Différences

Ci-dessous, les différences entre deux révisions de la page.

--- doc:dak:installation_de_dak_sur_ondine [2005/08/03 14:58]
lehobey
+++ doc:dak:installation_de_dak_sur_ondine [2005/08/03 18:06] (Version actuelle)
lehobey
@@ Ligne 43: / Ligne 43: @@
 **NB** : Il ne demande rien sur le groupe //debuser//.
-=== Résultat ===
+[[sortie aptitude dak|Résultat]].
-<code>
-Paramétrage de dak (1.0-8) ...
-Domain: localhost.localdomain
-Creating/updating dak user account and group...
-Adding group `debadmin' (105)...
-Fait.
-Ajout de l'utilisateur système deb-dak...
-Adding new user `deb-dak' (104) with group `debadmin'.
-Création du répertoire personnel /var/lib/dak.
-Creating config file /opt/dak/katie/apt.conf with new version
-Creating config file /opt/dak/katie/cron.unchecked with new version
-Creating config file /opt/dak/katie/katie.conf with new version
-Creating config file /etc/katie/katie.conf with new version
-Creating config file /opt/dak/katie/vars with new version
-Creating config file /opt/dak/katie/Contents.top with new version
-Creating config file /opt/dak/katie/templates/alicia.bug-close with new version
-Creating config file /opt/dak/katie/templates/amber.advisory with new version
-Creating config file /opt/dak/katie/templates/jennifer.accepted with new version
-Creating config file /opt/dak/katie/templates/jennifer.announce with new version
-Creating config file /opt/dak/katie/templates/jennifer.bug-close with new version
-Creating config file /opt/dak/katie/templates/jennifer.bug-experimental-fixed with new version
-Creating config file /opt/dak/katie/templates/jennifer.bug-nmu-fixed with new version
-Creating config file /opt/dak/katie/templates/jennifer.new with new version
-Creating config file /opt/dak/katie/templates/jennifer.override-disparity with new version
-Creating config file /opt/dak/katie/templates/katie.rejected with new version
-Creating config file /opt/dak/katie/templates/kelly.installed with new version
-Creating config file /opt/dak/katie/templates/kelly.unaccept with new version
-Creating config file /opt/dak/katie/templates/lauren.stable-rejected with new version
-Creating config file /opt/dak/katie/templates/lisa.bxa_notification with new version
-Creating config file /opt/dak/katie/templates/lisa.prod with new version
-Creating config file /opt/dak/katie/templates/melanie.bug-close with new version
-Creating config file /opt/dak/katie/templates/uma.added with new version
-</code>
 ==== Installation de postgresql ====
@@ Ligne 110: / Ligne 77: @@
   Européen
-=== Résultat ===
+[[sortie aptitude postgresql|Résultat]].
+Et le paquet nous informe :
+<file>
+A new PostgreSQL database structure was installed.
+Use /usr/bin/createdb to create a specific database and
+/usr/bin/createuser to enable other users to connect to a
+PostgreSQL database.
+In the first instance, these commands must be run by the
+user 'postgres'.
+</file>
+===== Configurations =====
+==== Création de l'utilisateur de la base ====
+<file>
+b. run createuser YOURDAKUSERNAME with a user that is allowed to create
+   databases and allow YOURDAKUSERNAME to create a database. This user
+   needs to be superuser in the database as it runs COPY from a file later.
+</file>
+  # su - postgres
+  $ createuser deb-dak
 <code>
-Paramétrage de postgresql (7.4.7-6sarge1) ...
+Shall the new user be allowed to create databases? (y/n) y
+Shall the new user be allowed to create more new users? (y/n) y
+CREATE USER
+</code>
-Creating config file /etc/postgresql/postmaster.conf with new version
+==== Création des répertoires (par défaut) ====
-The files belonging to this database system will be owned by user "postgres".
+<file>
-This user must also own the server process.
+c. su - YOURDAKUSERNAME
+d. rose
+e. Watch how the directories are created.
+</file>
-The database cluster will be initialized with locale fr_FR@euro.
+  # su - deb-dak
+  $ rose
-fixing permissions on existing directory /var/lib/postgres/data... ok
+[[sortie rose|Résultat]].
