Changeset 1211
- Timestamp:
- Jun 29, 2009, 9:47:39 PM (15 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/fc11-dev/server/doc/install-howto.sh
r1206 r1211 126 126 rpm -e --nodeps rsyslog 127 127 YUM install -y syslog-ng 128 chkconfig syslog-ng on 128 129 129 130 # Install various dependencies of the scripts system, including … … 264 265 265 266 # Install the credentials. There are a lot of things to remember here: 267 # o This will be different if you're setting up our build/update server. 266 268 # o You probably installed the machine keytab long ago 269 ls -l /etc/krb5.keytab 267 270 # o Use ktutil to combine the host/scripts.mit.edu and 268 271 # host/scripts-vhosts.mit.edu keys with host/this-server.mit.edu in 269 272 # the keytab. Do not use 'k5srvutil change' on the combined keytab 270 # or you'll break the other servers. 273 # or you'll break the other servers. (real servers only) 271 274 # o The daemon.scripts keytab 272 # o The SSL cert private key 273 # o The LDAP password for the signup process 274 # o The SQL password for the signup process 275 # o The LDAP keytab for this server, which will be used later 276 # o Replace the ssh host keys with the ones common to all scripts servers 277 # o You'll install an LDAP certificate signed by the scripts CA later 275 ls -l /etc/daemon.keytab 276 # o The SSL cert private key (real servers only) 277 # o The LDAP password for the signup process (real servers only) 278 # o The SQL password for the signup process (real servers only) 279 # o The LDAP keytab for this server, which will be used later (real servers only) 280 # o Replace the ssh host keys with the ones common to all scripts servers (real servers only) 281 # o You'll install an LDAP certificate signed by the scripts CA later (real servers only) 278 282 # o Make sure root's .k5login is correct 279 # o Make sure logview's .k5login is correct 283 cat /root/.k5login 284 # o Make sure logview's .k5login is correct (real servers only) 280 285 281 286 # If you are setting up a test server, pay attention to 282 287 # /etc/sysconfig/network-scripts and do not bind scripts' IP address. 283 # You will also need to modify /etc/ldap.conf, /etc/nss-ldapd.conf, 284 # /etc/openldap/ldap.conf, and /etc/httpd/conf.d/vhost_ldap.conf to 285 # use scripts.mit.edu instead of localhost. 288 # You will also need to modify: 289 # o /etc/ldap.conf 290 # add: host scripts.mit.edu 291 # o /etc/nss-ldapd.conf 292 # replace: uri ***** 293 # with: uri ldap://scripts.mit.edu/ 294 # o /etc/openldap/ldap.conf 295 # add: URI ldap://scripts.mit.edu/ 296 # BASE dc=scripts,dc=mit,dc=edu 297 # o /etc/httpd/conf.d/vhost_ldap.conf 298 # replace: VhostLDAPUrl **** 299 # with: VhostLDAPUrl "ldap://18.181.0.46/ou=VirtualHosts,dc=scripts,dc=mit,dc=edu" 300 # to use scripts.mit.edu instead of localhost. 301 # XXX: someone should write sed scripts to do this 302 303 # If you are setting up a test server, afsagent's cronjob will attempt 304 # to be renewing with the wrong credentials (daemon.scripts). Change this: 305 vim /home/afsagent/renew # replace all mentions of daemon.scripts.mit.edu 286 306 287 307 # Install fedora-ds-base and set up replication (see ./HOWTO-SETUP-LDAP … … 291 311 # boot. Run chkconfig to make sure the set of services to be run is 292 312 # correct. 313 chkconfig dirsrv on 314 chkconfig nslcd on 315 chkconfig nscd on 316 chkconfig postfix on 317 chkconfig httpd on 293 318 294 319 # Postfix doesn't actually deliver mail; fix this … … 297 322 298 323 # Run fmtutil-sys --all, which does something that makes TeX work. 324 fmtutil-sys --all 325 # ezyang: I got errors on xetex 299 326 300 327 # Ensure that PHP isn't broken: … … 305 332 chmod 755 /var/run/httpd 306 333 chmod 755 /var/run/httpd/mod_fcgid 334 # ezyang: The latter didn't exist for me 335 336 # Fix etc by making sure none of our config files got overwritten 337 cd /etc 338 svn status | grep M 339 # ezyang: I had to revert krb5.conf, nsswitch.conf and sysconfig/openafs 307 340 308 341 # Reboot the machine to restore a consistent state, in case you 309 342 # changed anything. 343 # ezyang: When I rebooted, the following things happened: 344 # o Starting kdump failed (this is ok) 345 # o postfix mailbombed us 346 # o firstboot configuration screen popped up (ignored; manually will do 347 # chkconfig after the fact) 310 348 311 349 # (Optional) Beat your head against a wall. … … 313 351 # Possibly perform other steps that I've neglected to put in this 314 352 # document. 353 # o In the first install of not-backward, ThisCell got clobbered, resulting 354 # in trying to get tickets from openafs.org. Not sure when it got 355 # clobbered -- ezyang 356 # o For some reason, syslog-ng wasn't turning on automatically, so we weren't 357 # getting spew 358 359 # Some info about changing hostnames: it appears to be in: 360 # o /etc/sysconfig/network 361 # o your lvm thingies; probably don't need to edit
Note: See TracChangeset
for help on using the changeset viewer.