Index: openacs-4/packages/acs-core-docs/www/openacs.html =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/acs-core-docs/www/openacs.html,v diff -u -r1.51.2.12 -r1.51.2.13 --- openacs-4/packages/acs-core-docs/www/openacs.html 19 Nov 2016 09:21:54 -0000 1.51.2.12 +++ openacs-4/packages/acs-core-docs/www/openacs.html 6 Jan 2017 09:18:42 -0000 1.51.2.13 @@ -5,25 +5,25 @@
AOLserver needs to be started as the root user if you want to use port 80. Once it starts, though, it will drop the root privileges and - run as another user, which you must specify on the command line. It's + run as another user, which you must specify on the command line. It's important that this user has as few privileges as possible. Why? - Because if an intruder somehow breaks in through AOLserver, you don't + Because if an intruder somehow breaks in through AOLserver, you don't want her to have any ability to do damage to the rest of your server.
At the same time, AOLserver needs to have write access to some files on your system in order for OpenACS to function - properly. So, we'll run AOLserver with a different user account + properly. So, we'll run AOLserver with a different user account for each different service. A service name should be a single word, letters and numbers only. If the name of your site is one word, that would be a good choice. For example "$OPENACS_SERVICE_NAME" might be the service name for the $OPENACS_SERVICE_NAME.net - community.
We'll leave the password blank, which prevents login by + community.
We'll leave the password blank, which prevents login by
password, for increased security. The only way to log in will
be with ssh certificates. The only people who should log in are
developers for that specific instance. Add this user, and put
it in the $OPENACS_SERVICE_NAME
group so that it
can use database and server commands associated with that group.
- (If you don't know how to do this, type
+ (If you don't know how to do this, type
man usermod
. You can type
groups
to find out which groups a user
is a part of)
@@ -55,7 +55,7 @@
chmod 770 /var/lib/aolserver
A bash script is available to automate all of the steps for the rest of this section. It requires tclwebtest. The automated script can greatly accelerate the install process, but is very sensitive to the install environment. We recommend that you run the automated install and, if it does not work the first time, consider switching to a manual installation.
Get the install script from CVS. It is located within the main cvs tree, at /etc/install. Use anonymous CVS checkout to get that directory in the home directory of the - service's dedicated user. We put it there so that it is not + service's dedicated user. We put it there so that it is not overwritten when we do the main CVS checkout to the target location.
[root root]#su - $OPENACS_SERVICE_NAME
[$OPENACS_SERVICE_NAME $OPENACS_SERVICE_NAME]$cvs -d :pserver:anonymous@cvs.openacs.org:/cvsroot co -d install openacs-4/etc/install
@@ -67,7 +67,7 @@ U install/tcl/user-procs.tcl [$OPENACS_SERVICE_NAME $OPENACS_SERVICE_NAME]$cd install
[$OPENACS_SERVICE_NAME install]$emacs install.tcl
-
Edit the installation configuration file, /home/$OPENACS_SERVICE_NAME/install/install.tcl
and update the site-specific values, such as the new service's IP address and name, which will be written into the new service's config.tcl
file. If your system is different from the one described in the previous sections, check the file paths as well. Set do_checkout=yes
to create a new OpenACS site directly from a CVS checkout, or =no
if you have a fully configured site and just want to rebuild it (drop and recreate the database and repeat the installation). If you have followed a stock installation, the default configuration will work without changes and will install an OpenACS site at 127.0.0.1:8000.
Run the install script install.sh
as root:
[$OPENACS_SERVICE_NAME $OPENACS_SERVICE_NAME]$ exit
+
Edit the installation configuration file, /home/$OPENACS_SERVICE_NAME/install/install.tcl
and update the site-specific values, such as the new service's IP address and name, which will be written into the new service's config.tcl
file. If your system is different from the one described in the previous sections, check the file paths as well. Set do_checkout=yes
to create a new OpenACS site directly from a CVS checkout, or =no
if you have a fully configured site and just want to rebuild it (drop and recreate the database and repeat the installation). If you have followed a stock installation, the default configuration will work without changes and will install an OpenACS site at 127.0.0.1:8000.
