Changeset 1058
- Timestamp:
- Apr 3, 2009, 11:53:25 PM (15 years ago)
- File:
-
- 1 moved
Legend:
- Unmodified
- Added
- Removed
-
server/doc/install-howto.sh
r1057 r1058 1 This document is a how-to for installing a Fedora scripts.mit.edu server.1 # This document is a how-to for installing a Fedora scripts.mit.edu server. 2 2 3 Helper files for the install are located in server/fedora/config.3 # Helper files for the install are located in server/fedora/config. 4 4 5 *Start with a normal install of Fedora.5 # Start with a normal install of Fedora. 6 6 7 *When the initial configuration screen comes up, under "Firewall8 9 10 11 12 7 # When the initial configuration screen comes up, under "Firewall 8 # configuration", disable the firewall, and under "System services", leave 9 # enabled (as of Fedora 9) acpid, anacron, atd, cpuspeed, crond, 10 # firstboot, fuse, haldaemon, ip6tables, iptables, irqbalance, 11 # kerneloops, mdmonitor, messagebus, microcode_ctl, netfs, network, nscd, ntpd, 12 # sshd, udev-post, and nothing else. 13 13 14 *Edit /etc/selinux/config so it has SELINUX=disabled and reboot.14 # Edit /etc/selinux/config so it has SELINUX=disabled and reboot. 15 15 16 *Check out the scripts.mit.edu svn repository. Configure svn not to cache17 16 # Check out the scripts.mit.edu svn repository. Configure svn not to cache 17 # credentials. 18 18 19 *cd to server/fedora in the svn repository.19 # cd to server/fedora in the svn repository. 20 20 21 *Run "make install-deps" to install various prereqs. Nonstandard22 21 # Run "make install-deps" to install various prereqs. Nonstandard 22 # deps are in /mit/scripts/rpm. 23 23 24 *Check out the scripts /etc configuration, which is done most easily by25 26 24 # Check out the scripts /etc configuration, which is done most easily by 25 # $ svn co svn://scripts.mit.edu/server/fedora/config/etc 26 # # \cp -a etc / 27 27 28 *Create a scripts-build user account, and set up rpm to build in29 30 31 32 28 # Create a scripts-build user account, and set up rpm to build in 29 # $HOME by doing a 30 # cp config/home/scripts-build/.rpmmacros /home/scripts-build/ 31 # (If you just use the default setup, it will generate packages 32 # in /usr/src/redhat.) 33 33 34 *su scripts-build -34 # su scripts-build - 35 35 36 *Make sure that server/fedora (where you currently are) is writable37 36 # Make sure that server/fedora (where you currently are) is writable 37 # by user scripts-build. 38 38 39 *env NSS_NONLOCAL_IGNORE=1 yum install scripts-base39 # env NSS_NONLOCAL_IGNORE=1 yum install scripts-base 40 40 41 *Rebuild mit-zephyr on a 32-bit machine, like the one at Joe's home.41 # Rebuild mit-zephyr on a 32-bit machine, like the one at Joe's home. 42 42 43 *Run "make suexec" and "make install-suexec" to overwrite44 45 46 43 # Run "make suexec" and "make install-suexec" to overwrite 44 # /usr/sbin/suexec with one that works. The one installed by the 45 # newly-built Apache RPM is misconfigured. 46 # ... Except Anders claims he fixed this. 47 47 48 *Remember to set NSS_NONLOCAL_IGNORE=1 anytime you're setting up49 50 48 # Remember to set NSS_NONLOCAL_IGNORE=1 anytime you're setting up 49 # anything, e.g. using yum. Otherwise useradd will query LDAP in a stupid way 50 # that makes it hang forever. 51 51 52 *Install and configure bind53 54 55 52 # Install and configure bind 53 # - env NSS_NONLOCAL_IGNORE=1 yum install bind 54 # - chkconfig named on 55 # - service named start 56 56 57 *Reload the iptables config to take down the restrictive firewall58 57 # Reload the iptables config to take down the restrictive firewall 58 # service iptables restart 59 59 60 *Copy over root's dotfiles from one of the other machines.60 # Copy over root's dotfiles from one of the other machines. 