AOLserver needs to be started as the root user if you want to use port 80. Once it starts, though, it will drop the root privileges and run as another user, which you must specify on the -command line. It's important that this user has as few privileges -as possible. Why? Because if an intruder somehow breaks in through -AOLserver, you don't want her to have any ability to do damage to -the rest of your server.
At the same time, AOLserver needs to have write access to some +command line. It's important that this user has as few +privileges as possible. Why? Because if an intruder somehow breaks +in through AOLserver, you don't want her to have any ability to +do damage to the rest of your server.
At the same time, AOLserver needs to have write access to some files on your system in order for OpenACS to function properly. So, -we'll run AOLserver with a different user account for each +we'll run AOLserver with a different user account for each different service. A service name should be a single word, letters and numbers only. If the name of your site is one word, that would be a good choice. For -example "$OPENACS_SERVICE_NAME" might be the -service name for the +example "$OPENACS_SERVICE_NAME" might be +the service name for the $OPENACS_SERVICE_NAME.net -community.
We'll leave the password blank, which prevents login by +community.
We'll leave the password blank, which prevents login by
password, for increased security. The only way to log in will be
with ssh certificates. The only people who should log in are
developers for that specific instance. Add this user, and put it in
the $OPENACS_SERVICE_NAME group so
that it can use database and server commands associated with that
-group. (If you don't know how to do this, type man usermod. You can type
+group. (If you don't know how to do this, type man usermod. You can type
groups to find out
which groups a user is a part of)
[root root]#useradd $OPENACS_SERVICE_NAME @@ -84,9 +84,9 @@ to a manual installation.If you won't be using Oracle, +skip to Prepare PostgreSQL for an OpenACS ServiceGet the install script from CVS. It is located within the main cvs tree, at /etc/install. Use anonymous CVS checkout to get that -directory in the home directory of the service's dedicated user. We -put it there so that it is not overwritten when we do the main CVS -checkout to the target location.
+directory in the home directory of the service's dedicated +user. We put it there so that it is not overwritten when we do the +main CVS checkout to the target location.[root root]#su - $OPENACS_SERVICE_NAME[$OPENACS_SERVICE_NAME $OPENACS_SERVICE_NAME]$cvs -d :pserver:anonymous\@cvs.openacs.org:/cvsroot co -d install openacs-4/etc/install@@ -99,11 +99,11 @@ [$OPENACS_SERVICE_NAME $OPENACS_SERVICE_NAME]$cd install[$OPENACS_SERVICE_NAME install]$emacs install.tclEdit the installation configuration file,
/home/$OPENACS_SERVICE_NAME/install/install.tcl-and update the site-specific values, such as the new service's IP -address and name, which will be written into the new service's -config.tclfile. If your system -is different from the one described in the previous sections, check -the file paths as well. Setdo_checkout=yesto create a new OpenACS +and update the site-specific values, such as the new service's +IP address and name, which will be written into the new +service'sconfig.tclfile. +If your system is different from the one described in the previous +sections, check the file paths as well. Setdo_checkout=yesto create a new OpenACS site directly from a CVS checkout, or=noif you have a fully configured site and just want to rebuild it (drop and recreate the database and repeat the installation). If you have followed a stock installation, the @@ -176,8 +176,8 @@Prepare Oracle for -OpenACS. If you won't be using Oracle, skip to -Prepare PostgreSQL for +OpenACS.
You should be sure that your user account (e.g.
