source: server/doc/install-howto @ 1057

Last change on this file since 1057 was 1057, checked in by quentin, 15 years ago
Don't enable useless services
File size: 5.0 KB
Line 
1This document is a how-to for installing a Fedora scripts.mit.edu server.
2
3Helper files for the install are located in server/fedora/config.
4
5* Start with a normal install of Fedora.
6
7* When the initial configuration screen comes up, under "Firewall
8  configuration", disable the firewall, and under "System services", leave
9  enabled (as of Fedora 9) acpid, anacron, atd, cpuspeed, crond,
10  firstboot, fuse, haldaemon, ip6tables, iptables, irqbalance,
11  kerneloops, mdmonitor, messagebus, microcode_ctl, netfs, network, nscd, ntpd,
12  sshd, udev-post, and nothing else.
13
14* Edit /etc/selinux/config so it has SELINUX=disabled and reboot.
15
16* Check out the scripts.mit.edu svn repository. Configure svn not to cache
17  credentials.
18
19* cd to server/fedora in the svn repository.
20
21* Run "make install-deps" to install various prereqs.  Nonstandard
22  deps are in /mit/scripts/rpm.
23
24* Check out the scripts /etc configuration, which is done most easily by
25  $ svn co svn://scripts.mit.edu/server/fedora/config/etc
26  # \cp -a etc /
27
28* Create a scripts-build user account, and set up rpm to build in
29  $HOME by doing a
30  cp config/home/scripts-build/.rpmmacros /home/scripts-build/
31  (If you just use the default setup, it will generate packages
32  in /usr/src/redhat.)
33
34* su scripts-build -
35
36* Make sure that server/fedora (where you currently are) is writable
37  by user scripts-build.
38
39* env NSS_NONLOCAL_IGNORE=1 yum install scripts-base
40
41* Rebuild mit-zephyr on a 32-bit machine, like the one at Joe's home.
42
43* Run "make suexec" and "make install-suexec" to overwrite
44  /usr/sbin/suexec with one that works. The one installed by the
45  newly-built Apache RPM is misconfigured.
46  ... Except Anders claims he fixed this.
47
48* Remember to set NSS_NONLOCAL_IGNORE=1 anytime you're setting up
49  anything, e.g. using yum. Otherwise useradd will query LDAP in a stupid way
50  that makes it hang forever.
51
52* Install and configure bind
53  - env NSS_NONLOCAL_IGNORE=1 yum install bind
54  - chkconfig named on
55  - service named start
56
57* Reload the iptables config to take down the restrictive firewall
58  service iptables restart
59
60* Copy over root's dotfiles from one of the other machines.
61
62* Replace rsyslog with syslog-ng by doing:
63  # rpm -e --nodeps rsyslog
64  # yum install syslog-ng
65
66* Install various dependencies of the scripts system, including syslog-ng,
67  glibc-devel.i386, python-twisted-core, mod_fcgid, nrpe, nagios-plugins-all.
68
69* Disable NetworkManager with chkconfig NetworkManager off. Configure
70  networking on the front end and back end, and the routing table to send
71  traffic over the back end. Make sure that chkconfig reports "network" on, so
72  that the network will still be configured at next boot.
73
74* Fix the openafs /usr/vice/etc <-> /etc/openafs mapping by changing
75   /usr/vice/etc/cacheinfo to contain:
76        /afs:/usr/vice/cache:10000000
77
78* Figure out why Zephyr isn't working. Most recently, it was because there
79  was a 64-bit RPM installed; remove it and install Joe's 32-bit one
80
81* Install the full list of RPMs that users expect to be on the
82  scripts.mit.edu servers.  See server/doc/rpm and
83  server/doc/rpm_snapshot.  (Note that this is only a snapshot, and not
84  all packages may in fact be in use.)
85
86* Install the full list of perl modules that users expect to be on the
87  scripts.mit.edu servers.  See server/doc/perl and
88  server/doc/perl_snapshot.
89
90  - export PERL_MM_USE_DEFAULT=1
91  - Run 'cpan', accept the default configuration, and do 'o conf
92    prerequisites_policy follow'.
93  - Parse the output of perldoc -u perllocal | grep head2 on an existing
94    server, and "notest install" them from the cpan prompt.
95
96* Install the Python eggs and Ruby gems and PEAR/PECL doohickeys that are on
97  the other scripts.mit.edu servers and do not have RPMs.
98  - Look at /usr/lib/python2.5/site-packages for Python eggs and modules.
99  - Look at `gem list` for Ruby gems.
100  - Look at `pear list` for Pear fruits (or whatever they're called).
101
102* echo 'import site, os.path; site.addsitedir(os.path.expanduser("~/lib/python2.5/site-packages"))' > /usr/lib/python2.5/site-packages/00scripts-home.pth
103
104* Install the credentials (machine keytab, daemon.scripts keytab, SSL
105  certs).
106
107* If you are setting up a test server, pay attention to
108  /etc/sysconfig/network-scripts and do not bind scripts' IP address.
109  You will also need to modify /etc/ldap.conf, /etc/nss-ldapd.conf,
110  /etc/openldap/ldap.conf, and /etc/httpd/conf.d/vhost_ldap.conf to
111  use scripts.mit.edu instead of localhost.
112
113* Install fedora-ds-base and set up replication (see ./HOWTO-SETUP-LDAP
114    and ./fedora-ds-enable-ssl-and-kerberos.diff).
115
116* Make the services dirsrv, nslcd, nscd, postfix, and httpd start at
117  boot. Run chkconfig to make sure the set of services to be run is
118  correct.
119
120* Run fmtutil-sys --all, which does something that makes TeX work.
121
122* Ensure that PHP isn't broken:
123  # mkdir /tmp/sessions
124  # chmod 01777 /tmp/sessions
125
126* Reboot the machine to restore a consistent state, in case you
127  changed anything.
128
129* (Optional) Beat your head against a wall.
130
131* Possibly perform other steps that I've neglected to put in this
132  document.
Note: See TracBrowser for help on using the repository browser.