path: root/server/setup/05-service-settings/02-SERVICES.txt

All template files are .. underneath in ./etc

Debian 7.00 (Wheezy)

01 stop all running services ..
    /etc/init.d/apache2 stop
    /etc/init.d/sendmail stop
    /etc/init.d/dovecot stop
    /etc/init.d/mysql stop
    /etc/init.d/saslauthd stop

01 logging
    - firewall logging:
      /etc/rsyslog.conf: firewall rules, kern.debug / kern.=!debug
      /etc/init.d/rsyslog restart

    - logrotate
      /etc/logrotate.conf: compress, 48 weeks
      /etc/logrotate.d/rsyslog: Add /var/log/firewall and /var/log/dovecot.log
      
03 move all users
    - mv /data/backup/home/* /home/
    - for all groups: groupadd -g GID groupname
    - for all users:  useradd -M -N -u UID -g GID username
    - for all users:  usermod -a -G GID1,GID2,.. username
    - cd /data/backup/var/spool/mail ; (check names, remove unused ..) ; mv * /var/spool/mail/

04 move other stuff
    - Old Logs
        - mv /data/backup/var/log /var/log/old_logs

    - MySQL
        - old server: backup DB
          - run backup-mysql.sh on old server, result is e.g. backup-mysqldb-20130605162509.sql
          - !!! strip all system-DB's (schema's) from the backup,
            i.e. all which are not created for applications, e.g.: 
            - mysql
            - users
            - test
            - t_*

        - new server: import DB
          - get backup backup-mysqldb-20130605162509.sql
          - /etc/init.d/mysql start
          - backup-1: backup-mysql.sh
          - mysql --user=root --password  < backup-mysqldb-20130605162509.sql
          - backup-2: backup-mysql.sh
          - mysqlcheck --user=root --password --all-databases

        - if things go wrong: re-install mysql
          dpkg -P mysql-server mysql-server-5.5 mysql-server-core-5.5
          rm -rf /var/lib/mysql/*
          apt-get install mysql-server mysql-server-5.5 mysql-server-core-5.5

    - Services
        - mv /data/backup/srv/* /srv/

05 config procmail
    copy /etc/procmailrc

06 bogofilter
    copy /etc/bogofilter.cf
    Init empty wordlist.db:
        touch nope
        cat nope  | bogoutil -l /var/spool/bogofilter/wordlist.db
        rm nope

07 sasl2
    /etc/sasl2/Sendmail.conf
    /etc/default/saslauthd: start=yes
    /etc/init.d/saslauthd start

08 dovecot 2.1.7-7
    - features:
      - requires ssl
      - ipv4 / ipv6
      - smtps
      - pop3s
      - sieve (tls)

    - Sync config files in /etc/dovecot/
      with etc/dovecot/dovecot.conf.diff and etc/dovecot/conf.d.diff

    - mkdir -p /var/lib/dovecot/sieve/global/
    - chmod ugo+rx /var/lib/dovecot
    - copy /var/lib/dovecot/sieve/global/default.sieve
        - cd /var/lib/dovecot/sieve/global ; sievec default.sieve
    - copy /var/lib/dovecot/sieve/prologue.sieve
        - cd /var/lib/dovecot/sieve ; sievec prologue.sieve

    - migrate old INBOX:
        for each user:
          dsync mirror mbox:~/mail:INBOX=/var/mail/USERNAME
          su dstrohlein -c "dsync mirror mbox:~/mail:INBOX=/var/mail/dstrohlein ; echo OK"

    - /etc/init.d/dovecot start


09 sendmail 8.14.4-4
    - features:
      - requires ssl for auth
      - ipv4 / ipv6

    - /etc/mail
    - Sync config files in /etc/mail with: etc/mail/mail.diff
        - sendmail.mc
        - submit.mc
        - access
        - local-host-names
        - virtusertable

    - /etc
        - aliases

    - cd /etc/mail
        - make

    - SPF
      - add TXT dns entry jogamp.org IN TXT "v=spf1 mx a ptr:jogamp.org ip6:2a01:4f8:192:1164::2 -all"

    - DKIM
        https://dev.kafol.net/2013/01/dkim-spf-sendmail-for-multiple-domains.html
            apt-get install opendkim
            apt-get install opendkim-tools
            vi /etc/opendkim.conf
            mkdir /etc/opendkim/
            mkdir /etc/opendkim/keys
            mkdir /etc/opendkim/keys/jogamp.org
            vi /etc/opendkim/TrustedHosts
            vi /etc/opendkim/SigningTable
            vi /etc/opendkim/KeyTable
            opendkim-genkey -D /etc/opendkim/keys/jogamp.org -d jogamp.org -s default
            chown -R opendkim:opendkim /etc/opendkim
            chmod -R go-rwx /etc/opendkim

        - add TXT dns entry default._domainkey.jogamp.org IN TXT "v=DKIM1; k=rsa; p=PUB-KEY"

    - DMARC
        - add TXT dns entry _dmarc.jogamp.org IN TXT "v=DMARC1; p=none; rua=mailto:postmaster@jogamp.org; adkim=r; aspf=r; pct=100; rf=afrf; sp=none"

    /etc/init.d/sendmail start
    
10 GIT
    xinetd for git
        apt-get install xinetd
        cp /etc/xinetd.d/git
        /etc/init.d/xinetd restart

    gitweb
        We use deployed gitweb now, and simply deploy gitweb.conf
        - ln -s /usr/share/gitweb DocumentRoot/git
        - cp srv/scm/gitweb.conf

