Ignore:
Timestamp:
Jan 15, 2012, 9:56:27 PM (11 years ago)
Author:
ezyang
Message:
More docs.
File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/server/doc/install-howto.sh

    r2111 r2112  
    128128    systemctl enable syslog-ng.service
    129129
     130# Temporarily remove ghc-cgi-devel and ghc-cgi
     131    rpm -e --nodeps ghc-cgi-devel ghc-cgi
     132
    130133# Install the full list of RPMs that users expect to be on the
    131134# scripts.mit.edu servers.
     
    156159#                      SPHEROID SHENANIGANS
    157160
     161# Install the Python eggs and Ruby gems and PEAR/PECL doohickeys that are on
     162# the other scripts.mit.edu servers and do not have RPMs.
     163# The general mode of operation will be to run the "list" command
     164# on both servers, see what the differences are, check if those diffs
     165# are packaged up as rpms, and install them (rpm if possible, native otherwise)
     166
    158167# Note: Since ultimately we'd like to move away from using per-language
    159168# package manager and all of these be RPMs, it is of questionable
     
    163172# packaged up the RPM.  Unfortunately we don't really have good incants
    164173# for this.
     174
     175# Warning: If you're installing a new server mid-lifecycle (or even if
     176# this is the start of a cycle, but you've been staggering the
     177# installation of servers), upstream may have moved on.  Because we
     178# don't normally upgrade spheroid projects, that means executing these
     179# instructions directly means that you will have mismatched versions
     180# (the new servers will have newer versions.)  Please follow the
     181# UPGRADE commentary attached to each of these.
     182
     183# Warning: The package lists that are generated are inconsistent on
     184# the question of whether or not they contain all packages (locally
     185# installed as well as distro packaged), or if they just contain locally
     186# installed packages.  Check this carefully; many of the install incants
     187# filter out already installed packages.
     188
     189# PERL CPAN
     190# ---------
    165191
    166192# Install the full list of perl modules that users expect to be on the
     
    174200perldoc -u perllocal | grep head2 | cut -f 3 -d '<' | cut -f 1 -d '|' | sort -u | perl -ne 'chomp; print "notest install $_\n" if system("rpm -q --whatprovides \"perl($_)\" >/dev/null 2>/dev/null")' > perl-packages.txt
    175201# arrange for perl-packages.txt to be transferred to server
     202    # Package list only contains new packages
    176203    cat perl-packages.txt | perl -MCPAN -e shell
    177 
    178 # Install the Python eggs and Ruby gems and PEAR/PECL doohickeys that are on
    179 # the other scripts.mit.edu servers and do not have RPMs.
    180 # The general mode of operation will be to run the "list" command
    181 # on both servers, see what the differences are, check if those diffs
    182 # are packaged up as rpms, and install them (rpm if possible, native otherwise)
     204# These are in /usr/local
     205
     206# UPGRADE: Installing old versions of CPAN modules requires you to
     207# specify the full path of a module, e.g.
     208# M/MS/MSCHWERN/Test-Simple-0.62.tar.gz.  It is not currently clear how
     209# to get this information programatically.  Furthermore, we have a lot
     210# of CPAN managed modules.  Since CPAN is the only thing
     211# placed in /usr/local at this point, it may be easier to simple tar and
     212# cp the Perl modules from one server to another, to keep them
     213# consistent.  But doing this is fiddly XXX
     214
     215# PYTHON EGGS
     216# -----------
     217
    183218# - Look at /usr/lib/python2.7/site-packages and
    184219#           /usr/lib64/python2.7/site-packages for Python eggs and modules.
     
    192227# 'easy_install AuthKit jsonlib2 pygit'
    193228cat /usr/lib/python2.7/site-packages/easy-install.pth | grep "^./" | cut -c3- | cut -f1 -d- > egg.txt
     229    # Package list only contains new packages
    194230    cat egg.txt | xargs easy_install -Z
     231# These are in /usr
     232
     233# UPGRADE: Use 'easy_install -n' to see what new versions are installed, and if there
     234# are updates validate them and upgrade them on the old servers.  Since
     235# we have a really small package list (around 4) checking these manually
     236# should be fine.  Note that dry run is slightly buggy and may fail
     237# midway processing files on account of a missing build directory.
     238
     239# RUBY GEMS
     240# ---------
    195241
    196242# - Look at `gem list` for Ruby gems.
     
