Index: openacs-4/packages/acs-core-docs/www/xml/install-guide/credits.xml =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/acs-core-docs/www/xml/install-guide/credits.xml,v diff -u -r1.6.2.1 -r1.6.2.2 --- openacs-4/packages/acs-core-docs/www/xml/install-guide/credits.xml 24 Nov 2002 21:29:24 -0000 1.6.2.1 +++ openacs-4/packages/acs-core-docs/www/xml/install-guide/credits.xml 30 Mar 2003 05:56:18 -0000 1.6.2.2 @@ -9,10 +9,10 @@ together the January 2002 version of this guide from many sources of information. + Joel Aufrecht + updated the document in March 2003. + - - OpenACS &version; Installation Guide - OpenACS 3.x Installation Guide Fisheye: Tag 1.1 refers to a dead (removed) revision in file `openacs-4/packages/acs-core-docs/www/xml/install-guide/database-maintenance.xml'. Fisheye: No comparison available. Pass `N' to diff? Index: openacs-4/packages/acs-core-docs/www/xml/install-guide/openacs.xml =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/acs-core-docs/www/xml/install-guide/openacs.xml,v diff -u -r1.5.2.4 -r1.5.2.5 --- openacs-4/packages/acs-core-docs/www/xml/install-guide/openacs.xml 24 Nov 2002 21:29:24 -0000 1.5.2.4 +++ openacs-4/packages/acs-core-docs/www/xml/install-guide/openacs.xml 30 Mar 2003 05:56:18 -0000 1.5.2.5 @@ -5,107 +5,261 @@ by Vinod Kurup - - Downloading OpenACS + + Set up the file system for an OpenACS Service + + + + The reference install stores all OpenACS services in + /web, with one subdirectory per + service. The first time you install a service, you must create + that directory and set its permissions: + [root@yourserver root]# mkdir /web +[root@yourserver root]# chgrp web /web +[root@yourserver root]# chmod 770 /web +[root@yourserver root]# +mkdir /web +chgrp web /web +chmod 770 /web - - Download the OpenACS &version; software - to the /tmp directory: - + - + + You should already have downloaded the OpenACS tarball + to the /tmp directory. If + noot, download the OpenACS + tarball and save it in + /tmp and proceed: - Create a directory called web - inside your home directory and untar the downloaded components - there. Set the permissions as directed. The OpenACS &version; - tarball is currently named - openacs-4-6-release.tgz. Replace - openacs-4-6-release.tgz in the - commands below with whatever the current tarball is named. + + + Set up your user account. + + + AOLserver needs to be started as the root user if you want to use + port 80. Once it starts, though, it will drop the root privileges and + run as another user, which you must specify on the command line. It's + important that this user has as few privileges as possible. Why? + Because if an intruder somehow breaks in through AOLserver, you don't + want her to have any ability to do damage to the rest of your + server. + At the same time, AOLserver needs to have write access to + some files on your system in order for OpenACS to function + properly. So, we'll run AOLserver with a different user account + for each different service. A service name should be a single + word, letters and numbers only. If the name + of your site is one word, that would be a good choice. For + example "service0" might be the service name for the + service0.net + community. + For the &version;-P and &version;-O Reference Platform, + we'll use a server named service0 and + a user named service0. We'll leave the password + blank for increased security. The only way to log in will be + with ssh certificates. The only people who should log in are + developers for that specific instance. Add this user, and put + it in the web group so that it + can use database commands associated with that group. + - + [root@yourserver root]# useradd -g web service0 +[root@yourserver root]# + + Set up database environment variables. They are + necessary for working with the database. + + + [root@yourserver root]# su - service0 +[service0@yourserver service0]$ emacs .bashrc + Put in the appropriate lines for the database you are running. If you will use both databases, put in both sets of lines. + + + PostGreSQL: + export LD_LIBRARY_PATH=LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/local/pgsql/lib +export PATH=$PATH:/usr/local/pgsql/bin + + + Oracle. These environment variables are specific for a local Oracle + installation communicating via IPC. If you are connecting to a remote + Oracle installation, you'll need to adjust these appropriately. Also, + make sure that the '8.1.7' matches your Oracle version. + + export ORACLE_BASE=/ora8/m01/app/oracle +export ORACLE_HOME=$ORACLE_BASE/product/8.1.7 +export PATH=$PATH:$ORACLE_HOME/bin +export LD_LIBRARY_PATH=$ORACLE_HOME/lib:/lib:/usr/lib +export ORACLE_SID=ora8 +export ORACLE_TERM=vt100 +export ORA_NLS33=$ORACLE_HOME/ocommon/nls/admin/data + + + Test this by logging out and back in as + service0 and checking the paths. + [service0@yourserver service0]$ exit +logout +[root@yourserver src]# su - service0 +[postgres@yourserver pgsql]$ env | grep PATH + +For PostGreSQL, you should see: + +LD_LIBRARY_PATH=LD_LIBRARY_PATH=:/usr/local/pgsql/lib +PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/usr/bin/X11:/usr/X11R6/bin:/root/bin:/usr/local/pgsql/bin:/usr/local/pgsql/bin + For Oracle: + ORACLE_BASE=/ora8/m01/app/oracle +ORACLE_HOME=/ora8/m01/app/oracle/product/8.1.7 +PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/usr/bin/X11:/usr/X11R6/bin:/root/bin:/ora8/m01/app/oracle/product/8.1.7/bin +LD_LIBRARY_PATH=/ora8/m01/app/oracle/product/8.1.7/lib:/lib:/usr/lib +ORACLE_SID=ora8 +ORACLE_TERM=vt100 +ORA_NLS33=$ORACLE_HOME/ocommon/nls/admin/data + [service0@yourserver service0]$ exit +logout - -joeuser:~$ mkdir -p web -joeuser:~$ chown joeuser.web web -joeuser:~$ cd web -joeuser:~/web$ tar xzf /tmp/openacs-4-6-release.tgz -joeuser:~/web$ chown -R joeuser.web openacs-4 -joeuser:~/web$ chmod -R g+w openacs-4 +[root@yourserver root]# + + Unpack the OpenACS tarball and rename it to service0. Secure the directory so that only the owner can access it. Check the permissions by listing the directory. + [root@yourserver root]# su - service0 +[service0@yourserver service0]$ cd /web +[service0@yourserver web]$ tar xzf /tmp/openacs-4-6.tgz +[service0@yourserver web]$ mv openacs-4-6 service0 +[service0@yourserver web]$ chmod -R 700 service0 +[service0@yourserver web]$ ls -al +total 3 +drwxrwx--- 3 root web 1024 Mar 29 16:41 . +drwxr-xr-x 25 root root 1024 Mar 29 16:24 .. +drwx------ 7 service0 web 1024 Jan 6 14:36 service0 +[service0@yourserver web]$ exit +logout - - You should now have an - openacs-4/ directory tree in - ~/web. Rename this directory to - whatever you want your web service to be identified as. The name - of your web service is referred to as the - service_name. Since you can run multiple - separate web services under AOLserver, this identification is - used internally by AOLserver to differentiate your services from - one another. A service name should be a single word, - letters and numbers only. If the name of - your site is one word, that would be a good choice. For example - "birdnotes" might be the service name for the birdnotes.net - community. We'll use birdnotes as an example - in these docs. - - - -joeuser:~/web$ ls -l -drwxrwxr-x 8 joeuser web 4096 Nov 27 09:32 openacs-4 -joeuser:~/web$ mv openacs-4 birdnotes -joeuser:~/web$ ls -l -drwxrwxr-x 8 joeuser web 4096 Dec 20 14:37 birdnotes +[root@yourserver root]# +su - service0 +cd /web +tar xzf /tmp/openacs-4-6.tgz +mv openacs-4-6 service0 +chmod -R 700 service0/ +ls -al +exit - - + + + Add the Service to CVS - OPTIONAL + + cvs + setup + + If this is a development server, you may want to add it to your local CVS repository. + + + + Create and set permissions on a subdirectory in the local cvs repository. + [root@yourserver root]# mkdir /cvsroot/service0 +[root@yourserver root]# chown service0.web /cvsroot/service0 +[root@yourserver root]# +mkdir /cvsroot/service0 +chown service0.web /cvsroot/service0 + + + Add the repository location to the user environment. + [root@yourserver root]# su - service0 +[service0@yourserver service0]$ emacs .bashrc + Put this string into /home/service0/.bashrc: + export CVSROOT=/cvsroot + [service0@yourserver service0]$ exit +logout - Finally create a directory for the AOLserver logs. +[root@yourserver root]# + + + Import all files into cvs. In order to work on + files with source control, the files must be checked out + from cvs. So we will import, move aside, and then check + out all of the files. In the cvs import command, + service0 + refers to the cvs repository to use; it uses the CVSROOT + plus this string, + i.e. + /cvsroot/service0. + "OpenACS" is the vendor tag, and "openacs-4-6" is the + release tag. These tags will be useful in upgrading and + branching. -m sets the version comment. + [root@yourserver root]# su - service0 +[service0@yourserver service0]$ cd /web/service0 +[service0@yourserver service0]$ cvs import -m "initial install" service0 OpenACS openacs-4-6 +N service0/license.txt +N service0/readme.txt +(many lines omitted) +N service0/www/SYSTEM/flush-memoized-statement.tcl - - -joeuser:~/web$ mkdir birdnotes/log - +No conflicts created by this import - +[service0@yourserver service0]$ +su - service0 +cd /web/service0 +cvs import -m "initial install" service0 OpenACS openacs-4-6 + Move the original directory to a temporary location, and check out the cvs repository in its place. If the service starts correctly, come back and remove the temporary copy of the uploaded files. + [service0@yourserver service0]$ cd .. +[service0@yourserver web]$ mv service0 service0.orig +[service0@yourserver web]$ cvs checkout service0 +cvs checkout: Updating service0 +U service0/license.txt +(many lines omitted) +U service0/www/SYSTEM/dbtest.tcl +U service0/www/SYSTEM/flush-memoized-statement.tcl +[service0@yourserver web]$ exit +logout - +[root@yourserver web]# +cd .. +mv service0 service0.orig +cvs checkout service0 +exit + + + + + + Set up several additional directories in the service root: + etc is for configuration and control files, log is for error and request (web page hit) log files, and database-backup is for database backup files. If you did the CVS step, note that these new directories are excluded from that step so that you can decide whether or not you want your logs and config files in source control. + [root@yourserver root]# su - service0 +[service0@yourserver service0]$ mkdir /web/service0/etc /web/service0/log /web/service0/database-backup +[service0@yourserver web]$ exit +logout - - Skip ahead if you