|
Size: 3349
Comment: bind_config group is legacy from when we delegated maintenance to jsl
|
Size: 3347
Comment: one command to clone
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 21: | Line 21: |
| git clone /afs/hcoop.net/user/h/hc/hcoop/.hcoop-git/domtool2.git domtool2 cd domtool2 |
git clone -b release /afs/hcoop.net/user/h/hc/hcoop/.hcoop-git/domtool2.git domtool2 |
In this document, $HOST is equivalent to $(hostname) (i.e. the first part of the fqdn).
1. Deploying an Update
Push all changes to the release branch, and tag as release_${isodate} (e.g. release_20121022 for October 22nd, 2012). If you make multiple releases in a day append -N starting with 1.
Running the deploy-domtool script will then pull, build, and install domtool sitewide.
To deploy on an individual host, use the deploy-domtool-on-host script.
2. New Machine
Ensure these Debian packages are installed: mlton libssl-dev libpcre3-dev rsync (our AutomatedSystemInstall does this for you)
Create /afs/hcoop.net/common/domtool/build/$HOST
Clone the domtool2 repository and checkout release:
cd /afs/hcoop.net/common/domtool/build/$HOST git clone -b release /afs/hcoop.net/user/h/hc/hcoop/.hcoop-git/domtool2.git domtool2 git checkout release
If a slave (the usual setup):
Add node to HOSTS_SLAVE (unless it is the new master) variable deploy-domtool script. Afterward the general deployment procedure should work.
Create the needed SSL certificate for the node by running (on the machine with the domtool certificate authority): domtool-addcert $HOST
You will also need to create various work directories, although the preseed for the particular install should handle that.
The first time DomTool is deployed to a host, it should be done manually using deploy-domtool-on-host --slave --bootstrap to install the proper sysvinit files.
2.1. Work Directories
DomTool should create these during installation, but it does not yet (see Bug 935).
Domtool's scratch directory:
sudo mkdir /var/domtool sudo chown domtool.nogroup /var/domtool
Create subdirectories of /var/domtool in the same way, depending on which services this slave will be managing: (incomplete)
bind: /var/domtool/zones
apache: /var/domtool/vhosts and /var/domtool/apache2_logs
firewall: /var/domtool/firewall
Domtool's log file:
sudo touch /var/log/domtool.log sudo chown domtool.nogroup /var/log/domtool.log
3. etc.
To make everyone's Emacs autoload domtool-mode by default, put this in /usr/local/share/emacs/site-lisp/default.el:
(add-to-list 'load-path "/usr/local/share/emacs/site-lisp/domtool-mode") (require 'domtool-mode-startup)
If this slave manages BIND, make sure that the directory /etc/bind/zones exists.
- Configure Certifications and keys
If setting up the disptacher possibly set up local CA and SSL, and certificate for a node as said on DomTool/SslProcedures, and manually copy the certificate and key into the right places:
mkdir ~domtool/keys/$HOST cp serverkey.pem ~domtool/keys/$HOST/key.pem cp servercert.pem ~domtool/certs/$HOST.pem
Be sure a keytab for domtool is in /etc/keytabs/domtool, with permissions set so that domtool can read it but random users can't. You might copy the file from deleuze.
- Try starting the slave server:
sudo /etc/init.d/domtool-slave start
- After ensuring that the slave starts, make the slave (or server) start at boot
sudo insserv domtool-slave