Ignore:
Timestamp:
Jun 8, 2009, 1:07:47 PM (15 years ago)
Author:
mitchb
Message:
Merge r1121:1178 from trunk to branches/fc11-dev
Location:
branches/fc11-dev/server/doc
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • branches/fc11-dev/server/doc/HOWTO-SETUP-LDAP

    r951 r1179  
    1212- /sbin/service dirsrv start
    1313- Apply ./fedora-ds-enable-ssl-and-kerberos.diff manually
     14- Also set nsslapd-ldapifilepath: /var/run/dirsrv/slapd-scripts.socket
     15  and nsslapd-ldapilisten: on, otherwise ldapi won't work.
    1416- /sbin/service dirsrv stop
    1517- Add the scripts schemas to /var/lib/dirsrv/slapd-scripts
     
    1719- certutil -d /etc/dirsrv/slapd-scripts -A -n "scripts.mit.edu CA" -t CT,, -a -i scripts-ca.pem
    1820- Generate a pkcs12 cert for the server:
     21- openssl pkcs12 -export -in c-w.pem -inkey c-w.key -name 'ldap/cats-whiskers' -out c-w.pkcs12
    1922- pk12util -i ldap-server-cert.p12 -d /etc/dirsrv/slapd-scripts
    2023- Put LDAP keytab in /etc/dirsrv/keytab
  • branches/fc11-dev/server/doc/install-howto.sh

    r1110 r1179  
    7575    \cp -a etc /
    7676
     77# yum remove nss_ldap, because nss-ldapd conflicts with it
     78
    7779# env NSS_NONLOCAL_IGNORE=1 yum install scripts-base
    7880    YUM install -y scripts-base
     
    99101
    100102# Install various dependencies of the scripts system, including syslog-ng,
    101 # glibc-devel.i386, python-twisted-core, mod_fcgid, nrpe, nagios-plugins-all.
     103# glibc-devel.i586, python-twisted-core, mod_fcgid, nrpe, nagios-plugins-all.
    102104
    103105# Disable NetworkManager with chkconfig NetworkManager off. Configure
     
    109111#  /usr/vice/etc/cacheinfo to contain:
    110112#       /afs:/usr/vice/cache:10000000
     113# Also fix ThisCell to contain athena.mit.edu in both directories
    111114
    112115# Figure out why Zephyr isn't working. Most recently, it was because there
    113116# was a 64-bit RPM installed; remove it and install Joe's 32-bit one
     117
     118# Install the athena-base, athena-lprng, and athena-lprng-misc RPMs
     119# from the Athena 9 build (these are present in our yum repo).  Note
     120# that you will have to use --nodeps for at least one of the lprng
     121# ones because it thinks it needs the Athena hesiod RPM.  It doesn't
     122# really.  Before doing this, run it without --nodeps and arrange to
     123# install the rest of the things it really does depend on.  This will
     124# include a bunch of 32-bit rpms; go ahead and install the .i586 versions
     125# of them.  In the case of the Kerberos libraries, you'll be told that
     126# there are conflicting files with the 64-bit versions of the packages,
     127# which we scriptsify.  You'll have to use --force to install those
     128# rpms despite the conflicts.  After doing that, you may want to
     129# install the corresponding 64-bit scriptsified versions again, just
     130# to be safe in case the 32-bit versions overwrite files that differ.
     131# When you try this, it will complain that you already have the same
     132# version installed; again, you'll need to use --force to do it anyway.
     133# Yuck.
    114134
    115135# Install the full list of RPMs that users expect to be on the
     
    127147# TO DO THIS:
    128148# On another server, run:
    129 # perldoc -u perllocal | grep head2 | cut -f 3 -d '<' | cut -f 1 -d '|' | sort -u | perl -ne 'chomp; print "$_\n" if system("rpm -q --whatprovides \"perl($_)\" >/dev/null 2>/dev/null")' > /mit/scripts/config/perl-packages.txt
     149# perldoc -u perllocal | grep head2 | cut -f 3 -d '<' | cut -f 1 -d '|' | sort -u | perl -ne 'chomp; print "notest install $_\n" if system("rpm -q --whatprovides \"perl($_)\" >/dev/null 2>/dev/null")' > /mit/scripts/config/perl-packages.txt
    130150# Then on the server you're installing,
    131     perl -MCPAN -e"$(echo notest install $(cat /mit/scripts/config/perl-packages.txt))"
     151    cat perl-packages.txt | perl -MCPAN -e shell
    132152
    133153# Install the Python eggs and Ruby gems and PEAR/PECL doohickeys that are on
    134154# the other scripts.mit.edu servers and do not have RPMs.
    135 # - Look at /usr/lib/python2.5/site-packages for Python eggs and modules.
     155# - Look at /usr/lib/python2.6/site-packages and
     156#           /usr/lib64/python2.6/site-packages for Python eggs and modules.
     157#   First use 'yum search' to see if the relevant package is now available
     158#   as an RPM, and install that if it is.  If not, then use easy_install.
    136159# - Look at `gem list` for Ruby gems.
     160#   Again, use 'yum search' and prefer RPMs, but failing that, 'gem install'.
    137161# - Look at `pear list` for Pear fruits (or whatever they're called).
    138 
    139 # echo 'import site, os.path; site.addsitedir(os.path.expanduser("~/lib/python2.5/site-packages"))' > /usr/lib/python2.5/site-packages/00scripts-home.pth
    140 
    141 # Install the credentials (machine keytab, daemon.scripts keytab, SSL
    142 # certs).
     162#   Yet again, 'yum search' for RPMs before resorting to 'pear install'.  Note
     163#   that for things in the beta repo, you'll need 'pear install package-beta'.
     164
     165# echo 'import site, os.path; site.addsitedir(os.path.expanduser("~/lib/python2.6/site-packages"))' > /usr/lib/python2.6/site-packages/00scripts-home.pth
     166
     167# Install the credentials.  There are a lot of things to remember here:
     168#   o You probably installed the machine keytab long ago
     169#   o Use ktutil to combine the host/scripts.mit.edu and
     170#     host/scripts-vhosts.mit.edu keys with host/this-server.mit.edu in
     171#     the keytab.  Do not use 'k5srvutil change' on the combined keytab
     172#     or you'll break the other servers.
     173#   o The daemon.scripts keytab
     174#   o The SSL cert private key
     175#   o The LDAP password for the signup process
     176#   o The SQL password for the signup process
     177#   o The LDAP keytab for this server, which will be used later
     178#   o Replace the ssh host keys with the ones common to all scripts servers
     179#   o You'll install an LDAP certificate signed by the scripts CA later
     180#   o Make sure root's .k5login is correct
     181#   o Make sure logview's .k5login is correct
    143182
    144183# If you are setting up a test server, pay attention to
     
    155194# correct.
    156195
     196# cd /etc/postfix; postmap virtual
     197# Otherwise postfix will appear to work, but actually not deliver mail
     198
    157199# Run fmtutil-sys --all, which does something that makes TeX work.
    158200
Note: See TracChangeset for help on using the changeset viewer.