want to - - +[root@yourserver web]# +su - service0 +mkdir /web/service0/etc /web/service0/log /web/service0/database-backup +exit + + + + - Prepare Oracle for OpenACS - + Prepare Oracle for OpenACS + + OPTIONAL - if you won't be using Oracle, skip to - You should be sure that your user account - (e.g. joeuser) is in the + (e.g. service0) is in the dba group. - - - + Verify membership by typing groups when you login: -joeuser:~$ groups +service0:~$ groups dba web If you do not see these groups, take the following action: -joeuser:~$ su - +service0:~$ su - Password: ************ -root:~# adduser joeuser dba +root:~# adduser service0 dba If you get an error about an undefined group, then add that group manually: @@ -124,7 +278,7 @@ svrmgrl and login: -joeuser:~$ svrmgrl +service0:~$ svrmgrl SVRMGR> connect internal Connected. @@ -172,13 +326,13 @@ SVRMGR> exit -joeuser:~$ su - +service0:~$ su - Password: ************ root:~# mkdir -p /ora8/m02/oradata/ora8/ -root:~# chown joeuser.web /ora8/m02/oradata/ora8 +root:~# chown service0.web /ora8/m02/oradata/ora8 root:~# chmod 775 /ora8/m02/oradata/ora8 root:~# exit -joeuser:~$ +service0:~$ @@ -194,11 +348,11 @@ -joeuser:~$ svrmgrl +service0:~$ svrmgrl SVRMGR> connect internal; -SVRMGR> create tablespace birdnotes - datafile '/ora8/m02/oradata/ora8/birdnotes01.dbf' +SVRMGR> create tablespace service0 + datafile '/ora8/m02/oradata/ora8/service001.dbf' size 50M autoextend on next 10M @@ -210,23 +364,23 @@ Create a database user for this service. Give the user access to the tablespace and rights to connect. We'll use - birdnotespassword as our password. + service0password as our password. Write down what you specify as service_name - (i.e. birdnotes) and + (i.e. service0) and database_password - (i.e. birdnotespassword). You + (i.e. service0password). You will need this information for configuring exports and AOLserver. -SVRMGR> create user birdnotes identified by birdnotespassword default tablespace birdnotes -temporary tablespace temp quota unlimited on birdnotes; -SVRMGR> grant connect, resource, ctxapp, javasyspriv, query rewrite to birdnotes; -SVRMGR> revoke unlimited tablespace from birdnotes; -SVRMGR> alter user birdnotes quota unlimited on birdnotes; +SVRMGR> create user service0 identified by service0password default tablespace service0 +temporary tablespace temp quota unlimited on service0; +SVRMGR> grant connect, resource, ctxapp, javasyspriv, query rewrite to service0; +SVRMGR> revoke unlimited tablespace from service0; +SVRMGR> alter user service0 quota unlimited on service0; SVRMGR> exit; @@ -240,7 +394,7 @@ service_name account: -joeuser:~$ sqlplus birdnotes/birdnotespassword +service0:~$ sqlplus service0/service0password SQL> select sysdate from dual; SYSDATE @@ -255,173 +409,342 @@ in the wrong format, make sure you followed the steps outlined in - - - Next we'll set up AOLserver so that it has the proper environment - variables set before launching. Download this nsd-oracle script into - /tmp/nsd-oracle.txt : - - - -joeuser:~$ su - -Password: ******** -root:~# cd /usr/local/aolserver/bin -root:/usr/local/aolserver/bin# cp /tmp/nsd-oracle.txt ./nsd-oracle -root:/usr/local/aolserver/bin# chmod 750 nsd-oracle -root:/usr/local/aolserver/bin# exit - - - + + - Prepare PostgreSQL for OpenACS - - Preparing PostgreSQL is just a little bit simpler than preparing - Oracle. We simply need to create a database with the name of our - service-name - (i.e. birdnotes) - - -joeuser:~/web$ createdb birdnotes -CREATE DATABASE + Prepare PostgreSQL for an OpenACS Service + + + Create a user in the database matching the service name. + [root@yourserver root]# su - postgres +[postgres@yourserver pgsql]$ createuser service0 +Shall the new user be allowed to create databases? (y/n) y +Shall the new user be allowed to create more new users? (y/n) y +CREATE USER +[postgres@yourserver pgsql]$ exit +logout - Next we'll set up AOLserver so that it has the proper environment - variables set before launching. Download this nsd-postgres script into - /tmp/nsd-postgres.txt : - - -joeuser:~/web$ cd -joeuser:~$ su - -Password: ******** -root:~# cd /usr/local/aolserver/bin -root:/usr/local/aolserver/bin# cp /tmp/nsd-postgres.txt ./nsd-postgres -root:/usr/local/aolserver/bin# chmod 755 nsd-postgres -root:/usr/local/aolserver/bin# exit +[root@yourserver root]# + + + Create a database with the same name as our service name, service0. + [root@yourserver root]# su - service0 +[service0@yourserver service0]$ createdb service0 +CREATE DATABASE +[service0@yourserver service0]$ +su - service0 +createdb service0 + + + Automate daily database Vacuuming. This is a process which cleans out discarded data from the database. A quick way to automate vacuuming is to edit the cron file for the database user. + + Postgres + Vacuuming + + [service0@yourserver service0]$ export EDITOR=emacs;crontab -e + Add this line to the file. The numbers and stars at the beginning are cron columns that specify when the program should be run - in this case, whenever the minute is 0 and the hour is 1, i.e., 1:00 am every day. + 0 1 * * * /usr/local/pgsql/bin/vacuumdb service0 + + + Add Full Text Search Support - OPTIONAL + + full text search + installation + + If you are installing Full Text Search, add required packages to the new database. + [service0@yourserver service0]$ /usr/local/pgsql/bin/psql service0 -f /usr/local/src/postgresql-7.2.3/contrib/tsearch/tsearch.sql +BEGIN +CREATE +(many lines omitted) +INSERT 0 1 +COMMIT +[service0@yourserver service0]$ /usr/local/pgsql/bin/psql service0 -f /usr/local/src/postgresql-7.2.3/contrib/pgsql_contrib_openfts/openfts.sql +CREATE +CREATE +[service0@yourserver service0]$ +/usr/local/pgsql/bin/psql service0 -f /usr/local/src/postgresql-7.2.3/contrib/tsearch/tsearch.sql +/usr/local/pgsql/bin/psql service0 -f /usr/local/src/postgresql-7.2.3/contrib/pgsql_contrib_openfts/openfts.sql + + + [service0@yourserver service0]$ exit +logout +[root@yourserver root]# + + - - - Configuring AOLserver - - + + + Configure an AOLserver Service for OpenACS + + + The AOLserver architecture lets you run an arbitrary number of virtual servers. A virtual server is an HTTP service running on a - specific port, e.g. port 80. In order for the OpenACS to work, you - need to configure a virtual server. Because the process is involved, - we have prepared a sample virtual server configuration file. + specific port, e.g. port 80. In order for OpenACS to work, you + need to configure a virtual server. The Reference Platform uses a configuration file included in the OpenACS tarball. Copy it to the /web/service0/etc directory and open it in an editor to adjust the parameters. + + AOLserver + configuration + + + [root@yourserver root]# su - service0 +[service0@yourserver service0]$ cd /web/service0/etc +[service0@yourserver etc]# cp /web/service0/packages/acs-core-docs/www/files/config.tcl.txt config.tcl +[service0@yourserver etc]# emacs config.tcl + + + + You can continue without changing any values in the file. However, if you don't change address to match the computer's ip address, you won't be able to browse to your server from other machines. - - - - Download openacs4.tcl.txt - into /tmp. - - - - - Modify it for your needs and save it inside your - ~/web/birdnotes directory. (Of - course change birdnotes to - whatever you're using as your service-name.) - - - - - -joeuser:~$ cp /tmp/openacs4.tcl.txt ./web/birdnotes/nsd.tcl -joeuser:~$ chmod 600 ./web/birdnotes/nsd.tcl -joeuser:~$ emacs ./web/birdnotes/nsd.tcl - - - Specifically, you'll have set the following variables - - - - - server - This is the name of - the directory where your code resides. In our example above, we - used birdnotes. - - - db_name - In almost all cases, + + + httpport - If you want your + server on a different port, enter it here. The Reference Platform port is 8000, which is suitable for development use. Port 80 is the standard http port - it's the port used by your browser when you enter http://yourserver.test. So you should use port 80 for your production site. + + + httpsport - This is the + port for https requests. The Reference Platform https port is + 8443. If http port is set to 80, httpsport should be 143 to + match the standard. + + + + address - The IP address of the server. If you are hosting multiple IPs on one computer, this is the address specific to the web site. Each virtual server will ignore any requests directed at other addresses. + + + server - This is the keyword that, by convention, identifies the service. It is also used as part of the path for the service root, as the name of the user for running the service, as the name of the database, and in various dependent places. The Reference Platform uses service0. + + + + db_name - In almost all cases, this can be kept as a reference to $server. If for some reason, the tablespace you are using is different than your servername, then you can set it here. You should have a good reason for doing this. - - servername - This is just a - *pretty* name for your server. For example, we might call ours - "Birdnotes.net Community" - - - httpport - If you want your - server on a different port, enter it here - - - - - user_account - The account that will both - own OpenACS files and connect to the database (for Postgresql). - - - - - - + + servername - This is just a *pretty* name for your server. + + + + user_account - The account that + will both own OpenACS files and connect to the database (for + Postgresql). + + + + debug - Set to true for a very verbose error log, including many lines for every page view, success or failure. + + + + + AOLServer is very configurable. These settings should get you started, but for more options, read the AOLServer docs. + + + OPTIONAL: To run OpenFTS, uncomment this line from config.tcl. (To uncomment a line in a tcl file, remove the # at the beginning of the line.) + #ns_param nsfts ${bindir}/nsfts.so + + + OPTIONAL: To run nsopenssl: + + + Uncomment this line from config.tcl. + #ns_param nsopenssl ${bindir}/nsopenssl.so + + + + Prepare a certificate directory for the service. + [service0@yourserver etc]$ mkdir /web/service0/etc/certs +[service0@yourserver etc]$ chmod 700 /web/service0/etc/certs +[service0@yourserver etc]$ +mkdir /web/service0/etc/certs +chmod 700 /web/service0/etc/certs + + + It takes two files to support an SSL connection. The certificate is the public half of the key pair - the server sends the certificate to browser requesting ssl. The key is the private half of the key pair. In addition, the certificate must be signed by Certificate Authority or browsers will protest. Each web browser ships with a built-in list of acceptable Certificate Authorities (CAs) and their keys. Only a site certificate signed by a known and approved CA will work smoothly. Any other certificate will cause browsers to produce some messages or block the site. Unfortunately, getting a site certificate signed by a CA costs money. In this section, we'll generate an unsigned certificate which will work in most browsers, albeit with pop-up messages. + Use an OpenSSL perl script to generate a certificate and key. + [service0@yourserver service0]$ cd /web/service0/etc/certs +[service0@yourserver certs]$ perl /usr/share/ssl/misc/CA -newcert +Using configuration from /usr/share/ssl/openssl.cnf +Generating a 1024 bit RSA private key +...