Changeset 1211


Ignore:
Timestamp:
Jun 29, 2009, 9:47:39 PM (15 years ago)
Author:
ezyang
Message:
More install information.
File:
1 edited

Legend:

Unmodified
Added
Removed

  • branches/fc11-dev/server/doc/install-howto.sh

    r1206 r1211  
    126126    rpm -e --nodeps rsyslog
    127127    YUM install -y syslog-ng
     128    chkconfig syslog-ng on
    128129
    129130# Install various dependencies of the scripts system, including
     
    264265
    265266# Install the credentials.  There are a lot of things to remember here:
     267#   o This will be different if you're setting up our build/update server.
    266268#   o You probably installed the machine keytab long ago
     269    ls -l /etc/krb5.keytab
    267270#   o Use ktutil to combine the host/scripts.mit.edu and
    268271#     host/scripts-vhosts.mit.edu keys with host/this-server.mit.edu in
    269272#     the keytab.  Do not use 'k5srvutil change' on the combined keytab
    270 #     or you'll break the other servers.
     273#     or you'll break the other servers. (real servers only)
    271274#   o The daemon.scripts keytab
    272 #   o The SSL cert private key
    273 #   o The LDAP password for the signup process
    274 #   o The SQL password for the signup process
    275 #   o The LDAP keytab for this server, which will be used later
    276 #   o Replace the ssh host keys with the ones common to all scripts servers
    277 #   o You'll install an LDAP certificate signed by the scripts CA later
     275    ls -l /etc/daemon.keytab
     276#   o The SSL cert private key (real servers only)
     277#   o The LDAP password for the signup process (real servers only)
     278#   o The SQL password for the signup process (real servers only)
     279#   o The LDAP keytab for this server, which will be used later (real servers only)
     280#   o Replace the ssh host keys with the ones common to all scripts servers (real servers only)
     281#   o You'll install an LDAP certificate signed by the scripts CA later (real servers only)
    278282#   o Make sure root's .k5login is correct
    279 #   o Make sure logview's .k5login is correct
     283    cat /root/.k5login
     284#   o Make sure logview's .k5login is correct (real servers only)
    280285
    281286# If you are setting up a test server, pay attention to
    282287# /etc/sysconfig/network-scripts and do not bind scripts' IP address.
    283 # You will also need to modify /etc/ldap.conf, /etc/nss-ldapd.conf,
    284 # /etc/openldap/ldap.conf, and /etc/httpd/conf.d/vhost_ldap.conf to
    285 # use scripts.mit.edu instead of localhost.
     288# You will also need to modify:
     289#   o /etc/ldap.conf
     290#       add: host scripts.mit.edu
     291#   o /etc/nss-ldapd.conf
     292#       replace: uri *****
     293#       with: uri ldap://scripts.mit.edu/
     294#   o /etc/openldap/ldap.conf
     295#       add: URI ldap://scripts.mit.edu/
     296#            BASE dc=scripts,dc=mit,dc=edu
     297#   o /etc/httpd/conf.d/vhost_ldap.conf
     298#       replace: VhostLDAPUrl ****
     299#       with: VhostLDAPUrl "ldap://18.181.0.46/ou=VirtualHosts,dc=scripts,dc=mit,dc=edu"
     300# to use scripts.mit.edu instead of localhost.
     301# XXX: someone should write sed scripts to do this
     302
     303# If you are setting up a test server, afsagent's cronjob will attempt
     304# to be renewing with the wrong credentials (daemon.scripts). Change this:
     305    vim /home/afsagent/renew # replace all mentions of daemon.scripts.mit.edu
    286306
    287307# Install fedora-ds-base and set up replication (see ./HOWTO-SETUP-LDAP
     
    291311# boot. Run chkconfig to make sure the set of services to be run is
    292312# correct.
     313    chkconfig dirsrv on
     314    chkconfig nslcd on
     315    chkconfig nscd on
     316    chkconfig postfix on
     317    chkconfig httpd on
    293318
    294319# Postfix doesn't actually deliver mail; fix this
     
    297322
    298323# Run fmtutil-sys --all, which does something that makes TeX work.
     324    fmtutil-sys --all
     325    # ezyang: I got errors on xetex
    299326
    300327# Ensure that PHP isn't broken:
     
    305332    chmod 755 /var/run/httpd
    306333    chmod 755 /var/run/httpd/mod_fcgid
     334    # ezyang: The latter didn't exist for me
     335
     336# Fix etc by making sure none of our config files got overwritten
     337    cd /etc
     338    svn status | grep M
     339    # ezyang: I had to revert krb5.conf, nsswitch.conf and sysconfig/openafs
    307340
    308341# Reboot the machine to restore a consistent state, in case you
    309342# changed anything.
     343    # ezyang: When I rebooted, the following things happened:
     344    #   o Starting kdump failed (this is ok)
     345    #   o postfix mailbombed us
     346    #   o firstboot configuration screen popped up (ignored; manually will do
     347    #     chkconfig after the fact)
    310348
    311349# (Optional) Beat your head against a wall.
     
    313351# Possibly perform other steps that I've neglected to put in this
    314352# document.
     353#   o In the first install of not-backward, ThisCell got clobbered, resulting
     354#     in trying to get tickets from openafs.org. Not sure when it got
     355#     clobbered -- ezyang
     356#   o For some reason, syslog-ng wasn't turning on automatically, so we weren't
     357#     getting spew
     358
     359# Some info about changing hostnames: it appears to be in:
     360#   o /etc/sysconfig/network
     361#   o your lvm thingies; probably don't need to edit
Note: See TracChangeset for help on using the changeset viewer.