In this document, `$HOST` is equivalent to `$(hostname)` (i.e. the first part of the fqdn). == Deploying an Update == Push all changes to the release branch, and tag as `release_${isodate}` (e.g. `release_20121022` for October 22nd, 2012). If you make multiple releases in a day append `-N` starting with `1`. Running the `deploy-domtool` script will then pull, build, and install domtool sitewide. To deploy on an individual host, use the `deploy-domtool-on-host` script. == New Machine == Ensure these Debian packages are installed: `mlton libssl-dev libpcre3-dev rsync` (our AutomatedSystemInstall does this for you) Create `/afs/hcoop.net/common/domtool/build/$HOST` Clone the `domtool2` repository and checkout release: {{{ cd /afs/hcoop.net/common/domtool/build/$HOST git clone /afs/hcoop.net/user/h/hc/hcoop/.hcoop-git/domtool2.git domtool2 cd domtool2 git checkout release }}} If a slave (the usual setup): * Add node to `HOSTS_SLAVE` (unless it is the new master) variable `deploy-domtool` script. Afterward the general deployment procedure should work. * Create the needed SSL certificate for the node by running (on the machine with the domtool certificate authority): `domtool-addcert $HOST` You will also need to create various work directories, although the preseed for the particular install should handle that. The first time DomTool is deployed to a host, it should be done manually using `deploy-domtool-on-host --slave --bootstrap` to install the proper sysvinit files. == etc. == * To make everyone's Emacs autoload domtool-mode by default, put this in `/usr/local/share/emacs/site-lisp/default.el`: {{{ (add-to-list 'load-path "/usr/local/share/emacs/site-lisp/domtool-mode") (require 'domtool-mode-startup) }}} * Make Domtool's scratch directory: {{{ sudo mkdir /var/domtool sudo chown domtool.domtool /var/domtool }}} * Create subdirectories of `/var/domtool` in the same way, depending on which services this slave will be managing. If this slave manages BIND, create `/var/domtool/zones`. If this slave manages Apache, create `/var/domtool/vhosts` and `/var/domtool/apache2_logs`. * If this slave manages BIND, make sure a UNIX group `bind_config` exists, as Domtool will try to `chgrp` all relevant configuration to that group. It doesn't really matter which users belong to the group, as these actions are performed as root. If the group doesn't exist, you can create it with: {{{ sudo groupadd bind_config }}} * If this slave manages BIND, make sure that the directory `/etc/bind/zones` exists. * Create Domtool's log file and set the right permissions on it: {{{ sudo touch /var/log/domtool.log sudo chown domtool.domtool /var/log/domtool.log }}} * Configure Certifications and keys * If setting up the disptacher possibly set up local CA and SSL, and certificate for a node as said on [[DomTool/SslProcedures]], and manually copy the certificate and key into the right places:{{{ mkdir ~domtool/keys/$HOST cp serverkey.pem ~domtool/keys/$HOST/key.pem cp servercert.pem ~domtool/certs/$HOST.pem }}} * Be sure a keytab for `domtool` is in `/etc/keytabs/domtool`, with permissions set so that `domtool` can read it but random users can't. You might copy the file from deleuze. * Try starting the slave server: {{{ sudo /etc/init.d/domtool-slave start }}} * After ensuring that the slave starts make the slave (or server) starts at boot {{{ sudo insserv domtool-slave }}} ---- CategorySystemAdministration CategoryNeedsWork