Installing a Development Server From Scratch

Prev	Chapter 2. How to Install an OpenACS Server from Bare Metal and Four CDs	Next

Installing a Development Server From Scratch

Install Red Hat 8.0

Unplug the network cable from your computer.
Insert Red Hat 8.0 Disk 1 into the CD-ROM and reboot the computer
At the boot: prompt, press Enter for a graphical install
Press Tab and then Enter to skip checking the media
After the graphical page loads, click Next
Click Next for English
Click Next for an English keyboard
Click Next for your mouse
Choose Server and click Next. This selects a bunch of packages automatically, and gets us close to what we want. Later we'll fine-tune the packages we want installed.
Reformat the hard drive
1. We're going to let the installer wipe out the hard drive and set up partitions on its own. Choose Automatically Partition and click Next
2. Uncheck Review (and modify if needed) the partitions created and click Next
3. On the pop-up window, click Yes
4. Click Next on the boot loader screen
Configure Networking
1. Click Edit, uncheck Configure using DHCP and type in your IP and netmask. Click Ok.
2. Type in your host name, gateway, and DNS server(s). Then click Next.
3. Choose High security level. Check WWW, SSH, and Mail (SMTP). In the Other ports box, enter 443, 8000, 8443. Click Next.
  Port 443 is for https (http over ssl), and 8000 and 8443 are http and https for the development server we'll be setting up.
Click Next on the additional language support page.
Choose your time zone and click Next.
Type in a root password, twice. Click Add and enter username remadmin and a password, twice, then click OK. Then click Next.
The "remadmin" user is used to connect remotely, since for security reasons we will block remote login as root.
On the Package selection page, remove packages we don't want and add packages we do want.
check Editors,
click Details next to Text-based Internet, check lynx, and click OK;
check Authoring and Publishing,
uncheck Server Configuration Tools,
uncheck Web Server,
uncheck Windows File Server,
check Development Tools,
uncheck Administration Tools, and
uncheck Printing Support.
At the bottom, check Select Individual Packages and click Next
On the Individual Packages screen, further adjust the exact combination of packages. Select Flat View and wait. In the list of packages,
uncheck apmd,
check ImageMagick,
uncheck isdn4k-utils,
uncheck nfs-utils,
uncheck pam,
uncheck portmap,
uncheck postfix,
uncheck rhn-applet,
uncheck rsh,
uncheck sendmail,
check tcl, and
uncheck xinetd.
Click Next
On the next screen, choose Ignore Package Dependencies and click Next.
In the last few steps, we've fine-tuned the installation to eliminate many packages that we don't need, some of which represent possible security weaknesses.
Click Next to start the install.
Wait. Insert Disk 2 when asked.
Wait. Insert Disk 3 when asked.
Select No,I do not want to create a boot disk and click Next.
Click Exit, remove the CD, and watch the computer reboot.
After it finishes rebooting and shows the login prompt hostname login:, type root and your password.
Lock down SSH
1. As a security precaution, we are now going to tell ssh not to allow anyone to connect directly to this computer as root. Type this into the shell:
```
emacs /etc/ssh/sshd_config
```
2. Search for the word "root" by typing C-s (that's emacs-speak for control-s) and then root.
  Change the line
```
#PermitRootLogin yes
```
  to
```
PermitRootLogin no
```
  and save and exit by typing C-x C-s C-x C-c
3. ```
service sshd restart
```
Red Hat still installed a few services we don't need, and which can be security holes. Turn them off, and then stop them from restarting automatically.
```
service pcmcia stop
service netfs stop
chkconfig --del pcmcia
chkconfig --del netfs
```
Plug in the network cable.
Verify that you have connectivity by going to another computer and ssh'ing to yourserver, logging in as remadmin, and changing to root via su -

Install supporting software

Get the necessary software onto the computer. DO EITHER:

If you have the CD-ROM, Insert the OpenACS 4.5 CD-ROM. As root:
```
mount /mnt/cdrom 
cp -r /mnt/cdrom/* /tmp
chmod 644 /tmp/*
umount /mnt/cdrom
```
Remove the OpenACS 4.5 CD-ROM.

