Today I set out to port the web portal to deleuze, but I realized that
it really would be nice to configure the associated virtual host using
Domtool. I hadn't yet set up Domtool as a proper daemon, so I decided
instead to get that going today.
On deleuze, you'll now find a standard-interface
/etc/init.d/domtool-server that should be run to control the main
Domtool dispatcher there. Similarly, mire has /etc/init.d/domtool-slave
for controlling the slave server there. Both of these daemons are
intended to be running continuously from now on, except when someone
makes a specific announcement to the contrary.
That means that (as long as these daemons keep working) it's finally
easy for people with accounts on the new servers to test Domtool 2! The
Domtool wiki page should explain enough for the curious to try some
simple tests:
http://wiki.hcoop.net/wiki/DomTool
To do much of anything, you'll need to have your user set up in
Domtool-land. As explained on the DomTool/AdminProcedures wiki page, if
you don't see a file for the user you're testing in ~domtool/certs, then
you need to run "domtool-adduser <name>". Be sure that user exists in
LDAP/Kerberos/AFS before running this. I have a feeling this is
destined to fail miserably (with the current implementation) for any
user whose UNIX name and Kerberos name are different, which is too bad
given the you_admin and you/admin distinction we have going.
Domtool needs to know about our general AFS lay-out. We had been
putting user home directories in /afs/hcoop.net/usr/USER/home instead of
/afs/hcoop.net/usr/USER, to allow us to include some directories on
these volumes that users aren't allowed to administer. cclausen stated
strong opposition to that plan, and it seems like our general plan now
is to use separate volumes for these other direcories. Am I right about
this? If so, I think a few users might need their home directory
settings tweaked.
Domtool looks in /afs/hcoop.net/usr/USER/domtool for USER's
configuration files; that stays the same between the old and new AFS
lay-outs. The one thing that I think needs changing (if we _are_
adopting the above-described convention) is the location for Apache log
files. Currently, they're put in /afs/hcoop.net/usr/USER/apache, which
will _work_ now (so long as this directory is created for each
testing-active user with permissions modeled after the example in
/afs/hcoop.net/usr/adamc/apache), but goes against the policy. So, I'm
imagining something like apache.USER volumes, similar to what we're
using now for databases. Any disagreement on that?
Ideally an admin would decide on exactly what the formula is for
calculating the path where a user's AFS-stored Apache logs should live,
with permissions modeled after how /afs/hcoop.net/usr/adamc/apache is
set up now. I would update Domtool to use that formula, and others
would incorporate into our new user set-up procedures the addition of
the user's Apache log volume and its mounting.
_______________________________________________
HCoop-SysAdmin mailing list
[email protected]
http://hcoop.net/cgi-bin/mailman/listinfo/hcoop-sysadmin
