Changeset 1693 for trunk/server/doc/install-howto.sh
- Timestamp:
- Oct 23, 2010, 8:07:08 AM (14 years ago)
- Location:
- trunk
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk
- Property svn:mergeinfo changed
/branches/fc13-dev (added) merged: 1613-1638,1644-1647,1649-1650,1653,1658-1666,1668-1669,1672-1678,1680-1681
- Property svn:mergeinfo changed
-
trunk/server/doc/install-howto.sh
r1687 r1693 1 1 # This document is a how-to for installing a Fedora scripts.mit.edu server. 2 # It is semi-vaguely in the form of a shell script, but is not really 3 # runnable as it stands. 2 4 3 5 set -e -x 4 6 5 [ -e /scripts-boot-count ] || echo 0 > /scripts-boot-count 6 7 source_server="old-faithful.mit.edu" 8 9 boot=${1:$(cat /scripts-boot-count)} 10 11 # XXX: let 'branch' be the current svn branch you are on 12 13 doreboot() { 14 echo $(( $boot + 1 )) > /scripts-boot-count; 15 shutdown -r now "Rebooting for step $(cat /scripts-boot-count)" 16 } 17 18 YUM() { 19 NSS_NONLOCAL_IGNORE=1 yum "$@" 20 } 21 22 # Helper files for the install are located in server/fedora/config. 23 24 # Start with a normal install of Fedora. 25 26 if [ $boot = 0 ]; then 27 # When the initial configuration screen comes up, under "Firewall 28 # configuration", disable the firewall, and under "System services", leave 29 # enabled (as of Fedora 9) acpid, anacron, atd, cpuspeed, crond, 30 # firstboot, fuse, haldaemon, ip6tables, iptables, irqbalance, 31 # kerneloops, mdmonitor, messagebus, microcode_ctl, netfs, network, nscd, ntpd, 32 # sshd, udev-post, and nothing else. 33 echo "--disabled" > /etc/sysconfig/system-config-firewall 34 for i in NetworkManager avahi-daemon bluetooth cups isdn nfslock nfs pcscd restorecond rpcbind rpcgssd rpcidmapd sendmail; do 35 chkconfig "$i" off 36 done 37 38 # Turn on network, so we can connect at boot 39 chkconfig network on 40 41 # Edit /etc/selinux/config so it has SELINUX=disabled and reboot. 42 sed -i 's/^SELINUX=.*/SELINUX=disabled/' /etc/selinux/config 43 doreboot 44 fi 45 46 if [ $boot = 1 ]; then 47 # Create a scripts-build user account, and set up rpm to build in 48 # $HOME by doing a 49 # cp config/home/scripts-build/.rpmmacros /home/scripts-build/ 50 # (If you just use the default setup, it will generate packages 51 # in /usr/src/redhat.) 52 adduser scripts-build 7 # Some commands should be run as the scripts-build user, not root. 8 9 alias asbuild="sudo -u scripts-build" 10 11 # Old versions of this install document advised setting 12 # NSS_NONLOCAL_IGNORE=1 anytime you're setting up anything, e.g. using 13 # yum, warning that useradd will query LDAP in a stupid way that makes 14 # it hang forever. As of Fedora 13, this does not seem to be a problem, 15 # so it's been removed from the instructions. If an install is hanging, 16 # though, try adding NSS_NONLOCAL_IGNORE. 17 18 # This is actually just "pick an active scripts server". It can't be 19 # scripts.mit.edu because our networking config points that domain 20 # at localhost, and if our server is not setup at that point things 21 # will break. 22 source_server="cats-whiskers.mit.edu" 23 24 # 'branch' is the current svn branch you are on. You want to 25 # use trunk if your just installing a new server, and branches/fcXX-dev 26 # if your preparing a server on a new Fedora release. 27 branch="trunk" 28 29 # 'server' is the public hostname of your server, for SCP'ing files 30 # to and from. 31 server=YOUR-SERVER-NAME-HERE 32 33 # Start with a Scripts kickstarted install of Fedora (install-fedora) 34 35 # Take updates, reboot if there's a kernel update. 36 37 yum update 38 39 # Get rid of network manager 40 yum remove NetworkManager 53 41 54 42 # Check out the scripts.mit.edu svn repository. Configure svn not to cache 55 43 # credentials. 