OR If you want to download the tarball, as root:

cd /tmp
wget http://aufrecht.org/openacs-4.5-quick-guide.tar.bz2
tar xjf openacs-4.5-quick-guide.tar.bz2
mv openacs-4.5-quick-guide/* .
chmod 644 /tmp/*

From here on out, these instructions assume that you will use another computer to connect via ssh to the server and use a web browser to read and copy commands and an ssh client to type and paste commands. Each continuous block of commands is designed to be pasted as a whole, and each section assumes that you start as root.

If you want to do all this on one computer, the easiest way is probably to install X. In that case, you should install X during the initial install. You can also do this all from a text console by typing lynx -dump /tmp/openacs-4.5-quick-guide.html >/tmp/openacs-4.5-quick-guide.txtemacs /tmp/openacs-4.5-quick-guide.txt You can then open a shell from within emacs via M-x shell (That is, press and release the Escape key. Then press the x key. Then type the word shell). You can switch between the instructions and the shell with the command C-x b (press and hold Control. Press and release x. Release control. Press and release b. In emacs, you can copy by marking the beginning of a region with C-[space], moving to the end, and typing M-w. Paste with C-w. Note also that at any point where the instructions call for typing emacs you should instead use the emacs command to open a file, C-x C-f. At this point, those new to emacs will be forgiven for simply printing the instructions and hand-retyping the commands. Or eating the instructions.

Compile and install CVS, qmail, and several qmail prerequisites: daemontools for supervising other processing and ucscp-tcp for listening for incoming TCP requests. Then compile and install PostgreSQL and prepare aolserver, a web server, for compilation.

cp /tmp/emacs.txt ~/.emacs
mkdir /cvsroot
cvs -d /cvsroot init
mkdir /cvsroot/openacs
mkdir -p /package 
chmod 1755 /package 
cd /package 
tar xzf /tmp/daemontools-0.76.tar.gz 
cd admin/daemontools-0.76 
package/install 
cp /tmp/svgroup.txt /usr/local/bin/svgroup 
chmod 755 /usr/local/bin/svgroup
cd /usr/local/src 
tar xzf /tmp/qmail-1.03.tar.gz 
mkdir /var/qmail 
groupadd nofiles 
useradd -g nofiles -d /var/qmail/alias alias 
useradd -g nofiles -d /var/qmail qmaild 
useradd -g nofiles -d /var/qmail qmaill 
useradd -g nofiles -d /var/qmail qmailp 
groupadd qmail 
useradd -g qmail -d /var/qmail qmailq 
useradd -g qmail -d /var/qmail qmailr 
useradd -g qmail -d /var/qmail qmails
cd qmail-1.03 
make setup check 
rm -f /usr/bin/sendmail 
ln -s /var/qmail/bin/sendmail /usr/sbin/sendmail 
./config 
cd ~alias; touch .qmail-postmaster .qmail-mailer-daemon .qmail-root 
chmod 644 ~alias/.qmail* 
/var/qmail/bin/maildirmake ~alias/Maildir/ 
chown -R alias.nofiles /var/qmail/alias/Maildir 
echo "./Maildir" > /var/qmail/bin/.qmail 
cp /tmp/qmail.rc.txt /var/qmail/rc 
chmod 755 /var/qmail/rc 
cd /usr/local/src 
tar xzf /tmp/ucspi-tcp-0.88.tar.gz 
cd ucspi-tcp-0.88 
make 
make setup check 
cp /tmp/tcp.smtp.txt /etc/tcp.smtp 
