Index: openacs-4/packages/acs-core-docs/www/xml/install-guide/maintenance.xml
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/acs-core-docs/www/xml/install-guide/maintenance.xml,v
diff -u -r1.30 -r1.30.6.1
--- openacs-4/packages/acs-core-docs/www/xml/install-guide/maintenance.xml 11 Dec 2010 23:36:32 -0000 1.30
+++ openacs-4/packages/acs-core-docs/www/xml/install-guide/maintenance.xml 23 Jun 2016 08:32:46 -0000 1.30.6.1
@@ -130,7 +130,7 @@
- Most of this information comes from Tom Jackson's AOLserver+Daemontools
Mini-HOWTO.
@@ -202,12 +202,12 @@
Install a script called
restart-aolserver. This
- script doesn't actually restart AOLserver - it just kills
+ script doesn't actually restart AOLserver - it just kills
it.
- Ask the OS to restart our service whenever it's not
+ Ask the OS to restart our service whenever it's not
running. We do this by adding a line to
/etc/inittab.
@@ -250,8 +250,8 @@
Test the restart-aolserver
- script. We'll first kill all running servers to clean the
- slate. Then, we'll start one server and use
+ script. We'll first kill all running servers to clean the
+ slate. Then, we'll start one server and use
restart-aolserver to kill
it. If it works, then there should be no more servers
running. You should see the following lines.
@@ -352,7 +352,7 @@
If you want to install two services with different host
- names sharing the same ip, you'll need nsvhr to redirect requests
+ names sharing the same ip, you'll need nsvhr to redirect requests
based on the contents of the tcp headers. See AOLserver
Virtual Hosting with TCP by markd.
@@ -402,10 +402,10 @@
To set up a developmental installation, first set up
either your developmental installation or your production
installation, and follow the instructions for committing your
- files to CVS. We'll assume in this example that you set up the
+ files to CVS. We'll assume in this example that you set up the
production server (service0). To set up the developmental instance,
you then follow the intall guide again, this time creating a new
- user (service0-dev) that you'll use for the new installation. To get
+ user (service0-dev) that you'll use for the new installation. To get
the files for service0-dev, you check them out from cvs (check out
service0).
@@ -418,18 +418,18 @@
emacs web/etc/daemontools/run
- In the config.tcl file, you'll probably want to pay attention
+ In the config.tcl file, you'll probably want to pay attention
the rollout support section. That will ensure that email on your
developmental server will not be sent out to the general world.
Also, instead of going through the OpenACS online
- installer, you'll actually load live data into your production
+ installer, you'll actually load live data into your production
server.
You can even automate the process of getting live data
from your production server. Copy something like this to
- /home/service0-dev/bin and put it in service0-dev's crontab to
- run once a night. You'll need to make sure the database backups
+ /home/service0-dev/bin and put it in service0-dev's crontab to
+ run once a night. You'll need to make sure the database backups
are set up in service0's crontab, and that if the servers are on
different physical machines, that the database backup is copied
to the developmental machine once per night.
@@ -462,7 +462,7 @@
if the file is /var/lib/aolserver/service0-dev/www/index.adp, do:
cd /var/lib/aolserver/service0-dev/www
-cvs diff index.adp (this is optional; it's just a
+cvs diff index.adp (this is optional; it's just a
reality check)
the lines starting > will be added and the lines
starting < will be removed, when you commit
@@ -480,7 +480,7 @@
If you make changes that require changes to the database,
test them out first on service0-dev, using either -create.sql or
- upgrade scripts. Once you've tested them, you then update and
+ upgrade scripts. Once you've tested them, you then update and
run the upgrade scripts from the package manager.
The production site can run "HEAD" from cvs.
@@ -570,7 +570,7 @@
chmod 700 /var/lib/aolserver/$OPENACS_SERVICE_NAME/etc/certs
- It takes two files to support an SSL connection. The certificate is the public half of the key pair - the server sends the certificate to browser requesting ssl. The key is the private half of the key pair. In addition, the certificate must be signed by Certificate Authority or browsers will protest. Each web browser ships with a built-in list of acceptable Certificate Authorities (CAs) and their keys. Only a site certificate signed by a known and approved CA will work smoothly. Any other certificate will cause browsers to produce some messages or block the site. Unfortunately, getting a site certificate signed by a CA costs money. In this section, we'll generate an unsigned certificate which will work in most browsers, albeit with pop-up messages.
