In this document, `$HOST` is equivalent to `$(hostname)` (i.e. the first part of the fqdn). == Deploying an Update == Push all changes to the release branch, and tag as `release_${isodate}` (e.g. `release_20121022` for October 22nd, 2012). If you make multiple releases in a day append `-N` starting with `1`. Running the `deploy-domtool` script will then pull, build, and install domtool sitewide. To deploy on an individual host, use the `deploy-domtool-on-host` script. == New Machine == Ensure these Debian packages are installed: `mlton libssl-dev libpcre3-dev rsync` (our AutomatedSystemInstall does this for you) Create `/afs/hcoop.net/common/domtool/build/$HOST` Clone the `domtool2` repository and checkout release: {{{ cd /afs/hcoop.net/common/domtool/build/$HOST git clone /afs/hcoop.net/user/h/hc/hcoop/.hcoop-git/domtool2.git domtool2 cd domtool2 git checkout release }}} If a slave (the usual setup): * Add node to `HOSTS_SLAVE` (unless it is the new master) variable `deploy-domtool` script. Afterward the general deployment procedure should work. * Create the needed SSL certificate for the node by running (on the machine with the domtool certificate authority): `domtool-addcert $HOST` You will also need to create various work directories, although the preseed for the particular install should handle that. The first time DomTool is deployed to a host, it should be done manually using `deploy-domtool-on-host --slave --bootstrap` to install the proper sysvinit files. === Work Directories === DomTool should create these during installation, but it does not yet (see [[https://bugzilla.hcoop.net/show_bug.cgi?id=935|Bug 935]]). Domtool's scratch directory: {{{ sudo mkdir /var/domtool sudo chown domtool.nogroup /var/domtool }}} Create subdirectories of `/var/domtool` in the same way, depending on which services this slave will be managing: (incomplete) * bind: `/var/domtool/zones` * apache: `/var/domtool/vhosts` and `/var/domtool/apache2_logs` * firewall: `/var/domtool/firewall` Domtool's log file: {{{ sudo touch /var/log/domtool.log sudo chown domtool.nogroup /var/log/domtool.log }}} == etc. == * To make everyone's Emacs autoload domtool-mode by default, put this in `/usr/local/share/emacs/site-lisp/default.el`: {{{ (add-to-list 'load-path "/usr/local/share/emacs/site-lisp/domtool-mode") (require 'domtool-mode-startup) }}} * If this slave manages BIND, make sure that the directory `/etc/bind/zones` exists. * Configure Certifications and keys * If setting up the disptacher possibly set up local CA and SSL, and certificate for a node as said on [[DomTool/SslProcedures]], and manually copy the certificate and key into the right places:{{{ mkdir ~domtool/keys/$HOST cp serverkey.pem ~domtool/keys/$HOST/key.pem cp servercert.pem ~domtool/certs/$HOST.pem }}} * Be sure a keytab for `domtool` is in `/etc/keytabs/domtool`, with permissions set so that `domtool` can read it but random users can't. You might copy the file from deleuze. * Try starting the slave server: {{{ sudo /etc/init.d/domtool-slave start }}} * After ensuring that the slave starts, make the slave (or server) start at boot {{{ sudo insserv domtool-slave }}} ---- CategorySystemAdministration CategoryNeedsWork