56 44 57 YUM install -y subversion 58 59 cd /srv 60 svn co svn://$source_server/$branch repository 61 62 sed -i 's/^(# *)*store-passwords.*/store-passwords = no/' /root/.subversion/config 63 sed -i 's/^(# *)*store-auth-creds.*/store-auth-creds = no/' /root/.subversion/config 64 # The same tweaks should be made on /home/scripts-build/.subversion/config 65 # once it exists (do something with svn as scripts-build) 66 67 chown -R scripts-build /srv/repository 68 69 # cd to server/fedora in the svn repository. 70 cd /srv/repository/server/fedora 71 72 # Run "make install-deps" to install various prereqs. Nonstandard 73 # deps are in /mit/scripts/rpm. 74 YUM install -y make 75 make install-deps 76 77 # Install bind 78 YUM install -y bind 45 # Copy over root's dotfiles from one of the other machines. 46 # Perhaps a useful change is to remove the default aliases 47 cd /root 48 ls -l .bashrc 49 ls -l .ldapvirc 50 ls -l .screenrc 51 ls -l .ssh 52 ls -l .vimrc 53 ls -l .k5login 54 # Trying to scp from server to server won't work, as scp 55 # will attempt to negotiate a server-to-server connection. 56 # Instead, scp to your trusted machine as a temporary file, 57 # and then push to the other server 58 scp -r root@$source_server:~/{.bashrc,.ldapvirc,.screenrc,.ssh,.vimrc,.k5login} . 59 scp -r {.bashrc,.ldapvirc,.screenrc,.ssh,.vimrc,.k5login} root@$server:~ 60 61 # Install the initial set of credentials (to get Kerberized logins once 62 # krb5 is installed). Otherwise, SCP'ing things in will be annoying. 63 # o You probably installed the machine keytab long ago 64 ls -l /etc/krb5.keytab 65 # Use ktutil to combine the host/scripts.mit.edu and 66 # host/scripts-vhosts.mit.edu keys with host/this-server.mit.edu in 67 # the keytab. Do not use 'k5srvutil change' on the combined keytab 68 # or you'll break the other servers. (real servers only). Be 69 # careful about writing out the keytab: if you write it to an 70 # existing file the keys will just get appended. The correct 71 # credential list should look like: 72 # ktutil: l 73 # slot KVNO Principal 74 # ---- ---- --------------------------------------------------------------------- 75 # 1 5 host/old-faithful.mit.edu@ATHENA.MIT.EDU 76 # 2 3 host/scripts-vhosts.mit.edu@ATHENA.MIT.EDU 77 # 3 2 host/scripts.mit.edu@ATHENA.MIT.EDU 78 # o Replace the ssh host keys with the ones common to all scripts servers (real servers only) 79 ls -l /etc/ssh/*key* 80 # You can do that with: 81 scp root@$source_server:/etc/ssh/*key* . 82 scp *key* root@$server:/etc/ssh/ 83 service sshd reload 79 84 80 85 # Check out the scripts /etc configuration 86 # backslash to make us not use the alias 81 87 cd /root 82 svn co svn://scripts.mit.edu/$branch/server/fedora/config/etc etc83 # backslash to make us not use the alias84 88 \cp -a etc / 89 chmod 0440 /etc/sudoers 85 90 86 91 # NOTE: You will have just lost DNS resolution and the ability … … 90 95 # you have named. 91 96 92 service named start 93 chkconfig named on 94 95 # In the case of the Kerberos libraries, you'll be told that 96 # there are conflicting files with the 64-bit versions of the packages, 97 # which we scriptsify. You'll have to use --force to install those 98 # rpms despite the conflicts. After doing that, you may want to 99 # install the corresponding 64-bit scriptsified versions again, just 100 # to be safe in case the 32-bit versions overwrite files that differ. 101 # When you try this, it will complain that you already have the same 102 # version installed; again, you'll need to use --force to do it anyway. 