-creating directory /var/lib/postgres/data/base... ok
-creating directory /var/lib/postgres/data/global... ok
-creating directory /var/lib/postgres/data/pg_xlog... ok
-creating directory /var/lib/postgres/data/pg_clog... ok
-selecting default max_connections... 100
-selecting default shared_buffers... 1000
-creating configuration files... ok
-creating template1 database in /var/lib/postgres/data/base/1... ok
-initializing pg_shadow... ok
-enabling unlimited row size for system tables... ok
-initializing pg_depend... ok
-creating system views... ok
-loading pg_description... ok
-creating conversions... ok
-setting privileges on built-in objects... ok
-creating information schema... ok
-vacuuming database template1... ok
-copying template1 to template0... ok
-Success. The database server should be started automatically.
+==== Création de la base de données de dak ====
-If not, you can start the database server using:
+Son nom dans les configurations par défaut est //projectb//.
-    /etc/init.d/postgresql start
+  # su - deb-dak
+  $ createdb projectb
+<code>
+CREATE DATABASE
+$ psql -l
+        List of databases
+   Name    |  Owner   | Encoding
+-----------+----------+----------
+ projectb  | deb-dak  | LATIN9
+ template0 | postgres | LATIN9
+ template1 | postgres | LATIN9
+(3 rows)
-Creating config file /etc/postgresql/postgresql.conf with new version
+</code>
+==== Création du groupe ftpmaster ====
+<file>
+f. Add a group "ftpmaster" to your postgresql database.
+   At a psql prompt a CREATE GROUP ftpmaster; should do it.
+   Add your YOURDAKUSERNAME to this group.
+</file>
+  # su - deb-dak
+  $ psql projectb
+<code>
+Welcome to psql 7.4.7, the PostgreSQL interactive terminal.
+Type:  \copyright for distribution terms
+       \h for help with SQL commands
+       \? for help on internal slash commands
+       \g or terminate with semicolon to execute query
+       \q to quit
 </code>
-Et le paquet nous informe :
+  projectb=# CREATE GROUP ftpmaster ;
+  CREATE GROUP
+  projectb=# ALTER GROUP ftpmaster ADD USER "deb-dak" ;
+**NB** la présence des guillemets est expliquée dans l'anomalie [[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=23945]].
+  ALTER GROUP
+  projectb=# \q
+==== Initialisation de la base de données ====
 <file>
-A new PostgreSQL database structure was installed.
+g. Change to your DAKDIR/katie and run /usr/share/dak/neve -a and watch
+   her creating the database. If it ends with some VACUUM and two GRANTs
+   it worked.
+   Be careful, neve DROPS your database, so don't run it if you like the
+   data that is in that database!
+</file>
-Use /usr/bin/createdb to create a specific database and
+  # su - deb-dak
-/usr/bin/createuser to enable other users to connect to a
+  $ cd /usr/share/dak ; neve -a
-PostgreSQL database.
+**NB :** Le //cd// est important !
-In the first instance, these commands must be run by the
+[[sortie neve -a|Résultat]].
-user 'postgres'.
+==== Création des utilisateurs ====
+<file>
+h. You need to get your maintainers in the database. The Debian Archive
+   uses a script (emilie) that syncs with its LDAP Server, but you
+   probably don't want to sync with Debian's LDAP. :)
+   If you have a setup with an LDAP Server, look at emilie and their
+   config options. If not, there is a script called uma which helps you
+   to do this. You basically give it a keyid with the -k parameter and
+   it will do the rest, after asking you if you like the action.
+   If you told it to create a system user for the new account it will
+   run useradd to do the stuff, for that YOURDAKUSERNAME needs sudo
+   access to useradd, with NOPASSWD set. It will also add new users to
+   the mail whitelist file, if you have that option enabled (it is per
+   default).
+</file>
+=== uma et exim4 ===
+Il est nécessaire, pour que les courriels d'[[uma]] partent, d'avoir ajouté à ///etc/email-addresses// quelque chose qui ressemble à :
+<file>
+nobody: LEHOBEY@free.fr
+</file>
+=== uma et sudo ===
