Changeset 2050 for branches/fc15-dev/server/doc
- Timestamp:
- Nov 13, 2011, 2:01:17 AM (13 years ago)
- Location:
- branches/fc15-dev/server/doc
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/fc15-dev/server/doc/install-howto.sh
r2047 r2050 79 79 yum remove NetworkManager 80 80 81 # Make sure sendmail isn't installed 82 yum remove sendmail 83 81 84 # Check out the scripts /etc configuration 82 85 cd /root … … 100 103 # Some of these packages are naughty and clobber some of our files 101 104 cd /etc 102 svn revert resolv.conf hosts sysconfig/openafs 105 svn revert resolv.conf hosts sysconfig/openafs nsswitch.conf 103 106 104 107 # Replace rsyslog with syslog-ng by doing: … … 115 118 # it can't install /one/ package. 116 119 yum install -y --skip-broken $(cat packages.txt) 117 118 # Make sure sendmail isn't installed119 yum remove sendmail120 120 121 121 # Check which packages are installed on your new server that are not … … 135 135 # explicit versions. So temporarily rpm -e the package, and then 136 136 # install it again after you install haskell-platform. [Note: You 137 # probably won't need this in Fedora 1 5or something, when the Haskell137 # probably won't need this in Fedora 17 or something, when the Haskell 138 138 # Platform gets updated.] 139 139 rpm -e ghc-cgi-devel ghc-cgi … … 192 192 gem install $(gem list --no-version | grep -Fxvf - gem.txt) 193 193 # Also, we need to install the old rails version 194 gem install -v=2.3.5 rails 194 195 195 196 # - Look at `pear list` for Pear fruits (or whatever they're called). … … 210 211 # ----------------------------->8-------------------------------------- 211 212 # INFINITE CONFIGURATION 213 214 # Create fedora-ds user (needed for credit-card) 215 useradd -u 103 -r -d /var/lib/dirsrv fedora-ds 212 216 213 217 # Run credit-card to clone in credentials and make things runabble … … 296 300 cd /etc 297 301 svn status -q 298 # Some usual candidates for clobbering include nsswitch.conf and299 # sysconfig/openafs302 # Some usual candidates for clobbering include nsswitch.conf, 303 # resolv.conf and sysconfig/openafs 300 304 # [WIZARD/TEST] Remember that changes you made should not get 301 305 # reverted! 302 303 # ThisCell got clobbered, replace it with athena.mit.edu304 echo "athena.mit.edu" > /usr/vice/etc/ThisCell305 306 306 307 # Reboot the machine to restore a consistent state, in case you -
branches/fc15-dev/server/doc/install-ldap
r2016 r2050 1 To set up a new LDAP server: 2 3 - Install the RPM 389-ds-base with yum (these are installed by kickstart 4 these days, so these two steps are probably not necessary) 5 root# yum install -y 389-ds-base 6 root# yum install -y policycoreutils-python 7 root# yum install -y ldapvi 8 - We want to run the directory server as its own user, so create fedora-ds 9 root# useradd -u 103 -r -d /var/lib/dirsrv fedora-ds 10 - Temporarily move away the existing slapd-scripts folder 11 root# mv /etc/dirsrv/slapd-scripts{,.bak} 12 - root# /usr/sbin/setup-ds.pl 13 - Choose a typical install 14 - Tell it to use the fedora-ds user and group 15 - Directory server identifier: scripts 16 Needed to remove this from the config file first 17 - Suffix: dc=scripts,dc=mit,dc=edu 18 - Input directory manager password 19 (this can be found in ~/.ldapvirc) 20 - Move the schema back 21 root# cp -R /etc/dirsrv/slapd-scripts.bak/{.svn,*} /etc/dirsrv/slapd-scripts 22 root# rm -Rf /etc/dirsrv/slapd-scripts.bak 23 - Turn dirsrv off: service dirsrv stop 24 - Apply the following configuration changes. If you're editing 25 dse.ldif, you don't want dirsrv to be on, otherwise it will 26 overwrite your changes. [XXX: show how to do these changes with 27 dsconf, which is the "blessed" method] 1 # To set up a new LDAP server: 2 3 # Temporarily move away the existing slapd-scripts folder 4 mv /etc/dirsrv/slapd-scripts{,.bak} 