source: server/doc/install-howto @ 1056

Last change on this file since 1056 was 1056, checked in by geofft, 14 years ago
What to do at the initial Fedora config screen
File size: 5.1 KB
RevLine 
[371]1This document is a how-to for installing a Fedora scripts.mit.edu server.
[181]2
[861]3Helper files for the install are located in server/fedora/config.
4
[881]5* Start with a normal install of Fedora.
[861]6
[1056]7* When the initial configuration screen comes up, under "Firewall
8  configuration", disable the firewall, and under "System services", leave
9  enabled (as of Fedora 9) acpid, anacron, atd, auditd, cpuspeed, crond, cups,
10  firstboot, fuse, gpm, haldaemon, ip6tables, iptables, irqbalance, isdn,
11  kerneloops, mdmonitor, messagebus, microcode_ctl, netfs, network, nscd, ntpd,
12  rsyslogd, sshd, udev-post, and nothing else.
13
[881]14* Edit /etc/selinux/config so it has SELINUX=disabled and reboot.
[861]15
[788]16* Check out the scripts.mit.edu svn repository. Configure svn not to cache
17  credentials.
[387]18
19* cd to server/fedora in the svn repository.
20
[861]21* Run "make install-deps" to install various prereqs.  Nonstandard
22  deps are in /mit/scripts/rpm.
[387]23
[934]24* Check out the scripts /etc configuration, which is done most easily by
25  $ svn co svn://scripts.mit.edu/server/fedora/config/etc
26  # \cp -a etc /
27
[861]28* Create a scripts-build user account, and set up rpm to build in
29  $HOME by doing a
30  cp config/home/scripts-build/.rpmmacros /home/scripts-build/
31  (If you just use the default setup, it will generate packages
32  in /usr/src/redhat.)
[785]33
[861]34* su scripts-build -
35
36* Make sure that server/fedora (where you currently are) is writable
37  by user scripts-build.
38
[934]39* env NSS_NONLOCAL_IGNORE=1 yum install scripts-base
[387]40
[796]41* Rebuild mit-zephyr on a 32-bit machine, like the one at Joe's home.
42
[861]43* Run "make suexec" and "make install-suexec" to overwrite
[562]44  /usr/sbin/suexec with one that works. The one installed by the
45  newly-built Apache RPM is misconfigured.
[881]46  ... Except Anders claims he fixed this.
[562]47
[881]48* Remember to set NSS_NONLOCAL_IGNORE=1 anytime you're setting up
[906]49  anything, e.g. using yum. Otherwise useradd will query LDAP in a stupid way
50  that makes it hang forever.
[881]51
[861]52* Install and configure bind
53  - env NSS_NONLOCAL_IGNORE=1 yum install bind
54  - chkconfig named on
55  - service named start
56
[862]57* Reload the iptables config to take down the restrictive firewall
58  service iptables restart
59
[861]60* Copy over root's dotfiles from one of the other machines.
[803]61
[861]62* Replace rsyslog with syslog-ng by doing:
63  # rpm -e --nodeps rsyslog
64  # yum install syslog-ng
65
[788]66* Install various dependencies of the scripts system, including syslog-ng,
[798]67  glibc-devel.i386, python-twisted-core, mod_fcgid, nrpe, nagios-plugins-all.
[788]68
[906]69* Disable NetworkManager with chkconfig NetworkManager off. Configure
[881]70  networking on the front end and back end, and the routing table to send
[906]71  traffic over the back end. Make sure that chkconfig reports "network" on, so
72  that the network will still be configured at next boot.
[788]73
[861]74* Fix the openafs /usr/vice/etc <-> /etc/openafs mapping by changing
75   /usr/vice/etc/cacheinfo to contain:
76        /afs:/usr/vice/cache:10000000
[788]77
[881]78* Figure out why Zephyr isn't working. Most recently, it was because there
79  was a 64-bit RPM installed; remove it and install Joe's 32-bit one
[861]80
[387]81* Install the full list of RPMs that users expect to be on the
82  scripts.mit.edu servers.  See server/doc/rpm and
[562]83  server/doc/rpm_snapshot.  (Note that this is only a snapshot, and not
84  all packages may in fact be in use.)
[387]85
86* Install the full list of perl modules that users expect to be on the
87  scripts.mit.edu servers.  See server/doc/perl and
88  server/doc/perl_snapshot.
89
[832]90  - export PERL_MM_USE_DEFAULT=1
[812]91  - Run 'cpan', accept the default configuration, and do 'o conf
92    prerequisites_policy follow'.
[818]93  - Parse the output of perldoc -u perllocal | grep head2 on an existing
94    server, and "notest install" them from the cpan prompt.
[812]95
96* Install the Python eggs and Ruby gems and PEAR/PECL doohickeys that are on
97  the other scripts.mit.edu servers and do not have RPMs.
[818]98  - Look at /usr/lib/python2.5/site-packages for Python eggs and modules.
99  - Look at `gem list` for Ruby gems.
100  - Look at `pear list` for Pear fruits (or whatever they're called).
[785]101
[812]102* echo 'import site, os.path; site.addsitedir(os.path.expanduser("~/lib/python2.5/site-packages"))' > /usr/lib/python2.5/site-packages/00scripts-home.pth
103
[387]104* Install the credentials (machine keytab, daemon.scripts keytab, SSL
105  certs).
106
[916]107* If you are setting up a test server, pay attention to
[562]108  /etc/sysconfig/network-scripts and do not bind scripts' IP address.
[916]109  You will also need to modify /etc/ldap.conf, /etc/nss-ldapd.conf,
110  /etc/openldap/ldap.conf, and /etc/httpd/conf.d/vhost_ldap.conf to
111  use scripts.mit.edu instead of localhost.
[562]112
[861]113* Install fedora-ds-base and set up replication (see ./HOWTO-SETUP-LDAP
114    and ./fedora-ds-enable-ssl-and-kerberos.diff).
[785]115
[916]116* Make the services dirsrv, nslcd, nscd, postfix, and httpd start at
117  boot. Run chkconfig to make sure the set of services to be run is
118  correct.
[818]119
[803]120* Run fmtutil-sys --all, which does something that makes TeX work.
121
[954]122* Ensure that PHP isn't broken:
123  # mkdir /tmp/sessions
124  # chmod 01777 /tmp/sessions
125
[875]126* Reboot the machine to restore a consistent state, in case you
127  changed anything.
128
[562]129* (Optional) Beat your head against a wall.
130
[387]131* Possibly perform other steps that I've neglected to put in this
132  document.
Note: See TracBrowser for help on using the repository browser.