source: server/doc/install-howto @ 985

Last change on this file since 985 was 954, checked in by quentin, 15 years ago
Make sure I never get woken up for that again
File size: 4.6 KB
1This document is a how-to for installing a Fedora server.
3Helper files for the install are located in server/fedora/config.
5* Start with a normal install of Fedora.
7* Edit /etc/selinux/config so it has SELINUX=disabled and reboot.
9* Check out the svn repository. Configure svn not to cache
10  credentials.
12* cd to server/fedora in the svn repository.
14* Run "make install-deps" to install various prereqs.  Nonstandard
15  deps are in /mit/scripts/rpm.
17* Check out the scripts /etc configuration, which is done most easily by
18  $ svn co svn://
19  # \cp -a etc /
21* Create a scripts-build user account, and set up rpm to build in
22  $HOME by doing a
23  cp config/home/scripts-build/.rpmmacros /home/scripts-build/
24  (If you just use the default setup, it will generate packages
25  in /usr/src/redhat.)
27* su scripts-build -
29* Make sure that server/fedora (where you currently are) is writable
30  by user scripts-build.
32* env NSS_NONLOCAL_IGNORE=1 yum install scripts-base
34* Rebuild mit-zephyr on a 32-bit machine, like the one at Joe's home.
36* Run "make suexec" and "make install-suexec" to overwrite
37  /usr/sbin/suexec with one that works. The one installed by the
38  newly-built Apache RPM is misconfigured.
39  ... Except Anders claims he fixed this.
41* Remember to set NSS_NONLOCAL_IGNORE=1 anytime you're setting up
42  anything, e.g. using yum. Otherwise useradd will query LDAP in a stupid way
43  that makes it hang forever.
45* Install and configure bind
46  - env NSS_NONLOCAL_IGNORE=1 yum install bind
47  - chkconfig named on
48  - service named start
50* Reload the iptables config to take down the restrictive firewall
51  service iptables restart
53* Copy over root's dotfiles from one of the other machines.
55* Replace rsyslog with syslog-ng by doing:
56  # rpm -e --nodeps rsyslog
57  # yum install syslog-ng
59* Install various dependencies of the scripts system, including syslog-ng,
60  glibc-devel.i386, python-twisted-core, mod_fcgid, nrpe, nagios-plugins-all.
62* Disable NetworkManager with chkconfig NetworkManager off. Configure
63  networking on the front end and back end, and the routing table to send
64  traffic over the back end. Make sure that chkconfig reports "network" on, so
65  that the network will still be configured at next boot.
67* Fix the openafs /usr/vice/etc <-> /etc/openafs mapping by changing
68   /usr/vice/etc/cacheinfo to contain:
69        /afs:/usr/vice/cache:10000000
71* Figure out why Zephyr isn't working. Most recently, it was because there
72  was a 64-bit RPM installed; remove it and install Joe's 32-bit one
74* Install the full list of RPMs that users expect to be on the
75 servers.  See server/doc/rpm and
76  server/doc/rpm_snapshot.  (Note that this is only a snapshot, and not
77  all packages may in fact be in use.)
79* Install the full list of perl modules that users expect to be on the
80 servers.  See server/doc/perl and
81  server/doc/perl_snapshot.
83  - export PERL_MM_USE_DEFAULT=1
84  - Run 'cpan', accept the default configuration, and do 'o conf
85    prerequisites_policy follow'.
86  - Parse the output of perldoc -u perllocal | grep head2 on an existing
87    server, and "notest install" them from the cpan prompt.
89* Install the Python eggs and Ruby gems and PEAR/PECL doohickeys that are on
90  the other servers and do not have RPMs.
91  - Look at /usr/lib/python2.5/site-packages for Python eggs and modules.
92  - Look at `gem list` for Ruby gems.
93  - Look at `pear list` for Pear fruits (or whatever they're called).
95* echo 'import site, os.path; site.addsitedir(os.path.expanduser("~/lib/python2.5/site-packages"))' > /usr/lib/python2.5/site-packages/00scripts-home.pth
97* Install the credentials (machine keytab, daemon.scripts keytab, SSL
98  certs).
100* If you are setting up a test server, pay attention to
101  /etc/sysconfig/network-scripts and do not bind scripts' IP address.
102  You will also need to modify /etc/ldap.conf, /etc/nss-ldapd.conf,
103  /etc/openldap/ldap.conf, and /etc/httpd/conf.d/vhost_ldap.conf to
104  use instead of localhost.
106* Install fedora-ds-base and set up replication (see ./HOWTO-SETUP-LDAP
107    and ./fedora-ds-enable-ssl-and-kerberos.diff).
109* Make the services dirsrv, nslcd, nscd, postfix, and httpd start at
110  boot. Run chkconfig to make sure the set of services to be run is
111  correct.
113* Run fmtutil-sys --all, which does something that makes TeX work.
115* Ensure that PHP isn't broken:
116  # mkdir /tmp/sessions
117  # chmod 01777 /tmp/sessions
119* Reboot the machine to restore a consistent state, in case you
120  changed anything.
122* (Optional) Beat your head against a wall.
124* Possibly perform other steps that I've neglected to put in this
125  document.
Note: See TracBrowser for help on using the repository browser.