[371] | 1 | This document is a how-to for installing a Fedora scripts.mit.edu server. |
---|
[181] | 2 | |
---|
[861] | 3 | Helper files for the install are located in server/fedora/config. |
---|
| 4 | |
---|
[881] | 5 | * Start with a normal install of Fedora. |
---|
[861] | 6 | |
---|
[1056] | 7 | * When the initial configuration screen comes up, under "Firewall |
---|
| 8 | configuration", disable the firewall, and under "System services", leave |
---|
[1057] | 9 | enabled (as of Fedora 9) acpid, anacron, atd, cpuspeed, crond, |
---|
| 10 | firstboot, fuse, haldaemon, ip6tables, iptables, irqbalance, |
---|
[1056] | 11 | kerneloops, mdmonitor, messagebus, microcode_ctl, netfs, network, nscd, ntpd, |
---|
[1057] | 12 | sshd, udev-post, and nothing else. |
---|
[1056] | 13 | |
---|
[881] | 14 | * Edit /etc/selinux/config so it has SELINUX=disabled and reboot. |
---|
[861] | 15 | |
---|
[788] | 16 | * Check out the scripts.mit.edu svn repository. Configure svn not to cache |
---|
| 17 | credentials. |
---|
[387] | 18 | |
---|
| 19 | * cd to server/fedora in the svn repository. |
---|
| 20 | |
---|
[861] | 21 | * Run "make install-deps" to install various prereqs. Nonstandard |
---|
| 22 | deps are in /mit/scripts/rpm. |
---|
[387] | 23 | |
---|
[934] | 24 | * Check out the scripts /etc configuration, which is done most easily by |
---|
| 25 | $ svn co svn://scripts.mit.edu/server/fedora/config/etc |
---|
| 26 | # \cp -a etc / |
---|
| 27 | |
---|
[861] | 28 | * Create a scripts-build user account, and set up rpm to build in |
---|
| 29 | $HOME by doing a |
---|
| 30 | cp config/home/scripts-build/.rpmmacros /home/scripts-build/ |
---|
| 31 | (If you just use the default setup, it will generate packages |
---|
| 32 | in /usr/src/redhat.) |
---|
[785] | 33 | |
---|
[861] | 34 | * su scripts-build - |
---|
| 35 | |
---|
| 36 | * Make sure that server/fedora (where you currently are) is writable |
---|
| 37 | by user scripts-build. |
---|
| 38 | |
---|
[934] | 39 | * env NSS_NONLOCAL_IGNORE=1 yum install scripts-base |
---|
[387] | 40 | |
---|
[796] | 41 | * Rebuild mit-zephyr on a 32-bit machine, like the one at Joe's home. |
---|
| 42 | |
---|
[861] | 43 | * Run "make suexec" and "make install-suexec" to overwrite |
---|
[562] | 44 | /usr/sbin/suexec with one that works. The one installed by the |
---|
| 45 | newly-built Apache RPM is misconfigured. |
---|
[881] | 46 | ... Except Anders claims he fixed this. |
---|
[562] | 47 | |
---|
[881] | 48 | * Remember to set NSS_NONLOCAL_IGNORE=1 anytime you're setting up |
---|
[906] | 49 | anything, e.g. using yum. Otherwise useradd will query LDAP in a stupid way |
---|
| 50 | that makes it hang forever. |
---|
[881] | 51 | |
---|
[861] | 52 | * Install and configure bind |
---|
| 53 | - env NSS_NONLOCAL_IGNORE=1 yum install bind |
---|
| 54 | - chkconfig named on |
---|
| 55 | - service named start |
---|
| 56 | |
---|
[862] | 57 | * Reload the iptables config to take down the restrictive firewall |
---|
| 58 | service iptables restart |
---|
| 59 | |
---|
[861] | 60 | * Copy over root's dotfiles from one of the other machines. |
---|
[803] | 61 | |
---|
[861] | 62 | * Replace rsyslog with syslog-ng by doing: |
---|
| 63 | # rpm -e --nodeps rsyslog |
---|
| 64 | # yum install syslog-ng |
---|
| 65 | |
---|
[788] | 66 | * Install various dependencies of the scripts system, including syslog-ng, |
---|
[798] | 67 | glibc-devel.i386, python-twisted-core, mod_fcgid, nrpe, nagios-plugins-all. |
---|
[788] | 68 | |
---|
[906] | 69 | * Disable NetworkManager with chkconfig NetworkManager off. Configure |
---|
