Changeset 2195 for branches/fc17-dev/server/doc
- Timestamp:
- May 22, 2012, 10:52:35 PM (13 years ago)
- Location:
- branches/fc17-dev
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/fc17-dev
- Property svn:mergeinfo changed
/trunk (added) merged: 2082-2122,2125-2148,2150-2194
- Property svn:mergeinfo changed
-
branches/fc17-dev/server/doc/install-howto.sh
r2080 r2195 84 84 yum remove NetworkManager 85 85 86 # Make sure sendmail isn't installed 87 yum remove sendmail 86 # Make sure sendmail isn't installed, replace it with postfix 87 yum shell <<EOF 88 remove sendmail 89 install postfix 90 run 91 exit 92 EOF 88 93 89 94 # Check out the scripts /etc configuration … … 115 120 116 121 # Replace rsyslog with syslog-ng by doing: 117 rpm -e --nodeps rsyslog 118 yum install -y syslog-ng 122 yum shell <<EOF 123 remove rsyslog 124 install syslog-ng 125 run 126 exit 127 EOF 119 128 systemctl enable syslog-ng.service 120 129 … … 123 132 rpm -qa --queryformat "%{Name}.%{Arch}\n" | sort > packages.txt 124 133 # arrange for packages.txt to be passed to the server, then run: 125 # --skip-broken will (usually) prevent you from having to sit through 126 # several minutes of dependency resolution until it decides that 127 # it can't install /one/ package. 128 yum install -y --skip-broken $(cat packages.txt) 134 cd /tmp 135 yumdownloader --disablerepo=scripts ghc-cgi ghc-cgi-devel 136 yum localinstall ghc-cgi*.x86_64.rpm 137 yum install -y $(cat packages.txt) 138 # The reason this works is that ghc-cgi is marked as installonlypkgs 139 # in yum.conf, telling yum to install them side-by-side rather than 140 # updating them. If it doesn't work, use --skip-broken on the yum 141 # command line. 129 142 130 143 # Check which packages are installed on your new server that are not … … 140 153 # ModemManager PackageKit 141 154 142 # We need an upstream version of cgi which we've packaged ourselves, but143 # it doesn't work with the haskell-platform package which expects144 # explicit versions. So temporarily rpm -e the package, and then145 # install it again after you install haskell-platform. [Note: You146 # probably won't need this in Fedora 17 or something, when the Haskell147 # Platform gets updated.] [It's not obvious to me that this actually148 # works]149 rpm -e ghc-cgi-devel ghc-cgi150 yum install -y haskell-platform151 yumdownloader ghc-cgi152 yumdownloader ghc-cgi-devel153 rpm -i ghc-cgi*1.8.2*.rpm154 155 155 # ----------------------------->8-------------------------------------- 156 156 # SPHEROID SHENANIGANS 157 158 # Install the Python eggs and Ruby gems and PEAR/PECL doohickeys that are on 159 # the other scripts.mit.edu servers and do not have RPMs. 160 # The general mode of operation will be to run the "list" command 161 # on both servers, see what the differences are, check if those diffs 162 # are packaged up as rpms, and install them (rpm if possible, native otherwise) 157 163 158 164 # Note: Since ultimately we'd like to move away from using per-language … … 163 169 # packaged up the RPM. Unfortunately we don't really have good incants 164 170 # for this. 171 172 # Warning: If you're installing a new server mid-lifecycle (or even if 173 # this is the start of a cycle, but you've been staggering the 174 # installation of servers), upstream may have moved on. Because we 175 # don't normally upgrade spheroid projects, that means executing these 176 # instructions directly means that you will have mismatched versions 177 # (the new servers will have newer versions.) Please follow the 178 # UPGRADE commentary attached to each of these. 179 180 # Warning: The package lists that are generated are inconsistent on 181 # the question of whether or not they contain all packages (locally 182 # installed as well as distro packaged), or if they just contain locally 183 # installed packages. Check this carefully; many of the install incants 184 # filter out already installed packages. 