source: server/doc/install-howto @ 934

Last change on this file since 934 was 934, checked in by quentin, 15 years ago
Don't build packages when installing a server (oh that feels so good)
File size: 4.6 KB
[371]1This document is a how-to for installing a Fedora server.
[861]3Helper files for the install are located in server/fedora/config.
[881]5* Start with a normal install of Fedora.
[881]7* Edit /etc/selinux/config so it has SELINUX=disabled and reboot.
[788]9* Check out the svn repository. Configure svn not to cache
10  credentials.
12* cd to server/fedora in the svn repository.
[861]14* Run "make install-deps" to install various prereqs.  Nonstandard
15  deps are in /mit/scripts/rpm.
[934]17* Check out the scripts /etc configuration, which is done most easily by
18  $ svn co svn://
19  # \cp -a etc /
[861]21* Create a scripts-build user account, and set up rpm to build in
22  $HOME by doing a
23  cp config/home/scripts-build/.rpmmacros /home/scripts-build/
24  (If you just use the default setup, it will generate packages
25  in /usr/src/redhat.)
[861]27* su scripts-build -
29* Make sure that server/fedora (where you currently are) is writable
30  by user scripts-build.
[934]32* env NSS_NONLOCAL_IGNORE=1 yum install scripts-base
[796]34* Rebuild mit-zephyr on a 32-bit machine, like the one at Joe's home.
[861]36* Run "make suexec" and "make install-suexec" to overwrite
[562]37  /usr/sbin/suexec with one that works. The one installed by the
38  newly-built Apache RPM is misconfigured.
[881]39  ... Except Anders claims he fixed this.
[881]41* Remember to set NSS_NONLOCAL_IGNORE=1 anytime you're setting up
[906]42  anything, e.g. using yum. Otherwise useradd will query LDAP in a stupid way
43  that makes it hang forever.
[861]45* Install and configure bind
46  - env NSS_NONLOCAL_IGNORE=1 yum install bind
47  - chkconfig named on
48  - service named start
[862]50* Reload the iptables config to take down the restrictive firewall
51  service iptables restart
[861]53* Copy over root's dotfiles from one of the other machines.
[861]55* Replace rsyslog with syslog-ng by doing:
56  # rpm -e --nodeps rsyslog
57  # yum install syslog-ng
[788]59* Install various dependencies of the scripts system, including syslog-ng,
[798]60  glibc-devel.i386, python-twisted-core, mod_fcgid, nrpe, nagios-plugins-all.
[906]62* Disable NetworkManager with chkconfig NetworkManager off. Configure
[881]63  networking on the front end and back end, and the routing table to send
[906]64  traffic over the back end. Make sure that chkconfig reports "network" on, so
65  that the network will still be configured at next boot.
[861]67* Fix the openafs /usr/vice/etc <-> /etc/openafs mapping by changing
68   /usr/vice/etc/cacheinfo to contain:
69        /afs:/usr/vice/cache:10000000
[881]71* Figure out why Zephyr isn't working. Most recently, it was because there
72  was a 64-bit RPM installed; remove it and install Joe's 32-bit one
[387]74* Install the full list of RPMs that users expect to be on the
75 servers.  See server/doc/rpm and
[562]76  server/doc/rpm_snapshot.  (Note that this is only a snapshot, and not
77  all packages may in fact be in use.)
79* Install the full list of perl modules that users expect to be on the
80 servers.  See server/doc/perl and
81  server/doc/perl_snapshot.
[832]83  - export PERL_MM_USE_DEFAULT=1
[812]84  - Run 'cpan', accept the default configuration, and do 'o conf
85    prerequisites_policy follow'.
[818]86  - Parse the output of perldoc -u perllocal | grep head2 on an existing
87    server, and "notest install" them from the cpan prompt.
89* Install the Python eggs and Ruby gems and PEAR/PECL doohickeys that are on
90  the other servers and do not have RPMs.
[818]91  - Look at /usr/lib/python2.5/site-packages for Python eggs and modules.
92  - Look at `gem list` for Ruby gems.
93  - Look at `pear list` for Pear fruits (or whatever they're called).
[812]95* echo 'import site, os.path; site.addsitedir(os.path.expanduser("~/lib/python2.5/site-packages"))' > /usr/lib/python2.5/site-packages/00scripts-home.pth
[387]97* Install the credentials (machine keytab, daemon.scripts keytab, SSL
98  certs).
[916]100* If you are setting up a test server, pay attention to
[562]101  /etc/sysconfig/network-scripts and do not bind scripts' IP address.
[916]102  You will also need to modify /etc/ldap.conf, /etc/nss-ldapd.conf,
103  /etc/openldap/ldap.conf, and /etc/httpd/conf.d/vhost_ldap.conf to
104  use instead of localhost.
[861]106* Install fedora-ds-base and set up replication (see ./HOWTO-SETUP-LDAP
107    and ./fedora-ds-enable-ssl-and-kerberos.diff).
[916]109* Make the services dirsrv, nslcd, nscd, postfix, and httpd start at
110  boot. Run chkconfig to make sure the set of services to be run is
111  correct.
[803]113* Run fmtutil-sys --all, which does something that makes TeX work.
[875]115* Reboot the machine to restore a consistent state, in case you
116  changed anything.
[562]118* (Optional) Beat your head against a wall.
[387]120* Possibly perform other steps that I've neglected to put in this
121  document.
Note: See TracBrowser for help on using the repository browser.