+ It takes two files to support an SSL connection. The certificate is the public half of the key pair - the server sends the certificate to browser requesting ssl. The key is the private half of the key pair. In addition, the certificate must be signed by Certificate Authority or browsers will protest. Each web browser ships with a built-in list of acceptable Certificate Authorities (CAs) and their keys. Only a site certificate signed by a known and approved CA will work smoothly. Any other certificate will cause browsers to produce some messages or block the site. Unfortunately, getting a site certificate signed by a CA costs money. In this section, we'll generate an unsigned certificate which will work in most browsers, albeit with pop-up messages.
Use an OpenSSL perl script to generate a certificate and key.
@@ -592,7 +592,7 @@
Enter a pass phrase for the CA certificate. Then, answer the rest of the questions. At the end you should see this:
Certificate (and private key) is in newreq.pem
[$OPENACS_SERVICE_NAME certs]$
- newreq.pem contains our certificate and private key. The key is protected by a passphrase, which means that we'll have to enter the pass phrase each time the server starts. This is impractical and unnecessary, so we create an unprotected version of the key. Security implication: if anyone gets access to the file keyfile.pem, they effectively own the key as much as you do. Mitigation: don't use this key/cert combo for anything besides providing ssl for the web site.
+ newreq.pem contains our certificate and private key. The key is protected by a passphrase, which means that we'll have to enter the pass phrase each time the server starts. This is impractical and unnecessary, so we create an unprotected version of the key. Security implication: if anyone gets access to the file keyfile.pem, they effectively own the key as much as you do. Mitigation: don't use this key/cert combo for anything besides providing ssl for the web site.
[root misc]# openssl rsa -in newreq.pem -out keyfile.pem
read RSA key
Enter PEM pass phrase:
@@ -642,9 +642,9 @@
Edit
/var/lib/aolserver/$OPENACS_SERVICE_NAME/etc/analog.cfg and change the variable in HOSTNAME "[my
organisation]" to reflect your website title. If you
-don't want the traffic log to be publicly visible, change
+don't want the traffic log to be publicly visible, change
OUTFILE /var/lib/aolserver/$OPENACS_SERVICE_NAME/www/log/traffic.html to use a private
-directory. You'll also need to edit all instances of service0 to your $OPENACS_SERVICE_NAME.
+directory. You'll also need to edit all instances of service0 to your $OPENACS_SERVICE_NAME.
Run it.
@@ -694,7 +694,7 @@
Isolating and solving database problems.
- Without daily internal maintenance, most databases slowly degrade in performance. For PostGreSQL, see . For Oracle, use exec dbms_stats.gather_schema_stats('SCHEMA_NAME') (Andrew Piskorski's Oracle notes).
+ Without daily internal maintenance, most databases slowly degrade in performance. For PostGreSQL, see . For Oracle, use exec dbms_stats.gather_schema_stats('SCHEMA_NAME') (Andrew Piskorski's Oracle notes).
You can track the exact amount of time each database query on a page takes:
@@ -771,7 +771,7 @@
order by s.username ,s.sid ,s.serial# ,sql.piece ;
To kill a troubled process:
alter system kill session 'SID,SERIAL#'; --substitute values for SID and SERIAL#
- (See Andrew Piskorski's Oracle notes)
+ (See Andrew Piskorski's Oracle notes)
@@ -809,9 +809,9 @@
what is going on inside Oracle. Oracle provides Statspack, a package to
monitor and save the state of the v$ performance views. These reports
help finding severe problems by exposing summary data about the Oracle
- wait interface, executed queries. You'll find the installation
+ wait interface, executed queries. You'll find the installation
instructions in $ORACLE_HOME/rdbms/admin/spdoc.txt. Follow the
- instructions carefully and take periodic snapshots, this way you'll be
+ instructions carefully and take periodic snapshots, this way you'll be
able to look at historical performance data.