+J'ajoute la ligne suivante à la configuration de sudo (///etc/sudoers//), avec //visudo// :
+<file>
+deb-dak   ALL = NOPASSWD: /usr/sbin/useradd
+</file>
+=== Initialisation du trousseau de deb-dak ===
+<file>
+k. You should setup the keyring for katie now. Do a command similar to
+   the following, but adjust your path:
+   gpg --no-default-keyring --keyring /opt/dak/keyrings/keyring.gpg
+</file>
+Que je comprends comme s'appliquant à l'utilisateur //deb-dak//.
+  # su - deb-dak
+  $ gpg --no-default-keyring --keyring /opt/dak/keyrings/keyring.gpg --keyserver pgp.mit.edu --recv-keys 2B022951
+<code>
+gpg: directory `/var/lib/dak/.gnupg' created
+gpg: new configuration file `/var/lib/dak/.gnupg/gpg.conf' created
+gpg: WARNING: options in `/var/lib/dak/.gnupg/gpg.conf' are not yet active during this run
+gpg: keyring `/var/lib/dak/.gnupg/secring.gpg' created
+gpg: keyring `/opt/dak/keyrings/keyring.gpg' created
+gpg: requesting key 2B022951 from hkp server pgp.mit.edu
+gpg: key 2B022951: duplicated user ID detected - merged
+gpg: /var/lib/dak/.gnupg/trustdb.gpg: trustdb created
+gpg: key 2B022951: public key "Frederic LEHOBEY <Frederic.Lehobey@free.fr>" imported
+gpg: no ultimately trusted keys found
+gpg: Total number processed: 1
+gpg:               imported: 1
+</code>
+=== Création du groupe debuser ===
+Ce groupe est nécessaire au fonctionnement d'[[uma]].
+  # addgroup debuser
+<code>
+Adding group `debuser' (1001)...
+Fait.
+</code>
+=== Un exemple de création d'utilisateur ===
+<file>
+i. Repeat step h for every user you have.
+</file>
+  # su - deb-dak
+  $ uma -k 2B022951 -u lehobey
+Option //-u// pour choisir l'identifiant de connexion.
+<code>
+x2B022951 -> Frederic LEHOBEY  <Frederic.Lehobey@free.fr> -> lehobey -> 6750B3F2BF04A269B5D7D677289EB5222B022951
+Add user lehobey with above data (y/N) ? y
+Added:
+Uid:     lehobey (ID: 1)
+Maint:   Frederic LEHOBEY
+FP:      6750B3F2BF04A269B5D7D677289EB5222B022951
+</code>
+==== Installation des tâches récurrentes ====
+<file>
+j. Install the cronjobs you need. Start with cron.unchecked which is
+   already copied in /YOURDAKPATH/katie/cron.unchecked and asks
+   jennifer to process new uploads. The Crontab Debian uses can be found
+   in  /usr/share/doc/dak/crontabs as an example.
+</file>
+Donc à partir de l'exemple dans [[/usr/share/doc/dak/crontabs/katie.crontab]] j'installe dans les tâches récurrentes de //dak-deb// par
+  $ crontab -e
+le fichier suivant :
+<file>
+SHELL=/bin/sh
+## Archive maintenance
+MAILTO=fdl
+,17,32,47 * * * * sh /opt/dak/katie/cron.unchecked
+</file>
+Résumé des changements :
+  * Remplacement de %%/org/ftp.debian.org/%% par /opt/dak/.
+  * Suppression de toutes les lignes sauf [[/opt/dak/katie/cron.unchecked]].
+  * MAILTO changé de cron@yourhost.yourdomain à fdl (qui existe sur ondine).
+=== Test de cron.unchecked ===
+C'est essentiellement [[jennifer]] qui est à l'oeuvre.
+  $ sh -x /opt/dak/katie/cron.unchecked
+[[sortie cron.unchecked|Résultat]].
+==== Une clef pour ziyi ====
+<file>
+l. To let ziyi sign the Release files you need a s3kr1t key.
+   gpg --gen-key and follow the prompts. Then move it from the home of
+   YOURDAKUSERNAME to the path of "SigningKeyring" from the
+   config. Both, public and private key. Write your Keyid in the config
+   value "SigningKeyIds". Remember that the signing works automagically,
+   so a passphrase on the key doesnt help...
+</file>
+  # su - deb-dak
+  $ gpg --gen-key
+[[sortie gpg --gen-key|Session]].
+  $ cp .gnupg/???ring.gpg /opt/dak/s3kr1t/dot-gnupg/
+Puis modification dans /opt/dak/katie/katie.conf de la ligne
+<file>
+   SigningKeyIds "CHANGETHISONEFORziyi";
+</file>
+en
+<file>
+   SigningKeyIds "401FAEF5";
+</file>
+Avec au passage un ajout :
+<file>
+   // If defined this address gets a bcc of all mails.
+   // Bcc "archive@localhost.localdomain";
+   Bcc "fdl@ondine";
 </file>
+pour surveiller ce qui se passe.
 ===== Désinstallations =====

DokuWiki de FDL

Outils pour utilisateurs

Outils du site

Différences

Outils de la page