Changeset 2050

Timestamp:

Nov 13, 2011, 2:01:17 AM (12 years ago)

Author:

ezyang

Message:

More updates.

Location:

branches/fc15-dev/server/doc

Files:

• install-howto.sh (modified) (7 diffs)
• install-ldap (modified) (9 diffs)

branches/fc15-dev/server/doc/install-howto.sh

@@ -79 +79 @@
     yum remove NetworkManager
 
+# Make sure sendmail isn't installed
+    yum remove sendmail
+
 # Check out the scripts /etc configuration
     cd /root
@@ -100 +103 @@
     # Some of these packages are naughty and clobber some of our files
     cd /etc
-    svn revert resolv.conf hosts sysconfig/openafs
+    svn revert resolv.conf hosts sysconfig/openafs nsswitch.conf
 
 # Replace rsyslog with syslog-ng by doing:
@@ -115 +118 @@
 # it can't install /one/ package.
     yum install -y --skip-broken $(cat packages.txt)
-
-# Make sure sendmail isn't installed
-    yum remove sendmail
 
 # Check which packages are installed on your new server that are not
@@ -135 +135 @@
 # explicit versions.  So temporarily rpm -e the package, and then
 # install it again after you install haskell-platform.  [Note: You
-# probably won't need this in Fedora 15 or something, when the Haskell
+# probably won't need this in Fedora 17 or something, when the Haskell
 # Platform gets updated.]
     rpm -e ghc-cgi-devel ghc-cgi
@@ -192 +192 @@
     gem install $(gem list --no-version | grep -Fxvf - gem.txt)
     # Also, we need to install the old rails version
+    gem install -v=2.3.5 rails
 
 # - Look at `pear list` for Pear fruits (or whatever they're called).
@@ -210 +211 @@
 # ----------------------------->8--------------------------------------
 #                       INFINITE CONFIGURATION
+
+# Create fedora-ds user (needed for credit-card)
+useradd -u 103 -r -d /var/lib/dirsrv fedora-ds
 
 # Run credit-card to clone in credentials and make things runabble
@@ -296 +300 @@
     cd /etc
     svn status -q
-    # Some usual candidates for clobbering include nsswitch.conf and
-    # sysconfig/openafs
+    # Some usual candidates for clobbering include nsswitch.conf,
+    # resolv.conf and sysconfig/openafs
     # [WIZARD/TEST] Remember that changes you made should not get
     # reverted!
-
-# ThisCell got clobbered, replace it with athena.mit.edu
-    echo "athena.mit.edu" > /usr/vice/etc/ThisCell
 
 # Reboot the machine to restore a consistent state, in case you

branches/fc15-dev/server/doc/install-ldap

@@ -1 @@
-To set up a new LDAP server:
-
-- Install the RPM 389-ds-base with yum (these are installed by kickstart
-  these days, so these two steps are probably not necessary)
-  root# yum install -y 389-ds-base
-  root# yum install -y policycoreutils-python
-  root# yum install -y ldapvi
-- We want to run the directory server as its own user, so create fedora-ds
-  root# useradd -u 103 -r -d /var/lib/dirsrv fedora-ds
-- Temporarily move away the existing slapd-scripts folder
-  root# mv /etc/dirsrv/slapd-scripts{,.bak}
-- root# /usr/sbin/setup-ds.pl
-    - Choose a typical install
-    - Tell it to use the fedora-ds user and group
-    - Directory server identifier: scripts
-        Needed to remove this from the config file first
-    - Suffix: dc=scripts,dc=mit,dc=edu
-    - Input directory manager password
-      (this can be found in  ~/.ldapvirc)
-- Move the schema back
-  root# cp -R /etc/dirsrv/slapd-scripts.bak/{.svn,*} /etc/dirsrv/slapd-scripts
-  root# rm -Rf /etc/dirsrv/slapd-scripts.bak
-- Turn dirsrv off: service dirsrv stop
-- Apply the following configuration changes.  If you're editing
-  dse.ldif, you don't want dirsrv to be on, otherwise it will
-  overwrite your changes. [XXX: show how to do these changes with
-  dsconf, which is the "blessed" method]
+# To set up a new LDAP server:
+
+# Temporarily move away the existing slapd-scripts folder
+mv /etc/dirsrv/slapd-scripts{,.bak}
+
+# Setup directory server
+/usr/sbin/setup-ds.pl
+#   - Choose a typical install
+#   - Tell it to use the fedora-ds user and group
+#   - Directory server identifier: scripts
+#   - Suffix: dc=scripts,dc=mit,dc=edu
+#   - Input directory manager password
+#     (this can be found in  ~/.ldapvirc)
+
+# Move the schema back
+cp -R /etc/dirsrv/slapd-scripts.bak/{.svn,*} /etc/dirsrv/slapd-scripts
+rm -Rf /etc/dirsrv/slapd-scripts.bak
+
+# Turn dirsrv off:
+systemctl stop dirsrv.service
+
+# Apply the following configuration changes.  If you're editing
+# dse.ldif, you don't want dirsrv to be on, otherwise it will
+# overwrite your changes. [XXX: show how to do these changes with
+# dsconf, which is the "blessed" method, although it seems
+# dsconf only exists for Red Hat]
+
+vim /etc/dirsrv/slapd-scripts/dse.ldif
+<<<EOF
 
