May 22, 2012, 10:52:35 PM (10 years ago)
Merge changes from trunk.
2 edited


  • branches/fc17-dev

  • branches/fc17-dev/server/doc/install-howto.sh

    r2080 r2195  
    8484    yum remove NetworkManager
    86 # Make sure sendmail isn't installed
    87     yum remove sendmail
     86# Make sure sendmail isn't installed, replace it with postfix
     87    yum shell <<EOF
     88remove sendmail
     89install postfix
    8994# Check out the scripts /etc configuration
    116121# Replace rsyslog with syslog-ng by doing:
    117     rpm -e --nodeps rsyslog
    118     yum install -y syslog-ng
     122    yum shell <<EOF
     123remove rsyslog
     124install syslog-ng
    119128    systemctl enable syslog-ng.service
    123132rpm -qa --queryformat "%{Name}.%{Arch}\n" | sort > packages.txt
    124133# arrange for packages.txt to be passed to the server, then run:
    125 # --skip-broken will (usually) prevent you from having to sit through
    126 # several minutes of dependency resolution until it decides that
    127 # it can't install /one/ package.
    128     yum install -y --skip-broken $(cat packages.txt)
     134    cd /tmp
     135    yumdownloader --disablerepo=scripts ghc-cgi ghc-cgi-devel
     136    yum localinstall ghc-cgi*.x86_64.rpm
     137    yum install -y $(cat packages.txt)
     138# The reason this works is that ghc-cgi is marked as installonlypkgs
     139# in yum.conf, telling yum to install them side-by-side rather than
     140# updating them. If it doesn't work, use --skip-broken on the yum
     141# command line.
    130143# Check which packages are installed on your new server that are not
    140153    # ModemManager PackageKit
    142 # We need an upstream version of cgi which we've packaged ourselves, but
    143 # it doesn't work with the haskell-platform package which expects
    144 # explicit versions.  So temporarily rpm -e the package, and then
    145 # install it again after you install haskell-platform.  [Note: You
    146 # probably won't need this in Fedora 17 or something, when the Haskell
    147 # Platform gets updated.] [It's not obvious to me that this actually
    148 # works]
    149     rpm -e ghc-cgi-devel ghc-cgi
    150     yum install -y haskell-platform
    151     yumdownloader ghc-cgi
    152     yumdownloader ghc-cgi-devel
    153     rpm -i ghc-cgi*1.8.2*.rpm
    155155# ----------------------------->8--------------------------------------
    156156#                      SPHEROID SHENANIGANS
     158# Install the Python eggs and Ruby gems and PEAR/PECL doohickeys that are on
     159# the other scripts.mit.edu servers and do not have RPMs.
     160# The general mode of operation will be to run the "list" command
     161# on both servers, see what the differences are, check if those diffs
     162# are packaged up as rpms, and install them (rpm if possible, native otherwise)
    158164# Note: Since ultimately we'd like to move away from using per-language
    163169# packaged up the RPM.  Unfortunately we don't really have good incants
    164170# for this.
     172# Warning: If you're installing a new server mid-lifecycle (or even if
     173# this is the start of a cycle, but you've been staggering the
     174# installation of servers), upstream may have moved on.  Because we
     175# don't normally upgrade spheroid projects, that means executing these
     176# instructions directly means that you will have mismatched versions
     177# (the new servers will have newer versions.)  Please follow the
     178# UPGRADE commentary attached to each of these.
     180# Warning: The package lists that are generated are inconsistent on
     181# the question of whether or not they contain all packages (locally
     182# installed as well as distro packaged), or if they just contain locally
     183# installed packages.  Check this carefully; many of the install incants
     184# filter out already installed packages.
     186# PERL CPAN
     187# ---------
    166189# Install the full list of perl modules that users expect to be on the
    174197perldoc -u perllocal | grep head2 | cut -f 3 -d '<' | cut -f 1 -d '|' | sort -u | perl -ne 'chomp; print "notest install $_\n" if system("rpm -q --whatprovides \"perl($_)\" >/dev/null 2>/dev/null")' > perl-packages.txt
    175198# arrange for perl-packages.txt to be transferred to server
     199    # Package list only contains new packages
    176200    cat perl-packages.txt | perl -MCPAN -e shell
    178 # Install the Python eggs and Ruby gems and PEAR/PECL doohickeys that are on
    179 # the other scripts.mit.edu servers and do not have RPMs.
