If you have an existing machine that is already fully prepared - for example, if you have already done Installation Guide and now you want to add a production server to the machine that's already hosting the development server, skip this step. Otherwise, do the section called “Install Red Hat 8.0” and the section called “Install supporting software”.
We're going to use the same files as the development server, but create a new database.
Get the initial tagged files from cvs and create the database. Starting as root:
su - nsadmin cd /web cvs export -r current -d openacs-initial openacs ln -s openacs-initial openacs-prod createdb openacs-prod mkdir /web/openacs-prod/www/global echo "$lt;master%gt;File not found" > /web/openacs-prod/www/global/file-not-found.adp exit touch /var/spool/cron/nsadmin echo "0 1 * * * /usr/share/analog-5.31/analog -G -ganalog-prod.cfg" >> /var/spool/cron/nsadmin echo "0 2 * * * /usr/local/pgsql/bin/vacuumdb openacs-prod" >> /var/spool/cron/nsadmin echo "0 3 * * * /usr/local/pgsql/bin/pg_dump -f /backup/openacs/openacs_prod_\$(date +%Y-%m-%d).dmp openacs-prod" >> /var/spool/cron/nsadmin
Create self-signed certificates. As root:
cd /usr/share/ssl/misc ./CA -newcert
Fill out the form, including a passphrase. Make sure that Common Name matches the host name of your production webserver.
mv newreq.pem cert+key+passphrase.pem cp cert+key+passphrase.pem newreq.pem openssl rsa -in cert+key+passphrase.pem -out keyfile.pem
Type in the passphrase.
cp cert+key+passphrase.pem certfile.pem emacs certfile.pem
Strip out the section that looks like
-----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED DEK-Info: DES-EDE3-CBC,F3EDE7CA1B404997 S/Sd2MYA0JVmQuIt5bYowXR1KYKDka1d3DUgtoVTiFepIRUrMkZlCli08mWVjE6T [11 lines omitted] 1MU24SHLgdTfDJprEdxZOnxajnbxL420xNVc5RRXlJA8Xxhx/HBKTw== -----END RSA PRIVATE KEY-----and save and exit and continue:
cd /usr/local/aolserver/certs cp /usr/share/ssl/misc/certfile.pem . cp /usr/share/ssl/misc/keyfile.pem .
Set up the OpenACS server and analog log-file analyzer. Starting as root:
su - nsadmin cd /usr/local/aolserver cp /tmp/openacs-prod.tcl.txt ./openacs-prod.tcl cp /tmp/analog-prod.cfg.txt ./analog-prod.cfg chmod 660 openacs-prod.tcl emacs openacs-prod.tcl
Find the line set address 127.0.0.1 and replace 127.0.0.1 with your IP address and save and exit. Replace "New OpenACSInstallation" with your site name. Save and exit.
cd /web/openacs-prod/www mkdir log cd log cp -r /usr/share/analog-5.31/images . emacs analog-prod.cfg
Change the variable in
HOSTNAME "[my organisation]"to reflect your website title. If you don't want the traffic log to be publicly visible, change
OUTFILE /web/openacs-prod/www/traffic.htmlto use a private directory. Save and exit.
exit
Set up a directory for Daemontools to use to control aolserver. Starting as root:
mkdir -p /usr/local/aolserver/daemontools/openacs-prod cp /tmp/run-prod.txt /usr/local/aolserver/daemontools/openacs-prod/run chmod 700 /usr/local/aolserver/daemontools/openacs-prod/run exit ln -s /usr/local/aolserver/daemontools/openacs-prod /service sleep 10 svgroup nsadmin /service/openacs-prod
Install the data-model via the web interface and do initial setup.
Open a web browser and browse to http://yourserver
Click and wait a few minutes.
Click when it appears at the bottom of the page.
Click when it appears at the bottom of the page.
Fill out the form on the Create Administrator page and click .
Fill out the form on the System Information page and click .