11 Apache2 / Webservices

11.1 generic
    - apache2 and build ..
        apt-get install apache2 mysql-server build-essential 

    - php
        apt-get install php5-pgsql php5-ldap php5-imap php5-odbc php5-dev php5-common php5 php5-mysql php5-gd php5-xmlrpc \
                        php5-xsl php5-cli php5-intl php5-pspell php5-snmp php5-sasl


11.2 bugzilla
    - Debian 7
        Squash that - DO NOT INSTALL SYSTEM WIDE modules:
            apt-get install libgd-gd2-perl libgd-graph-perl libgd-tools libgdal-perl libgdal-dev libgdata-dev libgd2-xpm-dev
            apt-get install libappconfig-perl libdate-calc-perl libtemplate-perl libmime-perl libdatetime-timezone-perl libdatetime-perl libemail-sender-perl libemail-mime-perl libemail-mime-modifier-perl libdbi-perl libdbd-mysql-perl libcgi-pm-perl libmath-random-isaac-perl libmath-random-isaac-xs-perl apache2-mpm-prefork libapache2-mod-perl2 libapache2-mod-perl2-dev libchart-perl libxml-perl libxml-twig-perl perlmagick libgd-graph-perl libtemplate-plugin-gd-perl libsoap-lite-perl libhtml-scrubber-perl libjson-rpc-perl libtheschwartz-perl libtest-taint-perl libauthen-radius-perl libfile-slurp-perl libencode-detect-perl libmodule-build-perl libnet-ldap-perl libauthen-sasl-perl libtemplate-perl-doc libfile-mimeinfo-perl libhtml-formattext-withlinks-perl libmysqlclient-dev lynx-cur graphviz python-sphinx libgd2-xpm-dev

        Ensure the following are NOT installed:
            dpkg -P libjson-any-perl libcgi-application-plugin-json-perl libcgi-application-extra-plugin-bundle-perl libjson-perl

        I had to remove system wide perl modules .. collision .. why o why
        i.e. how to enforce bugzilla to use bugzilla/lib installed modules only?

    - misc for perl/bugzilla
        - Perl: redo init (find closest mirror ..)
            - perl -MCPAN -e shell
                - o conf init

      See https://bugzilla.readthedocs.org/en/5.0/installing/linux.html#perl-modules
      ./checksetup.pl --check-modules
      /usr/bin/perl install-module.pl --upgrade-all
      ./checksetup.pl --check-modules
      ./checksetup.pl

    - https://www.bugzilla.org/download/#stable

11.3 mediawiki
    - https://www.mediawiki.org/wiki/Download

    - Vector skin (default):
        vi wiki/skins/Vector/variables.less
            // @html-font-size: 100%;
            @html-font-size: 95%;

    Extension mediawiki-bugzillareports
        - https://www.mediawiki.org/wiki/Extension:Bugzilla_Reports
        - https://www.mediawiki.org/wiki/Extension_talk:Bugzilla_Reports#Google_Code_Shutting_Down
        - https://github.com/nakal/mediawiki-bugzillareports

11.X Apache ..
    - Sync config files in /etc/apache2/ with: etc/apache2/apache2.diff
        - see also etc/apache2/mods-enabled.lst, etc ..

    /etc/init.d/apache2 start

12 jogamp_web daemons ..
    # m h  dom mon dow   command
    51  *    *   *   *   /bin/bash /home/jogamp_web/jogamp.org/planet2/update-planet.sh >& /dev/null
    52  *    *   *   *   /bin/bash /home/jogamp_web/jogamp.org/planet2/update-stream.sh >& /dev/null
    10 23    *   *   *   /bin/bash /home/jogamp_web/awstats/awstats-start.sh >& /dev/null

    awstats:
        user: jogamp_web
        script home:  /home/jogamp_web/awstats
        install home: /home/jogamp_web/awstats/installation
            root@server:
                apt-get install libgeoip-dev libgeo-ip-perl php5-geoip python-geoip geoip-database libnet-whois-raw-perl
                mkdir /var/lib/awstats/
                chown -R jogamp_web:jogamp_web /var/lib/awstats/
                chown -R jogamp_web:jogamp_web /etc/GeoIP

            jogamp_web@server:
                cd /home/jogamp_web/awstats
                wget http://prdownloads.sourceforge.net/awstats/awstats-7.1.1.tar.gz
                tar xzf awstats-7.1.1.tar.gz
                ln -s awstats-7.1.1 installation
                mkdir config
                mkdir log

                cp -a BACKUP/awstats/awstats.jogamp.org.conf /home/jogamp_web/awstats/config
                cp -a BACKUP/awstats/awstats-start.sh /home/jogamp_web/awstats/

                cp -a BACKUP etc/logrotate.d/httpd-prerotate /etc/logrotate.d/
                    this kicks off /home/jogamp_web/awstats/awstats-start.sh before the logrotate

            Populate /etc/GeoIP .. 

13 jabot
    As user jabot:
        cd /srv/jabot ; git clone file:///srv/scm/users/sgothel/jabot.git
        cd jabot ; ant

    As user root:
        cp -a /srv/jabot/jabot/scripts/jabot-init-debian /etc/init.d/jabot
        update-rc.d jabot defaults

13 jenkins
    root@jogamp.org:
        apt-get install graphviz-dev graphviz
        cp ../../../jenkins-server-slave-setup/scripts/jenkins-initd-debian /etc/init.d/jenkins
        cp ../../../jenkins-server-slave-setup/scripts/jenkins.logrotate /etc/logrotate.d/
        update-rc.d jenkins defaults
        /etc/init.d/jenkins start