tcprules /etc/tcp.smtp.cdb /etc/tcp.smtp.tmp < /etc/tcp.smtp 
/usr/local/bin/tcpserver -x /etc/tcp.smtp.cdb -v -u 502 -g 501 0 smtp /var/qmail/bin/qmail-smtpd 2>&1 | /var/qmail/bin/splogger smtpd 3 & 
csh -cf '/var/qmail/rc &'
echo "/usr/local/bin/tcpserver -x /etc/tcp.smtp.cdb -v -u 502 -g 501 0 smtp /var/qmail/bin/qmail-smtpd \ " >> /etc/rc.local
echo "2>&1 | /var/qmail/bin/splogger smtpd 3 &  " >> /etc/rc.local
echo "csh -cf '/var/qmail/rc &' " >> /etc/rc.local
cd /usr/local/src 
tar xzf /tmp/postgresql-7.2.3.tar.gz 
groupadd web 
groupadd nsadmin 
useradd -g web -d /usr/local/pgsql postgres 
mkdir -p /usr/local/pgsql 
chown -R postgres.web /usr/local/pgsql /usr/local/src/postgresql-7.2.3 
chmod 750 /usr/local/pgsql 
su - postgres
cp /tmp/emacs.txt ~/.emacs
echo "export LD_LIBRARY_PATH=LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/local/pgsql/lib" >> ~/.bashrc
echo "export PATH=$PATH:/usr/local/pgsql/bin" >> ~/.bashrc
cd /usr/local/src/postgresql-7.2.3 
./configure 
make all 
make install 
make install-all-headers 
cd contrib/intarray 
make 
make install 
cd 
/usr/local/pgsql/bin/initdb -D /usr/local/pgsql/data 
/usr/local/pgsql/bin/pg_ctl -D /usr/local/pgsql/data -l /usr/local/pgsql/data/server.log start
sleep 10
createlang plpgsql template1 
createuser -a -d nsadmin 
exit 
ln -s /usr/local/pgsql/include/server/ /usr/local/pgsql/include/postgresql 
cp /tmp/postgresql.txt /etc/init.d/postgresql 
chown root.root /etc/init.d/postgresql 
chmod 700 /etc/init.d/postgresql 
chkconfig --add postgresql 
cd /usr/local/src 
tar xzf /tmp/aolserver3.3ad13-oacs1-beta-src.tar.tgz 
tar xzf /tmp/Search-OpenFTS-tcl-0.2.tar.gz 
useradd -g nsadmin -G web -d /usr/local/aolserver nsadmin 
mkdir -p /web /usr/local/aolserver /backup/openacs /var/log/aolserver
chown -R nsadmin.web /usr/local/aolserver /web /usr/local/src/aolserver /usr/local/src/Search-OpenFTS-tcl-0.2 /cvsroot/openacs /var/log/aolserver/
chmod 775 /usr/local/aolserver /web 
useradd -g web backup
chown backup.web /backup
chmod 1770 /backup
chown nsadmin.web /backup/openacs
chmod 770 /backup/openacs
su - nsadmin 
cp /tmp/emacs.txt ~/.emacs
echo "export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/local/pgsql/lib" >> ~/.bashrc
echo "export PATH=$PATH:/usr/local/pgsql/bin" >> ~/.bashrc
echo "export CVSROOT=/cvsroot" >> ~/.bashrc
exit

In the following section, the line ./conf-clean will produce an error message, "cat: BUILD-MODULES: No such file or directory". This can be safely ignored. Beginning as root:
```
su - nsadmin 
cd /usr/local/src/aolserver 
./conf-clean 
echo "postgresql" > conf-db 
echo "make" > conf-make 
emacs pgdriver/makefile
```

One of the PostgreSQL make files has to be changed slightly. Search for PGLIB. Change the file from:

# Location of the PostgreSQL libraries
#PGLIB=/usr/local/pgsql/lib
PGLIB=/usr/lib

# Location of the PostgreSQL includes
#PGINC=/usr/local/pgsql/include
PGINC=/usr/include/pgsql

To:

# Location of the PostgreSQL libraries
PGLIB=/usr/local/pgsql/lib
#PGLIB=/usr/lib

# Location of the PostgreSQL includes
PGINC=/usr/local/pgsql/include