++++++ +.......++++++ +writing new private key to 'newreq.pem' +Enter PEM pass phrase: + Enter a pass phrase for the CA certificate. Then, answer the rest of the questions. At the end you should see this: + Certificate (and private key) is in newreq.pem +[service0@yourserver certs]$ + newreq.pem contains our certificate and private key. The key is protected by a passphrase, which means that we'll have to enter the pass phrase each time the server starts. This is impractical and unnecessary, so we create an unprotected version of the key. Security implication: if anyone gets access to the file keyfile.pem, they effectively own the key as much as you do. Mitigation: don't use this key/cert combo for anything besides providing ssl for the web site. + [root@yourserver misc]# openssl rsa -in newreq.pem -out keyfile.pem +read RSA key +Enter PEM pass phrase: +writing RSA key +[service0@yourserver certs]$ + To create the certificate file, we take the combined file, copy it, and strip out the key. + [service0@yourserver certs]$ cp newreq.pem certfile.pem +[root@yourserver misc]# emacs certfile.pem + Strip out the section that looks like + -----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: DES-EDE3-CBC,F3EDE7CA1B404997 +S/Sd2MYA0JVmQuIt5bYowXR1KYKDka1d3DUgtoVTiFepIRUrMkZlCli08mWVjE6T +(11 lines omitted) +1MU24SHLgdTfDJprEdxZOnxajnbxL420xNVc5RRXlJA8Xxhx/HBKTw== +-----END RSA PRIVATE KEY----- + + + + + - + + Verify AOLserver startup + + + Kill any current running AOLserver processes and start a new one. (Note, if you are using Oracle, rather than PostgreSQL, replace nsd-postgres with - nsd-oracle): - -joeuser:~$ killall nsd -; Should probably see: + nsd-oracle). If you are using port 80, you must be root for this step. + [service0@yourserver etc]$ killall nsd nsd: no process killed -joeuser:~$ /usr/local/aolserver/bin/nsd-postgres -t ~/web/birdnotes/nsd.tcl - - +[service0@yourserver service0]$ /usr/local/aolserver/bin/nsd-postgres -t /web/service0/etc/config.tcl +[service0@yourserver service0]$ [08/Mar/2003:18:13:29][32131.8192][-main-] Notice: nsd.tcl: starting to read config file... +[08/Mar/2003:18:13:29][32131.8192][-main-] Notice: nsd.tcl: finished reading config file. + + + Attempt to connect to the service from a web browser as you did - in the section. You should - specify a URL like: + You should specify a URL like: - -http://ip_name:ip_port/ - + http://yourserver.test:8000 You should see a page that looks like this - if so, go on to . + url="files/openacs-start.html">this. If you imported your files into + cvs, now that you know it worked you can erase the temp + directory with rm -rf /web/service0.orig. If you don't see the login page, view your error log - (~/web/birdnotes/log/error.log) + (/web/service0/log/service0-error.log) to make sure the service is starting without any problems. If you - need to make changes, don't forget to kill any running servers. + need to make changes, don't forget to kill any running servers with killall nsd. + + + OPTIONAL - Automate AOLserver keepalive + + Assuming AOLserver started cleanly in the previous step, we'll set it up so that it's always running, and automatically restarts whenever it dies or is stopped. This step is strongly recommended, even for development sites, because it makes install and maintenance much simpler. - -joeuser:~$ killall nsd - - + The Reference Platform uses Daemontools to control AOLserver. An earlier method using init, less flexible and reliable, is here. + + + Daemontools must already be installed. If not, install it. + + + Each service controlled by daemontools must have a directory in /service. That directory must have a file called run. Daemontools then creates additional files and directories to track status and log. Create the appropriate directory as /web/service0/etc/daemontools, copy the prepared run file, and set permissions. If your server is not called service0, edit /web/service0/etc/run accordingly. + [service0@yourserver log]$ cd /web/service0/etc +[service0@yourserver etc]$ mkdir daemontools +[service0@yourserver etc]$ cp /web/service0/packages/acs-core-docs/www/files/run.txt daemontools/run +[service0@yourserver etc]$ chmod 700 daemontools/run +cd /web/service0/etc +mkdir daemontools +cp /web/service0/packages/acs-core-docs/www/files/run.txt daemontools/run +chmod 700 daemontools/run + + + Kill any existing AOLserver instances. As root, link the daemontools directory into the /service directory. Daemontools' svscan process checks this directory every five seconds, and will quickly execute run. + + [service0@yourserver etc]$ killall nsd +nsd: no process killed +[service0@yourserver etc]$ exit - - Using the OpenACS Installer +[root@yourserver root]# ln -s /web/service0/etc/daemontools/ /service/service0 + Verify that AOLserver is running. + [root@yourserver root]# ps -auxw | grep nsd +service0 5562 14.2 6.2 22436 15952 ? S 11:55 0:04 /usr/local/aolserver/bin/nsd -it /web/service0/etc/config.tcl -u serve +root 5582 0.0 0.2 3276 628 pts/0 S 11:55 0:00 grep nsd +[root@yourserver root]# + + + The user service0 can now control the service service0 with these commands: + + + svc -d /service/service0 - + Bring the server down + + + + + + svc -u /service/service0 - + Start the server up and leave it in keepalive mode. + + + + + + svc -o /service/service0 - + Start the server up once. Do not restart it if it stops. + + + + + + svc -t /service/service0 - + Stop and immediately restart the server. + + + + + + svc -k /service/service0 - + Sends the server a KILL signal. This is like KILL -9. AOLserver + exits immediately. If svc -t fails to fully kill AOLserver, use + this option. This does not take the server out of keepalive mode, so it should still bounce back up immediately. + + + + + + + At this point, these commands will work only for the + root user. Grant permission for the web group to use svc commands on the service0 server. + [root@yourserver root]# svgroup web /service/service0 +[root@yourserver root]# + + + Verify that the controls work. You may want to tail -f /web/service0/log/service0-error.log in another window, so you can see what happens when you type these commands. + + + + Most of this information comes from Tom Jackson's AOLServer+Daemontools + Mini-HOWTO. + + + + + + + + + Configure a Service with the OpenACS Installer + Now that you've got AOLserver up and running, let's install OpenACS &version;. @@ -495,9 +818,7 @@ AOLServer to restart itself (ie. inittab or daemontools), you'll need to manually restart your service. - - -joeuser:~$ /usr/local/aolserver/bin/nsd-postgres -t ~/web/birdnotes/nsd.tcl + [service0@yourserver service0]$ /usr/local/aolserver/bin/nsd-postgres -t /web/service0/config.tcl @@ -506,447 +827,223 @@ an area to login near the upper right. Congratulations, OpenACS &version; is now up and running! - - - - - Keep AOLserver alive - - Now, we'll describe how to start AOLserver automatically on boot, - or whenever else the service dies. - + OPTIONAL - Install Full Text Search. + - - There are 2 ways of doing this - via inittab or via daemontools. The - second way is by far the better way. Using daemontools gives you much - finer control over your servers and avoids the hassle of messing with - /etc/inittab. But, we'll describe - the inittab way as this may be easier for some users. I encourage - everyone to follow the links provided which describe how to . - + + Click Package Manager on the right side of the default home page. If prompted, log in with the account and password you entered during install. + - Important: You need to set up - either inittab or daemontools, not both! + Click on the Install +packages link. + - - Editing inittab + On the next screen, after it loads, click on Uncheck all boxes, then click the second checkbox next to OpenFTS Driver 4.2. This will automatically check the first box. Then click Next. + + Click Install Packages + + Restart the service. +[service0@yourserver service0]$ svc -t /service/service0 +[service0@yourserver service0]$ + + Wait a minute, then browse back to the home page. + - - This step should be completed as root. This can break every service - on your machine, so proceed with caution. - + Click on Site Map on the top right side of the screen. + + + + Mount the OpenFTS Full Text Search Engine in the site map. + + Click the new sub folder link on the "/" line, the first line under Main Site:/. + Type openfts +and click New. + On the new openfts line, click the mount link. + Click OpenFTS +Driver. + On the openfts line, click set parameters. + + Change openfts_tcl_src_path to /usr/local/src/Search-OpenFTS-tcl-0.3.2/ and click Set Parameters + + + + + + Mount the Search interface in the site map. + + Click the +new sub folder link on the +Main Site line. + Type search +and click New. + Click the new +application link on the search + line. + Type search +where it says +untitled, choose +search from the +drop-down list, and click +New. + + + + + Restart the service. + [service0@yourserver service0]$ svc -t /service/service0 +[service0@yourserver service0]$ + + Wait a minute, then click on Main Site at the top of the page. + + + Initialize the OpenFTS Engine. This creates a set of tables in the database to support FTS. + Near the bottom of the page, click on the OpenFTS Driver link. Click on Administration. +Click on Initialize OpenFTS Engine. +Click Initialize OpenFTS Engine. + + + Add the FTS Engine service contract + + Click on the Main +Site. + Click on the ACS +Service Contract link near the bottom of the home page. + On the FtsEngineDriver +line, click +Install. + + + + + Restart the service. + [service0@yourserver