Changeset 1672 for branches/fc13-dev/server/doc/install-howto.sh
- Timestamp:
- Sep 26, 2010, 1:44:07 PM (14 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/fc13-dev/server/doc/install-howto.sh
r1668 r1672 27 27 branch="trunk" 28 28 29 # 'server' is the public hostname of your server, for SCP'ing files 30 # to and from. 31 server=YOUR-SERVER-NAME-HERE 32 29 33 # Start with a Scripts kickstarted install of Fedora (install-fedora) 30 34 … … 35 39 # Check out the scripts.mit.edu svn repository. Configure svn not to cache 36 40 # credentials. 37 38 cd /srv39 # We must use an explicit source_server while setting up the Scripts40 # server, because once we load the Scripts /etc configuration,41 # scripts.mit.edu will start resolving to localhost and42 # updates/commits will stop working. This will be switched to43 # scripts.mit.edu at the end of the install process.44 svn co svn://$source_server/$branch repository45 46 sed -i 's/^\(# *\)?store-passwords.*/store-passwords = no/' /root/.subversion/config47 sed -i 's/^\(# *\)?store-auth-creds.*/store-auth-creds = no/' /root/.subversion/config48 49 chown -R scripts-build /srv/repository50 51 asbuild svn up # generate the config file52 asbuild sed -i 's/^\(# *\)?store-passwords.*/store-passwords = no/' /home/scripts-build/.subversion/config53 asbuild sed -i 's/^\(# *\)?store-auth-creds.*/store-auth-creds = no/' /home/scripts-build/.subversion/config54 55 # cd to server/fedora in the svn repository.56 cd /srv/repository/server/fedora57 58 # Run "make install-deps" to install various prereqs. Nonstandard59 # deps are in /mit/scripts/rpm.60 make install-deps61 # You should pay close attention to the output of this command, and62 # note if packages you think should exist don't exist anymore.63 41 64 42 # Copy over root's dotfiles from one of the other machines. … … 70 48 ls -l .ssh 71 49 ls -l .vimrc 50 ls -l .k5login 72 51 # Trying to scp from server to server won't work, as scp 73 52 # will attempt to negotiate a server-to-server connection. 74 53 # Instead, scp to your trusted machine as a temporary file, 75 54 # and then push to the other server 55 scp -r root@$source_server:~/{.bashrc,.ldapvirc,.screenrc,.ssh,.vimrc,.k5login} . 56 scp -r {.bashrc,.ldapvirc,.screenrc,.ssh,.vimrc,.k5login} root@$server:~ 57 58 # Install the initial set of credentials (to get Kerberized logins once 59 # krb5 is installed). Otherwise, SCP'ing things in will be annoying. 60 # o You probably installed the machine keytab long ago 61 ls -l /etc/krb5.keytab 62 # Use ktutil to combine the host/scripts.mit.edu and 63 # host/scripts-vhosts.mit.edu keys with host/this-server.mit.edu in 64 # the keytab. Do not use 'k5srvutil change' on the combined keytab 65 # or you'll break the other servers. (real servers only). Be 66 # careful about writing out the keytab: if you write it to an 67 # existing file the keys will just get appended. The correct 68 # credential list should look like: 69 # ktutil: l 70 # slot KVNO Principal 71 # ---- ---- --------------------------------------------------------------------- 72 # 1 5 host/old-faithful.mit.edu@ATHENA.MIT.EDU 73 # 2 3 host/scripts-vhosts.mit.edu@ATHENA.MIT.EDU 74 # 3 2 host/scripts.mit.edu@ATHENA.MIT.EDU 75 # o Replace the ssh host keys with the ones common to all scripts servers (real servers only) 76 ls -l /etc/ssh/*key* 77 # You can do that with: 78 scp root@$source_server:/etc/ssh/*key* . 