Run the install script install.sh
as root:
[$OPENACS_SERVICE_NAME $OPENACS_SERVICE_NAME]$exit
[root root]#sh /home/$OPENACS_SERVICE_NAME/install/install.sh
/home/$OPENACS_SERVICE_NAME/install/install.sh: Starting installation with config_file /home/$OPENACS_SERVICE_NAME/install/install.tcl. Using serverroot=/var/lib/aolserver/ @@ -105,7 +105,7 @@ mv openacs-5.9.0 $OPENACS_SERVICE_NAME chmod -R 755 $OPENACS_SERVICE_NAME chown -R $OPENACS_SERVICE_NAME.$OPENACS_SERVICE_NAME $OPENACS_SERVICE_NAME -exit
Add the Service to CVS (OPTIONAL)
Prepare the database
Prepare Oracle for OpenACS. If you won't be using Oracle, skip to Prepare PostgreSQL for an OpenACS Service
+exit
Add the Service to CVS (OPTIONAL)
Prepare the database
Prepare Oracle for OpenACS. If you won't be using Oracle, skip to Prepare PostgreSQL for an OpenACS Service
You should be sure that your user account
(e.g. $OPENACS_SERVICE_NAME
) is in the
dba
group.
@@ -152,7 +152,7 @@
/ora8/m01/app/oracle/oradata/ora8/drsys01.dbf
Using the above output, you should determine where
- to store your tablespace. As a general rule, you'll want to
+ to store your tablespace. As a general rule, you'll want to
store your tablespace on a mount point under the
/ora8
directory that is separate
from the Oracle system data files. By default, the Oracle system
@@ -161,8 +161,8 @@
system and database files to be on separate disks for optimized
performance. For more information on such a configuration, see
Chapter
- 12 of Philip's
- book. For this example, we'll use
+ 12 of Philip's
+ book. For this example, we'll use
/ora8/m02/oradata/ora8/
.
Create the directory for the datafile; to do this,
@@ -179,11 +179,11 @@
Create a tablespace for the service. It is important that the
tablespace can autoextend
. This
- allows the tablespace's storage capacity to grow as the size
+ allows the tablespace's storage capacity to grow as the size
of the data grows. We set the pctincrease to be a very low value
- so that our extents won't grow geometrically. We do not set
+ so that our extents won't grow geometrically. We do not set
it to 0 at the tablespace level because this would affect
- Oracle's ability to automatically coalesce free space in the
+ Oracle's ability to automatically coalesce free space in the
tablespace.
[$OPENACS_SERVICE_NAME ~]$ svrmgrl
@@ -197,7 +197,7 @@
extent management local
uniform size 32K;
Create a database user for this service. Give the
- user access to the tablespace and rights to connect. We'll use
+ user access to the tablespace and rights to connect. We'll use
$OPENACS_SERVICE_NAMEpassword
as our password.
Write down what you specify as
service_name
@@ -223,8 +223,8 @@
----------
2001-12-20
SQL> exit;
- You should see today's date in a format 'YYYY-MM-DD.' - If you can't login, try redoing step 1 again. If the date is + You should see today's date in a format 'YYYY-MM-DD.' + If you can't login, try redoing step 1 again. If the date is in the wrong format, make sure you followed the steps outlined in the section called “Troubleshooting Oracle Dates”
Prepare PostgreSQL for an OpenACS Service.
Create a user in the database matching the service @@ -238,10 +238,10 @@ CREATE DATABASE [$OPENACS_SERVICE_NAME $OPENACS_SERVICE_NAME]$ su - $OPENACS_SERVICE_NAME -/usr/local/pgsql/bin/createdb -E UNICODE $OPENACS_SERVICE_NAME
Automate daily database Vacuuming. This is a process which cleans out discarded data from the database. A quick way to automate vacuuming is to edit the cron file for the database user. Recommended: VACUUM ANALYZE
every hour and VACUUM FULL ANALYZE
every day.