185 186 # PERL CPAN 187 # --------- 165 188 166 189 # Install the full list of perl modules that users expect to be on the … … 174 197 perldoc -u perllocal | grep head2 | cut -f 3 -d '<' | cut -f 1 -d '|' | sort -u | perl -ne 'chomp; print "notest install $_\n" if system("rpm -q --whatprovides \"perl($_)\" >/dev/null 2>/dev/null")' > perl-packages.txt 175 198 # arrange for perl-packages.txt to be transferred to server 199 # Package list only contains new packages 176 200 cat perl-packages.txt | perl -MCPAN -e shell 177 178 # Install the Python eggs and Ruby gems and PEAR/PECL doohickeys that are on 179 # the other scripts.mit.edu servers and do not have RPMs. 180 # The general mode of operation will be to run the "list" command 181 # on both servers, see what the differences are, check if those diffs 182 # are packaged up as rpms, and install them (rpm if possible, native otherwise) 183 # - Look at /usr/lib/python2.6/site-packages and 184 # /usr/lib64/python2.6/site-packages for Python eggs and modules. 201 # These are in /usr/local 202 203 # UPGRADE: Installing old versions of CPAN modules requires you to 204 # specify the full path of a module, e.g. 205 # M/MS/MSCHWERN/Test-Simple-0.62.tar.gz. It is not currently clear how 206 # to get this information programatically. Furthermore, we have a lot 207 # of CPAN managed modules. Since CPAN is the only thing 208 # placed in /usr/local at this point, it may be easier to simple tar and 209 # cp the Perl modules from one server to another, to keep them 210 # consistent. But doing this is fiddly XXX 211 212 # PYTHON EGGS 213 # ----------- 214 215 # - Look at /usr/lib/python2.7/site-packages and 216 # /usr/lib64/python2.7/site-packages for Python eggs and modules. 185 217 # There will be a lot of gunk that was installed from packages; 186 218 # easy-install.pth in /usr/lib/ will tell you what was easy_installed. … … 192 224 # 'easy_install AuthKit jsonlib2 pygit' 193 225 cat /usr/lib/python2.7/site-packages/easy-install.pth | grep "^./" | cut -c3- | cut -f1 -d- > egg.txt 226 # Package list only contains new packages 194 227 cat egg.txt | xargs easy_install -Z 228 # These are in /usr 229 230 # UPGRADE: Use 'easy_install -n' to see what new versions are installed, and if there 231 # are updates validate them and upgrade them on the old servers. Since 232 # we have a really small package list (around 4) checking these manually 233 # should be fine. Note that dry run is slightly buggy and may fail 234 # midway processing files on account of a missing build directory. 235 236 # RUBY GEMS 237 # --------- 195 238 196 239 # - Look at `gem list` for Ruby gems. … … 200 243 # XXX This doesn't do the right thing for old version gems 201 244 gem list --no-version > gem.txt 245 # Package list contains distro gems too 202 246 gem install $(gem list --no-version | grep -Fxvf - gem.txt) 203 247 # Also, we need to install the old rails version 204 248 gem install -v=2.3.5 rails 249 # These are in /usr 250 251 # UPGRADE: You can either upgrade out-of-date gems, or leave them at 252 # the old version. We recommend the latter (see below for the 253 # rationale), but note that the install script described here doesn't 254 # pin against version, so you'll need to supply the -v parameters 255 # manually (the gems we install manually don't move too quickly, so this 256 # is fairly tractable if you check 'gem outdated'.) 257 # 258 # If you want to upgrade, do NOT use wildcard 'gem update'; use 'gem 259 # outdated' to find out all gems that are out of date, and verify this 260 # against our locally installed gems (there will be a lot of out of date 261 # gems, but this is simply because Fedora packaging lags behind the 262 # canonical versions (this is a good thing). Manually upgrade just 263 # those gems. Note that this doesn't save you from having to install 264 # old gems on the servers that are being installed out-of-cycle, 265 # because Ruby supports pinning against old versions, and if those gems 266 # then mysteriously disappear, things will be sad (note that this isn't 267 # a *huge* problem, because usually when you pin gems it's in 268 # conjunction with rvm, so they have their local copy of the gem.) 269 270 # PHP PEAR 271 # -------- 205 272 206 273 # - Look at `pear list` for Pear fruits (or whatever they're called). … … 209 276 # (you might get complaints about the php_scripts module; ignore them) 210 277 pear list | tail -n +4 | cut -f 1 -d " " > pear.txt 278 # Package list contains distro packages 211 279 pear config-set preferred_state beta 212 280 pear channel-update pear.php.net 213 281 pear install $(pear list | tail -n +4 | cut -f 1 -d " " | grep -Fxvf - pear.txt) 282 # These are in /usr 283 284 # PHP PECL 285 # -------- 214 286 215 287 # - Look at `pecl list` for PECL things. 