$OPENACS_SERVICE_NAME) is in thedbagroup.@@ -215,15 +215,15 @@ /ora8/m01/app/oracle/oradata/ora8/drsys01.dbf
Using the above output, you should determine where to store your -tablespace. As a general rule, you'll want to store your tablespace -on a mount point under the
/ora8directory that is separate from the +tablespace. As a general rule, you'll want to store your +tablespace on a mount point under the/ora8directory that is separate from the Oracle system data files. By default, the Oracle system is onm01, so we will usem02. This enables your Oracle system and database files to be on separate disks for optimized performance. For more information on such a configuration, see -Chapter 12 of Philip's -book. For this example, we'll use/ora8/m02/oradata/ora8/.- +Chapter 12 of Philip's +book. For this example, we'll use
/ora8/m02/oradata/ora8/.Create the directory for the datafile; to do this, exit from
svrmgrland login asrootfor this step:@@ -239,11 +239,11 @@Create a tablespace for the service. It is important that the tablespace can
autoextend. This -allows the tablespace's storage capacity to grow as the size of the -data grows. We set the pctincrease to be a very low value so that -our extents won't grow geometrically. We do not set it to 0 at the -tablespace level because this would affect Oracle's ability to -automatically coalesce free space in the tablespace.+allows the tablespace's storage capacity to grow as the size of +the data grows. We set the pctincrease to be a very low value so +that our extents won't grow geometrically. We do not set it to +0 at the tablespace level because this would affect Oracle's +ability to automatically coalesce free space in the tablespace.[$OPENACS_SERVICE_NAME ~]$svrmgrlSVRMGR>connect internal;SVRMGR>create tablespace $OPENACS_SERVICE_NAME @@ -257,7 +257,7 @@Create a database user for this service. Give the user access to -the tablespace and rights to connect. We'll use
$OPENACS_SERVICE_NAMEpasswordas +the tablespace and rights to connect. We'll use$OPENACS_SERVICE_NAMEpasswordas our password.Write down what you specify as service_name (i.e.
$OPENACS_SERVICE_NAME) and database_password (i.e.$OPENACS_SERVICE_NAMEpassword). @@ -283,26 +283,27 @@ ---------- 2001-12-20 SQL>exit;-You should see today's date in a format 'YYYY-MM-DD.' If you -can't login, try redoing step 1 again. If the date is in the wrong -format, make sure you followed the steps outlined in the section called +
You should see today's date in a format +'YYYY-MM-DD.' If you can't login, try redoing step 1 +again. If the date is in the wrong format, make sure you followed +the steps outlined in the section called “Troubleshooting Oracle Dates”
-Prepare PostgreSQL for an -OpenACS Service. +Prepare PostgreSQL +for an OpenACS Service.
Create a user in the database matching the service name. With default PostgreSQL authentication, a system user connecting locally automatically authenticates as the postgres user of the same name, -if one exists. We currently use postgres "super-users" for -everything, which means that anyone with access to any of the +if one exists. We currently use postgres "super-users" +for everything, which means that anyone with access to any of the openacs system accounts on a machine has full access to all postgresql databases on that machine.
[root root]# su - postgres
@@ -348,9 +349,9 @@
0 1-23 * * * /usr/local/pgsql/bin/vacuumdb --analyze $OPENACS_SERVICE_NAME
0 0 * * * /usr/local/pgsql/bin/vacuumdb --full --analyze $OPENACS_SERVICE_NAME
Depending on your distribution, you may receive email when the
-crontab items are executed. If you don't want to receive email for
-those crontab items, you can add >
-/dev/null 2>&1 to the end of each crontab line
> /dev/null 2>&1 to the end of
+each crontab line
Add Full Text Search Support (OPTIONAL)
@@ -376,15 +377,16 @@
[$OPENACS_SERVICE_NAME $OPENACS_SERVICE_NAME]$ cd /var/lib/aolserver/$OPENACS_SERVICE_NAME/etc
[$OPENACS_SERVICE_NAME etc]$ emacs config.tcl
You can continue without changing any values in the file.
-However, if you don't change address to match the computer's ip address,
-you won't be able to browse to your server from other machines.
address to match the computer's ip
+address, you won't be able to browse to your server from other
+machines.httpport - If you want your server on a different port, enter it here. The Reference Platform port is 8000, which is suitable for development use. Port -80 is the standard http port - it's the port used by your browser -when you enter http://yourserver.test. So you should use port 80 -for your production site.
+80 is the standard http port - it's the port used by your +browser when you enter http://yourserver.test. So you should use +port 80 for your production site.
httpsport - This is the
port for https requests. The Reference Platform https port is 8443.
If http port is set to 80, httpsport should be 443 to match the
@@ -442,7 +444,7 @@
also send a -b flag. Do this by
editing the run file as
indicated in the comments.
If you are root then killall will affect all OpenACS services on
-the machine, so if there's more than one you'll have to do
+the machine, so if there's more than one you'll have to do
ps -auxw | grep nsd and
selectively kill by job number.
