Nonstandard |
---|
22 | # deps are in /mit/scripts/rpm. |
---|
23 | |
---|
24 | # Check out the scripts /etc configuration, which is done most easily by |
---|
25 | # $ svn co svn://scripts.mit.edu/server/fedora/config/etc |
---|
26 | # # \cp -a etc / |
---|
27 | |
---|
28 | # Create a scripts-build user account, and set up rpm to build in |
---|
29 | # $HOME by doing a |
---|
30 | # cp config/home/scripts-build/.rpmmacros /home/scripts-build/ |
---|
31 | # (If you just use the default setup, it will generate packages |
---|
32 | # in /usr/src/redhat.) |
---|
33 | |
---|
34 | # su scripts-build - |
---|
35 | |
---|
36 | # Make sure that server/fedora (where you currently are) is writable |
---|
37 | # by user scripts-build. |
---|
38 | |
---|
39 | # env NSS_NONLOCAL_IGNORE=1 yum install scripts-base |
---|
40 | |
---|
41 | # Rebuild mit-zephyr on a 32-bit machine, like the one at Joe's home. |
---|
42 | |
---|
43 | # Run "make suexec" and "make install-suexec" to overwrite |
---|
44 | # /usr/sbin/suexec with one that works. The one installed by the |
---|
45 | # newly-built Apache RPM is misconfigured. |
---|
46 | # ... Except Anders claims he fixed this. |
---|
47 | |
---|
48 | # Remember to set NSS_NONLOCAL_IGNORE=1 anytime you're setting up |
---|
49 | # anything, e.g. using yum. Otherwise useradd will query LDAP in a stupid way |
---|
50 | # that makes it hang forever. |
---|
51 | |
---|
52 | # Install and configure bind |
---|
53 | # - env NSS_NONLOCAL_IGNORE=1 yum install bind |
---|
54 | # - chkconfig named on |
---|
55 | # - service named start |
---|
56 | |
---|
57 | # Reload the iptables config to take down the restrictive firewall |
---|
58 | # service iptables restart |
---|
59 | |
---|
60 | # Copy over root's dotfiles from one of the other machines. |
---|
61 | |
---|
62 | # Replace rsyslog with syslog-ng by doing: |
---|
63 | # # rpm -e --nodeps rsyslog |
---|
64 | # # yum install syslog-ng |
---|
65 | |
---|
66 | # Install various dependencies of the scripts system, including syslog-ng, |
---|
67 | # glibc-devel.i386, python-twisted-core, mod_fcgid, nrpe, nagios-plugins-all. |
---|
68 | |
---|
69 | # Disable NetworkManager with chkconfig NetworkManager off. Configure |
---|
70 | # networking on the front end and back end, and the routing table to send |
---|
71 | # traffic over the back end. Make sure that chkconfig reports "network" on, so |
---|
72 | # that the network will still be configured at next boot. |
---|
73 | |
---|
74 | # Fix the openafs /usr/vice/etc <-> /etc/openafs mapping by changing |
---|
75 | # /usr/vice/etc/cacheinfo to contain: |
---|
76 | # /afs:/usr/vice/cache:10000000 |
---|
77 | |
---|
78 | # Figure out why Zephyr isn't working. Most recently, it was because there |
---|
79 | # was a 64-bit RPM installed; remove it and install Joe's 32-bit one |
---|
80 | |
---|
81 | # Install the full list of RPMs that users expect to be on the |
---|
82 | # scripts.mit.edu servers. See server/doc/rpm and |
---|
83 | # server/doc/rpm_snapshot. (Note that this is only a snapshot, and not |
---|
84 | # all packages may in fact be in use.) |
---|
85 | |
---|
86 | # Install the full list of perl modules that users expect to be on the |
---|
87 | # scripts.mit.edu servers. See server/doc/perl and |
---|
88 | # server/doc/perl_snapshot. |
---|
89 | |
---|
90 | # - export PERL_MM_USE_DEFAULT=1 |
---|
91 | # - Run 'cpan', accept the default configuration, and do 'o conf |
---|
92 | # prerequisites_policy follow'. |
---|
93 | # - Parse the output of perldoc -u perllocal | grep head2 on an existing |
---|
94 | # server, and "notest install" them from the cpan prompt. |
---|
95 | |
---|
96 | # Install the Python eggs and Ruby gems and PEAR/PECL doohickeys that are on |
---|
97 | # the other scripts.mit.edu servers and do not have RPMs. |
---|
98 | # - Look at /usr/lib/python2.5/site-packages for Python eggs and modules. |
---|
99 | # - Look at `gem list` for Ruby gems. |
---|
100 | # - Look at `pear list` for Pear fruits (or whatever they're called). |
---|
101 | |
---|
102 | # echo 'import site, os.path; site.addsitedir(os.path.expanduser("~/lib/python2.5/site-packages"))' > /usr/lib/python2.5/site-packages/00scripts-home.pth |
---|
103 | |
---|
104 | # Install the credentials (machine keytab, daemon.scripts keytab, SSL |
---|
105 | # certs). |
---|
106 | |
---|
107 | # If you are setting up a test server, pay attention to |
---|
108 | # /etc/sysconfig/network-scripts and do not bind scripts' IP address. |
---|
109 | # You will also need to modify /etc/ldap.conf, /etc/nss-ldapd.conf, |
---|
110 | # /etc/openldap/ldap.conf, and /etc/httpd/conf.d/vhost_ldap.conf to |
---|
111 | # use scripts.mit.edu instead of localhost. |
---|
112 | |
---|
113 | # Install fedora-ds-base and set up replication (see ./HOWTO-SETUP-LDAP |
---|
114 | # and ./fedora-ds-enable-ssl-and-kerberos.diff). |
---|
115 | |
---|
116 | # Make the services dirsrv, nslcd, nscd, postfix, and httpd start at |
---|
117 | # boot. Run chkconfig to make sure the set of services to be run is |
---|
118 | # correct. |
---|
119 | |
---|
120 | # Run fmtutil-sys --all, which does something that makes TeX work. |
---|
121 | |
---|
122 | # Ensure that PHP isn't broken: |
---|
123 | # # mkdir /tmp/sessions |
---|
124 | # # chmod 01777 /tmp/sessions |
---|
125 | |
---|
126 | # Reboot the machine to restore a consistent state, in case you |
---|
127 | # changed anything. |
---|
128 | |
---|
129 | # (Optional) Beat your head against a wall. |
---|
130 | |
---|
131 | # Possibly perform other steps that I've neglected to put in this |
---|
132 | # document. |
---|