232018-04-19 02:12:01ClintonEbadii'm redundant222018-04-19 01:59:35ClintonEbadi$HOST is short hostname212018-04-14 04:37:13ClintonEbadilog file is no longer used, systemd is used instead of init202018-04-14 02:49:29ClintonEbadi192018-04-14 02:43:54ClintonEbadione command to clone182013-01-04 08:17:05ClintonEbadibind_config group is legacy from when we delegated maintenance to jsl172012-12-30 20:39:14ClintonEbadimore reorg162012-12-30 20:26:42ClintonEbadiclarify where you must run domtool-addcert152012-12-24 02:02:01ClintonEbadiupdate install guide142012-12-20 22:12:58ClintonEbadithis page is a lie132010-12-05 21:39:29ClintonEbadi122010-12-01 05:57:02ClintonEbadieasier way to setup the certificate for a slave112010-12-01 05:16:24ClintonEbadi102010-02-16 17:59:06DavorOcelic92010-02-16 17:58:03DavorOcelic82010-02-16 17:53:19DavorOcelic72009-09-27 19:04:38AdamChlipalakeytab62009-09-27 17:09:15AdamChlipalaNo more 'make' failure!52008-07-07 04:27:52localhostconverted to 1.6 markup42008-03-15 15:57:47AdamChlipala/etc/bind/zones32008-03-15 15:57:02AdamChlipalaMore instructions22008-03-15 15:36:52AdamChlipalaFinishing the process12008-03-09 14:28:16AdamChlipalaIn this document, $HOST is equivalent to $(hostname) (i.e. the first part of the fqdn, e.g. fritz for fritz.hcoop.net fritz, we should probably switch to using the FQDN )

Push all changes to the release branch, and tag as release_${isodate} (e.g. release_20121022 for October 22nd, 2012). If you make multiple releases in a day append -N starting with 1. Running the deploy-domtool script will then pull, build, and install domtool sitewide. To deploy on an individual host, use the deploy-domtool-on-host script.

Ensure these Debian packages are installed: mlton libssl-dev libpcre3-dev rsync (our AutomatedSystemInstall does this for you) Create /afs/hcoop.net/common/domtool/build/$HOST Clone the domtool2 repository and checkout release: If a slave (the usual setup): Add node to HOSTS_SLAVE (unless it is the new master) variable deploy-domtool script. Afterward the general deployment procedure should work. Create the needed SSL certificate for the node by running (on the machine with the domtool certificate authority): domtool-addcert $HOST The first time DomTool is deployed to a host, it should be done manually using deploy-domtool-on-host --slave --bootstrap to ensure systemd units are installed and enabled.

DomTool should create these during installation, but it does not yet (see Bug 935). At HCoop, Puppet should automatically create them. Domtool's scratch directory: Create subdirectories of /var/domtool in the same way, depending on which services this slave will be managing: (incomplete) bind: /var/domtool/zones apache: /var/domtool/vhosts and /var/domtool/apache2_logs firewall: /var/domtool/firewall

To make everyone's Emacs autoload domtool-mode by default, put this in /usr/local/share/emacs/site-lisp/default.el: If this slave manages BIND, make sure that the directory /etc/bind/zones exists. Configure Certifications and keys If setting up the disptacher possibly set up local CA and SSL, and certificate for a node as said on DomTool/SslProcedures, and manually copy the certificate and key into the right places:Be sure a keytab for domtool is in /etc/keytabs/domtool, with permissions set so that only domtool can read it. This is handled by puppet automatically at hcoop. Try starting the slave server: After ensuring that the slave starts, make the slave (or server) start at boot CategorySystemAdministration CategoryNeedsWork