103 104 # We need yumdownloader to force some RPMs 105 # XXX: This might be wrong. Sanity check what packages ou 106 # have when done 107 YUM install -y yum-utils 108 yumdownloader krb5-libs 109 # XXX: These version numbers are hardcoded, need some cli-fu to generalize 110 rpm -i krb5-libs-*.i586.rpm 111 rpm -U --force krb5-libs-*.scripts.1138.x86_64.rpm 112 113 # env NSS_NONLOCAL_IGNORE=1 yum install scripts-base 114 YUM install -y scripts-base 115 116 # Remember to set NSS_NONLOCAL_IGNORE=1 anytime you're setting up 117 # anything, e.g. using yum. Otherwise useradd will query LDAP in a stupid way 118 # that makes it hang forever. (This is why we're using YUM, not yum) 119 120 # Reload the iptables config to take down the restrictive firewall 121 service iptables restart 122 123 # Copy over root's dotfiles from one of the other machines. 124 # Perhaps a useful change is to remove the default aliases 125 # On 2009-07-01, the dotfiles to transfer where: 126 # .bashrc .ldapvirc (<- HAS PRIVILEDGED DATA) 127 # .screenrc .ssh (<- directory) .vimrc 128 # Trying to scp from server to server won't work, as scp 129 # will attempt to negotiate a server-to-server connection. 130 # Instead, scp to your trusted machine as a temporary file, 131 # and then push to the other server 132 # You'll need some way to authenticate to the server, and since 133 # password logins are disabled, you'll need some way of 134 # temporarily giving yourself credentials. On a test server, 135 # reenabling password authentication is ok: frob /etc/pam.d/sshd 136 # and reverse apply r1068. 97 # NOTE: You can get password SSH back by editing /etc/ssh/sshd_config (allow 98 # password auth) and /etc/pam.d/sshd (comment out the first three auth 99 # lines). However, you should have the Kerberos credentials in place 100 # so as soon as you install the full set of Scripts packages, you'll get 101 # Kerberized logins. 102 103 # Make sure network is working. If this is a new server name, you'll 104 # need to add it to /etc/hosts and 105 # /etc/sysconfig/network-scripts/route-eth1. Kickstart should have 106 # configured eth0 and eth1 correctly; use service network restart 107 # to add the new routes in route-eth1. 108 service network restart 109 route 110 ifconfig 111 cat /etc/hosts 112 cat /etc/sysconfig/network-scripts/route-eth1 113 114 # This is the point at which you should start updating scriptsified 115 # packages for a new Fedora release. Consult 'upgrade-tips' for more 116 # information. 117 yum install -y scripts-base 118 # Some of these packages are naughty and clobber some of our files 119 cd /etc 120 svn revert resolv.conf hosts sysconfig/openafs 137 121 138 122 # Replace rsyslog with syslog-ng by doing: 139 123 rpm -e --nodeps rsyslog 140 YUMinstall -y syslog-ng124 yum install -y syslog-ng 141 125 chkconfig syslog-ng on 142 126 143 # Install various dependencies of the scripts system, including 144 # glibc-devel.i586 (ezyang: already installed for me), 145 # python-twisted-core (ditto), mod_fcgid, nrpe, nagios-plugins-all. 146 YUM install -y mod_fcgid 147 YUM install -y nrpe 148 YUM install -y nagios-plugins-all 149 150 # Disable NetworkManager with chkconfig NetworkManager off. Configure 151 # networking on the front end and back end, and the routing table to send 152 # traffic over the back end. Make sure that chkconfig reports "network" on, so 153 # that the network will still be configured at next boot. 154 # ezyang: For me, NetworkManager was not installed at this point, and 155 # we had already done the basic config for networking front end and 156 # back end (because I wanted ssh access, and not just conserver access) 157 158 # Fix the openafs /usr/vice/etc <-> /etc/openafs mapping by changing 159 # /usr/vice/etc/cacheinfo to contain: 160 # /afs:/usr/vice/cache:10000000 161 # Also fix ThisCell to contain athena.mit.edu in both directories 162 # WARNING: if you're installing a test server, this needs to be much 163 # smaller; the max filesize on XVM is 10GB. Pick something like 164 # 500000 127 # Fix the openafs /usr/vice/etc <-> /etc/openafs mapping. 