Ignore:
Timestamp:
Sep 26, 2010, 1:44:07 PM (12 years ago)
Author:
ezyang
Message:
More updates from installing b-m and o-f.
File:
1 edited

Legend:

Unmodified
Added
Removed
  • branches/fc13-dev/server/doc/install-howto.sh

    r1668 r1672  
    2727branch="trunk"
    2828
     29# 'server' is the public hostname of your server, for SCP'ing files
     30# to and from.
     31server=YOUR-SERVER-NAME-HERE
     32
    2933# Start with a Scripts kickstarted install of Fedora (install-fedora)
    3034
     
    3539# Check out the scripts.mit.edu svn repository. Configure svn not to cache
    3640# credentials.
    37 
    38     cd /srv
    39     # We must use an explicit source_server while setting up the Scripts
    40     # server, because once we load the Scripts /etc configuration,
    41     # scripts.mit.edu will start resolving to localhost and
    42     # updates/commits will stop working.  This will be switched to
    43     # scripts.mit.edu at the end of the install process.
    44     svn co svn://$source_server/$branch repository
    45 
    46     sed -i 's/^\(# *\)?store-passwords.*/store-passwords = no/' /root/.subversion/config
    47     sed -i 's/^\(# *\)?store-auth-creds.*/store-auth-creds = no/' /root/.subversion/config
    48 
    49     chown -R scripts-build /srv/repository
    50 
    51     asbuild svn up # generate the config file
    52     asbuild sed -i 's/^\(# *\)?store-passwords.*/store-passwords = no/' /home/scripts-build/.subversion/config
    53     asbuild sed -i 's/^\(# *\)?store-auth-creds.*/store-auth-creds = no/' /home/scripts-build/.subversion/config
    54 
    55 # cd to server/fedora in the svn repository.
    56     cd /srv/repository/server/fedora
    57 
    58 # Run "make install-deps" to install various prereqs.  Nonstandard
    59 # deps are in /mit/scripts/rpm.
    60     make install-deps
    61     # You should pay close attention to the output of this command, and
    62     # note if packages you think should exist don't exist anymore.
    6341
    6442# Copy over root's dotfiles from one of the other machines.
     
    7048    ls -l .ssh
    7149    ls -l .vimrc
     50    ls -l .k5login
    7251    # Trying to scp from server to server won't work, as scp
    7352    # will attempt to negotiate a server-to-server connection.
    7453    # Instead, scp to your trusted machine as a temporary file,
    7554    # and then push to the other server
     55scp -r root@$source_server:~/{.bashrc,.ldapvirc,.screenrc,.ssh,.vimrc,.k5login} .
     56scp -r {.bashrc,.ldapvirc,.screenrc,.ssh,.vimrc,.k5login} root@$server:~
     57
     58# Install the initial set of credentials (to get Kerberized logins once
     59# krb5 is installed).  Otherwise, SCP'ing things in will be annoying.
     60#   o You probably installed the machine keytab long ago
     61    ls -l /etc/krb5.keytab
     62#     Use ktutil to combine the host/scripts.mit.edu and
     63#     host/scripts-vhosts.mit.edu keys with host/this-server.mit.edu in
     64#     the keytab.  Do not use 'k5srvutil change' on the combined keytab
     65#     or you'll break the other servers. (real servers only).  Be
     66#     careful about writing out the keytab: if you write it to an
     67#     existing file the keys will just get appended.  The correct
     68#     credential list should look like:
     69#       ktutil:  l
     70#       slot KVNO Principal
     71#       ---- ---- ---------------------------------------------------------------------
     72#          1    5 host/old-faithful.mit.edu@ATHENA.MIT.EDU
     73#          2    3 host/scripts-vhosts.mit.edu@ATHENA.MIT.EDU
     74#          3    2      host/scripts.mit.edu@ATHENA.MIT.EDU
     75#   o Replace the ssh host keys with the ones common to all scripts servers (real servers only)
     76    ls -l /etc/ssh/*key*
     77#     You can do that with:
     78scp root@$source_server:/etc/ssh/*key* .
     79scp *key* root@$server:/etc/ssh/
     80    service sshd reload
    7681
    7782# Check out the scripts /etc configuration
     83    # backslash to make us not use the alias
    7884    cd /root
    79     svn co svn://$source_server/$branch/server/fedora/config/etc etc
    80     # backslash to make us not use the alias
    8185    \cp -a etc /
    8286
     