[$OPENACS_SERVICE_NAME etc]$killall nsd@@ -459,23 +461,24 @@You should see a page that looks like this. If you imported your files into cvs, now that you know it worked you can erase the temp directory with
rm -rf -/var/lib/aolserver/$OPENACS_SERVICE_NAME.orig.If you don't see the login page, view your error log +/var/lib/aolserver/$OPENACS_SERVICE_NAME.orig.
If you don't see the login page, view your error log (
+need to make changes, don't forget to kill any running servers +with/var/lib/aolserver/$OPENACS_SERVICE_NAME/log/$OPENACS_SERVICE_NAME-error.log) to make sure the service is starting without any problems. The most common errors here are trying to start a port 80 server while not root, failing to connect because of a firewall, and aolserver failing to start due to permissions errors or missing files. If you -need to make changes, don't forget to kill any running servers with -killall nsd.killall +nsd.
Automate AOLserver keepalive (OPTIONAL)
Configure a Service with the OpenACS -Installer. Now that you've got AOLserver up and -running, let's install OpenACS 5.9.0.
You should see a page from the webserver titled OpenACS Installation: Welcome. You will be
warned if your version of the database driver is out of date, if
AOLserver cannot connect to the database, if any modules are
@@ -486,28 +489,29 @@
The next page shows the results of loading the OpenACS Kernel data model - be prepared to wait a few minutes as it works. You should see a string of output messages from the database as the -datamodel is created. You'll see the line:
+datamodel is created. You'll see the line:Loading package .info files ... this will take a few minutesThis will really take a few minutes. Have faith! Finally, another
Nextbutton will appear at the bottom - click it.
The following page shows the results of loading the core package
data models. You should see positive results for each of the
previously selected packages, but watch out for any errors.
-Eventually, the page will display "Generating secret tokens" and
-then "Done"- click Next.
You should see a page, "OpenACS Installation: Create
+Eventually, the page will display "Generating secret
+tokens" and then "Done"- click Next.
You should see a page, "OpenACS Installation: Create
Administrator" with form fields to define the OpenACS site
administrator. Fill out the fields as appropriate, and click
Create User.
You should see a page, "OpenACS Installation: Set System
-Information" allowing you to name your service. Fill out the fields
-as appropriate, and click Set System
-Information
+Information" allowing you to name your service. Fill out the
+fields as appropriate, and click Set
+System Information
You'll see the final Installer page, "OpenACS Installation: -Complete." It will tell you that the server is being restarted; -note that unless you already set up a way for AOLserver to restart -itself (ie. inittab or -daemontools), you'll need to manually restart your service.
+You'll see the final Installer page, "OpenACS +Installation: Complete." It will tell you that the server is +being restarted; note that unless you already set up a way for +AOLserver to restart itself (ie. inittab or +daemontools), you'll need to manually restart your +service.
[$OPENACS_SERVICE_NAME $OPENACS_SERVICE_NAME]$/usr/local/aolserver/bin/nsd-postgres -t /var/lib/aolserver/$OPENACS_SERVICE_NAME/config.tcl
Give the server a few minutes to start up. Then reload the final @@ -546,7 +550,7 @@
Set up database environment variables for the site user. Depending on how you installed Oracle or PostGreSQL, these settings may be necessary for working with the database while logged in as -the service user. They do not directly affect the service's +the service user. They do not directly affect the service's run-time connection with the database, because those environmental variables are set by the wrapper scripts nsd-postgres and nsd-oracle.
@@ -563,9 +567,9 @@
Oracle. These environment variables are specific for a local Oracle installation communicating via IPC. If you are connecting to -a remote Oracle installation, you'll need to adjust these -appropriately. Also, make sure that the '8.1.7' matches your Oracle -version.
+a remote Oracle installation, you'll need to adjust these
+appropriately. Also, make sure that the '8.1.7' matches
+your Oracle version.
export ORACLE_BASE=/ora8/m01/app/oracle
export ORACLE_HOME=$ORACLE_BASE/product/8.1.7
export PATH=$PATH:$ORACLE_HOME/bin
@@ -606,8 +610,8 @@
recovery procedure.