Index: /branches/fc13-dev/server/doc/install-fedora =================================================================== --- /branches/fc13-dev/server/doc/install-fedora (revision 1667) +++ /branches/fc13-dev/server/doc/install-fedora (revision 1668) @@ -2,143 +2,13 @@ ---------------------------------------- -1. Create the LVM partitions that the Scripts guest will use. +We use Kickstart to to initial Fedora configuration. Installing a new +vanilla machine is as easy as: -Our classic setup is 50GB for the main, root partition (/) and -10GB for our swap. You can consult what things look like -by using `lvdisplay`. Our naming convention is server-name-root -and server-name-swap. + xm create scripts-server machine_name=$MACHINE install=fXX && console $MACHINE -Creating new LVM partitions is done with `lvcreate`: +The only prompt (near the beginning of the install process) should be +for the root password, and at the end, when it asks you to reboot. +Say yes, and the machine will power down, and then restart without +the install parameter: - # Example values: - # SERVERNAME=whole-enchilada - # HOSTNAME=jay-leno - lvcreate -n $SERVERNAME-root $HOSTNAME --size 50.00G - lvcreate -n $SERVERNAME-swap $HOSTNAME --size 10.00G - -2. Acquire the network installation media for Fedora. - -Normally, you would download an ISO and kick off an installation -by burning it to a CD and booting off of that. Since we would like -to make as minimal a Fedora install as possible, we use a different -method. [XXX: Why do we actually do it this way? It seems kind -of convoluted] - -First, we need to create an appropriate installation directory, -which contains the necessary kernel images and bootstrapping code. -Navigate to a Fedora mirrors website, and find the correct release -from the linux/releases directory, then grab the contents of -Fedora/x86_64/os/isolinux. For example, getting the Fedora 13 installer -from mirrors.mit.edu would be: - - mkdir ~/f13-install - cd ~/f13-install - wget -r -nd ftp://mirrors.mit.edu/fedora/linux/releases/13/Fedora/x86_64/os/isolinux/ - -You can then spin up a Xen image for installation with: - - xm create scripts-server machine_name=$HOSTNAME install=f13 - -Note that the -install suffix was dropped. Get a console with `xm -console`. - -3. Tell Fedora where to get the real installer. - -You will now be in a curses installer interface. Since you are doing -a network install, you will need to configure your network and specify -the URL to install. Find the static hostname that you are planning -to install to and get its information with: - - stella $HOSTNAME - -Manually configure its IP, disabling IPv6 for now. The network mask is -16, and you can check '/etc/resolv.conf' if you don't remember what -MIT's DNS servers are. - -It will then ask you for an installation image. Continuing with our -F13 mirrors.mit.edu, the URL will look something like: - - ftp://mirrors.mit.edu/fedora/linux/releases/13/Fedora/x86_64/os - -4. Use VNC - -At this point, Fedora will ask you whether or not you want to use VNC -to continue the installation. Because Scripts has an unusual disk -image setup, you will want to answer yes. [XXX: Unfortunately, this puts -the VNC session on MITnet, so make sure you use a good password, and -we should figure out to make it not do that]. Grab your favorite -VNC client and login to $HOSTNAME:1 over SSH from the internal SIPB -network. - -5. Installation in VNC - -5.1. Disks to use - -We don't have any exotic devices (we did that at the host level, -recall), so you can use normal configuration. The scripts-server Xen -configuration will have automatically selected the LVM partitions you -created in Step 1, and you want both of them. - -5.2. Host - -The default hostname is all caps: we use lower-case, so lower-case the -name before proceeding. - -5.3. Timezone - -Self explanatory - -5.4. Root password - -Use Scripts root password for a real install, and fake password -otherwise. - -5.5 Formatting the disks - -You can find out what our existing