Ci-dessous, les différences entre deux révisions de la page.
Les deux révisions précédentes Révision précédente Prochaine révision | Révision précédente | ||
doc:dak:installation_de_dak_sur_ondine [2005/08/03 15:24] lehobey |
doc:dak:installation_de_dak_sur_ondine [2005/08/03 18:06] (Version actuelle) lehobey |
||
---|---|---|---|
Ligne 43: | Ligne 43: | ||
**NB** : Il ne demande rien sur le groupe //debuser//. | **NB** : Il ne demande rien sur le groupe //debuser//. | ||
- | === Résultat === | + | [[sortie aptitude dak|Résultat]]. |
- | <code> | + | |
- | Paramétrage de dak (1.0-8) ... | + | |
- | Domain: localhost.localdomain | + | |
- | Creating/updating dak user account and group... | + | |
- | Adding group `debadmin' (105)... | + | |
- | Fait. | + | |
- | Ajout de l'utilisateur système deb-dak... | + | |
- | Adding new user `deb-dak' (104) with group `debadmin'. | + | |
- | Création du répertoire personnel /var/lib/dak. | + | |
- | Creating config file /opt/dak/katie/apt.conf with new version | + | |
- | Creating config file /opt/dak/katie/cron.unchecked with new version | + | |
- | Creating config file /opt/dak/katie/katie.conf with new version | + | |
- | Creating config file /etc/katie/katie.conf with new version | + | |
- | Creating config file /opt/dak/katie/vars with new version | + | |
- | Creating config file /opt/dak/katie/Contents.top with new version | + | |
- | Creating config file /opt/dak/katie/templates/alicia.bug-close with new version | + | |
- | Creating config file /opt/dak/katie/templates/amber.advisory with new version | + | |
- | Creating config file /opt/dak/katie/templates/jennifer.accepted with new version | + | |
- | Creating config file /opt/dak/katie/templates/jennifer.announce with new version | + | |
- | Creating config file /opt/dak/katie/templates/jennifer.bug-close with new version | + | |
- | Creating config file /opt/dak/katie/templates/jennifer.bug-experimental-fixed with new version | + | |
- | Creating config file /opt/dak/katie/templates/jennifer.bug-nmu-fixed with new version | + | |
- | Creating config file /opt/dak/katie/templates/jennifer.new with new version | + | |
- | Creating config file /opt/dak/katie/templates/jennifer.override-disparity with new version | + | |
- | Creating config file /opt/dak/katie/templates/katie.rejected with new version | + | |
- | Creating config file /opt/dak/katie/templates/kelly.installed with new version | + | |
- | Creating config file /opt/dak/katie/templates/kelly.unaccept with new version | + | |
- | Creating config file /opt/dak/katie/templates/lauren.stable-rejected with new version | + | |
- | Creating config file /opt/dak/katie/templates/lisa.bxa_notification with new version | + | |
- | Creating config file /opt/dak/katie/templates/lisa.prod with new version | + | |
- | Creating config file /opt/dak/katie/templates/melanie.bug-close with new version | + | |
- | Creating config file /opt/dak/katie/templates/uma.added with new version | + | |
- | </code> | + | |
==== Installation de postgresql ==== | ==== Installation de postgresql ==== | ||
Ligne 110: | Ligne 77: | ||
Européen | Européen | ||
- | === Résultat === | + | [[sortie aptitude postgresql|Résultat]]. |
- | <code> | + | |
- | Paramétrage de postgresql (7.4.7-6sarge1) ... | + | |
- | + | ||
- | Creating config file /etc/postgresql/postmaster.conf with new version | + | |
- | The files belonging to this database system will be owned by user "postgres". | + | |
- | This user must also own the server process. | + | |