    180 # The general mode of operation will be to run the "list" command
    181 # on both servers, see what the differences are, check if those diffs
    182 # are packaged up as rpms, and install them (rpm if possible, native otherwise)
    183 # - Look at /usr/lib/python2.6/site-packages and
    184 #           /usr/lib64/python2.6/site-packages for Python eggs and modules.
     201# These are in /usr/local
     203# UPGRADE: Installing old versions of CPAN modules requires you to
     204# specify the full path of a module, e.g.
     205# M/MS/MSCHWERN/Test-Simple-0.62.tar.gz.  It is not currently clear how
     206# to get this information programatically.  Furthermore, we have a lot
     207# of CPAN managed modules.  Since CPAN is the only thing
     208# placed in /usr/local at this point, it may be easier to simple tar and
     209# cp the Perl modules from one server to another, to keep them
     210# consistent.  But doing this is fiddly XXX
     212# PYTHON EGGS
     213# -----------
     215# - Look at /usr/lib/python2.7/site-packages and
     216#           /usr/lib64/python2.7/site-packages for Python eggs and modules.
    185217#   There will be a lot of gunk that was installed from packages;
    186218#   easy-install.pth in /usr/lib/ will tell you what was easy_installed.
    192224# 'easy_install AuthKit jsonlib2 pygit'
    193225cat /usr/lib/python2.7/site-packages/easy-install.pth | grep "^./" | cut -c3- | cut -f1 -d- > egg.txt
     226    # Package list only contains new packages
    194227    cat egg.txt | xargs easy_install -Z
     228# These are in /usr
     230# UPGRADE: Use 'easy_install -n' to see what new versions are installed, and if there
     231# are updates validate them and upgrade them on the old servers.  Since
     232# we have a really small package list (around 4) checking these manually
     233# should be fine.  Note that dry run is slightly buggy and may fail
     234# midway processing files on account of a missing build directory.
     236# RUBY GEMS
     237# ---------
    196239# - Look at `gem list` for Ruby gems.
    200243# XXX This doesn't do the right thing for old version gems
    201244gem list --no-version > gem.txt
     245    # Package list contains distro gems too
    202246    gem install $(gem list --no-version | grep -Fxvf - gem.txt)
    203247    # Also, we need to install the old rails version
    204248    gem install -v=2.3.5 rails
     249# These are in /usr
     251# UPGRADE:  You can either upgrade out-of-date gems, or leave them at
     252# the old version.  We recommend the latter (see below for the
     253# rationale), but note that the install script described here doesn't
     254# pin against version, so you'll need to supply the -v parameters
     255# manually (the gems we install manually don't move too quickly, so this
     256# is fairly tractable if you check 'gem outdated'.)
     258# If you want to upgrade, do NOT use wildcard 'gem update'; use 'gem
     259# outdated' to find out all gems that are out of date, and verify this
     260# against our locally installed gems (there will be a lot of out of date
     261# gems, but this is simply because Fedora packaging lags behind the
     262# canonical versions (this is a good thing).  Manually upgrade just
     263# those gems.  Note that this doesn't save you from having to install
     264# old gems on the servers that are being installed out-of-cycle,
     265# because Ruby supports pinning against old versions, and if those gems
     266# then mysteriously disappear, things will be sad (note that this isn't
     267# a *huge* problem, because usually when you pin gems it's in
     268# conjunction with rvm, so they have their local copy of the gem.)
     270# PHP PEAR
     271# --------
    206273# - Look at `pear list` for Pear fruits (or whatever they're called).
    209276#   (you might get complaints about the php_scripts module; ignore them)
    210277pear list | tail -n +4 | cut -f 1 -d " " > pear.txt
     278    # Package list contains distro packages
    211279    pear config-set preferred_state beta
    212280    pear channel-update pear.php.net
    213281    pear install $(pear list | tail -n +4 | cut -f 1 -d " " | grep -Fxvf - pear.txt)
     282# These are in /usr
     284# PHP PECL
     285# --------
    215287# - Look at `pecl list` for PECL things.  'yum search', and if you must,
    217289#   pecl/foo' or 'pecl install foo-beta' or those two combined.
