welcome: please sign in

Diff for "DomTool/Installation"

Differences between revisions 18 and 19
Revision 18 as of 2013-01-04 08:17:05
Size: 3349
Editor: ClintonEbadi
Comment: bind_config group is legacy from when we delegated maintenance to jsl
Revision 19 as of 2018-04-14 02:43:54
Size: 3347
Editor: ClintonEbadi
Comment: one command to clone
Deletions are marked like this. Additions are marked like this.
Line 21: Line 21:
git clone /afs/hcoop.net/user/h/hc/hcoop/.hcoop-git/domtool2.git domtool2
cd domtool2
git clone -b release /afs/hcoop.net/user/h/hc/hcoop/.hcoop-git/domtool2.git domtool2

In this document, $HOST is equivalent to $(hostname) (i.e. the first part of the fqdn).

1. Deploying an Update

Push all changes to the release branch, and tag as release_${isodate} (e.g. release_20121022 for October 22nd, 2012). If you make multiple releases in a day append -N starting with 1.

Running the deploy-domtool script will then pull, build, and install domtool sitewide.

To deploy on an individual host, use the deploy-domtool-on-host script.

2. New Machine

Ensure these Debian packages are installed: mlton libssl-dev libpcre3-dev rsync (our AutomatedSystemInstall does this for you)

Create /afs/hcoop.net/common/domtool/build/$HOST

Clone the domtool2 repository and checkout release:

cd /afs/hcoop.net/common/domtool/build/$HOST
git clone -b release /afs/hcoop.net/user/h/hc/hcoop/.hcoop-git/domtool2.git domtool2
git checkout release

If a slave (the usual setup):

  • Add node to HOSTS_SLAVE (unless it is the new master) variable deploy-domtool script. Afterward the general deployment procedure should work.

  • Create the needed SSL certificate for the node by running (on the machine with the domtool certificate authority): domtool-addcert $HOST

You will also need to create various work directories, although the preseed for the particular install should handle that.

The first time DomTool is deployed to a host, it should be done manually using deploy-domtool-on-host --slave --bootstrap to install the proper sysvinit files.

2.1. Work Directories

DomTool should create these during installation, but it does not yet (see Bug 935).

Domtool's scratch directory:

sudo mkdir /var/domtool
sudo chown domtool.nogroup /var/domtool

Create subdirectories of /var/domtool in the same way, depending on which services this slave will be managing: (incomplete)

  • bind: /var/domtool/zones

  • apache: /var/domtool/vhosts and /var/domtool/apache2_logs

  • firewall: /var/domtool/firewall

Domtool's log file:

sudo touch /var/log/domtool.log
sudo chown domtool.nogroup /var/log/domtool.log

3. etc.

  • To make everyone's Emacs autoload domtool-mode by default, put this in /usr/local/share/emacs/site-lisp/default.el:

(add-to-list 'load-path "/usr/local/share/emacs/site-lisp/domtool-mode")
(require 'domtool-mode-startup)
  • If this slave manages BIND, make sure that the directory /etc/bind/zones exists.

  • Configure Certifications and keys
    • If setting up the disptacher possibly set up local CA and SSL, and certificate for a node as said on DomTool/SslProcedures, and manually copy the certificate and key into the right places:

      mkdir ~domtool/keys/$HOST
      cp serverkey.pem ~domtool/keys/$HOST/key.pem
      cp servercert.pem ~domtool/certs/$HOST.pem
  • Be sure a keytab for domtool is in /etc/keytabs/domtool, with permissions set so that domtool can read it but random users can't. You might copy the file from deleuze.

  • Try starting the slave server:

sudo /etc/init.d/domtool-slave start
  • After ensuring that the slave starts, make the slave (or server) start at boot

sudo insserv domtool-slave


CategorySystemAdministration CategoryNeedsWork

DomTool/Installation (last edited 2018-04-19 02:12:01 by ClintonEbadi)