- | + | ||
- | The database cluster will be initialized with locale fr_FR@euro. | + | |
- | + | ||
- | fixing permissions on existing directory /var/lib/postgres/data... ok | + | |
- | creating directory /var/lib/postgres/data/base... ok | + | |
- | creating directory /var/lib/postgres/data/global... ok | + | |
- | creating directory /var/lib/postgres/data/pg_xlog... ok | + | |
- | creating directory /var/lib/postgres/data/pg_clog... ok | + | |
- | selecting default max_connections... 100 | + | |
- | selecting default shared_buffers... 1000 | + | |
- | creating configuration files... ok | + | |
- | creating template1 database in /var/lib/postgres/data/base/1... ok | + | |
- | initializing pg_shadow... ok | + | |
- | enabling unlimited row size for system tables... ok | + | |
- | initializing pg_depend... ok | + | |
- | creating system views... ok | + | |
- | loading pg_description... ok | + | |
- | creating conversions... ok | + | |
- | setting privileges on built-in objects... ok | + | |
- | creating information schema... ok | + | |
- | vacuuming database template1... ok | + | |
- | copying template1 to template0... ok | + | |
- | + | ||
- | Success. The database server should be started automatically. | + | |
- | If not, you can start the database server using: | + | |
- | + | ||
- | /etc/init.d/postgresql start | + | |
- | + | ||
- | Creating config file /etc/postgresql/postgresql.conf with new version | + | |
- | + | ||
- | </code> | + | |
Et le paquet nous informe : | Et le paquet nous informe : | ||
Ligne 188: | Ligne 118: | ||
$ rose | $ rose | ||
- | <code> | + | [[sortie rose|Résultat]]. |
- | Creating /opt/dak/ftp/ ... | + | |
- | Creating /opt/dak/ftp/pool/ ... | + | |
- | Creating /opt/dak/database/dists/ ... | + | |
- | Creating /opt/dak/log/ ... | + | |
- | Creating /opt/dak/morgue/ ... | + | |
- | Creating /opt/dak/scripts/override/ ... | + | |
- | Creating /opt/dak/testing/urgencies/ ... | + | |
- | Creating /opt/dak/queue/accepted/ ... | + | |
- | Creating /opt/dak/queue/byhand/ ... | + | |
- | Creating /opt/dak/queue/done/ ... | + | |
- | Creating /opt/dak/queue/holding/ ... | + | |
- | Creating /opt/dak/queue/new/ ... | + | |
- | Creating /opt/dak/queue/reject/ ... | + | |
- | Creating /opt/dak/queue/unchecked/ ... | + | |
- | Creating /opt/dak/queue/bts_version_track/ ... | + | |
- | Creating /opt/dak/web ... | + | |
- | Creating /opt/dak/katie/neve-files ... | + | |
- | Creating /opt/dak/morgue/shania ... | + | |
- | Creating /opt/dak/morgue/rhona ... | + | |
- | Creating /opt/dak/katie-database/ ... | + | |
- | Creating /opt/dak/ftp/dists/unstable ... | + | |
- | Creating /opt/dak/ftp/dists/unstable/main/binary-alpha ... | + | |
- | Creating /opt/dak/ftp/dists/unstable/main/binary-amd64 ... | + | |
- | Creating /opt/dak/ftp/dists/unstable/main/binary-arm ... | + | |
- | Creating /opt/dak/ftp/dists/unstable/main/binary-hppa ... | + | |
- | Creating /opt/dak/ftp/dists/unstable/main/binary-hurd-i386 ... | + | |
- | Creating /opt/dak/ftp/dists/unstable/main/binary-i386 ... | + | |
- | Creating /opt/dak/ftp/dists/unstable/main/binary-ia64 ... | + | |
- | Creating /opt/dak/ftp/dists/unstable/main/binary-mips ... | + | |
- | Creating /opt/dak/ftp/dists/unstable/main/binary-mipsel ... | + | |
- | Creating /opt/dak/ftp/dists/unstable/main/binary-m68k ... | + | |
- | Creating /opt/dak/ftp/dists/unstable/main/binary-powerpc ... | + | |
- | Creating /opt/dak/ftp/dists/unstable/main/binary-s390 ... | + | |
