This document is a how-to for installing a Fedora server. Helper files for the install are located in server/fedora/config. * Start with a normal install of Fedora 9. * Edit /etc/selinux/config so it has SELINUX=disabled. * Check out the svn repository. Configure svn not to cache credentials. * cd to server/fedora in the svn repository. * Run "make install-deps" to install various prereqs. Nonstandard deps are in /mit/scripts/rpm. * Create a scripts-build user account, and set up rpm to build in $HOME by doing a cp config/home/scripts-build/.rpmmacros /home/scripts-build/ (If you just use the default setup, it will generate packages in /usr/src/redhat.) * su scripts-build - * Make sure that server/fedora (where you currently are) is writable by user scripts-build. * Use the Makefile to build the Fedora packages. - export PATH=$PATH:/usr/sbin - make download - make setup - make all - openafs-devel is a build-dependency of accountadm, so you'll need to install the openafs-devel package you just built by hand when that fails. * Then install the packages you just built as root: - yum localinstall --nogpgcheck accountadm-0.00-0.x86_64.rpm \ execsys-0.00-0.x86_64.rpm httpd* \ kmod-openafs-1.4.7- \ krb5-{debuginfo,devel,libs,pki,workstation-1}* \ logview-0.00-0.x86_64.rpm mit-zephyr-2.1-6-linux.x86_64.rpm \ mod_ssl-2.2.8-3.x86_64.rpm nss_nonlocal-* \ openafs-1.4.7-1.1.1.x86_64.rpm \ openafs-{authlibs,client,debuginfo,devel,docs,krb5}* openssh* \ sql-signup-0.00-0.x86_64.rpm tokensys-0.00-0.x86_64.rpm \ whoisd-0.00-0.x86_64.rpm * Rebuild mit-zephyr on a 32-bit machine, like the one at Joe's home. * Run "make suexec" and "make install-suexec" to overwrite /usr/sbin/suexec with one that works. The one installed by the newly-built Apache RPM is misconfigured. * Install and configure bind - env NSS_NONLOCAL_IGNORE=1 yum install bind - chkconfig named on - service named start * Check out the scripts /etc configuration, which is done most easily by $ svn co svn:// # \cp -a etc / * Reload the iptables config to take down the restrictive firewall service iptables restart * Copy over root's dotfiles from one of the other machines. * Replace rsyslog with syslog-ng by doing: # rpm -e --nodeps rsyslog # yum install syslog-ng * Install various dependencies of the scripts system, including syslog-ng, glibc-devel.i386, python-twisted-core, mod_fcgid, nrpe, nagios-plugins-all. * Disable NetworkManager (with yum remove). * Fix the openafs /usr/vice/etc <-> /etc/openafs mapping by changing /usr/vice/etc/cacheinfo to contain: /afs:/usr/vice/cache:10000000 * Figure out why Zephyr isn't working * Install the full list of RPMs that users expect to be on the servers. See server/doc/rpm and server/doc/rpm_snapshot. (Note that this is only a snapshot, and not all packages may in fact be in use.) * Install the full list of perl modules that users expect to be on the servers. See server/doc/perl and server/doc/perl_snapshot. - export PERL_MM_USE_DEFAULT=1 - Run 'cpan', accept the default configuration, and do 'o conf prerequisites_policy follow'. - Parse the output of perldoc -u perllocal | grep head2 on an existing server, and "notest install" them from the cpan prompt. * Install the Python eggs and Ruby gems and PEAR/PECL doohickeys that are on the other servers and do not have RPMs. - Look at /usr/lib/python2.5/site-packages for Python eggs and modules. - Look at `gem list` for Ruby gems. - Look at `pear list` for Pear fruits (or whatever they're called). * echo 'import site, os.path; site.addsitedir(os.path.expanduser("~/lib/python2.5/site-packages"))' > /usr/lib/python2.5/site-packages/00scripts-home.pth * Install the credentials (machine keytab, daemon.scripts keytab, SSL certs). * If you are setting up a test server, pay attention to /etc/sysconfig/network-scripts and do not bind scripts' IP address. You will also need to modify /etc/ldap.conf, /etc/openldap/ldap.conf, and /etc/httpd/conf.d/vhost_ldap.conf to use instead of localhost. * Install fedora-ds-base and set up replication (see ./HOWTO-SETUP-LDAP and ./fedora-ds-enable-ssl-and-kerberos.diff). * Install nslcd / nss-ldapd, which, unlike nss-ldap, doesn't crash every few hours. Add /sbin/service dirsrv start and /sbin/nslcd to /etc/rc.local, or better yet package nss-ldapd properly. * Make the services dirsrv, postfix, and httpd start at boot. * Run fmtutil-sys --all, which does something that makes TeX work. * (Optional) Beat your head against a wall. * I recommend setting noatime for the root filesystem in /etc/fstab. * Possibly perform other steps that I've neglected to put in this document.