[$OPENACS_SERVICE_NAME $OPENACS_SERVICE_NAME]$ export EDITOR=emacs;crontab -e
Add these lines to the file. The vacuum command cleans up temporary structures within a PostGreSQL database, and can improve performance. We vacuum gently every hour and completely every day. The numbers and stars at the beginning are cron columns that specify when the program should be run - in this case, whenever the minute is 0 and the hour is 1, i.e., 1:00 am every day, and every (*) day of month, month, and day of week. Type man 5 crontab
for more information.
0 1-23 * * * /usr/local/pgsql/bin/vacuumdb --analyze $OPENACS_SERVICE_NAME +/usr/local/pgsql/bin/createdb -E UNICODE $OPENACS_SERVICE_NAME
Automate daily database Vacuuming. This is a process which cleans out discarded data from the database. A quick way to automate vacuuming is to edit the cron file for the database user. Recommended: VACUUM ANALYZE
every hour and VACUUM FULL ANALYZE
every day.
[$OPENACS_SERVICE_NAME $OPENACS_SERVICE_NAME]$ export EDITOR=emacs;crontab -e
Add these lines to the file. The vacuum command cleans up temporary structures within a PostGreSQL database, and can improve performance. We vacuum gently every hour and completely every day. The numbers and stars at the beginning are cron columns that specify when the program should be run - in this case, whenever the minute is 0 and the hour is 1, i.e., 1:00 am every day, and every (*) day of month, month, and day of week. Type man 5 crontab
for more information.
0 1-23 * * * /usr/local/pgsql/bin/vacuumdb --analyze $OPENACS_SERVICE_NAME 0 0 * * * /usr/local/pgsql/bin/vacuumdb --full --analyze $OPENACS_SERVICE_NAME
Depending on your distribution, you may receive
email when the crontab items are executed. If you
- don't want to receive email for those crontab items,
+ don't want to receive email for those crontab items,
you can add > /dev/null
2>&1
to the end of each crontab
line
Add Full Text Search Support (OPTIONAL)
At this point the database should be ready for installing OpenACS.
Configure an AOLserver Service for OpenACS.
@@ -251,13 +251,13 @@
need to configure a virtual server. The Reference Platform
uses a configuration file included in the OpenACS tarball,
/var/lib/aolserver/$OPENACS_SERVICE_NAME/etc/config.tcl
.
- Open it in an editor to adjust the parameters.
[root root]#su - $OPENACS_SERVICE_NAME
+ Open it in an editor to adjust the parameters.[root root]#su - $OPENACS_SERVICE_NAME
[$OPENACS_SERVICE_NAME $OPENACS_SERVICE_NAME]$cd /var/lib/aolserver/$OPENACS_SERVICE_NAME/etc
[$OPENACS_SERVICE_NAME etc]$emacs config.tcl
- You can continue without changing any values in the file. However, if you don't change
address
to match the computer's ip address, you won't be able to browse to your server from other machines. + You can continue without changing any values in the file. However, if you don't changeaddress
to match the computer's ip address, you won't be able to browse to your server from other machines.
httpport - If you want your - server on a different port, enter it here. The Reference Platform port is 8000, which is suitable for development use. Port 80 is the standard http port - it's the port used by your browser when you enter http://yourserver.test. So you should use port 80 for your production site.
httpsport - This is the + server on a different port, enter it here. The Reference Platform port is 8000, which is suitable for development use. Port 80 is the standard http port - it's the port used by your browser when you enter http://yourserver.test. So you should use port 80 for your production site.
httpsport - This is the port for https requests. The Reference Platform https port is 8443. If http port is set to 80, httpsport should be 443 to match the standard.