- | Creating /opt/dak/ftp/dists/unstable/main/binary-sh ... | + | |
- | Creating /opt/dak/ftp/dists/unstable/main/binary-sparc ... | + | |
- | Creating /opt/dak/ftp/dists/unstable/main/source ... | + | |
- | Creating /opt/dak/ftp/dists/unstable/contrib/binary-alpha ... | + | |
- | Creating /opt/dak/ftp/dists/unstable/contrib/binary-amd64 ... | + | |
- | Creating /opt/dak/ftp/dists/unstable/contrib/binary-arm ... | + | |
- | Creating /opt/dak/ftp/dists/unstable/contrib/binary-hppa ... | + | |
- | Creating /opt/dak/ftp/dists/unstable/contrib/binary-hurd-i386 ... | + | |
- | Creating /opt/dak/ftp/dists/unstable/contrib/binary-i386 ... | + | |
- | Creating /opt/dak/ftp/dists/unstable/contrib/binary-ia64 ... | + | |
- | Creating /opt/dak/ftp/dists/unstable/contrib/binary-mips ... | + | |
- | Creating /opt/dak/ftp/dists/unstable/contrib/binary-mipsel ... | + | |
- | Creating /opt/dak/ftp/dists/unstable/contrib/binary-m68k ... | + | |
- | Creating /opt/dak/ftp/dists/unstable/contrib/binary-powerpc ... | + | |
- | Creating /opt/dak/ftp/dists/unstable/contrib/binary-s390 ... | + | |
- | Creating /opt/dak/ftp/dists/unstable/contrib/binary-sh ... | + | |
- | Creating /opt/dak/ftp/dists/unstable/contrib/binary-sparc ... | + | |
- | Creating /opt/dak/ftp/dists/unstable/contrib/source ... | + | |
- | Creating /opt/dak/ftp/project/experimental ... | + | |
- | Creating /opt/dak/ftp/project/experimental/main/binary-alpha ... | + | |
- | Creating /opt/dak/ftp/project/experimental/main/binary-amd64 ... | + | |
- | Creating /opt/dak/ftp/project/experimental/main/binary-arm ... | + | |
- | Creating /opt/dak/ftp/project/experimental/main/binary-hppa ... | + | |
- | Creating /opt/dak/ftp/project/experimental/main/binary-hurd-i386 ... | + | |
- | Creating /opt/dak/ftp/project/experimental/main/binary-i386 ... | + | |
- | Creating /opt/dak/ftp/project/experimental/main/binary-ia64 ... | + | |
- | Creating /opt/dak/ftp/project/experimental/main/binary-mips ... | + | |
- | Creating /opt/dak/ftp/project/experimental/main/binary-mipsel ... | + | |
- | Creating /opt/dak/ftp/project/experimental/main/binary-m68k ... | + | |
- | Creating /opt/dak/ftp/project/experimental/main/binary-powerpc ... | + | |
- | Creating /opt/dak/ftp/project/experimental/main/binary-s390 ... | + | |
- | Creating /opt/dak/ftp/project/experimental/main/binary-sh ... | + | |
- | Creating /opt/dak/ftp/project/experimental/main/binary-sparc ... | + | |
- | Creating /opt/dak/ftp/project/experimental/main/source ... | + | |
- | Creating /opt/dak/ftp/project/experimental/contrib/binary-alpha ... | + | |
- | Creating /opt/dak/ftp/project/experimental/contrib/binary-amd64 ... | + | |
- | Creating /opt/dak/ftp/project/experimental/contrib/binary-arm ... | + | |
- | Creating /opt/dak/ftp/project/experimental/contrib/binary-hppa ... | + | |
- | Creating /opt/dak/ftp/project/experimental/contrib/binary-hurd-i386 ... | + | |
- | Creating /opt/dak/ftp/project/experimental/contrib/binary-i386 ... | + | |
- | Creating /opt/dak/ftp/project/experimental/contrib/binary-ia64 ... | + | |
- | Creating /opt/dak/ftp/project/experimental/contrib/binary-mips ... | + | |
- | Creating /opt/dak/ftp/project/experimental/contrib/binary-mipsel ... | + | |
- | Creating /opt/dak/ftp/project/experimental/contrib/binary-m68k ... | + | |
- | Creating /opt/dak/ftp/project/experimental/contrib/binary-powerpc ... | + | |
- | Creating /opt/dak/ftp/project/experimental/contrib/binary-s390 ... | + | |
- | Creating /opt/dak/ftp/project/experimental/contrib/binary-sh ... | + | |
