Versions Compared

Old Version 8

changes.mady.by.user Henrik Krohns

Saved on

compared with

New Version 9

changes.mady.by.user Henrik Krohns

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

sa-vm.apache.org install/migration notes


# note that server uses an internal 10.x IP, and sa-vm.apache.org is an external NAT IP.
# /etc/hosts has some redirected names to localhost for ruleqa.spamassassin.org etc

apt install chrony
systemctl start chrony
systemctl enable chrony

apt install apache2 libapache2-mod-geoip libapache2-mod-php7.4 php7.4-sqlite3 php7.4-curl
a2enmod cgid
a2enmod cgi
a2enmod rewrite
a2enmod ssl
a2disconf serve-cgi-bin
a2dissite 000-default
a2dissite default-ssl

dpkg --purge geoip-database
mkdir -m 755 /usr/share/GeoIP
curl -o /etc/cron.weekly/geoip_update https://mailfud.org/geoip-legacy/geoip_update.sh
chmod 755 /etc/cron.weekly/geoip_update
## edit geoip_update, FILES="GeoIP GeoIPv6 GeoIPCity GeoIPCityv6 GeoIPASNum GeoIPASNumv6 GeoIPOrg GeoIPISP"
/etc/cron.weekly/geoip_update

groupadd -g 60000 automc
groupadd -g 60001 rsync
groupadd -g 60002 release
groupadd -g 60003 bbmass

useradd -u 60003 -g bbmass -d /usr/local/spamassassin/bbmass -s /bin/bash bbmass
useradd -u 60002 -g release -d /usr/local/spamassassin/release -s /bin/bash release
useradd -u 60001 -g rsync -G www-data,release -d /usr/local/spamassassin/rsync -s /bin/bash rsync
useradd -u 60000 -g automc -G www-data,rsync,release -d /usr/local/spamassassin/automc -s /bin/bash automc

rsync -vaH root@sa-vm1.apache.org:/usr/local/spamassassin/. /usr/local/spamassassin/.
rsync -vaH root@sa-vm1.apache.org:/var/www/. /var/www/.

systemctl stop systemd-resolved
# edit /etc/systemd/resolved.conf -> DNSStubListener=no
systemctl start systemd-resolved

apt install pdns-server pdns-backend-sqlite3 sqlite3 jq
systemctl stop pdns

apt install sysstat libalgorithm-diff-perl libalgorithm-diff-xs-perl \
libalgorithm-merge-perl libapparmor-perl libapt-pkg-perl libauthen-sasl-perl \
libb-hooks-op-check-perl libbareword-filehandles-perl libcgi-fast-perl \
libcgi-pm-perl libclass-accessor-perl libclass-data-inheritable-perl \
libclass-dbi-abstractsearch-perl libclass-dbi-mysql-perl libclass-dbi-perl \
libclass-method-modifiers-perl libclass-singleton-perl libclass-trigger-perl \
libclass-xsaccessor-perl libclone-perl libconfig-file-perl \
libcrypt-openssl-bignum-perl libcrypt-openssl-rsa-perl libdate-manip-perl \
libdatetime-locale-perl libdatetime-perl libdatetime-timezone-perl \
libdbd-mysql-perl libdbi-perl libdbix-contextualfetch-perl \
libdevel-globaldestruction-perl libdigest-hmac-perl libdigest-sha-perl \
libdpkg-perl libencode-detect-perl libencode-locale-perl liberror-perl \
libexporter-tiny-perl libfcgi-perl libfile-fcntllock-perl \
libfile-listing-perl libfont-afm-perl libgd-perl libgeo-ip-perl \
libgeo-ipfree-perl libhash-merge-perl libhtml-form-perl libhtml-format-perl \
libhtml-parser-perl libhtml-tagset-perl libhtml-tree-perl \
libhttp-cookies-perl libhttp-daemon-perl libhttp-date-perl \
libhttp-message-perl libhttp-negotiate-perl libima-dbi-perl \
libimport-into-perl libindirect-perl libio-html-perl libio-socket-inet6-perl \
libio-socket-ssl-perl libio-stringy-perl liblexical-sealrequirehints-perl \
liblingua-en-inflect-perl liblist-moreutils-perl liblocale-gettext-perl \
liblwp-mediatypes-perl liblwp-protocol-https-perl libmail-dkim-perl \
libmail-spf-perl libmailtools-perl libmodule-implementation-perl \
libmodule-runtime-perl libmoo-perl libmultidimensional-perl \
libnet-cidr-lite-perl libnet-dns-perl libnet-http-perl libnet-ip-perl \
libnet-libidn-perl libnet-patricia-perl libnet-smtp-ssl-perl \
libnet-snmp-perl libnet-ssleay-perl libnet-xwhois-perl libnetaddr-ip-perl \
libparams-classify-perl libparams-validate-perl libregexp-assemble-perl \
librole-tiny-perl libsnmp-perl libsocket6-perl libsql-abstract-limit-perl \
libsql-abstract-perl libstrictures-perl libsub-exporter-progressive-perl \
libsub-name-perl libsvn-perl libterm-readkey-perl libtext-charwidth-perl \
libtext-iconv-perl libtext-wrapi18n-perl libtime-parsedate-perl \
libtime-piece-mysql-perl libtimedate-perl libtry-tiny-perl \
libuniversal-moniker-perl liburi-perl libwww-perl libwww-robotrules-perl \
libxml-libxml-perl libxml-namespacesupport-perl libxml-parser-perl \
libxml-sax-base-perl libxml-sax-expat-perl libxml-sax-perl \
libxml-simple-perl libyaml-libyaml-perl libyaml-perl libcompress-lz4-perl \
libxml-sax-expatxs-perl libbsd-resource-perl libarchive-zip-perl \
libio-string-perl libmath-int64-perl