    8791# you have named.
    8892
    89 # You can get password SSH back by editing /etc/ssh/sshd_config (allow
     93# NOTE: You can get password SSH back by editing /etc/ssh/sshd_config (allow
    9094# password auth) and /etc/pam.d/sshd (comment out the first three auth
    91 # lines).  However, you can also temporarily install krb5 and setup the
    92 # keytabs and k5login to get Kerberized authentication.
     95# lines).  However, you should have the Kerberos credentials in place
     96# so as soon as you install the full set of Scripts packages, you'll get
     97# Kerberized logins.
    9398
    9499# Make sure network is working.  If this is a new server name, you'll
     
    97102# configured eth0 and eth1 correctly; use service network restart
    98103# to add the new routes in route-eth1.
     104    service network restart
    99105    route
    100106    ifconfig
    101107    cat /etc/hosts
    102108    cat /etc/sysconfig/network-scripts/route-eth1
    103     service network restart
    104109
    105110# This is the point at which you should start updating scriptsified
    106111# packages for a new Fedora release.  Consult 'upgrade-tips' for more
    107112# information.
    108 
    109113    yum install -y scripts-base
    110 
    111 # Check that fs sysname is correct.  You should see, among others,
    112 # 'amd64_fedoraX_scripts' (vary X) and 'scripts'. If it's not, you
    113 # probably did a distro upgrade and should update /etc/sysconfig/openafs.
    114     fs sysname
     114    # Some of these packages are naughty and clobber some of our files
     115    cd /etc
     116    svn revert resolv.conf hosts sysconfig/openafs
    115117
    116118# Replace rsyslog with syslog-ng by doing:
     
    159161# Platform gets updated.]
    160162    rpm -e ghc-cgi-devel ghc-cgi
    161     yum install haskell-platform
     163    yum install -y haskell-platform
    162164    yumdownloader ghc-cgi
    163165    yumdownloader ghc-cgi-devel
    164     rpm -i ghc-cgi*.rpm
    165     rpm -i ghc-cgi-devel*.rpm
     166    rpm -i ghc-cgi*1.8.1*.rpm
    166167
    167168# Check out the scripts /usr/vice/etc configuration
    168     cd /root
    169     mkdir vice
    170     cd vice
    171     svn co svn://scripts.mit.edu/$branch/server/fedora/config/usr/vice/etc etc
     169    cd /root/vice
    172170    \cp -a etc /usr/vice
    173171
    174172# Install the full list of perl modules that users expect to be on the
    175173# scripts.mit.edu servers.
     174    cd /root
    176175    export PERL_MM_USE_DEFAULT=1
    177176    cpan # this is interactive, enter the next two lines
     
    202201#       ezyang: rspec-rails depends on rspec, and will override the Yum
    203202#       package, so... don't use that RPM yet
    204     gem list
     203gem list --no-version > gem.txt
     204    gem list --no-version | diff gem.txt - | grep "<" | cut -c3- | xargs gem install
    205205# - Look at `pear list` for Pear fruits (or whatever they're called).
    206206#   Yet again, 'yum search' for RPMs before resorting to 'pear install'.  Note
    207207#   that for things in the beta repo, you'll need 'pear install package-beta'.
    208208#   (you might get complaints about the php_scripts module; ignore them)
    209     pear list
     209pear list | tail -n +4 | cut -f 1 -d " " > pear.txt
     210    pear config-set preferred_state beta
     211    pear channel-update pear.php.net
     212    pear list | tail -n +4 | cut -f 1 -d " " | diff pear.txt - | grep "<" | cut -c3- | xargs pear install
    210213# - Look at `pecl list` for PECL things.  'yum search', and if you must,
    211214#   'pecl install' needed items. If it doesn't work, try 'pear install
    212215#   pecl/foo' or 'pecl install foo-beta' or those two combined.
    213     pecl list
    214 # Automating this... will require a lot of batonning between
    215 # the servers. Probably best way to do it is to write an actual
    216 # script.
     216pecl list | tail -n +4 | cut -f 1 -d " " > pecl.txt
     217    pecl list | tail -n +4 | cut -f 1 -d " " | diff pecl.txt - | grep "<" | cut -c3- | xargs pecl install --nodeps
    217218
    218219# Setup some Python config
     
