Index: /trunk/server/doc/install-howto.sh =================================================================== --- /trunk/server/doc/install-howto.sh (revision 1381) +++ /trunk/server/doc/install-howto.sh (revision 1382) @@ -32,5 +32,5 @@ # sshd, udev-post, and nothing else. echo "--disabled" > /etc/sysconfig/system-config-firewall - for i in NetworkManager avahi-daemon bluetooth cups isdn nfslock pcscd restorecond rpcbind rpcgssd rpcidmapd sendmail; do + for i in NetworkManager avahi-daemon bluetooth cups isdn nfslock nfs pcscd restorecond rpcbind rpcgssd rpcidmapd sendmail; do chkconfig "$i" off done @@ -160,7 +160,14 @@ # /afs:/usr/vice/cache:10000000 # Also fix ThisCell to contain athena.mit.edu in both directories +# WARNING: if you're installing a test server, this needs to be much +# smaller; the max filesize on XVM is 10GB. Pick something like +# 500000 echo "/afs:/usr/vice/cache:10000000" > /usr/vice/etc/cacheinfo # ezyang: ThisCell on b-k and c-w don't have anything special # written here +# If you're making a test server, some of the AFS parameters are +# kind of retarded (and if you're low on disk space, will actually +# exhaust our inodes). +# Edit the parameters in /etc/sysconfig/openafs # Figure out why Zephyr isn't working. Most recently, it was because there @@ -194,15 +201,4 @@ # scripts.mit.edu servers. -# ezyang: Running the below I got file conflicts. To fix (since I had -# botched steps above), I manually compared package lists and installed -# them. If you've done the krb5 setup originally correctly, then -# write down what you had to do here. - yumdownloader krb5-devel - rpm -i --force krb5-devel-*.i586.rpm - rpm -U --force krb5-devel-*.scripts.1138.x86_64.rpm - yumdownloader krb5-server - rpm -i --force krb5-server-*.scripts.1138.x86_64.rpm - - # on another server, run: rpm -qa --queryformat "%{Name}.%{Arch}\n" | sort > packages.txt @@ -221,4 +217,6 @@ # as the only diff # ezyang: I got exim installed as another package + # here's a cute script that removes all extra packages + diff -u packages.txt newpackages.txt | grep '+' | cut -c2- | grep -v "@" | grep -v "++" | xargs yum erase -y # Check out the scripts /usr/vice/etc configuration @@ -271,5 +269,5 @@ # (you might get complaints about the php_scripts module; ignore them) # - Look at `pecl list` for PECL things. 'yum search', and if you must, -# 'pecl install' needed items. +# 'pecl install' needed items. (as of 2009-12-18 there are no extra pecl things) # Automating this... will require a lot of batonning between # the servers. Probably best way to do it is to write an actual @@ -354,5 +352,8 @@ cd /etc svn status | grep M - # ezyang: I had to revert krb5.conf, nsswitch.conf and sysconfig/openafs + # ezyang: I had to revert krb5.conf (not with latest), nsswitch.conf and sysconfig/openafs + +# ThisCell got clobbered, replace it with athena.mit.edu + echo "athena.mit.edu" > /usr/vice/etc/ThisCell # Reboot the machine to restore a consistent state, in case you @@ -368,7 +369,4 @@ # Possibly perform other steps that I've neglected to put in this # document. -# o In the first install of not-backward, ThisCell got clobbered, resulting -# in trying to get tickets from openafs.org. Not sure when it got -# clobbered -- ezyang # o For some reason, syslog-ng wasn't turning on automatically, so we weren't # getting spew @@ -377,2 +375,11 @@ # o /etc/sysconfig/network # o your lvm thingies; probably don't need to edit + +# More stuff for test servers +# - You need a self-signed SSL cert. Generate with: + openssl req -new -x509 -keyout /etc/pki/tls/private/scripts.key -out /etc/pki/tls/certs/scripts.cert -nodes +# Also make /etc/pki/tls/certs/ca.pem match up +# - Make (/etc/aliases) root mail go to /dev/null, so we don't spam people +# - Edit /etc/httpd/conf.d/scripts-vhost-names.conf to have scripts-fX-test.xvm.mit.edu +# be an accepted vhost name +# - Look at the old test server and see what config changes are floating around