Index: trunk/server/doc/install-howto.sh =================================================================== --- trunk/server/doc/install-howto.sh (revision 2214) +++ trunk/server/doc/install-howto.sh (revision 2246) @@ -77,4 +77,7 @@ # XXX We should make Kickstart work for test servers too +# Make sure selinux is disabled + selinuxenabled || echo "selinux not enabled" + # Take updates, reboot if there's a kernel update. yum update -y @@ -96,6 +99,12 @@ \cp -a etc / chmod 0440 /etc/sudoers + grub2-mkconfig -o /boot/grub2/grub.cfg # [TEST] You'll need to fix some config now. See bottom of document. + +# Stop /etc/resolv.conf from getting repeatedly overwritten by +# purging DNS servers from ifcfg-eth0 and ifcfg-eth1 + vim /etc/sysconfig/network-scripts/ifcfg-eth0 + vim /etc/sysconfig/network-scripts/ifcfg-eth1 # Make sure network is working. Kickstart should have @@ -246,5 +255,5 @@ gem install $(gem list --no-version | grep -Fxvf - gem.txt) # Also, we need to install the old rails version - gem install -v=2.3.5 rails + gem install -v=2.3.14 rails # These are in /usr @@ -340,15 +349,15 @@ cat install-ldap -# Enable lots of services +# Enable lots of services (currently in /etc checkout) systemctl enable openafs-client.service - systemctl enable dirsrv.service + systemctl enable dirsrv.target systemctl enable nslcd.service systemctl enable nscd.service systemctl enable postfix.service - systemctl enable nrpe.service + systemctl enable nrpe.service # chkconfig'd systemctl enable httpd.service # not for [WIZARD] systemctl start openafs-client.service - systemctl start dirsrv.service + systemctl start dirsrv.target systemctl start nslcd.service systemctl start nscd.service @@ -360,6 +369,5 @@ # among others, 'amd64_fedoraX_scripts' (vary X) and 'scripts'. If it's # not, you probably did a distro upgrade and should update -# /etc/sysconfig/openafs (XXX this is wrong: figuring out new -# systemd world order). +# tokensys (server/common/oursrc/tokensys/scripts-afsagent-startup.in) fs sysname @@ -374,4 +382,7 @@ # (Note: this errors on XeTeX which is ok.) fmtutil-sys --all + +# Check for unwanted setuid/setgid binaries + find / -xdev -not -perm -o=x -prune -o -type f -perm /ug=s -print | grep -Fxvf /etc/scripts/allowed-setugid.list # Fix etc by making sure none of our config files got overwritten Index: trunk/server/doc/install-ldap =================================================================== --- trunk/server/doc/install-ldap (revision 2214) +++ trunk/server/doc/install-ldap (revision 2246) @@ -1,2 +1,3 @@ +# b # To set up a new LDAP server: @@ -14,9 +15,12 @@ # Move the schema back -cp -R /etc/dirsrv/slapd-scripts.bak/{.svn,*} /etc/dirsrv/slapd-scripts +cp -R /etc/dirsrv/slapd-scripts.bak/* /etc/dirsrv/slapd-scripts rm -Rf /etc/dirsrv/slapd-scripts.bak +# Check and make sure the sysconfig references the correct keytab +svn revert /etc/sysconfig/dirsrv-scripts + # Turn dirsrv off: -systemctl stop dirsrv.service +systemctl stop dirsrv@scripts.service # Apply the following configuration changes. If you're editing @@ -52,5 +56,5 @@ EOF; -systemctl start dirsrv.service +systemctl start dirsrv@scripts.service ldapvi -b cn=config @@ -221,4 +225,6 @@ nsDS5ReplicaBindDN: uid=ldap/shining-armor.mit.edu,ou=People,dc=scripts,dc=mit,dc=edu nsDS5ReplicaBindDN: uid=ldap/golden-egg.mit.edu,ou=People,dc=scripts,dc=mit,dc=edu +nsDS5ReplicaBindDN: uid=ldap/miracle-cure.mit.edu,ou=People,dc=scripts,dc=mit,dc=edu +nsDS5ReplicaBindDN: uid=ldap/lucky-star.mit.edu,ou=People,dc=scripts,dc=mit,dc=edu nsds5ReplicaPurgeDelay: 604800 nsds5ReplicaLegacyConsumer: off Index: trunk/server/doc/upgrade-tips =================================================================== --- trunk/server/doc/upgrade-tips (revision 2214) +++ trunk/server/doc/upgrade-tips (revision 2246) @@ -172,9 +172,18 @@ -------------------- +XXX out of date Update /etc/sysconfig/openafs with an extra amd64_fedoraX_scripts and amd64_fedoraX sysname. The format should be evident from the existing entries. [XXX There might be other things you want] -6. Testing critical infrastructure +6. Bind to scripts-test +----------------------- + +First, make sure no other servers are bound to scripts-test (try ping). +Then, create /etc/sysconfig/network-scripts/ifcfg-eth0:0 based off of +/etc/sysconfig/network-scripts/ifcfg-eth0 but with the scripts-test +IP address 18.181.0.229. Run `ifup eth0:0` to complete the change. + +7. Testing critical infrastructure ---------------------------------- @@ -188,5 +197,5 @@ - http://pony.scripts.mit.edu -7. Extra stuff +8. Extra stuff -------------- @@ -202,5 +211,5 @@ emptying their .ini files in /etc/php.d. -8. Sending announcements +9. Sending announcements ------------------------