165 128 echo "/afs:/usr/vice/cache:10000000" > /usr/vice/etc/cacheinfo 166 # ezyang: ThisCell on b-k and c-w don't have anything special 167 # written here 168 # If you're making a test server, some of the AFS parameters are 169 # kind of retarded (and if you're low on disk space, will actually 170 # exhaust our inodes). 171 # Edit the parameters in /etc/sysconfig/openafs 172 173 # Figure out why Zephyr isn't working. Most recently, it was because there 174 # was a 64-bit RPM installed; remove it and install Joe's 32-bit one 175 YUM erase -y mit-zephyr 176 # mit-zephyr has a spurious dependency on mit-krb-config 177 yumdownloader mit-zephyr.i386 178 # if deps change, this breaks 179 YUM install -y libXaw.i586 libXext.i586 libXmu.i586 ncurses-libs.i586 readline.i586 180 rpm -i --nodeps mit-zephyr-2.1-6-linux.i386.rpm 181 # test if it worked by sending an un-authed message 182 zwrite -d -c scripts -i test 183 184 # Install the athena-base, athena-lprng, and athena-lprng-misc RPMs 185 # from the Athena 9 build (these are present in our yum repo). Note 186 # that you will have to use --nodeps for at least one of the lprng 187 # ones because it thinks it needs the Athena hesiod RPM. It doesn't 188 # really. Before doing this, run it without --nodeps and arrange to 189 # install the rest of the things it really does depend on. This will 190 # include a bunch of 32-bit rpms; go ahead and install the .i586 versions 191 # of them. 192 YUM install -y athena-base 193 YUM install -y athena-lprng 194 yumdownloader athena-lprng-misc 195 # ezyang: I couldn't find any deps for this that existed in the repos 196 # You might get a "find: `/usr/athena/info': No such file or directory" 197 # error; this is fine 198 rpm -i --nodeps athena-lprng-misc-9.4-0.i386.rpm 129 echo "athena.mit.edu" > /usr/vice/etc/ThisCell 130 131 # [TEST SERVER] If you're installing a test server, this needs to be 132 # much smaller; the max filesize on XVM is 10GB. Pick something like 133 # 500000. Also, some of the AFS parameters are kind of retarded (and if 134 # you're low on disk space, will actually exhaust our inodes). Edit 135 # these parameters in /etc/sysconfig/openafs 136 137 # Test that zephyr is working 138 chkconfig zhm on 139 service zhm start 140 echo 'Test!' | zwrite -d -c scripts -i test 199 141 200 142 # Install the full list of RPMs that users expect to be on the 201 143 # scripts.mit.edu servers. 202 203 # on another server, run:204 144 rpm -qa --queryformat "%{Name}.%{Arch}\n" | sort > packages.txt 205 145 # arrange for packages.txt to be passed to the server, then run: 206 # notice that yum is not capitalized 207 # Also notice skip-broken 208 cat packages.txt | NSS_NONLOCAL_IGNORE=1 xargs yum install -y --skip-broken 146 # --skip-broken will (usually) prevent you from having to sit through 147 # several minutes of dependency resolution until it decides that 148 # it can't install /one/ package. 149 yum install -y --skip-broken $(cat packages.txt) 209 150 210 151 # Check which packages are installed on your new server that are not … … 212 153 # on the new machine. Otherwise, aside from bloat, you may end up 213 154 # with undesirable things for security, like sendmail. 214 rpm -qa --queryformat "%{Name}.%{Arch}\n" | sort > newpackages.txt 215 diff -u packages.txt newpackages.txt | less 216 # if all went well, you'll probably see multiple kernel versions 217 # as the only diff 218 # ezyang: I got exim installed as another package 155 rpm -qa --queryformat "%{Name}.