Changeset 1179 for branches/fc11-dev/server/doc
- Timestamp:
- Jun 8, 2009, 1:07:47 PM (15 years ago)
- Location:
- branches/fc11-dev/server/doc
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/fc11-dev/server/doc/HOWTO-SETUP-LDAP
r951 r1179 12 12 - /sbin/service dirsrv start 13 13 - Apply ./fedora-ds-enable-ssl-and-kerberos.diff manually 14 - Also set nsslapd-ldapifilepath: /var/run/dirsrv/slapd-scripts.socket 15 and nsslapd-ldapilisten: on, otherwise ldapi won't work. 14 16 - /sbin/service dirsrv stop 15 17 - Add the scripts schemas to /var/lib/dirsrv/slapd-scripts … … 17 19 - certutil -d /etc/dirsrv/slapd-scripts -A -n "scripts.mit.edu CA" -t CT,, -a -i scripts-ca.pem 18 20 - Generate a pkcs12 cert for the server: 21 - openssl pkcs12 -export -in c-w.pem -inkey c-w.key -name 'ldap/cats-whiskers' -out c-w.pkcs12 19 22 - pk12util -i ldap-server-cert.p12 -d /etc/dirsrv/slapd-scripts 20 23 - Put LDAP keytab in /etc/dirsrv/keytab -
branches/fc11-dev/server/doc/install-howto.sh
r1110 r1179 75 75 \cp -a etc / 76 76 77 # yum remove nss_ldap, because nss-ldapd conflicts with it 78 77 79 # env NSS_NONLOCAL_IGNORE=1 yum install scripts-base 78 80 YUM install -y scripts-base … … 99 101 100 102 # Install various dependencies of the scripts system, including syslog-ng, 101 # glibc-devel.i 386, python-twisted-core, mod_fcgid, nrpe, nagios-plugins-all.103 # glibc-devel.i586, python-twisted-core, mod_fcgid, nrpe, nagios-plugins-all. 102 104 103 105 # Disable NetworkManager with chkconfig NetworkManager off. Configure … … 109 111 # /usr/vice/etc/cacheinfo to contain: 110 112 # /afs:/usr/vice/cache:10000000 113 # Also fix ThisCell to contain athena.mit.edu in both directories 111 114 112 115 # Figure out why Zephyr isn't working. Most recently, it was because there 113 116 # was a 64-bit RPM installed; remove it and install Joe's 32-bit one 117 118 # Install the athena-base, athena-lprng, and athena-lprng-misc RPMs 119 # from the Athena 9 build (these are present in our yum repo). Note 120 # that you will have to use --nodeps for at least one of the lprng 121 # ones because it thinks it needs the Athena hesiod RPM. It doesn't 122 # really. Before doing this, run it without --nodeps and arrange to 123 # install the rest of the things it really does depend on. This will 124 # include a bunch of 32-bit rpms; go ahead and install the .i586 versions 125 # of them. In the case of the Kerberos libraries, you'll be told that 126 # there are conflicting files with the 64-bit versions of the packages, 127 # which we scriptsify. You'll have to use --force to install those 128 # rpms despite the conflicts. After doing that, you may want to 129 # install the corresponding 64-bit scriptsified versions again, just 130 # to be safe in case the 32-bit versions overwrite files that differ. 131 # When you try this, it will complain that you already have the same 132 # version installed; again, you'll need to use --force to do it anyway. 133 # Yuck. 114 134 115 135 # Install the full list of RPMs that users expect to be on the … … 127 147 # TO DO THIS: 128 148 # On another server, run: 129 # perldoc -u perllocal | grep head2 | cut -f 3 -d '<' | cut -f 1 -d '|' | sort -u | perl -ne 'chomp; print " $_\n" if system("rpm -q --whatprovides \"perl($_)\" >/dev/null 2>/dev/null")' > /mit/scripts/config/perl-packages.txt149 # perldoc -u perllocal | grep head2 | cut -f 3 -d '<' | cut -f 1 -d '|' | sort -u | perl -ne 'chomp; print "notest install $_\n" if system("rpm -q --whatprovides \"perl($_)\" >/dev/null 2>/dev/null")' > /mit/scripts/config/perl-packages.txt 130 150 # Then on the server you're installing, 131 perl -MCPAN -e"$(echo notest install $(cat /mit/scripts/config/perl-packages.txt))"151 cat perl-packages.txt | perl -MCPAN -e shell 132 152 133 153 # Install the Python eggs and Ruby gems and PEAR/PECL doohickeys that are on 134 154 # the other scripts.mit.edu servers and do not have RPMs. 135 # - Look at /usr/lib/python2.5/site-packages for Python eggs and modules. 155 # - Look at /usr/lib/python2.6/site-packages and 156 # /usr/lib64/python2.6/site-packages for Python eggs and modules. 157 # First use 'yum search' to see if the relevant package is now available 158 # as an RPM, and install that if it is. If not, then use easy_install. 136 159 # - Look at `gem list` for Ruby gems. 160 # Again, use 'yum search' and prefer RPMs, but failing that, 'gem install'. 137 161 # - Look at `pear list` for Pear fruits (or whatever they're called). 138 139 # echo 'import site, os.path; site.addsitedir(os.path.expanduser("~/lib/python2.5/site-packages"))' > /usr/lib/python2.5/site-packages/00scripts-home.pth 140 141 # Install the credentials (machine keytab, daemon.scripts keytab, SSL 142 # certs). 162 # Yet again, 'yum search' for RPMs before resorting to 'pear install'. Note 163 # that for things in the beta repo, you'll need 'pear install package-beta'. 164 165 # echo 'import site, os.path; site.addsitedir(os.path.expanduser("~/lib/python2.6/site-packages"))' > /usr/lib/python2.6/site-packages/00scripts-home.pth 166 167 # Install the credentials. There are a lot of things to remember here: 168 # o You probably installed the machine keytab long ago 169 # o Use ktutil to combine the host/scripts.mit.edu and 170 # host/scripts-vhosts.mit.edu keys with host/this-server.mit.edu in 171 # the keytab. Do not use 'k5srvutil change' on the combined keytab 172 # or you'll break the other servers. 173 # o The daemon.scripts keytab 174 # o The SSL cert private key 175 # o The LDAP password for the signup process 176 # o The SQL password for the signup process 177 # o The LDAP keytab for this server, which will be used later 178 # o Replace the ssh host keys with the ones common to all scripts servers 179 # o You'll install an LDAP certificate signed by the scripts CA later 180 # o Make sure root's .k5login is correct 181 # o Make sure logview's .k5login is correct 143 182 144 183 # If you are setting up a test server, pay attention to … … 155 194 # correct. 156 195 196 # cd /etc/postfix; postmap virtual 197 # Otherwise postfix will appear to work, but actually not deliver mail 198 157 199 # Run fmtutil-sys --all, which does something that makes TeX work. 158 200
Note: See TracChangeset
for help on using the changeset viewer.