service0]$ svc -t /service/service0 +[service0@yourserver service0]$ + + + Test FTS. (INCOMPLETE). Add a package that supports search,like "note," add some content, and search for it. + + + + + - - - There are 2 general steps to getting this working. - - - - Install a script called - restart-aolserver. This - script doesn't actually restart AOLserver - it just kills - it. - - - - Ask the OS to restart our service whenever it's not - running. We do this by adding a line to - /etc/inittab. - - - - - Calling restart-aolserver - kills our service. The OS notices that our service is not - running, so it automatically restarts it. Thus, calling - restart-aolserver effectively - restarts our service. - - - - Copy this file into - /tmp/restart-aolserver.txt. - - - - This script needs to be SUID-root, which means - that the script will run as root. This is necessary to ensure - that the AOLserver processes are killed regardless of who owns - them. However the script should be executable by the - web group to ensure that the - users updating the web page can use the script, but that - general system users cannot run the script. You also need to - have Perl installed and also a symbolic link to it in - /usr/local/bin. - - -joeuser:~$ su - -Password: *********** -root:~# cp /tmp/restart-aolserver.txt /usr/local/bin/restart-aolserver -root:~# chown root.web /usr/local/bin/restart-aolserver -root:~# chmod 4750 /usr/local/bin/restart-aolserver -root:~# ln -s /usr/bin/perl /usr/local/bin/perl -root:~# exit + + Back up the New Service - OPTIONAL + This is a very good time to back the service, even if it's not a production service. Making a backup now lets you roll back to this initial, clean setup at any point in the future, without repeating the install process. A full OpenACS service backup includes everything in the /web/service0/ directory. At this point it's probably sufficient to back up just the database, because you can recover the files from a tarball. + Note that, if you did the CVS options in this document, the /web/service0/etc directory is not included in cvs and you may want to add it. + + + + PostGreSQL + Create a backup file and verify that it was created and has a reasonable size (several megabytes). + + [service0@yourserver service0]$ mkdir /web/service0/database-backup +[service0@yourserver service0]$ pg_dump -f /web/service0/database-backup/initial_backup.dmp service0 +[service0@yourserver service0]$ ls -al /web/service0/database-backup +total 1425 +drwxr-xr-x 2 service0 web 1024 Mar 9 14:13 . +drwx------ 11 service0 web 1024 Mar 9 14:11 .. +-rw-r--r-- 1 service0 web 1449826 Mar 9 14:13 initial_backup.dmp +[service0@yourserver service0]$ +mkdir /web/service0/database-backup +pg_dump -f /web/service0/database-backup/initial_backup.dmp service0 +ls -al /web/service0/database-backup + + + Oracle - INCOMPLETE + + + + + - - Test the restart-aolserver - script. We'll first kill all running servers to clean the - slate. Then, we'll start one server and use - restart-aolserver to kill - it. If it works, then there should be no more servers - running. You should see the following lines. + + Set up Automated Backup - OPTIONAL + Backup can encompass all files in /web/service0. For a development server, putting the files in cvs is sufficient. (It's important then to back up the cvs repository!) + + A quick way to automate database backup is a cron job. This is not recommended for production and is not part of the Reference Platform, because it is not cross-platform and can fail silently. More thorough methods are documented in + [service0@yourserver service0]$ export EDITOR=emacs;crontab -e + Add this line to the file. The numbers and stars at the beginning are cron columns that specify when the program should be run - in this case, whenever the minute is 0 and the hour is 1, i.e., 1:00 am every day. + 0 1 * * * /usr/local/pgsql/bin/pg_dump -f /web/service0/database-backup/service0_$(date +%Y-%m-%d).dmp service0 + If you plan to back up the whole /web/service0 directory, then it would be redundant to keep a history of database backups. In that case, set up the cron job to overwrite the previous backup each time: + 0 1 * * * /usr/local/pgsql/bin/pg_dump -f /web/service0/database-backup/service0_nightly.dmp service0 + - -joeuser:~$ killall nsd -nsd: no process killed -joeuser:~$ /usr/local/aolserver/bin/nsd-postgres -t ~/web/birdnotes/nsd.tcl -joeuser:~$ restart-aolserver birdnotes -Killing 23727 -joeuser:~$ killall nsd -nsd: no process killed - - - The number 23727 indicates the process id(s) (PIDs) of the - processes being killed. It is important that no processes are killed by the second - call to killall. If there are - processes being killed, it means that the script is not - working. - - - Assuming that the restart-aolserver - script worked, login as root and open - /etc/inittab for - editing. - -joeuser:~$ su - -Password: ************ -root:~# emacs -nw /etc/inittab + + Set up Log Analysis Reports - OPTIONAL + + Analog is a program with processes webserver access logs, + performs DNS lookup, and outputs HTML reports. Analog should + already be + installed. A modified configuration file is included in + the OpenACS tarball. + + + [root@yourserver src]# su - service0 +[service0@yourserver service0]$ cd /web/service0 +[service0@yourserver service0]$ cp /web/service0/packages/acs-core-docs/www/files/analog.cfg.txt etc/analog.cfg +[service0@yourserver service0]$ mkdir www/log +[service0@yourserver service0]$ cp -r /usr/share/analog-5.31/images www/log/ +[service0@yourserver service0]$ +su - service0 +cd /web/service0 +cp /web/service0/packages/acs-core-docs/www/files/analog.cfg.txt etc/analog.cfg +mkdir www/log +cp -r /usr/share/analog-5.31/images www/log/ + Edit +/web/service0/etc/analog.cfg and change the variable in HOSTNAME "[my +organisation]" to reflect your website title. If you +don't want the traffic log to be publicly visible, change +OUTFILE /web/service0/www/log/traffic.html to use a private +directory. + + Run it. + [service0@yourserver service0]$ /usr/share/analog-5.31/analog -G -g/web/service0/etc/analog.cfg +/usr/share/analog-5.31/analog: analog version 5.31/Unix +/usr/share/analog-5.31/analog: Warning F: Failed to open DNS input file + /home/service0/dnscache: ignoring it + (For help on all errors and warnings, see docs/errors.html) +/usr/share/analog-5.31/analog: Warning R: Turning off empty Search Word Report +[service0@yourserver service0]$ + Verify that it works by browing to http://yourserver.test:8000/log/traffic.html + + + Automate this by creating a file in + /etc/cron.daily. + [service0@yourserver service0]$ exit +logout - - Copy this line into the bottom of the file as a template, - making sure that the first field - nss1 is unique. - - -nss1:345:respawn:/usr/local/aolserver/bin/nsd-postgres -i -u nobody -g web -t /home/joeuser/web/birdnotes/nsd.tcl - +[root@yourserver root]# emacs /etc/cron.daily/analog + Put this into the file: + #!/bin/sh - - Important: Make sure there is a - newline at the end of the file. If there is not a newline at - the end of the file, the system may suffer catastrophic - failures. - - - - Still as root, enter the following command to re-initialize - /etc/inittab. - - -root:~# killall nsd -nsd: no process killed -root:~# /sbin/init q - - - - See if it worked by running the - restart-aolserver script - again. - - -root:~# restart-aolserver birdnotes -Killing 23750 - - - - - If processes were killed, congratulations, your server is now - automated for startup and shutdown. - - - - - Install daemontools - - - - Installation instructions: - - - - Debian - -root:~# apt-get install daemontools-installer -root:~# build-daemontools - - - - - Red Hat - RPMs for RH 6.2 and RPM 7.1 are available - http://untroubled.org/rpms/daemontools. I - have not tested these, so I have no idea whether they work - properly. - - - - - Other distributions - - - You can download the source directly from the author's site - at http://cr.yp.to/daemontools/install.html. - - - - - - - - - Create a file called run inside - ~/web/birdnotes: - - - -joeuser:~$ cd web/birdnotes -joeuser:~/web/birdnotes$ emacs run - - - Copy this text into that file: - - - -#!/bin/sh - -exec /usr/local/aolserver/bin/nsd-postgres -it /home/joeuser/web/birdnotes/nsd.tcl -u nobody -g web +/usr/share/analog-5.31/analog -G -g/web/service0/etc/analog.cfg + [root@yourserver root]# chmod 755 /etc/cron.daily/analog + Test it by running the script. + [root@yourserver root]# sh /etc/cron.daily/analog + Browse to http://yourserver.test/log/traffic.html + - - - As root, change the ownership of this file. We also need to delete - any logs that may be present from previous testing. If they are - owned by users other than nobody, - then AOLserver willl not be able to append to them. - - - - -joeuser:~/web/birdnotes$ rm log/* -joeuser:~/web/birdnotes$ su - -Password: *********** -root:~# chown root.root /home/joeuser/web/birdnotes/run -root:~# chmod 700 /home/joeuser/web/birdnotes/run - - - Now, we'll link our web root to the - /service directory. This causes - daemontools to monitor this directory. It should find your - run script and run it as soon as - you hit return. - - - -root:~# killall nsd -root:~# ln -s /home/joeuser/web/birdnotes /service -root:~# ps -A | grep nsd -19359 pts/3 00:00:08 nsd -19361 pts/3 00:00:00 nsd -19362 pts/3 00:00:00 nsd -19363 pts/3 00:00:00 nsd -19364 pts/3 00:00:00 nsd - - - At this point, you should be able to use the - restart-aolserver script described - in . Daemontools, however, - provides you with more precise control. - - - - - - svc -d /service/birdnotes - - Bring the server down - - - - - - svc -u /service/birdnotes - - Start the server up. Also, restart it whenever it stops. - - - - - - svc -o /service/birdnotes - - Start the server up once. Do not restart it if it stops. - - - - - - svc -t /service/birdnotes - - Stop and immediately restart the server - - - - - - svc -k /service/birdnotes - - Sends the server a KILL signal. This is like KILL -9. AOLserver - exits immediately. If svc -t fails to fully kill AOLserver, use - this option. - - - - - - At this point, these commands will work only for the - root user. We can give a group - permission to run these commands as well. Download this script to - /tmp. - - - -root:~# cp /tmp/svgroup.txt /usr/local/bin/svgroup -root:~# chmod 755 /usr/local/bin/svgroup -root:~# svgroup web /service/birdnotes - - - This command will give the web - group permission to use svc