|
Size: 2614
Comment: this page is a lie
|
Size: 3509
Comment: update install guide
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 1: | Line 1: |
| To deploy DomTool on a new HCoop machine: | In this document, `$HOST` is equivalent to `$(hostname)` (i.e. the first part of the fqdn). |
| Line 3: | Line 3: |
| * Install these Debian packages: `mlton libssl-dev libpcre3-dev rsync` * Change to an appropriate directory for your personal check-out of the `domtool2` git repo and run: |
== Deploying an Update == Push all changes to the release branch, and tag as `release_${isodate}` (e.g. `release_20121022` for October 22nd, 2012). If you make multiple releases in a day append `-N` starting with `1`. Running the `deploy-domtool` script will then pull, build, and install domtool sitewide. To deploy on an individual host, use the `deploy-domtool-on-host` script. == New Machine == Ensure these Debian packages are installed: `mlton libssl-dev libpcre3-dev rsync` (our AutomatedSystemInstall does this for you) Create `/afs/hcoop.net/common/domtool/build/$HOST` Clone the `domtool2` repository and checkout release: |
| Line 6: | Line 20: |
| cd /afs/hcoop.net/common/domtool/build/$HOST git clone /afs/hcoop.net/user/h/hc/hcoop/.hcoop-git/domtool2.git domtool2 cd domtool2 git checkout release }}} |
|
| Line 7: | Line 26: |
| git clone /afs/hcoop.net/user/h/hc/hcoop/.hcoop-git/domtool2.git cd domtool2 }}} * Run: {{{ make sudo make install }}} |
If a slave (the usual setup): * Add node to `HOSTS_SLAVE` (unless it is the new master) variable `deploy-domtool` script. Afterward the general deployment procedure should work. * Create the needed SSL certificate for the node by running: `domtool-addcert $HOST` You will also need to create various work directories, although the preseed for the particular install should handle that. The first time DomTool is deployed to a host, it should be done manually using `deploy-domtool-on-host --slave --bootstrap` to install the proper sysvinit files. == etc. == |
| Line 20: | Line 42: |
| * Add a local `domtool` user: {{{ sudo useradd -d /afs/hcoop.net/common/etc/domtool -s /bin/false domtool }}} |
|
| Line 46: | Line 66: |
| * If setting up a slave run `domtool-addcert $HOST` to create the needed OpenSSL certificate and key for the machine | |
| Line 54: | Line 74: |
| sudo update-rc.d domtool-slave defaults 99 | sudo insserv domtool-slave |
In this document, $HOST is equivalent to $(hostname) (i.e. the first part of the fqdn).
1. Deploying an Update
Push all changes to the release branch, and tag as release_${isodate} (e.g. release_20121022 for October 22nd, 2012). If you make multiple releases in a day append -N starting with 1.
Running the deploy-domtool script will then pull, build, and install domtool sitewide.
To deploy on an individual host, use the deploy-domtool-on-host script.
2. New Machine
Ensure these Debian packages are installed: mlton libssl-dev libpcre3-dev rsync (our AutomatedSystemInstall does this for you)
Create /afs/hcoop.net/common/domtool/build/$HOST
Clone the domtool2 repository and checkout release:
cd /afs/hcoop.net/common/domtool/build/$HOST git clone /afs/hcoop.net/user/h/hc/hcoop/.hcoop-git/domtool2.git domtool2 cd domtool2 git checkout release
If a slave (the usual setup):
Add node to HOSTS_SLAVE (unless it is the new master) variable deploy-domtool script. Afterward the general deployment procedure should work.
Create the needed SSL certificate for the node by running: domtool-addcert $HOST
You will also need to create various work directories, although the preseed for the particular install should handle that.
The first time DomTool is deployed to a host, it should be done manually using deploy-domtool-on-host --slave --bootstrap to install the proper sysvinit files.
3. etc.
To make everyone's Emacs autoload domtool-mode by default, put this in /usr/local/share/emacs/site-lisp/default.el:
(add-to-list 'load-path "/usr/local/share/emacs/site-lisp/domtool-mode") (require 'domtool-mode-startup)
- Make Domtool's scratch directory:
sudo mkdir /var/domtool sudo chown domtool.domtool /var/domtool
Create subdirectories of /var/domtool in the same way, depending on which services this slave will be managing. If this slave manages BIND, create /var/domtool/zones. If this slave manages Apache, create /var/domtool/vhosts and /var/domtool/apache2_logs.
If this slave manages BIND, make sure a UNIX group bind_config exists, as Domtool will try to chgrp all relevant configuration to that group. It doesn't really matter which users belong to the group, as these actions are performed as root. If the group doesn't exist, you can create it with:
sudo groupadd bind_config
If this slave manages BIND, make sure that the directory /etc/bind/zones exists.
- Create Domtool's log file and set the right permissions on it:
sudo touch /var/log/domtool.log sudo chown domtool.domtool /var/log/domtool.log
- Configure Certifications and keys
If setting up the disptacher possibly set up local CA and SSL, and certificate for a node as said on DomTool/SslProcedures, and manually copy the certificate and key into the right places:
mkdir ~domtool/keys/$HOST cp serverkey.pem ~domtool/keys/$HOST/key.pem cp servercert.pem ~domtool/certs/$HOST.pem
Be sure a keytab for domtool is in /etc/keytabs/domtool, with permissions set so that domtool can read it but random users can't. You might copy the file from deleuze.
- Try starting the slave server:
sudo /etc/init.d/domtool-slave start
- After ensuring that the slave starts make the slave (or server) starts at boot
sudo insserv domtool-slave