<<TableOfContents>>

{{{#!wiki note
In this document, `$HOST` is equivalent to `$(hostname)` (i.e. the first part of the fqdn,  e.g. `fritz` for `fritz.hcoop.net` `fritz`, we should probably switch to using the FQDN )
}}}

== Deploying an Update ==

Push all changes to the release branch, and tag as `release_${isodate}` (e.g. `release_20121022` for October 22nd, 2012). If you make multiple releases in a day append `-N` starting with `1`.

Running the `deploy-domtool` script will then pull, build, and install domtool sitewide.

To deploy on an individual host, use the `deploy-domtool-on-host` script.

== New Machine ==

Ensure these Debian packages are installed: `mlton libssl-dev libpcre3-dev rsync` (our AutomatedSystemInstall does this for you)

Create `/afs/hcoop.net/common/domtool/build/$HOST`

Clone the `domtool2` repository and checkout release:

{{{
cd /afs/hcoop.net/common/domtool/build/$HOST
git clone -b release /afs/hcoop.net/user/h/hc/hcoop/.hcoop-git/domtool2.git domtool2
}}}

If a slave (the usual setup):

 * Add node to `HOSTS_SLAVE` (unless it is the new master) variable `deploy-domtool` script. Afterward the general deployment procedure should work.
 * Create the needed SSL certificate for the node by running (on the machine with the domtool certificate authority): `domtool-addcert $HOST`

The first time DomTool is deployed to a host, it should be done manually using `deploy-domtool-on-host --slave --bootstrap` to ensure systemd units are installed and enabled.

=== Work Directories ===

DomTool should create these during installation, but it does not yet (see [[https://bugzilla.hcoop.net/show_bug.cgi?id=935|Bug 935]]).

At HCoop, Puppet should automatically create them.

Domtool's scratch directory:

{{{
sudo mkdir /var/domtool
sudo chown domtool.nogroup /var/domtool
}}}

Create subdirectories of `/var/domtool` in the same way, depending on which services this slave will be managing: (incomplete)

  * bind: `/var/domtool/zones`
  * apache: `/var/domtool/vhosts` and `/var/domtool/apache2_logs`
  * firewall: `/var/domtool/firewall`


== etc. ==

 * To make everyone's Emacs autoload domtool-mode by default, put this in `/usr/local/share/emacs/site-lisp/default.el`:
{{{
(add-to-list 'load-path "/usr/local/share/emacs/site-lisp/domtool-mode")
(require 'domtool-mode-startup)
}}}


 * If this slave manages BIND, make sure that the directory `/etc/bind/zones` exists.

 * Configure Certifications and keys
   * If setting up the disptacher possibly set up local CA and SSL, and certificate for a node as said on [[DomTool/SslProcedures]], and manually copy the certificate and key into the right places:{{{
mkdir ~domtool/keys/$HOST
cp serverkey.pem ~domtool/keys/$HOST/key.pem
cp servercert.pem ~domtool/certs/$HOST.pem
}}}

 * Be sure a keytab for `domtool` is in `/etc/keytabs/domtool`, with permissions set so that only `domtool` can read it. This is handled by puppet automatically at hcoop.

 * Try starting the slave server:
{{{
sudo service domtool-slave start
}}}
 * After ensuring that the slave starts, make the slave (or server) start at boot
{{{
sudo insserv domtool-slave
}}}
----
CategorySystemAdministration CategoryNeedsWork