[881] | 70 | networking on the front end and back end, and the routing table to send |
---|
[906] | 71 | traffic over the back end. Make sure that chkconfig reports "network" on, so |
---|
| 72 | that the network will still be configured at next boot. |
---|
[788] | 73 | |
---|
[861] | 74 | * Fix the openafs /usr/vice/etc <-> /etc/openafs mapping by changing |
---|
| 75 | /usr/vice/etc/cacheinfo to contain: |
---|
| 76 | /afs:/usr/vice/cache:10000000 |
---|
[788] | 77 | |
---|
[881] | 78 | * Figure out why Zephyr isn't working. Most recently, it was because there |
---|
| 79 | was a 64-bit RPM installed; remove it and install Joe's 32-bit one |
---|
[861] | 80 | |
---|
[387] | 81 | * Install the full list of RPMs that users expect to be on the |
---|
| 82 | scripts.mit.edu servers. See server/doc/rpm and |
---|
[562] | 83 | server/doc/rpm_snapshot. (Note that this is only a snapshot, and not |
---|
| 84 | all packages may in fact be in use.) |
---|
[387] | 85 | |
---|
| 86 | * Install the full list of perl modules that users expect to be on the |
---|
| 87 | scripts.mit.edu servers. See server/doc/perl and |
---|
| 88 | server/doc/perl_snapshot. |
---|
| 89 | |
---|
[832] | 90 | - export PERL_MM_USE_DEFAULT=1 |
---|
[812] | 91 | - Run 'cpan', accept the default configuration, and do 'o conf |
---|
| 92 | prerequisites_policy follow'. |
---|
[818] | 93 | - Parse the output of perldoc -u perllocal | grep head2 on an existing |
---|
| 94 | server, and "notest install" them from the cpan prompt. |
---|
[812] | 95 | |
---|
| 96 | * Install the Python eggs and Ruby gems and PEAR/PECL doohickeys that are on |
---|
| 97 | the other scripts.mit.edu servers and do not have RPMs. |
---|
[818] | 98 | - Look at /usr/lib/python2.5/site-packages for Python eggs and modules. |
---|
| 99 | - Look at `gem list` for Ruby gems. |
---|
| 100 | - Look at `pear list` for Pear fruits (or whatever they're called). |
---|
[785] | 101 | |
---|
[812] | 102 | * echo 'import site, os.path; site.addsitedir(os.path.expanduser("~/lib/python2.5/site-packages"))' > /usr/lib/python2.5/site-packages/00scripts-home.pth |
---|
| 103 | |
---|
[387] | 104 | * Install the credentials (machine keytab, daemon.scripts keytab, SSL |
---|
| 105 | certs). |
---|
| 106 | |
---|
[916] | 107 | * If you are setting up a test server, pay attention to |
---|
[562] | 108 | /etc/sysconfig/network-scripts and do not bind scripts' IP address. |
---|
[916] | 109 | You will also need to modify /etc/ldap.conf, /etc/nss-ldapd.conf, |
---|
| 110 | /etc/openldap/ldap.conf, and /etc/httpd/conf.d/vhost_ldap.conf to |
---|
| 111 | use scripts.mit.edu instead of localhost. |
---|
[562] | 112 | |
---|
[861] | 113 | * Install fedora-ds-base and set up replication (see ./HOWTO-SETUP-LDAP |
---|
| 114 | and ./fedora-ds-enable-ssl-and-kerberos.diff). |
---|
[785] | 115 | |
---|
[916] | 116 | * Make the services dirsrv, nslcd, nscd, postfix, and httpd start at |
---|
| 117 | boot. Run chkconfig to make sure the set of services to be run is |
---|
| 118 | correct. |
---|
[818] | 119 | |
---|
[803] | 120 | * Run fmtutil-sys --all, which does something that makes TeX work. |
---|
| 121 | |
---|
[954] | 122 | * Ensure that PHP isn't broken: |
---|
| 123 | # mkdir /tmp/sessions |
---|
| 124 | # chmod 01777 /tmp/sessions |
---|
| 125 | |
---|
[875] | 126 | * Reboot the machine to restore a consistent state, in case you |
---|
| 127 | changed anything. |
---|
| 128 | |
---|
[562] | 129 | * (Optional) Beat your head against a wall. |
---|
| 130 | |
---|
[387] | 131 | * Possibly perform other steps that I've neglected to put in this |
---|
| 132 | document. |
---|