Changeset 1645 for branches/fc13-dev/server/doc/install-howto.sh
- Timestamp:
- Sep 12, 2010, 6:00:55 PM (14 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/fc13-dev/server/doc/install-howto.sh
r1620 r1645 26 26 27 27 # Start with a normal install of Fedora. 28 29 # Take updates 30 YUM update 28 31 29 32 if [ $boot = 0 ]; then … … 71 74 svn co svn://$source_server/$branch repository 72 75 76 # XXX These sed scripts don't work 73 77 sed -i 's/^(# *)*store-passwords.*/store-passwords = no/' /root/.subversion/config 74 78 sed -i 's/^(# *)*store-auth-creds.*/store-auth-creds = no/' /root/.subversion/config … … 90 94 # won't work. 91 95 96 # Get some packages necessary for OpenAFS 97 YUM install -y redhat-lsb 98 YUM install -y autofs 99 92 100 # Add scripts-build to the group 'mock' 93 101 usermod -a -G mock scripts-build … … 110 118 # You can get password SSH back by editing /etc/ssh/sshd_config (allow 111 119 # password auth) and /etc/pam.d/sshd (comment out the first three auth 112 # lines) 120 # lines). However, you can also temporarily install krb5 and setup the 121 # keytabs and k5login to get Kerberized authentication. 113 122 114 123 service named start … … 118 127 # packages for a new Fedora release. Consult 'upgrade-tips' for more 119 128 # information. 120 121 # In the case of the Kerberos libraries, you'll be told that122 # there are conflicting files with the 64-bit versions of the packages,123 # which we scriptsify. You'll have to use --force to install those124 # rpms despite the conflicts. After doing that, you may want to125 # install the corresponding 64-bit scriptsified versions again, just126 # to be safe in case the 32-bit versions overwrite files that differ.127 # When you try this, it will complain that you already have the same128 # version installed; again, you'll need to use --force to do it anyway.129 130 # We need yumdownloader to force some RPMs131 # XXX: This might be wrong. Sanity check what packages ou132 # have when done133 YUM install -y yum-utils134 yumdownloader krb5-libs135 # XXX: These version numbers are hardcoded, need some cli-fu to generalize136 # FC13: Check if they are necessary137 rpm -i krb5-libs-*.i586.rpm138 rpm -U --force krb5-libs-*.scripts.1138.x86_64.rpm139 129 140 130 # env NSS_NONLOCAL_IGNORE=1 yum install scripts-base … … 174 164 YUM install -y nrpe 175 165 YUM install -y nagios-plugins-all 166 YUM install -y fprintd-pam 176 167 177 168 # Disable NetworkManager with chkconfig NetworkManager off. Configure … … 198 189 # Edit the parameters in /etc/sysconfig/openafs 199 190 200 # Figure out why Zephyr isn't working. Most recently, it was because there 201 # was a 64-bit RPM installed; remove it and install Joe's 32-bit one 202 YUM erase -y mit-zephyr 203 # mit-zephyr has a spurious dependency on mit-krb-config 204 yumdownloader mit-zephyr.i386 205 # if deps change, this breaks 206 YUM install -y libXaw.i586 libXext.i586 libXmu.i586 ncurses-libs.i586 readline.i586 207 rpm -i --nodeps mit-zephyr-2.1-6-linux.i386.rpm 208 # test if it worked by sending an un-authed message 209 zwrite -d -c scripts -i test 191 # Test that zephyr is working 192 chkconfig zhm on 193 service zhm start 194 echo 'Test!' | zwrite -d -c scripts -i test 210 195 211 196 # Install the athena-base, athena-lprng, and athena-lprng-misc RPMs … … 251 236 mkdir vice 252 237 cd vice 253 svn co svn://scripts.mit.edu/ trunk/server/fedora/config/usr/vice/etc etc238 svn co svn://scripts.mit.edu/$branch/server/fedora/config/usr/vice/etc etc 254 239 \cp -a etc /usr/vice 255 240 … … 308 293 echo 'import site, os.path; site.addsitedir(os.path.expanduser("~/lib/python2.6/site-packages"))' > /usr/lib/python2.6/site-packages/00scripts-home.pth 309 294 310 # Install the credentials. There are a lot of things to remember here: 295 # Install the credentials. There are a lot of things to remember here. 296 # Be sure to make sure the permissions match up (ls -l on an existing 297 # server!). 311 298 # o This will be different if you're setting up our build/update server. 312 299 # o You probably installed the machine keytab long ago 313 300 ls -l /etc/krb5.keytab 314 # oUse ktutil to combine the host/scripts.mit.edu and301 # Use ktutil to combine the host/scripts.mit.edu and 315 302 # host/scripts-vhosts.mit.edu keys with host/this-server.mit.edu in 316 303 # the keytab. Do not use 'k5srvutil change' on the combined keytab 317 # or you'll break the other servers. (real servers only) 304 # or you'll break the other servers. (real servers only). Be 305 # careful about writing out the keytab: if you write it to an 306 # existing file the keys will just get appended 318 307 # o The daemon.scripts keytab 319 308 ls -l /etc/daemon.keytab 320 309 # o The SSL cert private key (real servers only) 310 ls -l /etc/pki/tls/private/scripts.key 321 311 # o The LDAP password for the signup process (real servers only) 322 # o The SQL password for the signup process (real servers only) 312 ls -l /etc/signup-ldap-pw 313 # o The SQL password for the signup process (real servers only) (you 314 # only need one) 315 ls -l /usr/local/etc/sql-mit-edu.cfg.php 316 ls -l /etc/sql-mit-edu.cfg.php 323 317 # o The whoisd password (real servers only) 324 # o The LDAP keytab for this server, which will be used later (real servers only) 318 # o The LDAP keytab for this server, which will be used later (real 319 # servers only). 320 ls -l /etc/dirsrv/keytab 325 321 # o Replace the ssh host keys with the ones common to all scripts servers (real servers only) 326 # o You'll install an LDAP certificate signed by the scripts CA later (real servers only) 322 ls -l /etc/ssh/*key* 327 323 # o Make sure root's .k5login is correct 328 324 cat /root/.k5login 329 325 # o Make sure logview's .k5login is correct (real servers only) 326 cat /home/logview/.k5login 330 327 331 328 # If you are setting up a test server, pay attention to … … 353 350 vim /home/afsagent/renew # replace all mentions of daemon.scripts.mit.edu 354 351 355 # Install 389-ds-base and set up replication (see ./HOWTO-SETUP-LDAP 356 # and ./389-ds-enable-ssl-and-kerberos.diff). 352 # Install 389-ds-base and set up replication (see ./HOWTO-SETUP-LDAP). 357 353 358 354 # Make the services dirsrv, nslcd, nscd, postfix, and httpd start at … … 420 416 421 417 # XXX: our SVN checkout should be updated to use scripts.mit.edu 422 # (repository and etc) 418 # (repository and etc) once serving actually works.
Note: See TracChangeset
for help on using the changeset viewer.