    200246# XXX This doesn't do the right thing for old version gems
    201247gem list --no-version > gem.txt
     248    # Package list contains distro gems too
    202249    gem install $(gem list --no-version | grep -Fxvf - gem.txt)
    203250    # Also, we need to install the old rails version
    204251    gem install -v=2.3.5 rails
     252# These are in /usr
     253
     254# UPGRADE:  You can either upgrade out-of-date gems, or leave them at
     255# the old version.  We recommend the latter (see below for the
     256# rationale), but note that the install script described here doesn't
     257# pin against version, so you'll need to supply the -v parameters
     258# manually (the gems we install manually don't move too quickly, so this
     259# is fairly tractable if you check 'gem outdated'.)
     260#
     261# If you want to upgrade, do NOT use wildcard 'gem update'; use 'gem
     262# outdated' to find out all gems that are out of date, and verify this
     263# against our locally installed gems (there will be a lot of out of date
     264# gems, but this is simply because Fedora packaging lags behind the
     265# canonical versions (this is a good thing).  Manually upgrade just
     266# those gems.  Note that this doesn't save you from having to install
     267# old gems on the servers that are being installed out-of-cycle,
     268# because Ruby supports pinning against old versions, and if those gems
     269# then mysteriously disappear, things will be sad (note that this isn't
     270# a *huge* problem, because usually when you pin gems it's in
     271# conjunction with rvm, so they have their local copy of the gem.)
     272
     273# PHP PEAR
     274# --------
    205275
    206276# - Look at `pear list` for Pear fruits (or whatever they're called).
     
    209279#   (you might get complaints about the php_scripts module; ignore them)
    210280pear list | tail -n +4 | cut -f 1 -d " " > pear.txt
     281    # Package list contains distro packages
    211282    pear config-set preferred_state beta
    212283    pear channel-update pear.php.net
    213284    pear install $(pear list | tail -n +4 | cut -f 1 -d " " | grep -Fxvf - pear.txt)
     285# These are in /usr
     286
     287# PHP PECL
     288# --------
    214289
    215290# - Look at `pecl list` for PECL things.  'yum search', and if you must,
     
    217292#   pecl/foo' or 'pecl install foo-beta' or those two combined.
    218293pecl list | tail -n +4 | cut -f 1 -d " " > pecl.txt
     294    # Package list contains distro packages
    219295    pecl install --nodeps $(pecl list | tail -n +4 | cut -f 1 -d " " | grep -Fxvf - pecl.txt)
     296# These are in /usr
    220297
    221298# ----------------------------->8--------------------------------------
    222299#                       INFINITE CONFIGURATION
    223300
    224 # Create fedora-ds user (needed for credit-card)
     301# [PROD] Create fedora-ds user (needed for credit-card)
    225302useradd -u 103 -r -d /var/lib/dirsrv fedora-ds
    226303
    227304# Run credit-card to clone in credentials and make things runabble
     305# NOTE: You may be tempted to run credit-card earlier in the install
     306# process in order, for example, to be able to SSH in to the servers
     307# with Kerberos.  However, it is better to install the credentials
     308# *after* we have run a boatload untrusted code as part of the
     309# spheroids objects process.  So don't move this step earlier!
    228310python host.py push $server
    229311
     
    238320#   #   [TESTSERVER] daemon.scripts-test
    239321
     322# Test that zephyr is working
     323    systemctl enable zhm.service
     324    systemctl start zhm.service
     325    echo 'Test!' | zwrite -d -c scripts -i test
     326
     327# Check out the scripts /usr/vice/etc configuration
     328    cd /root/vice
     329    \cp -a etc /usr/vice
    240330# [TESTSERVER] If you're installing a test server, this needs to be
    241331# much smaller; the max filesize on XVM is 10GB.  Pick something like
    242332# 500000. Also, some of the AFS parameters are kind of retarded (and if
    243333# you're low on disk space, will actually exhaust our inodes).  Edit
    244 # these parameters in /etc/sysconfig/openafs (This doesn't work in the
    245 # new systemd world order: try editing the unit file instead.)
     334# these parameters in /etc/sysconfig/openafs (I just chopped a zero
     335# off of all of our parameters)
    246336    echo "/afs:/usr/vice/cache:500000" > /usr/vice/etc/cacheinfo
    247 # XXX This is out of date in the systemd world.
    248337    vim /etc/sysconfig/openafs
    249 
    250 # Test that zephyr is working
    251     systemctl enable zhm.service
    252     systemctl start zhm.service
    253     echo 'Test!' | zwrite -d -c scripts -i test
    254 
    255 # Check out the scripts /usr/vice/etc configuration
    256     cd /root/vice
    257     \cp -a etc /usr/vice
    258338
    259339# [PRODUCTION] Set up replication (see ./install-ldap).
     
    365445#     or do SSL.  Generate with:
    366446    openssl req -new -x509 -keyout /etc/pki/tls/private/scripts.key -out /etc/pki/tls/certs/scripts.cert -nodes
    367 #     Also make /etc/pki/tls/certs/ca.pem match up (XXX what's the
    368 #     incant for that?)
     447    ln -s /etc/pki/tls/private/scripts.key /etc/pki/tls/private/scripts-1024.key
     448#     Also make /etc/pki/tls/certs/ca.pem match up
     449    openssl rsa -in /etc/pki/tls/private/scripts.key -pubout > /etc/pki/tls/certs/ca.pem
    369450
    370451# [TESTSERVER] More stuff for test servers
Note: See TracChangeset for help on using the changeset viewer.