A small warning about configuring RT:
The RT_Siteconfig.pm file is parsed by Apache when it starts or is given a SIGHUP, so be sure that there are no errors in this file, or Apache will fail to start. Restart Apache after making any changes to be sure, so Apache doesn't die at 4AM when syslog restarts it.
Per Jim's request, I created the mol mailing list for the Association for Mathematics of Language.
I fixed an error in rt's virtual host configuration that kept the SSL host from working.
I found that the DocumentRoot statement was missing, which made for a rather short HTTPS transaction. I added the same DocumentRoot as the normal vhost, which got things working.
I don't think this is the error that caused Apache to die, though.
I've added a rule to allow incoming requests to port 587 on quark. This will allow clients to use the SMTP AUTH port rather than the normal SMTP port.
I modified Quark's dhcpd.conf so that option-100 points to the new image's IP address. I then imaged ACL0. It ran into a problem in not being able to find /usr/share/systemimager/boot, which it needs to boot off of, so I scp'ed the files over from the new image. The image then went smoothly, except for one error:
2004/06/25 13:53:46 [5096] rsync on scripts/hosts from acl0.cs.earlham.edu (159.28.230.10)
2004/06/25 13:53:46 [5096] link_stat "hosts" (in scripts) failed: No such file or directory
2004/06/25 13:53:46 [5096] rsync error: some files could not be transferred (code 23) at main.c(397)
I don't have time to look into this further, but I'm guessing that this is a configuration problem on the new image.
Well, I installed Fedora Core 2 on Quarkprime this morning as the first step in our transition of swapping Q' and image. I did an NFS install off of office0, and it was fast and painless. The entire installation was pretty much a breeze. Some things I should point out about the install:
The aftermath:
Systemimager
I've created a new Logs mailing list. This will allow us to easily archive the log messages we receive from all of our machines. I'm keeping the syslog user around as a member of that list for testing purposes. This will also allow us to opt-out of receiving messages not form quark.
At Ian Kelly's request, I installed the GLOW add-on to the GLUT OpenGL libraries. I downloaded the source from http://glow.sourceforge.net, and compiled it. I then copied all the .so and .a files into /usr/local/lib on the RH9 image.
I've setup a Squid proxy server on millie, with a CNAME proxy.cs.earlham.edu. The proxy server authenticates off quark's IMAP server to get its user information. This is especially useful for me, as rt.cs.earlham.edu cannot be run outside of a virtual host, and the Packet Shapers still need to be reconfigured to allow access to that IP address.
After testing out quarkprime with 4.10-STABLE, I compiled and installed 4.10-STABLE on quark. All seems to be going well.
I think we'll have some trouble upgrading the user-space tools, though, as some of them are tracked from ports. We can upgrade what we need on an individual basis, though.
I've installed RT, which is a request/ticket tracker. I'm thinking this might not be a bad idea for farming out tasks from the admin list, and also provides a nice web interface for users to track the status of their problems. I have it up here, but I haven't created any other users for it. It's got lots of options, and I'm just beginning to wade through all of them.
I also ran into some trouble during the install wrt the setup of the Postgres database. I ended up giving pgsql a temporary password, which expires tomorrow.
I'll also get SSL keys for rt up once I get a chance.
I got my Sparcstation 5 (demeter.admin.cs.earlham.edu) up into a fairly usable state just now. I was having difficulty getting an IP via DHCP from admin but I was finally able to ping my box. I don't really know what was up with admin, because I thought I had edited the DNS and DHCP configs correctly, and restarted them correctly, according to the FreeBSD manual.
I don't really know what demeter's purpose will be, but I would really like to play around with it since it is basically my first non-x86 system. I can already see problems arising with having to keep swapping the keyboard and monitor back and forth from millie. I know that when you did this, Skylar, you had to restart millie, and I had to as well. admin also got restarted because I think the power cable was loose.
A sun KVM switch would be awesome.
In the meantime, I might put demeter next to millie and then put admin's monitor on top of it. I think that'd be a perfect fit.
The upgrade to perl 5.8.4 for suidexec wasn't as easy I thought it would be. None of the modules were moved from the 5.8.2 directories to 5.8.4. A nice fix, however, was to move 5.8.2 directories away, and symlink the new 5.8.4 directories into place. At least ports build now.
I've now started dumps from quarkprime, backup, and image to admin's 60GB IDE drive.
I've installed on quark for evaulation purposes. Let me know what you think.
I upgraded perl to 5.8.4 on quark. After some hocus-pocus with recompiling all the f***ing database and CGI modules, I finally got it working. Why can't this be automated?
I upgraded quark and quarkprime to the latest and greatest Squirrelmail (1.4.3a). All looks good, and we've now pulled ahead of ECS's Squirrelmail installation.
I fixed the problem we had with IP aliasing on quark. It turned out that I had forgotten to set the netmask on the aliases to 0xffffffff, which caused some weird routing problems.
I've enabled netgroups for FreeBSD, with a STAFF netgroup containing basically the users in the wheel group. I also implemented an alternative for machines with pam_access installed. This involves using access.conf to limit logins to wheel group members.
I've fixed a security hole in the way DNS recursion is implemented in BIND9.
I added an acl rule for CS:
acl cs {
127.0.0.1;
192.168.0.0/24;
159.28.230.0/24;
159.28.135.0/24;
};
In the options section, I added this line:
allow-recursion { cs; };
I'm updating all the packages on millie using pkg-get update.
Dan and I rolled out the new image to all the ACLs yesterday. All is good....