welcome: please sign in

Diff for "DomTool/Installation"

Differences between revisions 12 and 13
Revision 12 as of 2010-12-01 05:57:02
Size: 2423
Editor: ClintonEbadi
Comment: easier way to setup the certificate for a slave
Revision 13 as of 2010-12-05 21:39:29
Size: 2560
Editor: ClintonEbadi
Comment:
Deletions are marked like this. Additions are marked like this.
Line 52: Line 52:
 * After ensuring that the slave starts make the slave (or server) starts at boot
{{{
sudo update-rc.d domtool-slave defaults 99
}}}

To deploy DomTool on a new HCoop machine:

  • Install these Debian packages: mlton libssl-dev libpcre3-dev rsync

  • Change to an appropriate directory for your personal check-out of the domtool2 git repo and run: 

git clone /afs/hcoop.net/user/h/hc/hcoop/.hcoop-git/domtool2.git
cd domtool2
  • Run: 

make
sudo make install

  • To make everyone's Emacs autoload domtool-mode by default, put this in /usr/local/share/emacs/site-lisp/default.el: 

(add-to-list 'load-path "/usr/local/share/emacs/site-lisp/domtool-mode")
(require 'domtool-mode-startup)

  • Add a local domtool user: 

sudo useradd -d /afs/hcoop.net/common/etc/domtool -s /bin/false domtool
  • Make Domtool's scratch directory: 

sudo mkdir /var/domtool
sudo chown domtool.domtool /var/domtool

  • Create subdirectories of /var/domtool in the same way, depending on which services this slave will be managing. If this slave manages BIND, create /var/domtool/zones. If this slave manages Apache, create /var/domtool/vhosts and /var/domtool/apache2_logs.

  • If this slave manages BIND, make sure a UNIX group bind_config exists, as Domtool will try to chgrp all relevant configuration to that group. It doesn't really matter which users belong to the group, as these actions are performed as root. If the group doesn't exist, you can create it with: 

sudo groupadd bind_config

  • If this slave manages BIND, make sure that the directory /etc/bind/zones exists.

  • Create Domtool's log file and set the right permissions on it: 

sudo touch /var/log/domtool.log
sudo chown domtool.domtool /var/log/domtool.log
  • Configure Certifications and keys

    • If setting up the disptacher possibly set up local CA and SSL, and certificate for a node as said on DomTool/SslProcedures, and manually copy the certificate and key into the right places:

      mkdir ~domtool/keys/$HOST
cp serverkey.pem ~domtool/keys/$HOST/key.pem
cp servercert.pem ~domtool/certs/$HOST.pem

    • If setting up a slave run domtool-addcert $HOST to create the needed OpenSSL certificate and key for the machine

  • Be sure a keytab for domtool is in /etc/keytabs/domtool, with permissions set so that domtool can read it but random users can't. You might copy the file from deleuze.

  • Try starting the slave server: 

sudo /etc/init.d/domtool-slave start
  • After ensuring that the slave starts make the slave (or server) starts at boot 

sudo update-rc.d domtool-slave defaults 99

DomTool/Installation (last edited 2018-04-19 02:12:01 by ClintonEbadi)