 # Inside cn=config.  These changes definitely require a restart.
-nsslapd-ldapifilepath: /var/run/slapd-scripts.socket  [NOTE: didn't need to do this]
 nsslapd-ldapilisten: on
 nsslapd-syntaxcheck: off
@@ -49 +50 @@
 nsSaslMapFilterTemplate: (objectClass=posixAccount)
 
-- Put LDAP keytab (ldap/hostname.mit.edu) in /etc/dirsrv/keytab.  Make
-  sure you chown/chgrp it to be readable by fedora-ds
-- Uncomment and modify in /etc/sysconfig/dirsrv: KRB5_KTNAME=/etc/dirsrv/keytab ; export KRB5_KTNAME
-  [NOTE: didn't need to do this either]
-- chown fedora-ds:fedora-ds /var/run/dirsrv
-- chown fedora-ds /etc/dirsrv/keytab
-- /sbin/service dirsrv start
-- Use ldapvi -b cn=config to add these indexes (8 of them):
+EOF;
+
+systemctl start dirsrv.service
+
+ldapvi -b cn=config
+# Add these indexes (8 of them):
+
+<<<EOF
 
 add cn=apacheServerName, cn=index, cn=userRoot, cn=ldbm database, cn=plugins, cn=config
@@ -121 +122 @@
 nsIndexType: eq
 nsIndexType: pres
+
+EOF;
 
 - Build the indexes for all the fields:
@@ -185 +188 @@
 
   Here's how you do it.
+
+  NOTE: There's this spiffy new tool MMR hammer which automates some of
+  this process.  Check the "MMR Hammer" sections to see how.  Install it
+  here:  https://github.com/ezyang/mmr-hammer
 
     0. Tell -c scripts not to go off and reboot servers until you're
@@ -253 +260 @@
        risky step of the process; see below for help debugging problems.
 
-       WARNING: There is a known bug doing full updates from 1.2.6 to
-       1.2.6, see https://bugzilla.redhat.com/show_bug.cgi?id=637852
+       MMR Hammer: mmr-hammer -h $MASTER init agreements $SLAVE
 
         ldapvi -b cn=\"dc=scripts,dc=mit,dc=edu\",cn=mapping\ tree,cn=config
@@ -283 +289 @@
     6. Replicate in the other direction.  On $MASTER, add $SLAVE
     as a nsDS5ReplicaBindDN in cn=replica,cn="dc=scripts,dc=mit,dc=edu",cn=mapping tree,cn=config
-    Also, add an account for $SLAVE
+    Also, add an account for $SLAVE if it doesn't exist already.
 
 add uid=ldap/$SLAVE,ou=People,dc=scripts,dc=mit,dc=edu
@@ -291 +297 @@
 
     On $SLAVE,
+
+       MMR Hammer: mmr-hammer -h $SLAVE init agreements $MASTER
 
 add cn="GSSAPI Replication to $MASTER", cn=replica, cn="dc=scripts,dc=mit,dc=edu", cn=mapping tree, cn=config
@@ -319 +327 @@
     new server.
 
+    With MMR hammer, that's something like:
+
+        for i in $SERVER_NAMES; do mmr-hammer -h $i init agreements $SERVER_NAMES; done
+
     8. If at this point you look at the new server's changelog with
     cl-dump (preferably /mit/scripts/admin/cl-dump.pl, to not prompt you
@@ -327 +339 @@
     also good for making sure the replication agreements actually work.
 
+    With MMR hammer, that's something like:
+
+        for i in $SERVER_NAMES; do mmr-hammer -h $i test; sleep 20; done
+
 Troubleshooting
 ===============