%{Arch}\n" | grep -v kernel | sort > newpackages.txt 156 diff -u packages.txt newpackages.txt | grep -v kernel | less 219 157 # here's a cute script that removes all extra packages 220 diff -u packages.txt newpackages.txt | grep '+' | cut -c2- | grep -v "@" | grep -v "++" | xargs yum erase -y 158 yum erase -y $(grep -Fxvf packages.txt newpackages.txt) 159 160 # We need an upstream version of cgi which we've packaged ourselves, but 161 # it doesn't work with the haskell-platform package which expects 162 # explicit versions. So temporarily rpm -e the package, and then 163 # install it again after you install haskell-platform. [Note: You 164 # probably won't need this in Fedora 15 or something, when the Haskell 165 # Platform gets updated.] 166 rpm -e ghc-cgi-devel ghc-cgi 167 yum install -y haskell-platform 168 yumdownloader ghc-cgi 169 yumdownloader ghc-cgi-devel 170 rpm -i ghc-cgi*1.8.1*.rpm 221 171 222 172 # Check out the scripts /usr/vice/etc configuration 223 cd /root 224 mkdir vice 225 cd vice 226 svn co svn://scripts.mit.edu/trunk/server/fedora/config/usr/vice/etc etc 173 cd /root/vice 227 174 \cp -a etc /usr/vice 228 175 229 176 # Install the full list of perl modules that users expect to be on the 230 177 # scripts.mit.edu servers. 231 # - export PERL_MM_USE_DEFAULT=1 232 # - Run 'cpan', accept the default configuration, and do 'o conf 233 # prerequisites_policy follow'. 234 # - Parse the output of perldoc -u perllocal | grep head2 on an existing 235 # server, and "notest install" them from the cpan prompt. 236 # TO DO THIS: 237 # On another server, run: 238 # perldoc -u perllocal | grep head2 | cut -f 3 -d '<' | cut -f 1 -d '|' | sort -u | perl -ne 'chomp; print "notest install $_\n" if system("rpm -q --whatprovides \"perl($_)\" >/dev/null 2>/dev/null")' > /mit/scripts/config/perl-packages.txt 239 # Then on the server you're installing, 240 # cat perl-packages.txt | perl -MCPAN -e shell 178 cd /root 241 179 export PERL_MM_USE_DEFAULT=1 242 # XXX: Some interactive gobbeldygook 243 cpan 180 cpan # this is interactive, enter the next two lines 244 181 o conf prerequisites_policy follow 245 182 o conf commit … … 257 194 # /usr/lib64/python2.6/site-packages for Python eggs and modules. 258 195 # There will be a lot of gunk that was installed from packages; 259 # easy-install.pth will tell you what was easy_installed.196 # easy-install.pth in /usr/lib/ will tell you what was easy_installed. 260 197 # First use 'yum search' to see if the relevant package is now available 261 198 # as an RPM, and install that if it is. If not, then use easy_install. … … 263 200 # want to be able to write to ~/.python-eggs. (Also makes sourcediving 264 201 # easier.) 202 cat /usr/lib/python2.6/site-packages/easy-install.pth 265 203 # - Look at `gem list` for Ruby gems. 266 204 # Again, use 'yum search' and prefer RPMs, but failing that, 'gem install'. 267 205 # ezyang: rspec-rails depends on rspec, and will override the Yum 268 206 # package, so... don't use that RPM yet 207 gem list --no-version > gem.txt 208 gem install $(gem list --no-version | grep -Fxvf - gem.txt) 269 209 # - Look at `pear list` for Pear fruits (or whatever they're called). 270 210 # Yet again, 'yum search' for RPMs before resorting to 'pear install'. Note 271 211 # that for things in the beta repo, you'll need 'pear install package-beta'. 272 212 # (you might get complaints about the php_scripts module; ignore them) 213 pear list | tail -n +4 | cut -f 1 -d " " > pear.txt 214 pear config-set preferred_state beta 215 pear channel-update pear.php.net 216 pear install $(pear list | tail -n +4 | cut -f 1 -d " " | grep -Fxvf - pear.txt) 273 217 # - Look at `pecl list` for PECL things. 