79 scp *key* root@$server:/etc/ssh/ 80 service sshd reload 76 81 77 82 # Check out the scripts /etc configuration 83 # backslash to make us not use the alias 78 84 cd /root 79 svn co svn://$source_server/$branch/server/fedora/config/etc etc80 # backslash to make us not use the alias81 85 \cp -a etc / 82 86 … … 87 91 # you have named. 88 92 89 # You can get password SSH back by editing /etc/ssh/sshd_config (allow93 # NOTE: You can get password SSH back by editing /etc/ssh/sshd_config (allow 90 94 # password auth) and /etc/pam.d/sshd (comment out the first three auth 91 # lines). However, you can also temporarily install krb5 and setup the 92 # keytabs and k5login to get Kerberized authentication. 95 # lines). However, you should have the Kerberos credentials in place 96 # so as soon as you install the full set of Scripts packages, you'll get 97 # Kerberized logins. 93 98 94 99 # Make sure network is working. If this is a new server name, you'll … … 97 102 # configured eth0 and eth1 correctly; use service network restart 98 103 # to add the new routes in route-eth1. 104 service network restart 99 105 route 100 106 ifconfig 101 107 cat /etc/hosts 102 108 cat /etc/sysconfig/network-scripts/route-eth1 103 service network restart104 109 105 110 # This is the point at which you should start updating scriptsified 106 111 # packages for a new Fedora release. Consult 'upgrade-tips' for more 107 112 # information. 108 109 113 yum install -y scripts-base 110 111 # Check that fs sysname is correct. You should see, among others, 112 # 'amd64_fedoraX_scripts' (vary X) and 'scripts'. If it's not, you 113 # probably did a distro upgrade and should update /etc/sysconfig/openafs. 114 fs sysname 114 # Some of these packages are naughty and clobber some of our files 115 cd /etc 116 svn revert resolv.conf hosts sysconfig/openafs 115 117 116 118 # Replace rsyslog with syslog-ng by doing: … … 159 161 # Platform gets updated.] 160 162 rpm -e ghc-cgi-devel ghc-cgi 161 yum install haskell-platform163 yum install -y haskell-platform 162 164 yumdownloader ghc-cgi 163 165 yumdownloader ghc-cgi-devel 164 rpm -i ghc-cgi*.rpm 165 rpm -i ghc-cgi-devel*.rpm 166 rpm -i ghc-cgi*1.8.1*.rpm 166 167 167 168 # Check out the scripts /usr/vice/etc configuration 168 cd /root 169 mkdir vice 170 cd vice 171 svn co svn://scripts.mit.edu/$branch/server/fedora/config/usr/vice/etc etc 169 cd /root/vice 172 170 \cp -a etc /usr/vice 173 171 174 172 # Install the full list of perl modules that users expect to be on the 175 173 # scripts.mit.edu servers. 174 cd /root 176 175 export PERL_MM_USE_DEFAULT=1 177 176 cpan # this is interactive, enter the next two lines … … 202 201 # ezyang: rspec-rails depends on rspec, and will override the Yum 203 202 # package, so... don't use that RPM yet 204 gem list 203 gem list --no-version > gem.txt 204 gem list --no-version | diff gem.txt - | grep "<" | cut -c3- | xargs gem install 205 205 # - Look at `pear list` for Pear fruits (or whatever they're called). 206 206 # Yet again, 'yum search' for RPMs before resorting to 'pear install'. Note 207 207 # that for things in the beta repo, you'll need 'pear install package-beta'. 208 208 # (you might get complaints about the php_scripts module; ignore them) 209 pear list 209 pear list | tail -n +4 | cut -f 1 -d " " > pear.txt 210 pear config-set preferred_state beta 211 pear channel-update pear.php.net 212 pear list | tail -n +4 | cut -f 1 -d " " | diff pear.txt - | grep "<" | cut -c3- | xargs pear install 210 213 # - Look at `pecl list` for PECL things. 'yum search', and if you must, 211 214 # 'pecl install' needed items. If it doesn't work, try 'pear install 212 215 # pecl/foo' or 'pecl install foo-beta' or those two combined. 