'yum search', and if you must, … … 217 289 # pecl/foo' or 'pecl install foo-beta' or those two combined. 218 290 pecl list | tail -n +4 | cut -f 1 -d " " > pecl.txt 291 # Package list contains distro packages 219 292 pecl install --nodeps $(pecl list | tail -n +4 | cut -f 1 -d " " | grep -Fxvf - pecl.txt) 293 # These are in /usr 220 294 221 295 # ----------------------------->8-------------------------------------- 222 296 # INFINITE CONFIGURATION 223 297 224 # Create fedora-ds user (needed for credit-card)298 # [PROD] Create fedora-ds user (needed for credit-card) 225 299 useradd -u 103 -r -d /var/lib/dirsrv fedora-ds 226 300 227 301 # Run credit-card to clone in credentials and make things runabble 302 # NOTE: You may be tempted to run credit-card earlier in the install 303 # process in order, for example, to be able to SSH in to the servers 304 # with Kerberos. However, it is better to install the credentials 305 # *after* we have run a boatload untrusted code as part of the 306 # spheroids objects process. So don't move this step earlier! 228 307 python host.py push $server 229 308 … … 238 317 # # [TESTSERVER] daemon.scripts-test 239 318 240 # [PRODUCTION/WIZARD] Fix the openafs /usr/vice/etc <-> /etc/openafs 241 # mapping. 242 echo "/afs:/usr/vice/cache:10000000" > /usr/vice/etc/cacheinfo 243 echo "athena.mit.edu" > /usr/vice/etc/ThisCell 319 # Test that zephyr is working 320 systemctl enable zhm.service 321 systemctl start zhm.service 322 echo 'Test!' | zwrite -d -c scripts -i test 323 324 # Check out the scripts /usr/vice/etc configuration 325 cd /root/vice 326 \cp -a etc /usr/vice 244 327 # [TESTSERVER] If you're installing a test server, this needs to be 245 328 # much smaller; the max filesize on XVM is 10GB. Pick something like 246 329 # 500000. Also, some of the AFS parameters are kind of retarded (and if 247 330 # you're low on disk space, will actually exhaust our inodes). Edit 248 # these parameters in /etc/sysconfig/openafs ( This doesn't work in the249 # new systemd world order: try editing the unit file instead.)331 # these parameters in /etc/sysconfig/openafs (I just chopped a zero 332 # off of all of our parameters) 250 333 echo "/afs:/usr/vice/cache:500000" > /usr/vice/etc/cacheinfo 251 334 vim /etc/sysconfig/openafs 252 253 # Test that zephyr is working254 systemctl enable zhm.service255 systemctl start zhm.service256 echo 'Test!' | zwrite -d -c scripts -i test257 258 # Check out the scripts /usr/vice/etc configuration259 cd /root/vice260 \cp -a etc /usr/vice261 335 262 336 # [PRODUCTION] Set up replication (see ./install-ldap). … … 300 374 # (Note: this errors on XeTeX which is ok.) 301 375 fmtutil-sys --all 302 303 # Ensure that PHP isn't broken:304 mkdir /tmp/sessions305 chmod 01777 /tmp/sessions306 # XXX: this seems to get deleted if tmp gets cleaned up, so we307 # might need something a little better (maybe init script.)308 376 309 377 # Fix etc by making sure none of our config files got overwritten … … 374 442 # or do SSL. Generate with: 375 443 openssl req -new -x509 -keyout /etc/pki/tls/private/scripts.key -out /etc/pki/tls/certs/scripts.cert -nodes 376 # Also make /etc/pki/tls/certs/ca.pem match up (XXX what's the 377 # incant for that?) 444 ln -s /etc/pki/tls/private/scripts.key /etc/pki/tls/private/scripts-1024.key 445 # Also make /etc/pki/tls/certs/ca.pem match up 446 openssl rsa -in /etc/pki/tls/private/scripts.key -pubout > /etc/pki/tls/certs/ca.pem 378 447 379 448 # [TESTSERVER] More stuff for test servers
Note: See TracChangeset
for help on using the changeset viewer.