'yum search', and if you must, 274 218 # 'pecl install' needed items. If it doesn't work, try 'pear install 275 219 # pecl/foo' or 'pecl install foo-beta' or those two combined. 276 # Automating this... will require a lot of batonning between 277 # the servers. Probably best way to do it is to write an actual 278 # script. 220 pecl list | tail -n +4 | cut -f 1 -d " " > pecl.txt 221 pecl install --nodeps $(pecl list | tail -n +4 | cut -f 1 -d " " | grep -Fxvf - pecl.txt) 279 222 280 223 # Setup some Python config 281 224 echo 'import site, os.path; site.addsitedir(os.path.expanduser("~/lib/python2.6/site-packages"))' > /usr/lib/python2.6/site-packages/00scripts-home.pth 282 225 283 # Install the credentials. There are a lot of things to remember here :284 # o This will be different if you're setting up our build/update server.285 # o You probably installed the machine keytab long ago286 ls -l /etc/krb5.keytab 287 # o Use ktutil to combine the host/scripts.mit.edu and 288 # host/scripts-vhosts.mit.edu keys with host/this-server.mit.edu in 289 # the keytab. Do not use 'k5srvutil change' on the combined keytab 290 # or you'll break the other servers. (real servers only) 291 # o The daemon.scripts keytab 226 # Install the credentials. There are a lot of things to remember here. 227 # Be sure to make sure the permissions match up (ls -l on an existing 228 # server!). 229 scp root@$source_server:{/etc/{sql-mit-edu.cfg.php,daemon.keytab,pki/tls/private/scripts.key,signup-ldap-pw,whoisd-password},/home/logview/.k5login} . 230 scp daemon.keytab signup-ldap-pw whoisd-password sql-mit-edu.cfg.php root@$server:/etc 231 scp scripts.key root@$server:/etc/pki/tls/private 232 scp .k5login root@$server:/home/logview 233 chown afsagent:afsagent /etc/daemon.keytab 234 # o The daemon.scripts keytab (will be daemon.scripts-test for test) 292 235 ls -l /etc/daemon.keytab 293 236 # o The SSL cert private key (real servers only) 237 ls -l /etc/pki/tls/private/scripts.key 294 238 # o The LDAP password for the signup process (real servers only) 295 # o The SQL password for the signup process (real servers only) 239 ls -l /etc/signup-ldap-pw 296 240 # o The whoisd password (real servers only) 297 # o The LDAP keytab for this server, which will be used later (real servers only) 298 # o Replace the ssh host keys with the ones common to all scripts servers (real servers only) 299 # o You'll install an LDAP certificate signed by the scripts CA later (real servers only) 300 # o Make sure root's .k5login is correct 301 cat /root/.k5login 241 ls -l /etc/whoisd-password 302 242 # o Make sure logview's .k5login is correct (real servers only) 303 304 # If you are setting up a test server, pay attention to 243 cat /home/logview/.k5login 244 245 # Spin up OpenAFS. This will fail if there's been a new kernel since 246 # when you last tried. In that case, you can hold on till later to 247 # start OpenAFS. This will take a little bit of time; 248 service openafs-client start 249 250 # Check that fs sysname is correct. You should see, among others, 251 # 'amd64_fedoraX_scripts' (vary X) and 'scripts'. If it's not, you 252 # probably did a distro upgrade and should update /etc/sysconfig/openafs. 253 fs sysname 254 255 # [TEST SERVER] If you are setting up a test server, pay attention to 305 256 # /etc/sysconfig/network-scripts and do not bind scripts' IP address. 306 257 # You will also need to modify: … … 322 273 # XXX: someone should write sed scripts to do this 323 274 324 # If you are setting up a test server, afsagent's cronjob will attempt 325 # to be renewing with the wrong credentials (daemon.scripts). Change this: 275 # [TEST SERVER] If you are setting up a test server, afsagent's cronjob 276 # will attempt to be renewing with the wrong credentials 277 # (daemon.scripts). Change this: 326 278 vim /home/afsagent/renew # replace all mentions of daemon.scripts.mit.edu 327 279 328 # Install 389-ds-base and set up replication (see ./HOWTO-SETUP-LDAP 329 # and ./389-ds-enable-ssl-and-kerberos.diff). 