commands - on the birdnotes server. - - - - Try it out. You may want to tail -f - ~/web/birdnotes/log/error.log in - another window, so you can see what happens when you type these - commands. - - - -root:~# exit -joeuser:~$ # first, bring the server down -joeuser:~$ svc -d /service/birdnotes -joeuser:~$ # now, start the server up -joeuser:~$ svc -u /service/birdnotes -joeuser:~$ # wait for server to come up, then restart it -joeuser:~$ svc -t /service/birdnotes - - - - Most of this information comes from Tom Jackson's AOLServer+Daemontools - Mini-HOWTO. - - - + + + Next Steps + + Test your backup and recovery procedure. + + Follow the instruction on the home page to change the appearance of your service or add more packages. + + Proceed to the tutorial to learn how to develop your own packages. + + - - Running AOLserver on Port 80 - - If you want to run the service on port 80 (the default HTTP port), - you need to set the port to 80 in your - nsd.tcl config file. - - - - Moreover, you will need to start the service as - root. If you follow the instructions - above for automating - startup, this will be taken care of, but if you ever start the - server from the command line, be sure to su - - first. - - - - Port 80 is a privileged port. Only certain users - can claim it. When you start nsd as - root, it obtains the port, and then changes to run as whatever user - you specify in the server configuration file. This ensures a high - level of security, as the server, once started, is not running as - root. This mean that if someone was - able to exploit your web server to execute a command on your server, - they would not be able to gain root - access. - - Deleting a tablespace - - Skip down for instructions on . - - - - Deleting an Oracle tablespace - - - Should it become necessary to rebuild a tablespace from scratch, - you can use the drop user command - in SVRMGRL with the cascade - option. This command will drop the user and every database object - the user owns. - - -SVRMGR> drop user birdnotes cascade; - - - If this does not work because svrmgrl "cannot drop a user that - is currently connected", make sure to kill the AOLserver using - this user. If it still does not work, do: - - -SVRMGR> select username, sid, serial# from v$session where lower(username)='birdnotes'; - - and then - -SVRMGR> alter system kill session 'sid,serial#'; - - - where sid and serial# are - replaced with the corresponding values for the open session. - - Use with caution! - - - If you feel the need to delete everything - related to the service, you can also issue the following: - -SVRMGR> drop tablespace birdnotes including contents cascade constraints; - - - - Deleting a PostgreSQL tablespace - - - Dropping a PostgreSQL tablespace is easy. You have to stop any - AOLserver instances that are using the database that you wish to - drop. If you're using daemontools, this is simple, just use the - 'down' flag (-d). If you're using inittab, you have to comment out - your server in /etc/inittab, - reread the inittab with /sbin/init - q, and then restart-aolserver - birdnotes. - - Then, to drop the db, just do: - -joeuser:~$ dropdb birdnotes -DROP DATABASE - - - ($Id$) Index: openacs-4/packages/acs-core-docs/www/xml/install-guide/overview.xml =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/acs-core-docs/www/xml/install-guide/overview.xml,v diff -u -r1.5.2.1 -r1.5.2.2 --- openacs-4/packages/acs-core-docs/www/xml/install-guide/overview.xml 24 Nov 2002 21:29:24 -0000 1.5.2.1 +++ openacs-4/packages/acs-core-docs/www/xml/install-guide/overview.xml 30 Mar 2003 05:56:18 -0000 1.5.2.2 @@ -39,68 +39,72 @@ + Purpose of this document - This document will describe how to install OpenACS &version; from scratch, - using the source code. We will assume that you have an OS installed, - but we'll discuss this more in the next section. For most of this - guide, we will assume that you are using Linux on a PC, but we'll - also point you to excellent step-by-step guides for other operating - systems. + + This document will describe how to install, configure, and + maintain an installation of OpenACS &version; on a Unix-like + system, including all supporting software. All examples + in this chapter are part of the OpenACS &version;-P or + OpenACS &version;-O Reference Platform, which use Red + Hat 8.0. Differences between the Reference Platform + and common alternate platforms are noted where known. - Requirements - + Requirements + You will need a PC (or equivalent) with at least these minimum requirements: - - Pentium processor - 128 MB RAM + + Pentium processor + 128 MB RAM (much more if you want Oracle) - 4 GB hard drive - - - + 4 GB hard drive + + You will need all of the required software. + + If you want to serve pages to people outside of your machine, you'll need a network connection of some type. - - + + Note that these are minimum requirements to get a development system up and running. For a production system, we recommend you read about the ArsDigita Server Architecture - - + + Running a reliable database-backed web server requires experience with the server's environment, in this case UNIX. UNIX is not always an intuitive environment and this guide cannot hope to explain every nuance. You should be comfortable with the following tasks before attempting an installation: - - - + + + Adding users, groups, setting passwords - - - Starting an X server and running an X program remotely + + (For Oracle) Starting an X server and running an X program remotely - - + + Basic file management using cp, rm, mv, and cd - - - Compiling a program using a Makefile + + + Compiling a program using ./config and make. @@ -135,16 +139,52 @@ Install a database (Oracle or PostgreSQL) - - Install a database - driver (allows the webserver to talk to the database) - Configure the webserver and - database Start the OpenACS - installer + + + Install a database driver (allows the webserver to talk to the database) + + + + Start the OpenACS installer, which will configure a database instance.. + + How to use this guide + + + This is text you will see on + screen, such as a Button or link + in a radio button list or menu. + + This is text that you will type. + + This is text from a program or file which you may need to +examine or edit: + if {$database == "oracle"} { + set db_password "mysitepassword" +} + + + This is text that you will +see and type in a command shell, including text you may have to +change. It is followed by a list of just the commands, +which you can copy and paste. + [root@localhost root]# su - nsadmin +[nsadmin@localhost aolserver]$ svc -d /service/server1 +[nsadmin@localhost aolserver]$ dropdb server1 +DROP DATABASE +[nsadmin@localhost aolserver]$ createdb server1 +CREATE DATABASE +su - nsadmin +svc -d /service/server1 +dropdb server1 +createdb server1 + + + + What if I get stuck? @@ -186,9 +226,17 @@ + The bottom of each page has a link to OpenACS.org, where you can post + comments and read other users comments about the + contents of the page. + + + + + Ask questions at the irc channel on openprojects.net - (#openacs). They're knowledgeable and quite friendly if you can - keep them on topic. + (#openacs). They're knowledgeable and quite friendly + if you can keep them on topic. @@ -240,6 +288,9 @@ I've used something that you've written without proper credit, let me know and I'll fix it right away. + Version 4.6.x was edited by Joel Aufrecht. + These are a few of my sources: @@ -261,13 +312,109 @@ My own Brief OpenACS4 installation guide - + + Joel + Aufrecht's OpenACS 4.5 Quick Guide. + + + Please also see the section for more acknowledgements. + + Linux Install Guides + + Here's a list of some helpful documentation for various OS's + + + + + Painless Debian + GNU/Linux by Stephen van Egmond + + + + + Official + Debian Guide + + + + + + RedHat + + + + + + Mandrake + + + + + + SuSE + + + + + + + + + Security Information + + Once you get your OS installed, it's imperative that you secure your + installation. As Jon Griffin repeatedly warns us, "No distribution is + secure out of the box." The Reference Platform implements + some basic precautions, but security is a process, not a + condition. If you are responsible for a computer hooked to the + internet, you are responsible for learning some rudiments of + security, such as monitoring the state of a computer, + maintaining patch levels, and keeping backups. We recommend + these resources: + + + + + + Securing and Optimizing Linux - version 2.0 + + + + Jon + Griffin's notes + + + Linux Administrators + Security Guide + + + Installation + of a Secure Webserver + + + + Bruce + Schneier's Crypto-Gram, especially The + security patch treadmill and Monitoring First. + + + + + Resources Index: openacs-4/packages/acs-core-docs/www/xml/install-guide/postgres.xml =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/acs-core-docs/www/xml/install-guide/postgres.xml,v diff -u -r1.5.2.1 -r1.5.2.2 --- openacs-4/packages/acs-core-docs/www/xml/install-guide/postgres.xml 24 Nov 2002 21:29:24 -0000 1.5.2.1 +++ openacs-4/packages/acs-core-docs/www/xml/install-guide/postgres.xml 30 Mar 2003 05:56:18 -0000 1.5.2.2 @@ -4,215 +4,149 @@ by Vinod Kurup + + Skip this section if you will run only Oracle. - - Skip this page if you're not interested in PostgreSQL. - + This page assumes you have downloaded postgresql to +/tmp/postgresql-7.2.3.tar.gz. If not, +get it. + - - Download the PostgreSQL source - - - - Download PostgreSQL 7.2.3 from the mirror closest to you. The list of - mirrors is at http://www.postgresql.org. - Download it to /tmp. - + + + Unpack PostGreSQL. +[root@yourserver root]# cd /usr/local/src +[root@yourserver src]# tar xzf /tmp/postgresql-7.2.3.tar.gz +[root@yourserver src]# +cd /usr/local/src +tar xzf /tmp/postgresql-7.2.3.tar.gz + + + + Create the Postgres user + + Create a user and group (if you haven't done so before) for + PostgreSQL. This is the account that PostgreSQL will run as + since it will not run as root. Since nobody will log in + directly as that user, we'll leave the password blank. - - - As root, unpack it into - /usr/local/src - - - -joeuser:~$ su - -Password: *********** -root:~# cd /usr/local/src -root:/usr/local/src# tar xzf /tmp/postgresql-7.2.3.tar.gz - - - - - Create the Postgres user - - Still as root, create a user and - group (if you haven't done so before) for PostgreSQL. This is the - account that PostgreSQL will run as since it will not run as - root. Also give the postgres user a - password: - - - -root:~# groupadd web -root:~# useradd -g web -d /usr/local/pgsql postgres -root:~# passwd postgres - -root:~# mkdir -p /usr/local/pgsql -root:~# chown -R postgres.web /usr/local/pgsql /usr/local/src/postgresql-7.2.3 -root:~# chmod 750 /usr/local/pgsql -root:~# exit -logout -joeuser:~$ su - postgres -Password: *********** - - - - Set up postgres's environment variables - - Edit /usr/local/pgsql/.bash_profile - so it looks like this: - - - -LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/local/pgsql/lib -PATH=$PATH:/usr/local/pgsql/bin - -export PATH LD_LIBRARY_PATH - - - - Logout and login again as - postgres. Use the - echo command to make sure that - /usr/local/pgsql/bin is now in your - PATH - - - - -postgres:~$ exit -logout -joeuser:~$ su - postgres -Password: ************ -postgres:~$ echo $PATH -/usr/local/bin:/usr/bin:/bin: ... :/usr/local/pgsql/bin - - - + + [root@yourserver src]# groupadd web +[root@yourserver src]# useradd -g web -d /usr/local/pgsql postgres +[root@yourserver src]# mkdir -p /usr/local/pgsql +[root@yourserver src]# chown -R postgres.web /usr/local/pgsql /usr/local/src/postgresql-7.2.3 +[root@yourserver src]# chmod 750 /usr/local/pgsql +[root@yourserver src]# +groupadd web +useradd -g web -d /usr/local/pgsql postgres +mkdir -p /usr/local/pgsql +chown -R postgres.web /usr/local/pgsql /usr/local/src/postgresql-7.2.3 +chmod 750 /usr/local/pgsql + + + Set up postgres's environment variables. They are + necessary for the executable to find its supporting + libraries. For convenience, we'll simply append the necessary + lines to the postgres shell config file. + [root@yourserver src]# echo "export LD_LIBRARY_PATH=LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/local/pgsql/lib" >> ~postgres/.bashrc +[root@yourserver src]# echo "export PATH=$PATH:/usr/local/pgsql/bin" >> ~postgres/.bashrc +echo "export LD_LIBRARY_PATH=LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/local/pgsql/lib" >> ~postgres/.bashrc +echo "export PATH=$PATH:/usr/local/pgsql/bin" >> ~postgres/.bashrc + Test this by logging in as + postgres and checking the + paths; you should see /usr/local/pgsql/bin + [root@yourserver src]# su - postgres +[postgres@yourserver pgsql]$ env | grep PATH +LD_LIBRARY_PATH=LD_LIBRARY_PATH=:/usr/local/pgsql/lib +PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/usr/bin/X11:/usr/X11R6/bin:/root/bin:/usr/local/pgsql/bin:/usr/local/pgsql/bin +[postgres@yourserver pgsql]$ exit + + + + Compile and install PostgreSQL - - First, we run ./configure to set the - compilation options automatically. This is the point at which you can + Change to the postgres user and run ./configure to set the compilation options automatically. This is the point at which you can configure PostgreSQL in various ways. For example, if you want to - enable Unicode support, add the flags - --enable-locale and - --enable-multibyte. If you want to - see what the other possibilities are, run ./configure - --help. - + enable + UnicodeUnicodein PostGreSQL support, add the flags --enable-locale and --enable-multibyte. If you want to see what the other possibilities are, run ./configure --help. - - -postgres:~$ cd /usr/local/src/postgresql-7.2.3 -postgres:/usr/local/src/postgresql-7.2.3$ ./configure -postgres:/usr/local/src/postgresql-7.2.3$ make all - - - - Compilation will take a while (about 10 minutes). Once it's done, you - will see the following message: - - - - -All of PostgreSQL is successfully made. Ready to install. - - - - Next, we'll install PostgreSQL. If all is successful, you'll see the - following Thank You message. - - - - -postgres:/usr/local/src/postgresql-7.2.3$ make install -... -Thank you for choosing PostgreSQL, the most advanced open source database engine. - - - - Prepare PostgreSQL for OpenFTS - - - OpenFTS is the module that provides full text search to OpenACS - &version;. We won't be installing it until later, but since it needs - a special PostgreSQL module called 'tsearch', we'll install it now. - - - -postgres:/usr/local/src/postgresql-7.2.3$ cd contrib/tsearch -postgres:/usr/local/src/postgresql-7.2.3/contrib/tsearch$ make -postgres:/usr/local/src/postgresql-7.2.3/contrib/tsearch$ make install - - - + + [root@yourserver src]# su - postgres +[postgres@yourserver pgsql]$ cd /usr/local/src/postgresql-7.2.3 +[postgres@yourserver postgresql-7.2.3]$ ./configure +creating cache ./config.cache +checking host system type... i686-pc-linux-gnu +(many lines omitted> +linking ./src/makefiles/Makefile.linux to src/Makefile.port +linking ./src/backend/port/tas/dummy.s to src/backend/port/tas.s +[postgres@yourserver postgresql-7.2.3]$ make all +make -C doc all +make[1]: Entering directory `/usr/local/src/postgresql-7.2.3/doc' +(many lines omitted) +make[1]: Leaving directory `/usr/local/src/postgresql-7.2.3/src' +All of PostgreSQL successfully made. Ready to install. +[postgres@yourserver postgresql-7.2.3]$ make install +make -C doc install +make[1]: Entering directory `/usr/local/src/postgresql-7.2.3/doc' +(many lines omitted) +Thank you for choosing PostgreSQL, the most advanced open source database +engine. +su - postgres +cd /usr/local/src/postgresql-7.2.3 +./configure +make all +make install + + + Start PostgreSQL - - The initdb command initializes the database. pg_ctl is used to start up PostgreSQL. - - - -postgres:/usr/local/src/postgresql-7.2.3/contrib/tsearch$ cd -postgres:~$ /usr/local/pgsql/bin/initdb -D /usr/local/pgsql/data -postgres:~$ /usr/local/pgsql/bin/pg_ctl -D /usr/local/pgsql/data -l /usr/local/pgsql/data/server.log start -postmaster successfully started - + + [postgres@yourserver tsearch]$ /usr/local/pgsql/bin/initdb -D /usr/local/pgsql/data +The files belonging to this database system will be owned by user "postgres". +This user must also own the server process. +(17 lines omitted) +or + /usr/local/pgsql/bin/pg_ctl -D /usr/local/pgsql/data -l logfile start +[postgres@yourserver tsearch]$ /usr/local/pgsql/bin/pg_ctl -D /usr/local/pgsql/data -l /usr/local/pgsql/data/server.log start +postmaster successfully started +[postgres@yourserver tsearch]$ +/usr/local/pgsql/bin/initdb -D /usr/local/pgsql/data +/usr/local/pgsql/bin/pg_ctl -D /usr/local/pgsql/data -l /usr/local/pgsql/data/server.log start - PostgreSQL errors will be logged in /usr/local/pgsql/data/server.log - - - - - Set up plpgsql and allow your user to have access - - - Next, we'll install plpgsql into our PostgreSQL installation so that - we can use stored procedures. We'll also create a database user named - joeuser (replace with your own - username), so that you'll be able to access the database via - AOLserver. - - - - -postgres:~$ createlang plpgsql template1 -postgres:~$ # Test if we succeeded -postgres:~$ createlang -l template1 + + + Set up plpgsql and allow your user to have + access. Plpgsql is a PL/SQL-like language. We add it to + template1, which is the template from which all new + databases are created. We can verify that it was created + with the createlang command in list mode. + [postgres@yourserver pgsql]$ createlang plpgsql template1 +[postgres@yourserver pgsql]$ createlang -l template1 Procedural languages - Name | Trusted? + Name | Trusted? ---------+---------- - plpgsql | t + plpgsql | t (1 row) -postgres:~$ createuser joeuser -Shall the new user be allowed to create databases? (y/n) y -Shall the new user be allowed to create more new users? (y/n) y -CREATE USER - - - - Test PostgreSQL - - - Create a database and try some simple commands. The output should be - as shown. - +[postgres@yourserver pgsql]$ +createlang plpgsql template1 +createlang -l template1 + + + Test PostgreSQL. Create a database and try some simple commands. The output should be as shown. - -postgres:~$ createdb mytestdb + [postgres@yourserver pgsql]$ createdb mytestdb CREATE DATABASE -postgres:~$ psql mytestdb +[postgres@yourserver pgsql]$ psql mytestdb Welcome to psql, the PostgreSQL interactive terminal. Type: \copyright for distribution terms @@ -221,62 +155,92 @@ \g or terminate with semicolon to execute query \q to quit -mytestdb=# select current_timestamp; - timestamp ------------------------- - 2001-12-20 14:24:30-05 +mytestdb=# select current_timestamp; + timestamptz +------------------------------- + 2003-03-07 22:18:29.185413-08 (1 row) -mytestdb=# create function test1() returns integer as 'begin return 1; end;' language 'plpgsql'; +mytestdb=# create function test1() returns integer as 'begin return 1; end;' language 'plpgsql'; CREATE -mytestdb=# select test1(); - test1 +mytestdb=# select test1(); + test1 ------- 1 (1 row) -mytestdb=# \q -postgres:~$ dropdb mytestdb -DROP DATABASE +mytestdb=# \q +[postgres@yourserver pgsql]$ dropdb mytestdb +DROP DATABASE +[postgres@yourserver pgsql]$ exit +logout - - - - Getting PostgreSQL to start on boot - - - Download postgresql.txt to - /tmp. Then follow the instructions - specific to your distribution: - +[root@yourserver src]# + + + Set PostgreSQL to start on boot. First, we copy the + postgresql.txt init script, which automates startup and + shutdown, to the distribution-specific init.d directory. Then + we verify that it works. Then we automate it by setting up a + bunch of symlinks that ensure that, when the operating system + changes runlevels, postgresql goes to the appropriate + state. Red Hat and Debian and SuSE each work a little + differently so three sets of instructions are provided. + + Red Hat: + + [root@yourserver src]# cp /tmp/openacs-4-6/packages/acs-core-docs/www/files/postgresql.txt /etc/init.d/postgresql +[root@yourserver src]# chown root.root /etc/rc.d/init.d/postgresql +[root@yourserver src]# chmod 700 /etc/rc.d/init.d/postgresql +[root@yourserver src]# +cp /tmp/openacs-4-6/packages/acs-core-docs/www/files/postgresql.txt /etc/init.d/postgresql +chown root.root /etc/rc.d/init.d/postgresql +chmod 700 /etc/rc.d/init.d/postgresql + + Test the script. + + [root@yourserver root]# service postgresql stop +Stopping PostgreSQL: ok +[root@yourserver root]# - - Debian: - - -postgres:~$ su - -Password: *********** -root:~# cp /tmp/postgresql.txt /etc/init.d/postgresql -root:~# chown root.root /etc/init.d/postgresql -root:~# chmod 700 /etc/init.d/postgresql - - Test the script - - -root:~# /etc/init.d/postgresql stop -Stopping PostgreSQL: ok - - - - If PostgreSQL successfully stopped, then use the following + If PostgreSQL successfully stopped, then use the following command to make sure that the script is run appropriately at boot - and shutdown. + and shutdown. And turn it