#PGINC=/usr/include/pgsql

and save and exit emacs. Then:

exit

Compile Aolserver along with the nsopenssl module for ssl and OpenFTS module for PostgreSQL full text search. Beginning as root:

su - nsadmin
cd /usr/local/src/aolserver
./conf 
tar xzf /tmp/nsopenssl-2.1.tar.gz 
cd nsopenssl-2.1 
make OPENSSL=/usr/local/ssl 
cp nsopenssl.so /usr/local/aolserver/bin 
cp https.tcl /usr/local/aolserver/modules/tcl/ 
mkdir /usr/local/aolserver/certs 
chmod 700 /usr/local/aolserver/certs 
cp -p *.pem /usr/local/aolserver/certs 
cd /usr/local/src/Search-OpenFTS-tcl-0.2 
./configure --with-aolserver-src=/usr/local/src/aolserver/aolserver/ --with-tcl=/usr/lib/ 
make 
cd aolserver 
make 
exit 
cd /usr/local/src/Search-OpenFTS-tcl-0.2
make install 
cp /tmp/restart-aolserver-daemon.txt /usr/local/bin/restart-aolserver
chmod 755 /usr/local/bin/restart-aolserver
su - nsadmin 
cp /usr/local/src/Search-OpenFTS-tcl-0.2/aolserver/nsfts.so /usr/local/aolserver/bin 
cd
cp /tmp/nsd-postgres.txt ./bin/nsd-postgres 
chmod 700 ./bin/nsd-postgres 
exit
cp /tmp/daily_backup.txt /root/daily_backup
chmod 700 /root/daily_backup
echo "30 0 * * * /root/daily_backup automatic" | crontab -u root -
cd /usr/local/src
tar xvzf /tmp/analog-5.31.tar.gz
cd analog-5.31
make
cd ..
mv analog-5.31 /usr/share/
sh /root/daily_backup full

This concludes the installation of everything except OpenACS. Qmail and PostgreSQL are installed, running, and set to run automatically on reboot. Aolserver with ssl certificates and OpenFTS is installed but not running.

Install OpenACS

Unpack the OpenACS files, create an empty database, and start aolserver.

If you want to set up a production server instead of a development server, stop here and continue with 2 in Chapter 4

Unpack the OpenACS files and create the database. From a root shell:

su - nsadmin
cd /web
tar xzf /tmp/openacs-4-5-release.tgz 
mv openacs-4 openacs-dev 
createdb openacs-dev 
exit
echo "0 1 * * * /usr/local/pgsql/bin/vacuumdb openacs-dev" >> /var/spool/cron/root
su - nsadmin
cp /tmp/ja_openacs.css /web/openacs-dev/packages/acs-core-docs/www/
cp /tmp/ja-openacs.xsl /web/openacs-dev/packages/acs-core-docs/www/xml/
cd /usr/local/aolserver
cp /tmp/openacs-dev.tcl.txt ./openacs-dev.tcl
chmod 660 openacs-dev.tcl 
emacs openacs-dev.tcl

Find the line set address 127.0.0.1 and replace the 127.0.0.1 with your IP address and save and exit.
```
exit
```
If you skip this step, your dev server will only be accessible from the machine itself - this can be a nice security feature to keep people from stumbling onto, or exploiting bugs in, your work in progress.

Set up a directory for Daemontools to use to control aolserver. From a root shell:

su - nsadmin
mkdir -p /usr/local/aolserver/daemontools/openacs-dev
cp /tmp/run-dev.txt /usr/local/aolserver/daemontools/openacs-dev/run 
chmod 700 /usr/local/aolserver/daemontools/openacs-dev/run 
exit 
ln -s /usr/local/aolserver/daemontools/openacs-dev /service 
sleep 10
svgroup nsadmin /service/openacs-dev

Install the data-model via the web interface and do initial setup.