apt install gnupg2 gnupg-agent pigz gnuplot git-svn dnsutils zip zsh tcsh \
gsfonts gsfonts-x11 pyzor razor lzop makedev mutt rename
systemctl stop gdm
systemctl disable gdm

wget https://cpan.metacpan.org/authors/id/J/JH/JHI/Statistics-DEA-0.04.tar.gz; tar xvfz Statistics-DEA-0.04.tar.gz; cd Statistics-DEA-0.04; perl Makefile.PL; make install
wget https://cpan.metacpan.org/authors/id/J/JM/JMASON/IPC-DirQueue-1.0.tar.gz; ...
wget https://cpan.metacpan.org/authors/id/G/GA/GAAS/Digest-SHA1-2.13.tar.gz; ...
wget https://cpan.metacpan.org/authors/id/N/NW/NWELLNHOF/IP-Country-DB_File-3.03.tar.gz; ...

rsync -va root@sa-vm1.apache.org:'/usr/local/bin/*.sh' /usr/local/bin/
rsync -va root@sa-vm1.apache.org:'/usr/local/bin/dns_compare' /usr/local/bin/
apt install python python-dnspython

rsync -va root@sa-vm1.apache.org:/etc/letsencrypt /etc/
apt install certbot python3-requests
# change to python3 --> /etc/letsencrypt/acme-dns-auth.py #! python3

rsync -va root@sa-vm1.apache.org:/usr/local/spamassassin/automc/svn/automc/apache2-le-ssl.conf /etc/apache2/sites-available/
rsync -va root@sa-vm1.apache.org:/etc/apache2/sites-available/nsedit.conf /etc/apache2/sites-available/
a2ensite apache2-le-ssl
a2ensite nsedit
systemctl enable apache2
systemctl restart apache2

rsync -va root@sa-vm1.apache.org:/etc/rsyncd.conf /etc/
systemctl enable rsync
systemctl start rsync

##
## final syncs after shutting down sa-vm1 services, crons commented out
##

rsync -vaHz --delete root@sa-vm1.apache.org:/usr/local/spamassassin/. /usr/local/spamassassin/.
rsync -vaH --delete root@sa-vm1.apache.org:/var/www/. /var/www/.
rsync -vaH root@sa-vm1.apache.org:/etc/cron.d/automc :/etc/cron.d/svn /etc/cron.d
rsync -vaH root@sa-vm1.apache.org:/etc/cron.hourly/setperms /etc/cron.hourly
rsync -vaH root@sa-vm1.apache.org:/etc/cron.daily/checkDNShosting /etc/cron.daily

systemctl stop pdns
rm -f /var/lib/powerdns/pdns.sqlite3*
rsync -va root@sa-vm1.apache.org:'/var/lib/powerdns/pdns.sqlite3*' /var/lib/powerdns/
sqlite3 /var/lib/powerdns/pdns.sqlite3
### UPDATE domainmetadata SET content='DEFAULT' WHERE kind='SOA-EDIT-API' AND content='INCEPTION-INCREMENT';
# also replace /var/www/nsedit/*/* INCEPTION-INCREMENT -> DEFAULT
systemctl start pdns
systemctl enable pdns

systemctl start apache2
systemctl enable apache2

rsync -va root@sa-vm1.apache.org:/etc/letsencrypt /etc/

# check
# /etc/cron.d/* MAILTO=
# /usr/local/bin/* NOTIFY=
# uncomment cron

# fixes to masscheck, revisions r1880323, r1880320, r1880318, r1880316, r1880312, r1880309

...