- | Creating /opt/dak/ftp/project/experimental/contrib/binary-sparc ... | + | |
- | Creating /opt/dak/ftp/project/experimental/contrib/source ... | + | |
- | </code> | + | |
==== Création de la base de données de dak ==== | ==== Création de la base de données de dak ==== | ||
Ligne 299: | Ligne 146: | ||
# su - deb-dak | # su - deb-dak | ||
+ | $ psql projectb | ||
<code> | <code> | ||
Ligne 322: | Ligne 170: | ||
projectb=# \q | projectb=# \q | ||
+ | ==== Initialisation de la base de données ==== | ||
+ | <file> | ||
+ | g. Change to your DAKDIR/katie and run /usr/share/dak/neve -a and watch | ||
+ | her creating the database. If it ends with some VACUUM and two GRANTs | ||
+ | it worked. | ||
+ | Be careful, neve DROPS your database, so don't run it if you like the | ||
+ | data that is in that database! | ||
+ | </file> | ||
+ | |||
+ | # su - deb-dak | ||
+ | $ cd /usr/share/dak ; neve -a | ||
+ | **NB :** Le //cd// est important ! | ||
+ | |||
+ | [[sortie neve -a|Résultat]]. | ||
+ | |||
+ | ==== Création des utilisateurs ==== | ||
+ | <file> | ||
+ | h. You need to get your maintainers in the database. The Debian Archive | ||
+ | uses a script (emilie) that syncs with its LDAP Server, but you | ||
+ | probably don't want to sync with Debian's LDAP. :) | ||
+ | If you have a setup with an LDAP Server, look at emilie and their | ||
+ | config options. If not, there is a script called uma which helps you | ||
+ | to do this. You basically give it a keyid with the -k parameter and | ||
+ | it will do the rest, after asking you if you like the action. | ||
+ | If you told it to create a system user for the new account it will | ||
+ | run useradd to do the stuff, for that YOURDAKUSERNAME needs sudo | ||
+ | access to useradd, with NOPASSWD set. It will also add new users to | ||
+ | the mail whitelist file, if you have that option enabled (it is per | ||
+ | default). | ||
+ | </file> | ||
+ | |||
+ | === uma et exim4 === | ||
+ | Il est nécessaire, pour que les courriels d'[[uma]] partent, d'avoir ajouté à ///etc/email-addresses// quelque chose qui ressemble à : | ||
+ | <file> | ||
+ | nobody: LEHOBEY@free.fr | ||
+ | </file> | ||
+ | |||
+ | === uma et sudo === | ||
+ | J'ajoute la ligne suivante à la configuration de sudo (///etc/sudoers//), avec //visudo// : | ||
+ | <file> | ||
+ | deb-dak ALL = NOPASSWD: /usr/sbin/useradd | ||
+ | </file> | ||
+ | |||
+ | === Initialisation du trousseau de deb-dak === | ||
+ | <file> | ||
+ | k. You should setup the keyring for katie now. Do a command similar to | ||
+ | the following, but adjust your path: | ||
+ | gpg --no-default-keyring --keyring /opt/dak/keyrings/keyring.gpg | ||
+ | </file> | ||
+ | |||
+ | Que je comprends comme s'appliquant à l'utilisateur //deb-dak//. | ||
+ | |||
+ | # su - deb-dak | ||
+ | $ gpg --no-default-keyring --keyring /opt/dak/keyrings/keyring.gpg --keyserver pgp.mit.edu --recv-keys 2B022951 | ||
+ | <code> | ||
+ | gpg: directory `/var/lib/dak/.gnupg' created | ||
+ | gpg: new configuration file `/var/lib/dak/.gnupg/gpg.conf' created | ||
+ | gpg: WARNING: options in `/var/lib/dak/.gnupg/gpg.conf' are not yet active during this run | ||
+ | gpg: keyring `/var/lib/dak/.gnupg/secring.gpg' created | ||
+ | gpg: keyring `/opt/dak/keyrings/keyring.gpg' created | ||
+ | gpg: requesting key 2B022951 from hkp server pgp.mit.edu | ||
+ | gpg: key 2B022951: duplicated user ID detected - merged | ||
+ | gpg: /var/lib/dak/.gnupg/trustdb.gpg: trustdb created | ||