    222223# Be sure to make sure the permissions match up (ls -l on an existing
    223224# server!).
    224 #   o This will be different if you're setting up our build/update server.
    225 #   o You probably installed the machine keytab long ago
    226     ls -l /etc/krb5.keytab
    227 #     Use ktutil to combine the host/scripts.mit.edu and
    228 #     host/scripts-vhosts.mit.edu keys with host/this-server.mit.edu in
    229 #     the keytab.  Do not use 'k5srvutil change' on the combined keytab
    230 #     or you'll break the other servers. (real servers only).  Be
    231 #     careful about writing out the keytab: if you write it to an
    232 #     existing file the keys will just get appended
    233 #   o The daemon.scripts keytab
     225scp root@$source_server:{/etc/{sql-mit-edu.cfg.php,daemon.keytab,pki/tls/private/scripts.key,signup-ldap-pw,whoisd-password},/home/logview/.k5login} .
     226scp daemon.keytab signup-ldap-pw whoisd-password sql-mit-edu.cfg.php root@$server:/etc
     227scp scripts.key root@$server:/etc/pki/tls/private
     228scp .k5login root@$server:/home/logview
     229    chown afsagent:afsagent /etc/daemon.keytab
     230#   o The daemon.scripts keytab (will be daemon.scripts-test for test)
    234231    ls -l /etc/daemon.keytab
    235232#   o The SSL cert private key (real servers only)
     
    237234#   o The LDAP password for the signup process (real servers only)
    238235    ls -l /etc/signup-ldap-pw
    239 #   o The SQL password for the signup process (real servers only) (you
    240 #     only need one, chown as sql user)
    241     ls -l /usr/local/etc/sql-mit-edu.cfg.php
    242     ls -l /etc/sql-mit-edu.cfg.php
    243236#   o The whoisd password (real servers only)
    244237    ls -l /etc/whoisd-password
    245 #   o The LDAP keytab for this server, which will be used later (real
    246 #     servers only).
    247     ls -l /etc/dirsrv/keytab
    248 #   o Replace the ssh host keys with the ones common to all scripts servers (real servers only)
    249     ls -l /etc/ssh/*key*
    250 #   o Make sure root's .k5login is correct
    251     cat /root/.k5login
    252238#   o Make sure logview's .k5login is correct (real servers only)
    253239    cat /home/logview/.k5login
     240
     241# Spin up OpenAFS.  This will fail if there's been a new kernel since
     242# when you last tried.  In that case, you can hold on till later to
     243# start OpenAFS.  This will take a little bit of time;
     244    service openafs-client start
     245
     246# Check that fs sysname is correct.  You should see, among others,
     247# 'amd64_fedoraX_scripts' (vary X) and 'scripts'. If it's not, you
     248# probably did a distro upgrade and should update /etc/sysconfig/openafs.
     249    fs sysname
    254250
    255251# [TEST SERVER] If you are setting up a test server, pay attention to
     
    279275
    280276# Set up replication (see ./install-ldap).
     277# You'll need the LDAP keytab for this server: be sure to chown it
     278# fedora-ds after you create the fedora-ds user
     279    ls -l /etc/dirsrv/keytab
    281280    cat install-ldap
    282281
     
    289288    chkconfig postfix on
    290289    chkconfig httpd on
     290
     291# Check sql user credentials (needs to be done after LDAP is setup)
     292    chown sql /etc/sql-mit-edu.cfg.php
    291293
    292294# Postfix doesn't actually deliver mail; fix this
Note: See TracChangeset for help on using the changeset viewer.