61 61 62 *Replace rsyslog with syslog-ng by doing:63 64 62 # Replace rsyslog with syslog-ng by doing: 63 # # rpm -e --nodeps rsyslog 64 # # yum install syslog-ng 65 65 66 *Install various dependencies of the scripts system, including syslog-ng,67 66 # Install various dependencies of the scripts system, including syslog-ng, 67 # glibc-devel.i386, python-twisted-core, mod_fcgid, nrpe, nagios-plugins-all. 68 68 69 *Disable NetworkManager with chkconfig NetworkManager off. Configure70 71 72 69 # Disable NetworkManager with chkconfig NetworkManager off. Configure 70 # networking on the front end and back end, and the routing table to send 71 # traffic over the back end. Make sure that chkconfig reports "network" on, so 72 # that the network will still be configured at next boot. 73 73 74 *Fix the openafs /usr/vice/etc <-> /etc/openafs mapping by changing75 76 74 # Fix the openafs /usr/vice/etc <-> /etc/openafs mapping by changing 75 # /usr/vice/etc/cacheinfo to contain: 76 # /afs:/usr/vice/cache:10000000 77 77 78 *Figure out why Zephyr isn't working. Most recently, it was because there79 78 # Figure out why Zephyr isn't working. Most recently, it was because there 79 # was a 64-bit RPM installed; remove it and install Joe's 32-bit one 80 80 81 *Install the full list of RPMs that users expect to be on the82 83 84 81 # Install the full list of RPMs that users expect to be on the 82 # scripts.mit.edu servers. See server/doc/rpm and 83 # server/doc/rpm_snapshot. (Note that this is only a snapshot, and not 84 # all packages may in fact be in use.) 85 85 86 *Install the full list of perl modules that users expect to be on the87 88 86 # Install the full list of perl modules that users expect to be on the 87 # scripts.mit.edu servers. See server/doc/perl and 88 # server/doc/perl_snapshot. 89 89 90 91 92 93 94 90 # - export PERL_MM_USE_DEFAULT=1 91 # - Run 'cpan', accept the default configuration, and do 'o conf 92 # prerequisites_policy follow'. 93 # - Parse the output of perldoc -u perllocal | grep head2 on an existing 94 # server, and "notest install" them from the cpan prompt. 95 95 96 *Install the Python eggs and Ruby gems and PEAR/PECL doohickeys that are on97 98 99 100 96 # Install the Python eggs and Ruby gems and PEAR/PECL doohickeys that are on 97 # the other scripts.mit.edu servers and do not have RPMs. 98 # - Look at /usr/lib/python2.5/site-packages for Python eggs and modules. 99 # - Look at `gem list` for Ruby gems. 100 # - Look at `pear list` for Pear fruits (or whatever they're called). 101 101 102 *echo 'import site, os.path; site.addsitedir(os.path.expanduser("~/lib/python2.5/site-packages"))' > /usr/lib/python2.5/site-packages/00scripts-home.pth102 # echo 'import site, os.path; site.addsitedir(os.path.expanduser("~/lib/python2.5/site-packages"))' > /usr/lib/python2.5/site-packages/00scripts-home.pth 103 103 104 *Install the credentials (machine keytab, daemon.scripts keytab, SSL105 104 # Install the credentials (machine keytab, daemon.scripts keytab, SSL 105 # certs). 106 106 107 *If you are setting up a test server, pay attention to108 109 110 111 107 # If you are setting up a test server, pay attention to 108 # /etc/sysconfig/network-scripts and do not bind scripts' IP address. 109 # You will also need to modify /etc/ldap.conf, /etc/nss-ldapd.conf, 110 # /etc/openldap/ldap.conf, and /etc/httpd/conf.d/vhost_ldap.conf to 111 # use scripts.mit.edu instead of localhost. 112 112 113 *Install fedora-ds-base and set up replication (see ./HOWTO-SETUP-LDAP114 113 # Install fedora-ds-base and set up replication (see ./HOWTO-SETUP-LDAP 114 # and ./fedora-ds-enable-ssl-and-kerberos.diff). 115 115 116 *Make the services dirsrv, nslcd, nscd, postfix, and httpd start at117 118 116 # Make the services dirsrv, nslcd, nscd, postfix, and httpd start at 117 # boot. Run chkconfig to make sure the set of services to be run is 118 # correct. 119 119 120 *Run fmtutil-sys --all, which does something that makes TeX work.120 # Run fmtutil-sys --all, which does something that makes TeX work. 121 121 122 *Ensure that PHP isn't broken:123 124 122 # Ensure that PHP isn't broken: 123 # # mkdir /tmp/sessions 124 # # chmod 01777 /tmp/sessions 125 125 126 *Reboot the machine to restore a consistent state, in case you127 126 # Reboot the machine to restore a consistent state, in case you 127 # changed anything. 128 128 129 *(Optional) Beat your head against a wall.129 # (Optional) Beat your head against a wall. 130 130 131 *Possibly perform other steps that I've neglected to put in this132 131 # Possibly perform other steps that I've neglected to put in this 132 # document.
Note: See TracChangeset
for help on using the changeset viewer.