Add full text search support to the database. From a root shell:
su - nsadmin psql -f /usr/local/src/postgresql-7.2.3/contrib/intarray/_int.sql openacs-prod psql -f /usr/local/src/Search-OpenFTS-tcl-0.2/func_pgsql/create_func.sql openacs-prod exit
Browse to http://yourserver.
Click on the Site Map link on the top right side of the page.
Type in the administrator email address and password that you entered on the Create Administrator page and click .
Click on the link set parameters after ACS Kernel
Click on the link system-information. Change the value in SystemURL to your URL. Click on Set Parameters
Install and set up several packages, including full text search and automated testing.
Click on Main Site.
Click on Package Manager.
Click OK for each of the two pop-up windows concerning certificates.
If IE fails to redirect you to the secure site, browse to https://yourserver and click on Package Manager..
These windows appear because we are switching to a secure web page, and the certificate used for that security is just the expired test certificate that comes with nsopenssl. Before you go live to the outside world, you may want to replace those with a real certificate. Unfortunately, those cost money.
Type in the administrator email address and password that you entered on the Create Administrator page and click Submit.
Yes, again. You have to log in twice. Not sure if this is a bug or a feature
Click on the Install packages link
On the next screen, after it loads, click on Uncheck all boxes, then on the checkboxes in the Enable column for ACS Automated testing 4.0a and OpenFTS Driver 4.2. This will automatically check the adjacent box. Then click .
Click
restart-aolserver openacs-prod
Wait a minute, then click on Main Site at the top of the page.
Click on Site Map on the top right side of the screen.
Mount the test package in the site map.
Click the new sub folder link on the Main Site line.
Type test and click .
Click the new application link on the test line.
Type Automated Test where it says untitled, choose ACS Automated Test from the drop-down list, and click .
Mount the OpenFTS Full Text Search Engine in the site map.
Click the new sub folder link on the Main Site line.
Type openfts and click .
On the openfts line, click the mount link.
Click OpenFTS Driver.
Mount the Search interface in the site map.
Click the new sub folder link on the Main Site line.
Type search and click .
Click the new application link on the search line.
Type search where it says untitled, choose search from the drop-down list, and click .
restart-aolserver openacs-prod
Wait a minute, then click on Main Site at the top of the page.
Finish installing the OpenFTS package.
Near the bottom of the page, click on the OpenFTS Driver link. Click on Administration. Click on Initialize OpenFTS Engine. Click .
Click on the Main Site.
Click on the ACS Service Contract link near the bottom of the home page.
On the FtsEngineDriver line, click Install.
Optional: if you have another secure computer, you can set the backup script to copy the daily backup files to the other computer. These instructions assume that the second server is called secondary.test and has a backup user also configured according to these instructions.
As root on yourserver
mkdir .ssh
ssh-keygen -t dsa -f ".ssh/id_dsa" -N "" -C ""
scp .ssh/id_dsa.pub remadmin@secondary:authorized_keys2
emacs /root/daily_backupSet OTHERHOST to secondary and save and exit.
Log into secondary as root.
groupadd web useradd backup -g web mkdir -p /backup chown backup.web /backup chmod 1770 /backup cp ~remadmin/authorized_keys2 ~backup/.ssh/ chown backup.web ~backup/.ssh/authorized_keys2
Back on yourserver as root,
ssh backup@secondaryAnswer yes to the question about accepting the host certificate to continue connecting.
Type exit to log out.
Add the new material to the daily backup.
emacs /root/daily_backup
Edit the DIRECTORIES variable to include /web/openacs-prod.
Scheduled database backup should use a script and not overwrite itself every night. Also, after the scp the new files ought to have ownership backup.root, but currently they have backup.web.
Generate a backup snapshot
su - nsadmin pg_dump -f /backup/openacs/openacs_prod_initial.dmp openacs-prod exit sh /root/daily_backup full
Install real self-signed certs instead of snake-oil sample. (Forthcoming)