1. Open a web browser and browse to http://yourserver:8000
2. Click Next and wait a few minutes.
3. Click Next when it appears at the bottom of the page.
4. Click Next when it appears at the bottom of the page.
5. Fill out the form on the Create Administrator page and click Create User.
6. Fill out the form on the System Information page and click Set System Information.
7. Add full text search support to the database. From a root shell:
```
su - nsadmin 
psql -f /usr/local/src/postgresql-7.2.3/contrib/intarray/_int.sql openacs-dev
psql -f /usr/local/src/Search-OpenFTS-tcl-0.2/func_pgsql/create_func.sql openacs-dev
exit
```
8. Browse to http://yourserver:8000.
9. Click on the Site Map link on the top right side of the page.
10. Type in the administrator email address and password that you entered on the Create Administrator page and click Submit.
11. Click on the link set parameters after ACS Kernel
12. Click on the link system-information. Change the value in SystemURL to your URL. Click on Set Parameters
Install and set up several packages, including full text search and automated testing.
1. Click on Main Site.
2. Click on Package Manager.
3. Click OK for each of the two pop-up windows concerning certificates.
  If IE fails to redirect you to the secure site, browse to https://yourserver:8443/ and click on Package Manager..
  These windows appear because we are switching to a secure web page, and the certificate used for that security is just the expired test certificate that comes with nsopenssl. Before you go live to the outside world, you may want to replace those with a real certificate. Unfortunately, those cost money.
4. Type in the administrator email address and password that you entered on the Create Administrator page and click Submit.
  Yes, again. You have to log in twice. Not sure if this is a bug or a feature
5. Click on the Install packages link
6. On the next screen, after it loads, click on Uncheck all boxes, then on the checkboxes in the Enable column for ACS Automated testing 4.0a and OpenFTS Driver 4.2. This will automatically check the adjacent box. Then click Next.
7. Click Install Packages
8. ```
restart-aolserver openacs-dev
```
9. Wait a minute, then click on Main Site at the top of the page.
10. Click on Site Map on the top right side of the screen.
11. Mount the test package in the site map.
  1. Click the new sub folder link on the Main Site line.
  2. Type test and click New.
  3. Click the new application link on the test line.
  4. Type Automated Test where it says untitled, choose ACS Automated Test from the drop-down list, and click New.
12. Mount the OpenFTS Full Text Search Engine in the site map.
  1. Click the new sub folder link on the Main Site line.
  2. Type openfts and click New.
  3. On the openfts line, click the mount link.
  4. Click OpenFTS Driver.
13. Mount the Search interface in the site map.
  1. Click the new sub folder link on the Main Site line.
  2. Type search and click New.
  3. Click the new application link on the search line.
  4. Type search where it says untitled, choose search from the drop-down list, and click New.
14. ```
restart-aolserver openacs-dev
```
15. Wait a minute, then click on Main Site at the top of the page.
16. Finish installing the OpenFTS package.
  1. Near the bottom of the page, click on the OpenFTS Driver link. Click on Administration. Click on Initialize OpenFTS Engine. Click Initialize OpenFTS Engine.
  2. Click on the Main Site.
  3. Click on the ACS Service Contract link near the bottom of the home page.
  4. On the FtsEngineDriver line, click Install.

Import all files into cvs and then check them back out. Back up the database.

su - nsadmin
restart-aolserver openacs-dev
cd /web/openacs-dev
cvs import -m "initial install" openacs OpenACS-4-5 initial-install
cd /web
mv openacs-dev openacs-dev.orig
cvs checkout -d openacs-dev openacs
cd openacs-dev
cvs tag initial
cvs tag current
pg_dump -f /backup/openacs/openacs_dev_initial.dmp openacs-dev
exit

Done. Relax.

Prev	Home	Next
Before you begin	Up	How it Works

Add a comment

qmail setup question

if you echo ./Maildir to the qmail file, doesn't
that make it a file, rather than a directory? Is
this what you intended?

i used ./Mailder/ in order to use the directory format.

bob phillips (rawdirt@ghost.slanger.org)

-- bob phillips on March 01, 2003 03:32 PM (view details)

Last modified: Fri May 07 10:04:29 CDT 2004