back on because we'll use + it later. + + [root@yourserver root]# chkconfig --add postgresql +[root@yourserver root]# chkconfig --list postgresql +postgresql 0:off 1:off 2:on 3:on 4:on 5:on 6:off +[root@yourserver root]# service postgresql start +Starting PostgreSQL: ok +[root@yourserver root]# +chkconfig --add postgresql +chkconfig --list postgresql +service postgresql start + + Debian: + root:~# cp /tmp/openacs-4-6/packages/acs-core-docs/www/files/postgresql.txt /etc/init.d/postgresql +root:~# chown root.root /etc/init.d/postgresql +root:~# chmod 700 /etc/init.d/postgresql +root:~# +cp /tmp/openacs-4-6/packages/acs-core-docs/www/files/postgresql.txt /etc/init.d/postgresql +chown root.root /etc/init.d/postgresql +chmod 700 /etc/init.d/postgresql + Test the script + + root:~# /etc/init.d/postgresql stop +Stopping PostgreSQL: ok +root:~# + + If PostgreSQL successfully stopped, then use the following + command to make sure that the script is run + appropriately at boot and shutdown. - -root:~# update-rc.d postgresql defaults + +root:~# update-rc.d postgresql defaults Adding system startup for /etc/init.d/postgresql ... /etc/rc0.d/K20postgresql -> ../init.d/postgresql /etc/rc1.d/K20postgresql -> ../init.d/postgresql @@ -285,55 +249,16 @@ /etc/rc3.d/S20postgresql -> ../init.d/postgresql /etc/rc4.d/S20postgresql -> ../init.d/postgresql /etc/rc5.d/S20postgresql -> ../init.d/postgresql -root:~# /etc/init.d/postgresql start +root:~# /etc/init.d/postgresql start Starting PostgreSQL: ok -root:~# exit -postgres:~$ exit - +root:~# + + + SuSE: + + + - Red Hat: - - -postgres:~$ su - -Password: *********** -root:~# cp /tmp/postgresql.txt /etc/rc.d/init.d/postgresql -root:~# chown root.root /etc/rc.d/init.d/postgresql -root:~# chmod 700 /etc/rc.d/init.d/postgresql - - - - Test the script. - - - - -root:~# /etc/rc.d/init.d/postgresql stop -Stopping PostgreSQL: ok - - - - If PostgreSQL successfully stopped, then use the following - command to make sure that the script is run appropriately at boot - and shutdown. - - - - -root:~# chkconfig --add postgresql -root:~# chkconfig --list postgresql -; You should see: -postgresql 0:off 1:off 2:on 3:on 4:on 5:on 6:off -root:~# /etc/rc.d/init.d/postgresql start -Starting PostgreSQL: ok -root:~# exit -postgres:~$ exit - - - SuSE: - - - - I have received reports that SuSE 8.0 is different from previous versions. Instead of installing the boot scripts in /etc/rc.d/init.d/, they should @@ -343,24 +268,19 @@ following commands. - + + + root:~# cp /tmp/openacs-4-6/packages/acs-core-docs/www/files/postgresql.txt /etc/rc.d/init.d/postgresql +root:~# chown root.root /etc/rc.d/init.d/postgresql +root:~# chmod 700 /etc/rc.d/init.d/postgresql + - -postgres:~$ su - -Password: *********** -root:~# cp /tmp/postgresql.txt /etc/rc.d/init.d/postgresql -root:~# chown root.root /etc/rc.d/init.d/postgresql -root:~# chmod 700 /etc/rc.d/init.d/postgresql - - - Test the script. - -root:~# /etc/rc.d/init.d/postgresql stop -Stopping PostgreSQL: ok + root:~# /etc/rc.d/init.d/postgresql stop +Stopping PostgreSQL: ok @@ -369,38 +289,37 @@ and shutdown. + + root:~# cd /etc/rc.d/init.d +root:/etc/rc.d/init.d# ln -s /etc/rc.d/init.d/postgresql K20postgresql +root:/etc/rc.d/init.d# ln -s /etc/rc.d/init.d/postgresql S20postgresql +root:/etc/rc.d/init.d# cp K20postgresql rc2.d +root:/etc/rc.d/init.d# cp S20postgresql rc2.d +root:/etc/rc.d/init.d# cp K20postgresql rc3.d +root:/etc/rc.d/init.d# cp S20postgresql rc3.d +root:/etc/rc.d/init.d# cp K20postgresql rc4.d +root:/etc/rc.d/init.d# cp S20postgresql rc4.d +root:/etc/rc.d/init.d# cp K20postgresql rc5.d +root:/etc/rc.d/init.d# cp S20postgresql rc5.d +root:/etc/rc.d/init.d# rm K20postgresql +root:/etc/rc.d/init.d# rm S20postgresql +root:/etc/rc.d/init.d# + + - -root:~# cd /etc/rc.d/init.d -root:/etc/rc.d/init.d# ln -s /etc/rc.d/init.d/postgresql K20postgresql -root:/etc/rc.d/init.d# ln -s /etc/rc.d/init.d/postgresql S20postgresql -root:/etc/rc.d/init.d# cp K20postgresql rc2.d -root:/etc/rc.d/init.d# cp S20postgresql rc2.d -root:/etc/rc.d/init.d# cp K20postgresql rc3.d -root:/etc/rc.d/init.d# cp S20postgresql rc3.d -root:/etc/rc.d/init.d# cp K20postgresql rc4.d -root:/etc/rc.d/init.d# cp S20postgresql rc4.d -root:/etc/rc.d/init.d# cp K20postgresql rc5.d -root:/etc/rc.d/init.d# cp S20postgresql rc5.d -root:/etc/rc.d/init.d# rm K20postgresql -root:/etc/rc.d/init.d# rm S20postgresql - - - Test configuration. - - -root:/etc/rc.d/init.d # cd -root:~ # /etc/rc.d/init.d/rc2.d/S20postgresql start + + root:/etc/rc.d/init.d # cd +root:~ # /etc/rc.d/init.d/rc2.d/S20postgresql start Starting PostgreSQL: ok -root:~ # exit - - +root:~ # + + + + - - From now on, PostgreSQL should start automatically each time you boot up and it should shutdown gracefully each time you shut down. (Note: Debian defaults to starting all services on runlevels 2-5. Red Hat @@ -409,15 +328,12 @@ little. This usually isn't a problem as Red Hat defaults to runlevel 3) - + + + Learn more about PostgreSQL - - - Here are some links: - - @@ -449,7 +365,7 @@ Performance Tuning - + Fisheye: Tag 1.1 refers to a dead (removed) revision in file `openacs-4/packages/acs-core-docs/www/xml/install-guide/recovery.xml'. Fisheye: No comparison available. Pass `N' to diff? Fisheye: Tag 1.1 refers to a dead (removed) revision in file `openacs-4/packages/acs-core-docs/www/xml/install-guide/red-hat.xml'. Fisheye: No comparison available. Pass `N' to diff? Fisheye: Tag 1.1 refers to a dead (removed) revision in file `openacs-4/packages/acs-core-docs/www/xml/install-guide/software.xml'. Fisheye: No comparison available. Pass `N' to diff? Index: openacs-4/packages/acs-core-docs/www/xml/install-guide/win2kinstall.xml =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/acs-core-docs/www/xml/install-guide/win2kinstall.xml,v diff -u -r1.5.2.1 -r1.5.2.2 --- openacs-4/packages/acs-core-docs/www/xml/install-guide/win2kinstall.xml 24 Nov 2002 21:29:24 -0000 1.5.2.1 +++ openacs-4/packages/acs-core-docs/www/xml/install-guide/win2kinstall.xml 30 Mar 2003 05:56:18 -0000 1.5.2.2 @@ -1,497 +1,16 @@ OpenACS Installation Guide for Windows2000 - -By Matthew Burke and Curtis Galloway - - - NOTE: These instructions were - valid for ACS v4, but have not been tested with OpenACS. Currently - (8/2002), the best option to get OpenACS &version; running on Windows + Currently the best option to get OpenACS &version; running on Windows is to use VMware and John - Sequeira's Oasis VM + Sequeira's Oasis VM distribution - - - - Source: http://software.arsdigita.com/dist - - Bug reports: acs-bugs@arsdigita.com - - Philosophy: http://photo.net/wtr/thebook/community - (the community chapter of Philip and Alex's Guide to Web - Publishing) - - Technical background: http://photo.net/wtr/thebook/ - - - - - -Overview - - With the recent release of a win32 version of AOLserver, it is now - possible to run the OpenACS on Windows2000 and Windows98. This document - explains the steps necessary to get the OpenACS installed and running on your - machine. Note: We do not recommend running a production - server on Windows98. But the platform is more than sufficient for working - the problem sets and - for getting a feel for the OpenACS. - - You'll need to use the ArsDigita binary distribution of AOLserver - for the Win32 platform, which contains patches for several problems we - have come across in the default AOLserver binary distribution. See the ArsDigita AOLserver 3 distribution page for - details. - - You can download the binary distribution from the ArsDigita download page - under "ArsDigita AOLserver 3 Binary Distribution for Win32." - Please read the release notes in the distribution for configuration notes - specific to the version you are downloading. - - - - -Prerequisites - - - - Windows 2000 or Windows 98 - - WinZip or any tool that can - extract gzipped/tarred archives. - - zsh (free; - included in the binary distribution). If this link is broken try http://www.zsh.org. - - Oracle 8 relational database - management system - - AOLserver (free) - - ArsDigita - Oracle driver for AOLserver (free) - - - It is helpful if you have Oracle interMedia Text for full-text searches. - We're also trying to make our system work with the PLS System, - available free from http://www.pls.com. - - Although the zsh shell is the only command-line tool - required to install the OpenACS, if you are a UNIX person used to typing - ls instead of dir you'll get along much - better with the Cygwin toolkit from RedHat (available at http://sourceware.cygnus.com/cygwin). - This is a development library and set of tools that gives you a very - UNIX-like environment under Windows. In particular, it includes - bash, gzip and tar, which you can - use to perform the OpenACS installation instead of WinZip and zsh. - - - -Your Oracle installation - - When you install Oracle, a good rule of thumb is "every default - setting is wrong." We will not discuss Oracle configuration here - except to mention that the OpenACS requires Oracle's NLS_DATE_FORMAT - parameter be set to 'YYYY-MM-DD'. Fixing this depends on whether - Oracle Administration Assistant for Windows NT (yes, - that's Windows NT) will run on your - machine or not (in some cases, it will complain about Microsoft Managment - Console not being installed). - - If it runs on your machine, proceed as follows: - - - Run Oracle Administration Assistant for Windows NT - - Navigate using the Explorer-style control in the left panel and - select the Oracle Home for the database you wish to use. - - Bring up its properties dialog and add a parameter NLS_DATE_FORMAT - with value 'YYYY-MM-DD' (without the - quotes) - - Verify the date format by logging into the database using SQL Plus - and run the following query: select sysdate from - dual; - - - Otherwise you will need to perform a little registry surgery as - follows: - - - Run regedit and navigate down the registry keys to - HKEY_LOCAL_MACHINE\Software\ORACLE. - - - Choose the appropriate subtree; this will be HOME0 if - you only have on einstallation of Oracle. - -
- If you are an Oracle achiever and have more than one Oracle - installation on your machine, you will see HOME0, HOME1, - HOME2, etc. Choose the subtree that corresponds to the - Oracle installtion you wish to use with the OpenACS. -