+ | gpg: key 2B022951: public key "Frederic LEHOBEY <Frederic.Lehobey@free.fr>" imported | ||
+ | gpg: no ultimately trusted keys found | ||
+ | gpg: Total number processed: 1 | ||
+ | gpg: imported: 1 | ||
+ | </code> | ||
+ | |||
+ | === Création du groupe debuser === | ||
+ | Ce groupe est nécessaire au fonctionnement d'[[uma]]. | ||
+ | |||
+ | # addgroup debuser | ||
+ | <code> | ||
+ | Adding group `debuser' (1001)... | ||
+ | Fait. | ||
+ | </code> | ||
+ | |||
+ | === Un exemple de création d'utilisateur === | ||
+ | <file> | ||
+ | i. Repeat step h for every user you have. | ||
+ | </file> | ||
+ | |||
+ | # su - deb-dak | ||
+ | $ uma -k 2B022951 -u lehobey | ||
+ | Option //-u// pour choisir l'identifiant de connexion. | ||
+ | <code> | ||
+ | 0x2B022951 -> Frederic LEHOBEY <Frederic.Lehobey@free.fr> -> lehobey -> 6750B3F2BF04A269B5D7D677289EB5222B022951 | ||
+ | Add user lehobey with above data (y/N) ? y | ||
+ | Added: | ||
+ | Uid: lehobey (ID: 1) | ||
+ | Maint: Frederic LEHOBEY | ||
+ | FP: 6750B3F2BF04A269B5D7D677289EB5222B022951 | ||
+ | </code> | ||
+ | |||
+ | ==== Installation des tâches récurrentes ==== | ||
+ | <file> | ||
+ | j. Install the cronjobs you need. Start with cron.unchecked which is | ||
+ | already copied in /YOURDAKPATH/katie/cron.unchecked and asks | ||
+ | jennifer to process new uploads. The Crontab Debian uses can be found | ||
+ | in /usr/share/doc/dak/crontabs as an example. | ||
+ | </file> | ||
+ | |||
+ | Donc à partir de l'exemple dans [[/usr/share/doc/dak/crontabs/katie.crontab]] j'installe dans les tâches récurrentes de //dak-deb// par | ||
+ | $ crontab -e | ||
+ | le fichier suivant : | ||
+ | <file> | ||
+ | SHELL=/bin/sh | ||
+ | |||
+ | ## Archive maintenance | ||
+ | MAILTO=fdl | ||
+ | 2,17,32,47 * * * * sh /opt/dak/katie/cron.unchecked | ||
+ | </file> | ||
+ | |||
+ | Résumé des changements : | ||
+ | * Remplacement de %%/org/ftp.debian.org/%% par /opt/dak/. | ||
+ | * Suppression de toutes les lignes sauf [[/opt/dak/katie/cron.unchecked]]. | ||
+ | * MAILTO changé de cron@yourhost.yourdomain à fdl (qui existe sur ondine). | ||
+ | |||
+ | === Test de cron.unchecked === | ||
+ | C'est essentiellement [[jennifer]] qui est à l'oeuvre. | ||
+ | $ sh -x /opt/dak/katie/cron.unchecked | ||
+ | [[sortie cron.unchecked|Résultat]]. | ||
+ | |||
+ | ==== Une clef pour ziyi ==== | ||
+ | <file> | ||
+ | l. To let ziyi sign the Release files you need a s3kr1t key. | ||
+ | gpg --gen-key and follow the prompts. Then move it from the home of | ||
+ | YOURDAKUSERNAME to the path of "SigningKeyring" from the | ||
+ | config. Both, public and private key. Write your Keyid in the config | ||
+ | value "SigningKeyIds". Remember that the signing works automagically, | ||
+ | so a passphrase on the key doesnt help... | ||
+ | </file> | ||
+ | |||
+ | # su - deb-dak | ||
+ | $ gpg --gen-key | ||
+ | |||
+ | [[sortie gpg --gen-key|Session]]. | ||
+ | |||
+ | $ cp .gnupg/???ring.gpg /opt/dak/s3kr1t/dot-gnupg/ | ||
+ | |||
+ | Puis modification dans /opt/dak/katie/katie.conf de la ligne | ||
+ | <file> | ||
+ | SigningKeyIds "CHANGETHISONEFORziyi"; | ||
+ | </file> | ||
+ | en | ||
+ | <file> | ||
+ | SigningKeyIds "401FAEF5"; | ||
+ | </file> | ||
+ | Avec au passage un ajout : | ||
+ | <file> | ||
+ | // If defined this address gets a bcc of all mails. | ||
+ | // Bcc "archive@localhost.localdomain"; | ||
+ | Bcc "fdl@ondine"; | ||
+ | </file> | ||
+ | pour surveiller ce qui se passe. | ||
===== Désinstallations ===== | ===== Désinstallations ===== |