280 # Set up replication (see ./install-ldap). 281 # You'll need the LDAP keytab for this server: be sure to chown it 282 # fedora-ds after you create the fedora-ds user 283 ls -l /etc/dirsrv/keytab 284 cat install-ldap 330 285 331 286 # Make the services dirsrv, nslcd, nscd, postfix, and httpd start at 332 287 # boot. Run chkconfig to make sure the set of services to be run is 333 288 # correct. 289 service nslcd start 290 service nscd start 291 service postfix start 292 service httpd start 334 293 chkconfig dirsrv on 335 294 chkconfig nslcd on … … 341 300 chkconfig nrpe on 342 301 302 # Check sql user credentials (needs to be done after LDAP is setup) 303 chown sql /etc/sql-mit-edu.cfg.php 304 343 305 # Postfix doesn't actually deliver mail; fix this 344 306 cd /etc/postfix … … 349 311 350 312 # Run fmtutil-sys --all, which does something that makes TeX work. 313 # (Note: this errors on XeTeX which is ok.) 351 314 fmtutil-sys --all 352 # ezyang: I got errors on xetex353 315 354 316 # Ensure that PHP isn't broken: … … 356 318 chmod 01777 /tmp/sessions 357 319 358 # Ensure fcgid isn't broken 359 chmod 755 /var/run/mod_fcgid # ezyang: I suspect this is no longer necessary320 # Ensure fcgid isn't broken (should be 755) 321 ls -ld /var/run/mod_fcgid 360 322 361 323 # Fix etc by making sure none of our config files got overwritten 362 324 cd /etc 363 svn status | grep M 364 # ezyang: I had to revert krb5.conf (not with latest), nsswitch.conf and sysconfig/openafs 325 svn status -q 326 # Some usual candidates for clobbering include nsswitch.conf and 327 # sysconfig/openafs 365 328 366 329 # ThisCell got clobbered, replace it with athena.mit.edu … … 368 331 369 332 # Reboot the machine to restore a consistent state, in case you 370 # changed anything. 371 # ezyang: When I rebooted, the following things happened: 372 # o Starting kdump failed (this is ok) 373 # o postfix mailbombed us 374 # o firstboot configuration screen popped up (ignored; manually will do 375 # chkconfig after the fact) 376 377 # (Optional) Beat your head against a wall. 378 379 # Possibly perform other steps that I've neglected to put in this 380 # document. 381 # o For some reason, syslog-ng wasn't turning on automatically, so we weren't 382 # getting spew 383 384 # Some info about changing hostnames: it appears to be in: 333 # changed anything. (Note: Starting kdump fails (this is ok)) 334 335 # [OPTIONAL] Your machine's hostname is baked in at install time; 336 # in the rare case you need to change it: it appears to be in: 385 337 # o /etc/sysconfig/network 386 338 # o your lvm thingies; probably don't need to edit 387 339 388 # More stuff for test servers340 # [TEST SERVER] More stuff for test servers 389 341 # - You need a self-signed SSL cert. Generate with: 390 342 openssl req -new -x509 -keyout /etc/pki/tls/private/scripts.key -out /etc/pki/tls/certs/scripts.cert -nodes … … 394 346 # be an accepted vhost name 395 347 # - Look at the old test server and see what config changes are floating around 348 349 # XXX: our SVN checkout should be updated to use scripts.mit.edu 350 # (repository and etc) once serving actually works. 351 cd /etc 352 svn switch --relocate svn://$source_server/ svn://scripts.mit.edu/ 353 cd /usr/vice/etc 354 svn switch --relocate svn://$source_server/ svn://scripts.mit.edu/ 355 cd /srv/repository 356 asbuild svn switch --relocate svn://$source_server/ svn://scripts.mit.edu/ 357 asbuild svn up # verify scripts.mit.edu works
Note: See TracChangeset
for help on using the changeset viewer.