setup looks like by consulting -'/etc/fstab'. - -Select Custom, and select both disks for formatting. Setup the larger -disk as the boot partition. Configure the partitions as follows: - - 50GB - Standard Partition - Mount Point: / - File System Type: ext3 (the default as of F13 is ext4, which - cannot be mounted by the hosts and thus should not be used!) - Additional Size Options: Fill to maximum allowable size (the - Size parameter will not do anything in that case) - Force to be primary partition - 10GB - Standard Partition - File System Type: swap - Additional Size Options: Fill to maximum allowable size - -5.6 Bootloader - -Defaults are fine. - -5.7 Installation - -Do a minimal install (we will proceed to install the packages we care -about), and add the normal F13 repository (testing and updates will be -added when we bring in our /etc configuration). Similarly, we will -install the software we want later, so there is no need to do that now. - -5.8 Reboot - -When the install finishes, it will ask you to reboot. This is fine, but -since we created the VM image with install, upon reboot it will ask us -to install again. Let it reboot, then destroy the virtual machine. - - xm destroy $SERVERNAME - -6. New World Order - -Start up the VM without the install flag: - - xm create scripts-server machine_name=$SERVERNAME - -You should have password SSH logins now too: - - ssh root@$SERVERNAME + xm create scripts-server machine_name=$MACHINE && console $MACHINE Index: /branches/fc13-dev/server/doc/install-howto.sh =================================================================== --- /branches/fc13-dev/server/doc/install-howto.sh (revision 1667) +++ /branches/fc13-dev/server/doc/install-howto.sh (revision 1668) @@ -1,3 +1,5 @@ # This document is a how-to for installing a Fedora scripts.mit.edu server. +# It is semi-vaguely in the form of a shell script, but is not really +# runnable as it stands. set -e -x @@ -14,6 +16,4 @@ # though, try adding NSS_NONLOCAL_IGNORE. -[ -e /scripts-boot-count ] || echo 0 > /scripts-boot-count - # This is actually just "pick an active scripts server". It can't be # scripts.mit.edu because our networking config points that domain @@ -22,46 +22,17 @@ source_server="cats-whiskers.mit.edu" -boot=${1:$(cat /scripts-boot-count)} - -# XXX: let 'branch' be the current svn branch you are on. You want to +# 'branch' is the current svn branch you are on. You want to # use trunk if your just installing a new server, and branches/fcXX-dev # if your preparing a server on a new Fedora release. - -doreboot() { - echo $(( $boot + 1 )) > /scripts-boot-count; - shutdown -r now "Rebooting for step $(cat /scripts-boot-count)" -} - -# Helper files for the install are located in server/fedora/config. - -# Start with a minimal install of Fedora. - -# Take updates +branch="trunk" + +# Start with a Scripts kickstarted install of Fedora (install-fedora) + +# Take updates, reboot if there's a kernel update. + yum update - -if [ $boot = 0 ]; then - -echo "--disabled" > /etc/sysconfig/system-config-firewall - -# Turn on network, so we can connect at boot -chkconfig network on - -# Edit /etc/selinux/config so it has SELINUX=disabled and reboot. - sed -i 's/^SELINUX=.*/SELINUX=disabled/' /etc/selinux/config - doreboot -fi - -if [ $boot = 1 ]; then -# Create a scripts-build user account, and set up rpm to build in -# $HOME by doing a -# cp config/home/scripts-build/.rpmmacros /home/scripts-build/ -# (If you just use the default setup, it will generate packages -# in /usr/src/redhat.) - adduser scripts-build # Check out the scripts.mit.edu svn repository. Configure svn not to cache # credentials. - - yum install -y subversion cd /srv @@ -87,12 +58,7 @@ # Run "make install-deps" to install various prereqs. Nonstandard # deps are in /mit/scripts/rpm. - yum install -y make make install-deps # You should pay close attention to the output of this command, and # note if packages you think should exist don't exist anymore. - -# Get some packages necessary for OpenAFS - yum