source: server/doc/install-howto @ 1056

Last change on this file since 1056 was 1056, checked in by geofft, 14 years ago
What to do at the initial Fedora config screen
File size: 5.1 KB
[371]1This document is a how-to for installing a Fedora server.
[861]3Helper files for the install are located in server/fedora/config.
[881]5* Start with a normal install of Fedora.
[1056]7* When the initial configuration screen comes up, under "Firewall
8  configuration", disable the firewall, and under "System services", leave
9  enabled (as of Fedora 9) acpid, anacron, atd, auditd, cpuspeed, crond, cups,
10  firstboot, fuse, gpm, haldaemon, ip6tables, iptables, irqbalance, isdn,
11  kerneloops, mdmonitor, messagebus, microcode_ctl, netfs, network, nscd, ntpd,
12  rsyslogd, sshd, udev-post, and nothing else.
[881]14* Edit /etc/selinux/config so it has SELINUX=disabled and reboot.
[788]16* Check out the svn repository. Configure svn not to cache
17  credentials.
19* cd to server/fedora in the svn repository.
[861]21* Run "make install-deps" to install various prereqs.  Nonstandard
22  deps are in /mit/scripts/rpm.
[934]24* Check out the scripts /etc configuration, which is done most easily by
25  $ svn co svn://
26  # \cp -a etc /
[861]28* Create a scripts-build user account, and set up rpm to build in
29  $HOME by doing a
30  cp config/home/scripts-build/.rpmmacros /home/scripts-build/
31  (If you just use the default setup, it will generate packages
32  in /usr/src/redhat.)
[861]34* su scripts-build -
36* Make sure that server/fedora (where you currently are) is writable
37  by user scripts-build.
[934]39* env NSS_NONLOCAL_IGNORE=1 yum install scripts-base
[796]41* Rebuild mit-zephyr on a 32-bit machine, like the one at Joe's home.
[861]43* Run "make suexec" and "make install-suexec" to overwrite
[562]44  /usr/sbin/suexec with one that works. The one installed by the
45  newly-built Apache RPM is misconfigured.
[881]46  ... Except Anders claims he fixed this.
[881]48* Remember to set NSS_NONLOCAL_IGNORE=1 anytime you're setting up
[906]49  anything, e.g. using yum. Otherwise useradd will query LDAP in a stupid way
50  that makes it hang forever.
[861]52* Install and configure bind
53  - env NSS_NONLOCAL_IGNORE=1 yum install bind
54  - chkconfig named on
55  - service named start
[862]57* Reload the iptables config to take down the restrictive firewall
58  service iptables restart
[861]60* Copy over root's dotfiles from one of the other machines.
[861]62* Replace rsyslog with syslog-ng by doing:
63  # rpm -e --nodeps rsyslog
64  # yum install syslog-ng
[788]66* Install various dependencies of the scripts system, including syslog-ng,
[798]67  glibc-devel.i386, python-twisted-core, mod_fcgid, nrpe, nagios-plugins-all.
[906]69* Disable NetworkManager with chkconfig NetworkManager off. Configure
[881]70  networking on the front end and back end, and the routing table to send
[906]71  traffic over the back end. Make sure that chkconfig reports "network" on, so
72  that the network will still be configured at next boot.
[861]74* Fix the openafs /usr/vice/etc <-> /etc/openafs mapping by changing
75   /usr/vice/etc/cacheinfo to contain:
76        /afs:/usr/vice/cache:10000000
[881]78* Figure out why Zephyr isn't working. Most recently, it was because there
79  was a 64-bit RPM installed; remove it and install Joe's 32-bit one
[387]81* Install the full list of RPMs that users expect to be on the
82 servers.  See server/doc/rpm and
[562]83  server/doc/rpm_snapshot.  (Note that this is only a snapshot, and not
84  all packages may in fact be in use.)
86* Install the full list of perl modules that users expect to be on the
87 servers.  See server/doc/perl and
88  server/doc/perl_snapshot.
[832]90  - export PERL_MM_USE_DEFAULT=1
[812]91  - Run 'cpan', accept the default configuration, and do 'o conf
92    prerequisites_policy follow'.
[818]93  - Parse the output of perldoc -u perllocal | grep head2 on an existing
94    server, and "notest install" them from the cpan prompt.
96* Install the Python eggs and Ruby gems and PEAR/PECL doohickeys that are on
97  the other servers and do not have RPMs.
[818]98  - Look at /usr/lib/python2.5/site-packages for Python eggs and modules.
99  - Look at `gem list` for Ruby gems.
100  - Look at `pear list` for Pear fruits (or whatever they're called).
[812]102* echo 'import site, os.path; site.addsitedir(os.path.expanduser("~/lib/python2.5/site-packages"))' > /usr/lib/python2.5/site-packages/00scripts-home.pth
[387]104* Install the credentials (machine keytab, daemon.scripts keytab, SSL
105  certs).
[916]107* If you are setting up a test server, pay attention to
[562]108  /etc/sysconfig/network-scripts and do not bind scripts' IP address.
[916]109  You will also need to modify /etc/ldap.conf, /etc/nss-ldapd.conf,
110  /etc/openldap/ldap.conf, and /etc/httpd/conf.d/vhost_ldap.conf to
111  use instead of localhost.
[861]113* Install fedora-ds-base and set up replication (see ./HOWTO-SETUP-LDAP
114    and ./fedora-ds-enable-ssl-and-kerberos.diff).
[916]116* Make the services dirsrv, nslcd, nscd, postfix, and httpd start at
117  boot. Run chkconfig to make sure the set of services to be run is
118  correct.
[803]120* Run fmtutil-sys --all, which does something that makes TeX work.
[954]122* Ensure that PHP isn't broken:
123  # mkdir /tmp/sessions
124  # chmod 01777 /tmp/sessions
[875]126* Reboot the machine to restore a consistent state, in case you
127  changed anything.
[562]129* (Optional) Beat your head against a wall.
[387]131* Possibly perform other steps that I've neglected to put in this
132  document.
Note: See TracBrowser for help on using the repository browser.