5 6 # Setup directory server 7 /usr/sbin/setup-ds.pl 8 # - Choose a typical install 9 # - Tell it to use the fedora-ds user and group 10 # - Directory server identifier: scripts 11 # - Suffix: dc=scripts,dc=mit,dc=edu 12 # - Input directory manager password 13 # (this can be found in ~/.ldapvirc) 14 15 # Move the schema back 16 cp -R /etc/dirsrv/slapd-scripts.bak/{.svn,*} /etc/dirsrv/slapd-scripts 17 rm -Rf /etc/dirsrv/slapd-scripts.bak 18 19 # Turn dirsrv off: 20 systemctl stop dirsrv.service 21 22 # Apply the following configuration changes. If you're editing 23 # dse.ldif, you don't want dirsrv to be on, otherwise it will 24 # overwrite your changes. [XXX: show how to do these changes with 25 # dsconf, which is the "blessed" method, although it seems 26 # dsconf only exists for Red Hat] 27 28 vim /etc/dirsrv/slapd-scripts/dse.ldif 29 <<<EOF 28 30 29 31 # Inside cn=config. These changes definitely require a restart. 30 nsslapd-ldapifilepath: /var/run/slapd-scripts.socket [NOTE: didn't need to do this]31 32 nsslapd-ldapilisten: on 32 33 nsslapd-syntaxcheck: off … … 49 50 nsSaslMapFilterTemplate: (objectClass=posixAccount) 50 51 51 - Put LDAP keytab (ldap/hostname.mit.edu) in /etc/dirsrv/keytab. Make 52 sure you chown/chgrp it to be readable by fedora-ds 53 - Uncomment and modify in /etc/sysconfig/dirsrv: KRB5_KTNAME=/etc/dirsrv/keytab ; export KRB5_KTNAME 54 [NOTE: didn't need to do this either] 55 - chown fedora-ds:fedora-ds /var/run/dirsrv 56 - chown fedora-ds /etc/dirsrv/keytab 57 - /sbin/service dirsrv start 58 - Use ldapvi -b cn=config to add these indexes (8 of them): 52 EOF; 53 54 systemctl start dirsrv.service 55 56 ldapvi -b cn=config 57 # Add these indexes (8 of them): 58 59 <<<EOF 59 60 60 61 add cn=apacheServerName, cn=index, cn=userRoot, cn=ldbm database, cn=plugins, cn=config … … 121 122 nsIndexType: eq 122 123 nsIndexType: pres 124 125 EOF; 123 126 124 127 - Build the indexes for all the fields: … … 185 188 186 189 Here's how you do it. 190 191 NOTE: There's this spiffy new tool MMR hammer which automates some of 192 this process. Check the "MMR Hammer" sections to see how. Install it 193 here: https://github.com/ezyang/mmr-hammer 187 194 188 195 0. Tell -c scripts not to go off and reboot servers until you're … … 253 260 risky step of the process; see below for help debugging problems. 254 261 255 WARNING: There is a known bug doing full updates from 1.2.6 to 256 1.2.6, see https://bugzilla.redhat.com/show_bug.cgi?id=637852 262 MMR Hammer: mmr-hammer -h $MASTER init agreements $SLAVE 257 263 258 264 ldapvi -b cn=\"dc=scripts,dc=mit,dc=edu\",cn=mapping\ tree,cn=config … … 283 289 6. Replicate in the other direction. On $MASTER, add $SLAVE 284 290 as a nsDS5ReplicaBindDN in cn=replica,cn="dc=scripts,dc=mit,dc=edu",cn=mapping tree,cn=config 285 Also, add an account for $SLAVE 291 Also, add an account for $SLAVE if it doesn't exist already. 286 292 287 293 add uid=ldap/$SLAVE,ou=People,dc=scripts,dc=mit,dc=edu … … 291 297 292 298 On $SLAVE, 299 300 MMR Hammer: mmr-hammer -h $SLAVE init agreements $MASTER 293 301 294 302 add cn="GSSAPI Replication to $MASTER", cn=replica, cn="dc=scripts,dc=mit,dc=edu", cn=mapping tree, cn=config … … 319 327 new server. 320 328 329 With MMR hammer, that's something like: 330 331 for i in $SERVER_NAMES; do mmr-hammer -h $i init agreements $SERVER_NAMES; done 332 321 333 8. If at this point you look at the new server's changelog with 322 334 cl-dump (preferably /mit/scripts/admin/cl-dump.pl, to not prompt you … … 327 339 also good for making sure the replication agreements actually work. 328 340 341 With MMR hammer, that's something like: 342 343 for i in $SERVER_NAMES; do mmr-hammer -h $i test; sleep 20; done 344 329 345 Troubleshooting 330 346 ===============
Note: See TracChangeset
for help on using the changeset viewer.