To deploy DomTool on a new HCoop machine: * Install these Debian packages: `mlton libssl-dev libpcre3-dev rsync` * Change to an appropriate directory for your personal check-out of the `domtool2` CVS repo and run: {{{ cvs -d$YOU@hcoop.cvs.sourceforge.net:/cvsroot/hcoop co domtool2 cd domtool2 }}} * Run: {{{ make sudo make install }}} * To make everyone's Emacs autoload domtool-mode by default, put this in `/usr/local/share/emacs/site-lisp/default.el`: {{{ (add-to-list 'load-path "/usr/local/share/emacs/site-lisp/domtool-mode") (require 'domtool-mode-startup) }}} * Add a local `domtool` user: {{{ sudo useradd -d /afs/hcoop.net/common/etc/domtool -s /bin/false domtool }}} * Make Domtool's scratch directory: {{{ sudo mkdir /var/domtool sudo chown domtool.domtool /var/domtool }}} * Create subdirectories of `/var/domtool` in the same way, depending on which services this slave will be managing. If this slave manages BIND, create `/var/domtool/zones`. If this slave manages Apache, create `/var/domtool/vhosts` and `/var/domtool/apache2_logs`. * If this slave manages BIND, make sure a UNIX group `bind_config` exists, as Domtool will try to `chgrp` all relevant configuration to that group. It doesn't really matter which users belong to the group, as these actions are performed as root. If the group doesn't exist, you can create it with: {{{ sudo groupadd bind_config }}} * If this slave manages BIND, make sure that the directory `/etc/bind/zones` exists. * Create Domtool's log file and set the right permissions on it: {{{ sudo touch /var/log/domtool.log sudo chown domtool.domtool /var/log/domtool.log }}} * Set up local CA and SSL, and certificate for a node as said on [[DomTool/SslProcedures]] * Copy the certificate and key into the right places: {{{ mkdir ~domtool/keys/$HOST cp serverkey.pem ~domtool/keys/$HOST/key.pem cp servercert.pem ~domtool/certs/$HOST.pem }}} * Be sure a keytab for `domtool` is in `/etc/keytabs/domtool`, with permissions set so that `domtool` can read it but random users can't. You might copy the file from deleuze. * Try starting the slave server: {{{ sudo /etc/init.d/domtool-slave start }}}