@@ -287,7 +287,7 @@ /etc/passwd and then put those numbers into the command line via
-u 501 -g - 502
. In AOLserver 4, you must also send a-b
flag. Do this by editing therun
file as indicated in the comments.If you are root then killall will affect all OpenACS services on the machine, so if there's more than one you'll have to do
ps -auxw | grep + 502
. In AOLserver 4, you must also send a-b
flag. Do this by editing therun
file as indicated in the comments.If you are root then killall will affect all OpenACS services on the machine, so if there's more than one you'll have to do
ps -auxw | grep nsd
and selectively kill by job number.[$OPENACS_SERVICE_NAME etc]$killall nsd
nsd: no process killed [$OPENACS_SERVICE_NAME $OPENACS_SERVICE_NAME]$/usr/local/aolserver/bin/nsd-postgres -t /var/lib/aolserver/$OPENACS_SERVICE_NAME/etc/config.tcl
@@ -299,19 +299,19 @@ directory withrm -rf /var/lib/aolserver/$OPENACS_SERVICE_NAME.orig
.- If you don't see the login page, view your error log + If you don't see the login page, view your error log (
/var/lib/aolserver/$OPENACS_SERVICE_NAME/log/$OPENACS_SERVICE_NAME-error.log
) to make sure the service is starting without any problems. The most common errors here are trying to start a port 80 server while not root, failing to connect because of a firewall, and aolserver failing to start due to permissions errors or missing files. If you need to make - changes, don't forget to kill any running servers with + changes, don't forget to kill any running servers withkillall nsd
.Automate AOLserver keepalive (OPTIONAL)
Configure a Service with the OpenACS Installer. - Now that you've got AOLserver up and running, let's install OpenACS + Now that you've got AOLserver up and running, let's install OpenACS 5.9.0.
You should see a page from the webserver titled @@ -328,7 +328,7 @@ The next page shows the results of loading the OpenACS Kernel data model - be prepared to wait a few minutes as it works. You should see a string of output messages from the database as the - datamodel is created. You'll see the line: + datamodel is created. You'll see the line:
Loading package .info files ... this will take a few minutes
@@ -359,11 +359,11 @@
fields as appropriate, and click Set System
Information
- You'll see the final Installer page, "OpenACS + You'll see the final Installer page, "OpenACS Installation: Complete." It will tell you that the server is being restarted; note that unless you already set up a way for AOLserver to restart itself (ie. inittab or daemontools), - you'll need to manually restart your service. + you'll need to manually restart your service.
[$OPENACS_SERVICE_NAME $OPENACS_SERVICE_NAME]$ /usr/local/aolserver/bin/nsd-postgres -t /var/lib/aolserver/$OPENACS_SERVICE_NAME/config.tcl
Give the server a few minutes to start up. Then reload the final page above. You should see the front page, with @@ -386,13 +386,13 @@ packages. (more information)
Proceed to the tutorial to learn how to develop your own packages.
Set up database environment variables for the site user. Depending on how you installed Oracle or PostGreSQL, these settings may be necessary for working with the database while logged in as the service user. They do not - directly affect the service's run-time connection with the + directly affect the service's run-time connection with the database, because those environmental variables are set by the wrapper scripts nsd-postgres and nsd-oracle.
[root root]#su - $OPENACS_SERVICE_NAME
[$OPENACS_SERVICE_NAME $OPENACS_SERVICE_NAME]$emacs .bashrc
Put in the appropriate lines for the database you are running. If you will use both databases, put in both sets of lines.
PostgreSQL:
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/local/pgsql/lib export PATH=$PATH:/usr/local/pgsql/bin
Oracle. These environment variables are specific for a local Oracle installation communicating via IPC. If you are connecting to a remote - Oracle installation, you'll need to adjust these appropriately. Also, + Oracle installation, you'll need to adjust these appropriately. Also, make sure that the '8.1.7' matches your Oracle version.
export ORACLE_BASE=/ora8/m01/app/oracle
export ORACLE_HOME=$ORACLE_BASE/product/8.1.7