    218290pecl list | tail -n +4 | cut -f 1 -d " " > pecl.txt
     291    # Package list contains distro packages
    219292    pecl install --nodeps $(pecl list | tail -n +4 | cut -f 1 -d " " | grep -Fxvf - pecl.txt)
     293# These are in /usr
    221295# ----------------------------->8--------------------------------------
    222296#                       INFINITE CONFIGURATION
    224 # Create fedora-ds user (needed for credit-card)
     298# [PROD] Create fedora-ds user (needed for credit-card)
    225299useradd -u 103 -r -d /var/lib/dirsrv fedora-ds
    227301# Run credit-card to clone in credentials and make things runabble
     302# NOTE: You may be tempted to run credit-card earlier in the install
     303# process in order, for example, to be able to SSH in to the servers
     304# with Kerberos.  However, it is better to install the credentials
     305# *after* we have run a boatload untrusted code as part of the
     306# spheroids objects process.  So don't move this step earlier!
    228307python host.py push $server
    238317#   #   [TESTSERVER] daemon.scripts-test
    240 # [PRODUCTION/WIZARD] Fix the openafs /usr/vice/etc <-> /etc/openafs
    241 # mapping.
    242     echo "/afs:/usr/vice/cache:10000000" > /usr/vice/etc/cacheinfo
    243     echo "athena.mit.edu" > /usr/vice/etc/ThisCell
     319# Test that zephyr is working
     320    systemctl enable zhm.service
     321    systemctl start zhm.service
     322    echo 'Test!' | zwrite -d -c scripts -i test
     324# Check out the scripts /usr/vice/etc configuration
     325    cd /root/vice
     326    \cp -a etc /usr/vice
    244327# [TESTSERVER] If you're installing a test server, this needs to be
    245328# much smaller; the max filesize on XVM is 10GB.  Pick something like
    246329# 500000. Also, some of the AFS parameters are kind of retarded (and if
    247330# you're low on disk space, will actually exhaust our inodes).  Edit
    248 # these parameters in /etc/sysconfig/openafs (This doesn't work in the
    249 # new systemd world order: try editing the unit file instead.)
     331# these parameters in /etc/sysconfig/openafs (I just chopped a zero
     332# off of all of our parameters)
    250333    echo "/afs:/usr/vice/cache:500000" > /usr/vice/etc/cacheinfo
    251334    vim /etc/sysconfig/openafs
    253 # Test that zephyr is working
    254     systemctl enable zhm.service
    255     systemctl start zhm.service
    256     echo 'Test!' | zwrite -d -c scripts -i test
    258 # Check out the scripts /usr/vice/etc configuration
    259     cd /root/vice
    260     \cp -a etc /usr/vice
    262336# [PRODUCTION] Set up replication (see ./install-ldap).
    300374# (Note: this errors on XeTeX which is ok.)
    301375    fmtutil-sys --all
    303 # Ensure that PHP isn't broken:
    304     mkdir /tmp/sessions
    305     chmod 01777 /tmp/sessions
    306     # XXX: this seems to get deleted if tmp gets cleaned up, so we
    307     # might need something a little better (maybe init script.)
    309377# Fix etc by making sure none of our config files got overwritten
    374442#     or do SSL.  Generate with:
    375443    openssl req -new -x509 -keyout /etc/pki/tls/private/scripts.key -out /etc/pki/tls/certs/scripts.cert -nodes
    376 #     Also make /etc/pki/tls/certs/ca.pem match up (XXX what's the
    377 #     incant for that?)
     444    ln -s /etc/pki/tls/private/scripts.key /etc/pki/tls/private/scripts-1024.key
     445#     Also make /etc/pki/tls/certs/ca.pem match up
     446    openssl rsa -in /etc/pki/tls/private/scripts.key -pubout > /etc/pki/tls/certs/ca.pem
    379448# [TESTSERVER] More stuff for test servers
Note: See TracChangeset for help on using the changeset viewer.