213 pecl list 214 # Automating this... will require a lot of batonning between 215 # the servers. Probably best way to do it is to write an actual 216 # script. 216 pecl list | tail -n +4 | cut -f 1 -d " " > pecl.txt 217 pecl list | tail -n +4 | cut -f 1 -d " " | diff pecl.txt - | grep "<" | cut -c3- | xargs pecl install --nodeps 217 218 218 219 # Setup some Python config … … 222 223 # Be sure to make sure the permissions match up (ls -l on an existing 223 224 # server!). 224 # o This will be different if you're setting up our build/update server. 225 # o You probably installed the machine keytab long ago 226 ls -l /etc/krb5.keytab 227 # Use ktutil to combine the host/scripts.mit.edu and 228 # host/scripts-vhosts.mit.edu keys with host/this-server.mit.edu in 229 # the keytab. Do not use 'k5srvutil change' on the combined keytab 230 # or you'll break the other servers. (real servers only). Be 231 # careful about writing out the keytab: if you write it to an 232 # existing file the keys will just get appended 233 # o The daemon.scripts keytab 225 scp root@$source_server:{/etc/{sql-mit-edu.cfg.php,daemon.keytab,pki/tls/private/scripts.key,signup-ldap-pw,whoisd-password},/home/logview/.k5login} . 226 scp daemon.keytab signup-ldap-pw whoisd-password sql-mit-edu.cfg.php root@$server:/etc 227 scp scripts.key root@$server:/etc/pki/tls/private 228 scp .k5login root@$server:/home/logview 229 chown afsagent:afsagent /etc/daemon.keytab 230 # o The daemon.scripts keytab (will be daemon.scripts-test for test) 234 231 ls -l /etc/daemon.keytab 235 232 # o The SSL cert private key (real servers only) … … 237 234 # o The LDAP password for the signup process (real servers only) 238 235 ls -l /etc/signup-ldap-pw 239 # o The SQL password for the signup process (real servers only) (you240 # only need one, chown as sql user)241 ls -l /usr/local/etc/sql-mit-edu.cfg.php242 ls -l /etc/sql-mit-edu.cfg.php243 236 # o The whoisd password (real servers only) 244 237 ls -l /etc/whoisd-password 245 # o The LDAP keytab for this server, which will be used later (real246 # servers only).247 ls -l /etc/dirsrv/keytab248 # o Replace the ssh host keys with the ones common to all scripts servers (real servers only)249 ls -l /etc/ssh/*key*250 # o Make sure root's .k5login is correct251 cat /root/.k5login252 238 # o Make sure logview's .k5login is correct (real servers only) 253 239 cat /home/logview/.k5login 240 241 # Spin up OpenAFS. This will fail if there's been a new kernel since 242 # when you last tried. In that case, you can hold on till later to 243 # start OpenAFS. This will take a little bit of time; 244 service openafs-client start 245 246 # Check that fs sysname is correct. You should see, among others, 247 # 'amd64_fedoraX_scripts' (vary X) and 'scripts'. If it's not, you 248 # probably did a distro upgrade and should update /etc/sysconfig/openafs. 249 fs sysname 254 250 255 251 # [TEST SERVER] If you are setting up a test server, pay attention to … … 279 275 280 276 # Set up replication (see ./install-ldap). 277 # You'll need the LDAP keytab for this server: be sure to chown it 278 # fedora-ds after you create the fedora-ds user 279 ls -l /etc/dirsrv/keytab 281 280 cat install-ldap 282 281 … … 289 288 chkconfig postfix on 290 289 chkconfig httpd on 290 291 # Check sql user credentials (needs to be done after LDAP is setup) 292 chown sql /etc/sql-mit-edu.cfg.php 291 293 292 294 # Postfix doesn't actually deliver mail; fix this
Note: See TracChangeset
for help on using the changeset viewer.