[ic] New guide for setting up a Centos / RHEL 5 server and installing Interchange

Jon Jensen jon at endpoint.com
Tue Aug 25 04:37:00 UTC 2009


On Mon, 24 Aug 2009, Peter wrote:

>> With only a little tweaking you can move your iptables rules into a 
>> standard RHEL iptables file in /etc/sysconfig/iptables, and then use 
>> "service iptables {stop,start,restart}" and chkconfig to deal with it 
>> instead of a nonstandard script. Take a look at the existing file, as 
>> it's very similar to manual invocations of iptables and easy to adapt 
>> to.
>
> The script that I use actually does use the service iptables (or 
> actually /etc/init.d/iptables which is the same thing) internally in the 
> script.  At any rate, the service can be used to start and stop iptables 
> but I like the script for defining the rules for the simple reason that 
> it is possible for the service to overwrite /etc/sysconfig/iptables. 
> In fact a bad update could overwrite that file accidentally as well, 
> then you've corrupted or lost all your rules.  By putting them into a 
> shell script that loads them all up (and then saves them with 
> /etc/init.d/iptables save) you needn't worry about what fate may befall 
> /etc/sysconfig/iptables as you can merrily re-run the script and all 
> will be good again.

Ah, ok. I didn't notice you are using the script to write out 
/etc/sysconfig/iptables. That makes sense. I have never, ever seen 
/etc/sysconfig/iptables be accidentally overwritten by an upgrade or 
automatic process -- only by careless sysadmins. But I see what you're 
getting at now. My only remaining very slight objection would be that it's 
an irrelevant distraction in a tutorial about setting up Interchange, but 
that's your judgement call. :)

>> Also, if you do have users upgrade Postgres, this should not be 
>> necessary:
>>
>>      sudo emacs /etc/yum.repos.d/CentOS-Base.repo
>>
>>      * at the end of the [base] section right after the gpgkey line add the following line:
>>
>>      exclude=postgres*
>>
>> Because RHEL/CentOS won't release a newer major version of Postgres 
>> than is in the repo, there's no need to exclude it.
>
> I thought so too but when I did the yum install it tried to install some 
> packages from the Centos Base repository and ended up complaining about 
> version dependencies.  Adding the exclude line fixed it.

Ok. I have seen the problem before when no compat library is included for 
the 8.1 Postgres libraries that ship with RHEL 5. I don't use the Postgres 
(PGDG) yum repo directly because of problems I've had with it before, but 
instead we use our own. So maybe my advice is too trusting of their repos 
and your exclude is safer.

>> All those mentions of line numbers in httpd.conf is very fragile. At 
>> the least I would recommend you also include a patch file, and since 
>> it's HTML, you can colorize it for even easier readability.
>
> A patch file won't help a newbie to set his domain name at a certain 
> place and the temptation will be there to simply apply the patch and 
> leave it which won't work either.  I actually didn't write this in html, 
> I just dumped it to html when I was done.  I'll see if I can do 
> something for readability when it gets wikified.  I'm open to other 
> suggestions on how to make it easier to find the correct line in the 
> file.

I understand what you mean about not making it too easy to avoid making 
each change and thinking about it. I suggested a patchfile just so there's 
something readable for the almost certain case that the line numbers don't 
match up when someone's using an older or newer version of CentOS. But 
maybe you just let people figure that out on their own, or you can use a 
quasi-patch file with some context but not an actually runnable patch 
file. Or you just trust people will do what they want to do anyway and 
don't worry about it. :)

> I appreciate it and will be making a lot of the changes that you 
> suggest.

Thanks again for writing it. It's great to see this. I hope Stefan will 
write us up a SuSE Interchange install doc soon too, since I know he's 
wrestled with that a bit recently.

Jon


-- 
Jon Jensen
End Point Corporation
http://www.endpoint.com/



More information about the interchange-users mailing list