install -y redhat-lsb - yum install -y autofs # Copy over root's dotfiles from one of the other machines. @@ -109,10 +75,4 @@ # and then push to the other server -# Add scripts-build to the group 'mock' - usermod -a -G mock scripts-build - -# Install bind - yum install -y bind - # Check out the scripts /etc configuration cd /root @@ -132,6 +92,14 @@ # keytabs and k5login to get Kerberized authentication. - service named start - chkconfig named on +# Make sure network is working. If this is a new server name, you'll +# need to add it to /etc/hosts and +# /etc/sysconfig/network-scripts/route-eth1. Kickstart should have +# configured eth0 and eth1 correctly; use service network restart +# to add the new routes in route-eth1. + route + ifconfig + cat /etc/hosts + cat /etc/sysconfig/network-scripts/route-eth1 + service network restart # This is the point at which you should start updating scriptsified @@ -140,7 +108,4 @@ yum install -y scripts-base - -# Reload the iptables config to take down the restrictive firewall - service iptables restart # Check that fs sysname is correct. You should see, among others, @@ -153,12 +118,4 @@ yum install -y syslog-ng chkconfig syslog-ng on - -# Install various dependencies of the scripts system, including -# glibc-devel.i586 (ezyang: already installed for me), -# python-twisted-core (ditto), mod_fcgid, nrpe, nagios-plugins-all. - yum install -y mod_fcgid - yum install -y nrpe - yum install -y nagios-plugins-all - yum install -y fprintd-pam # Fix the openafs /usr/vice/etc <-> /etc/openafs mapping. @@ -240,18 +197,22 @@ # want to be able to write to ~/.python-eggs. (Also makes sourcediving # easier.) + cat /usr/lib/python2.6/site-packages/easy-install.pth # - Look at `gem list` for Ruby gems. # Again, use 'yum search' and prefer RPMs, but failing that, 'gem install'. # ezyang: rspec-rails depends on rspec, and will override the Yum # package, so... don't use that RPM yet + gem list # - Look at `pear list` for Pear fruits (or whatever they're called). # Yet again, 'yum search' for RPMs before resorting to 'pear install'. Note # that for things in the beta repo, you'll need 'pear install package-beta'. # (you might get complaints about the php_scripts module; ignore them) + pear list # - Look at `pecl list` for PECL things. 'yum search', and if you must, # 'pecl install' needed items. If it doesn't work, try 'pear install # pecl/foo' or 'pecl install foo-beta' or those two combined. - # Automating this... will require a lot of batonning between - # the servers. Probably best way to do it is to write an actual - # script. + pecl list +# Automating this... will require a lot of batonning between +# the servers. Probably best way to do it is to write an actual +# script. # Setup some Python config @@ -317,7 +278,6 @@ vim /home/afsagent/renew # replace all mentions of daemon.scripts.mit.edu -# Install 389-ds-base and set up replication (see ./install-ldap). - yum install 389-ds-base - # [complicated procedure here] +# Set up replication (see ./install-ldap). + cat install-ldap # Make the services dirsrv, nslcd, nscd, postfix, and httpd start at @@ -356,10 +316,4 @@ # ThisCell got clobbered, replace it with athena.mit.edu echo "athena.mit.edu" > /usr/vice/etc/ThisCell - -# Kill unnecessary services. (It's probably good form to look through -# `chkconfig | grep on` manually) - for i in avahi-daemon isdn nfslock pcscd rpcbind rpcgssd rpcidmapd; do - chkconfig "$i" off - done # Reboot the machine to restore a consistent state, in case you Index: /branches/fc13-dev/server/doc/install-xen =================================================================== --- /branches/fc13-dev/server/doc/install-xen (revision 1667) +++ /branches/fc13-dev/server/doc/install-xen (revision 1668) @@ -43,2 +43,6 @@ git clone ssh://scripts@scripts.mit.edu/mit/scripts/git/xen.git /etc/xen +# setup conserver + cat /etc/conserver/console.cf # add the correct entires here + visudo # add conservr to sudoers list with: + conservr ALL=(ALL) NOPASSWD: /usr/sbin/xm console *