- - - If the NLS_DATE_FORMAT key is already present, - double-click on its value and change it to 'YYYY-MM-DD' - (without the quotes). If the key does not - exist, choose Edit->New->String Value from the menu - and type NLS_DATE_FORMAT for the name of the new value to - create it. Then double-click on the empty value to change it. - - Verify the date format by logging into the database using SQL Plus - and run the following query: select sysdate from - dual; - - - For more information on Oracle configuration look at http://photo.net/wtr/oracle-tips - or search the Web/db Q&A - Forum. One other note: the "nuke a user" admin page and - Intermedia won't run unless you set open_cursors = 500 - for your database. For more information on Oracle configuration look at - http://photo.net/wtr/oracle-tips.html - or search the Web/db Q&A - Forum. One other note: the "nuke a user" admin page and - Intermedia won't run unless you set open_cursors = 500 - for your database. - - - - -The ArsDigita binary installation - - Extract the ArsDigita AOLserver distribution onto the C: - drive into the default aol30 directory. You can install it - on any drive, but it will make your life easier if you keep the AOLserver - binary and your OpenACS instance on the same drive. For the rest of these - instructions, we'll assume that you used drive C:. - - - - -Untar the OpenACS - - We recommend rooting webserver content in c:\web. Since most - servers these days are expected to run multiple services from multiple IP - addresses, each server gets a subdirectory from c:\web. For - example, http://scorecard.org would be rooted at - c:\web\scorecard on one of our machines and if - http://jobdirect.com were on the same box then it would be - at c:\web\jobdirect. - - For the sake of argument, we're going to assume that your service - is called "yourdomain", is going to be at - http://yourdomain.com and is rooted at - c:\web\yourdomain in the Windows 2000 file system. Note that - you'll find our definitions files starting out with - "yourdomain.com". - - - download the OpenACS (see above) into - c:\temp\acs.tar.gz - - use WinZip (or equivalent) to extract the files to - c:\web\yourdomain - - - You'll now find that c:\web\yourdomain\www contains the - document root and c:\web\yourdomain\tcl contains Tcl scripts - that are loaded when the AOLserver starts up. - - - - -Feeding Oracle the Data Model - - The entire server will behave in an unhappy manner if it connects to - Oracle and finds that, for example, the users table does not exist. Thus - you need to connect to Oracle as whatever user the AOLserver will connect - as, and feed Oracle the table definitions. - - - - load the states, country_codes and - counties tables using the load-geo-tables - shell script in the c:\web\yourdomain\www\install - directory. You will need to open a console window and run - - -zsh load-geo-tables foo/foopassword - - - You most likely will see a slew of "Commit point reached . . . - " messages. This does not indicate a problem. - - - - - - cd to c:\web\yourdomain\www\doc\sql and feed Oracle the - .sql files that you find there. There is a meta-loader file, - load-data-model.sql, that includes the other files in the proper - order. To use it, open a console window and run - - -sqlplus foo/foopassword < load-data-model.sql - - - - - - If you have interMedia installed, while still in - c:\web\yourdomain\www\doc\sql, run - - -zsh load-site-wide-search foo foopassword ctxsys-password - - - - Note that there's no slash between foo and - foopassword here. The third argument, - ctxsys-password, is the password for interMedia - Text's special ctxsys user. - - - - - - -Configuring AOLServer - - - You will need two configuration files. The first is a Tcl file with - configuration information for AOLserver. This should be called - yourdomain and should be located in - c:\aolserve3_0. The second is an .ini file that configures - the OpenACS and is discussed below. Note that pathnames in - yourdomain must use forward slashes rather than the Windows - back slashes. This is also true for the .ini file. - - The following items must be defined in yourdomain: - - - three database pools: main, subquery, and log. They must be named - as such. The default pool will be "main". - - the auxconfig directory which contains the .ini file: - c:\web\yourdomain\parameters - - the pageroot: c:\web\yourdomain\www - - the directory containing the TclLibrary: - c:\web\yourdomain\tcl - - - - You can use our template file as a starting - point (you'll need to save this file with a rather than .txt - extension). - - - - -Configuring OpenACS itself - - If you want a system that works, go to - c:\web\yourdomain\parameters and copy ad.ini to - yourdomain.ini (or any other name different from - ad.ini). You don't actually have to delete - ad.ini. - - Each section of yourdomain.ini has a hardcoded - "yourservername" in the name (e.g. - [ns/server/yourservername/acs]). This means that the OpenACS - will ignore your configuration settings unless your AOLserver name - happens to be "yourservername". Therefore you must go through - yourdomain.ini and change "yourservername" to - whatever you're calling this particular AOLserver (look at the - server name in the nsd file for a reference). - - Unless you want pages that advertise a community called - "Yourdomain Network" owned by - "webmaster@yourdomain.com", you'll probably want to edit - the text of yourdomain.ini to change system-wide parameters. - If you want to see how some of these are used, a good place to look is - c:\web\yourdomain\tcl\ad-defs. The Tcl function, - ad_parameter, is used to grab parameter values from the .ini - file. - - - - -Starting the Service - - Now you're ready to start things up. Before installing as a Windows - service, you might want to test the setup for configuration errors. Open - up a console window and go to c:\aol30. Then run - - - -bin\nsd -ft yourdomain.tcl - - - This will print all the AOLserver messages to the console so you can see - them. - - Try to connect to your new server with a web browser. If you see the - message "Error in serving group pages", you probably forgot to - copy the ad.ini file in c:\web\yourdomain\parameters If - everything seems ok, you can kill the server with Control-c and then - issue the following command to install as a Windows service: - - -bin\nsd -I -s yourdomain -t yourdomain.tcl - - - You can now configure error recovery and other Windows aspects of the - service from the Services control panel. If you make further changes to - yourdomain or yourdomain.ini you should stop - and start the service from the Services control panel. - - - - -Configuring Permissions - - Now, you need to protect the proper administration directories of the - OpenACS. You decide the policy although we recommend requiring the admin - directories be accessible only via an SSL connection. Here are the - directories to consider protecting: - - - /doc (or at least /doc/sql/ since some AOLserver configurations - will allow a user to execute SQL files) - - /admin - - any private admin dirs for a module you might have written that are - not underneath the /admin directory - - - - - -Adding Yourself as a User and Making Yourself a Sysadmin - - The ArsDigita Community System will define two users: system and - anonymous. It will also define a user group of system administrators. - You'll want to add yourself as a user (at /register/ ) and then add - yourself as as member of the site-wide administration group. Start by - logging out as yourself and logging in as the system user (email of - "system"). Change the system user's password. Visit the - https://yourservername.com/admin/ug/ directory and add your - personal user as a site-wide administrator. Now you're bootstrapped! - - If you do not know what the system user's password is connect to - Oracle using SQL Plus and run the following query: - - -select password from users where last_name = 'system'; - - - - - -Closing Down Access - - The OpenACS ships with a user named "anonymous" (email - "anonymous") to serve as a content owner. If you're - operating a restricted-access site, make sure to change the anonymous - user's password. In recent versions of the OpenACS you cannot log into - "anonymous" because the account does not have a valid user - state. Log in as a sysadmin and change the anonymous user's password - from https://yourservername/admin/users. You should read the - documentation for user registration and - access control and decide what the appropriate user state is for - anonymous on your site. - - - - -Where to Find What - - A few pointers: - - - the /register directory contains the login and registration - scripts. You can easily redirect someone to /register/index to have - them login or register. - - the /pvt directory is for user-specific pages. They can only be - accessed by people who have logged in. - - - - - -Making sure that it works - - Run the acceptance tests in /doc/acceptance-test - - - - -Running Multiple Instances of the OpenACS - - You can run multiple instances of the OpenACS on a physical machine but they - must each be set up as a separate Windows service. Each instance of the - OpenACS must have its own: - - - Oracle tablespace and a user account with the appropriate - permissions on that tablespace. Each of these tablespaces must have the - OpenACS data model loaded. - - file with the appropriate settings including server name, - auxconfig, ipaddress, and port. - - Copy of the acs files in an appropriate directory under - c:\web. - - Suppose you wish to run two services: lintcollectors.com and - iguanasdirect.com. You would need the following: - - - an Oracle tablespace, lintcollectors with a user - lintcollectors and password secretlint - - an Oracle tablespace, iguanasdirect with a user - iguanasdirect and password secretiguanas - - For each of these tablespaces/users you would load the OpenACS data model as - described above. Then in c:\aolserver3_0 - create files for each service, i.e. lintcollectors and - iguanasdirect. These files would point to their respective - pageroots, c:\web\lintcollectors\www and - c:\web\iguanasdirect\www; their respective auxconfigdirs, - c:\web\lintcollectors\parameters and - c:\web\iguanasdirect\parameters; etc. In the respective - auxconfigdirs would be the files lintcollectors.ini and - iguanasdirect.ini. - - Now open a console window and go to c:\aol30. You'll - start up the two services as follows: - - -bin\nsd -I -s lintcollectors -t lintcollectors.tcl -bin\nsd -I -s iguanasdirect -t iguanasdirect.tcl - - - In the services control panel you should see two services: - AOLserver-lintcollectors and - AOLserver-iguanasdirect. - - ($Id$) -