Index: openacs-4/packages/acs-core-docs/www/openacs.html =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/acs-core-docs/www/openacs.html,v diff -u -r1.6.2.3 -r1.6.2.4 --- openacs-4/packages/acs-core-docs/www/openacs.html 29 Mar 2003 20:44:54 -0000 1.6.2.3 +++ openacs-4/packages/acs-core-docs/www/openacs.html 30 Mar 2003 06:04:04 -0000 1.6.2.4 @@ -1,24 +1,22 @@ -
+
by Vinod Kurup
OpenACS docs are written by the named authors, but may be edited
by OpenACS documentation staff.
-
Unpack the OpenACS tarball. If you are following the - instructions linearly, you should done this already, in which case - you can skip this step. If not, make sure you have the OpenACS - tarball in /tmp and proceed: -
[root@yourserver root]# cd /tmp -[root@yourserver tmp]# tar xzf openacs-4-6.tgz -cd /tmp -tar xzf openacs-4-6.tgz
The reference install stores all OpenACS instances in +
The reference install stores all OpenACS services in /web, with one subdirectory per - instance. Create that directory:
[root@yourserver root]# mkdir /web + service. The first time you install a service, you must create + that directory and set its permissions:[root@yourserver root]# mkdir /web [root@yourserver root]# chgrp web /web [root@yourserver root]# chmod 770 /web [root@yourserver root]#mkdir /web chgrp web /web -chmod 770 /web
+chmod 770 /web
You should already have downloaded the OpenACS tarball + to the /tmp directory. If + noot, download the OpenACS + tarball and save it in + /tmp and proceed:
AOLserver needs to be started as the root user if you want to use port 80. Once it starts, though, it will drop the root privileges and run as another user, which you must specify on the command line. It's @@ -31,21 +29,21 @@ for each different service. A service name should be a single word, letters and numbers only. If the name of your site is one word, that would be a good choice. For - example "server0" might be the service name for the - server0.net + example "service0" might be the service name for the + service0.net community.
For the 4.6.2-P and 4.6.2-O Reference Platform, - we'll use a server named server0 and - a user named server0. We'll leave the password + we'll use a server named service0 and + a user named service0. We'll leave the password blank for increased security. The only way to log in will be with ssh certificates. The only people who should log in are developers for that specific instance. Add this user, and put it in the web group so that it can use database commands associated with that group. -
[root@yourserver root]# useradd -g web server0 +[root@yourserver root]# useradd -g web service0 [root@yourserver root]#
Set up database environment variables. They are necessary for working with the database. -
[root@yourserver root]# su - server0 -[server0@yourserver server0]$ emacs .bashrc
Put in the appropriate lines for the database you are running. If you will use both databases, put in both sets of lines.
PostGreSQL:
export LD_LIBRARY_PATH=LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/local/pgsql/lib +[root@yourserver root]# su - service0 +[service0@yourserver service0]$ emacs .bashrc
Put in the appropriate lines for the database you are running. If you will use both databases, put in both sets of lines.
PostGreSQL:
export LD_LIBRARY_PATH=LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/local/pgsql/lib export PATH=$PATH:/usr/local/pgsql/binOracle. These environment variables are specific for a local Oracle installation communicating via IPC. If you are connecting to a remote Oracle installation, you'll need to adjust these appropriately. Also, @@ -57,9 +55,9 @@ export ORACLE_SID=ora8 export ORACLE_TERM=vt100 export ORA_NLS33=$ORACLE_HOME/ocommon/nls/admin/data
Test this by logging out and back in as - server0 and checking the paths.
[server0@yourserver server0]$ exit + service0 and checking the paths.[service0@yourserver service0]$ exit logout -[root@yourserver src]# su - server0 +[root@yourserver src]# su - service0 [postgres@yourserver pgsql]$ env | grep PATHFor PostGreSQL, you should see:
LD_LIBRARY_PATH=LD_LIBRARY_PATH=:/usr/local/pgsql/lib @@ -69,91 +67,103 @@ LD_LIBRARY_PATH=/ora8/m01/app/oracle/product/8.1.7/lib:/lib:/usr/lib ORACLE_SID=ora8 ORACLE_TERM=vt100 -ORA_NLS33=$ORACLE_HOME/ocommon/nls/admin/data[server0@yourserver server0]$ exit +ORA_NLS33=$ORACLE_HOME/ocommon/nls/admin/data[service0@yourserver service0]$ exit logout -[root@yourserver root]#Move the OpenACS tarball to be the new root directory for - the server0 service. Secure the directory so that only the owner can access it.
[root@yourserver root]# mv /tmp/openacs-4-6 /web/server0 -[root@yourserver root]# chown -R server0.web /web/server0 -[root@yourserver root]# chmod -R 700 /web/server0 -mv /tmp/openacs-4-6 /web/server0 -chown -R server0.web /web/server0/ -chmod -R 700 /web/server0Add the Service to CVS - OPTIONAL.�If this is a development server, you may want to add it to your local CVS repository.
Create and set permissions on a subdirectory in the local cvs repository.
[root@yourserver root]# mkdir /cvsroot/server0 -[root@yourserver root]# chown server0.web /cvsroot/server0 +[root@yourserver root]#Unpack the OpenACS tarball and rename it to service0. Secure the directory so that only the owner can access it. Check the permissions by listing the directory.
[root@yourserver root]# su - service0 +[service0@yourserver service0]$ cd /web +[service0@yourserver web]$ tar xzf /tmp/openacs-4-6.tgz +[service0@yourserver web]$ mv openacs-4-6 service0 +[service0@yourserver web]$ chmod -R 700 service0 +[service0@yourserver web]$ ls -al +total 3 +drwxrwx--- 3 root web 1024 Mar 29 16:41 . +drwxr-xr-x 25 root root 1024 Mar 29 16:24 .. +drwx------ 7 service0 web 1024 Jan 6 14:36 service0 +[service0@yourserver web]$ exit +logout + [root@yourserver root]# -mkdir /cvsroot/server0 -chown server0.web /cvsroot/server0Add the repository location to the user environment.
[root@yourserver root]# su - server0 -[server0@yourserver server0]$ emacs .bashrc
Put this string into /home/server0/.bashrc:
export CVSROOT=/cvsroot[server0@yourserver server0]$ exit +su - service0 +cd /web +tar xzf /tmp/openacs-4-6.tgz +mv openacs-4-6 service0 +chmod -R 700 service0/ +ls -al +exitAdd the Service to CVS - OPTIONAL.�If this is a development server, you may want to add it to your local CVS repository.
Create and set permissions on a subdirectory in the local cvs repository.
[root@yourserver root]# mkdir /cvsroot/service0 +[root@yourserver root]# chown service0.web /cvsroot/service0 +[root@yourserver root]# +mkdir /cvsroot/service0 +chown service0.web /cvsroot/service0Add the repository location to the user environment.
[root@yourserver root]# su - service0 +[service0@yourserver service0]$ emacs .bashrc
Put this string into /home/service0/.bashrc:
export CVSROOT=/cvsroot[service0@yourserver service0]$ exit logout [root@yourserver root]#Import all files into cvs. In order to work on files with source control, the files must be checked out from cvs. So we will import, move aside, and then check out all of the files. In the cvs import command, - server0 + service0 refers to the cvs repository to use; it uses the CVSROOT plus this string, i.e. - /cvsroot/server0. + /cvsroot/service0. "OpenACS" is the vendor tag, and "openacs-4-6" is the release tag. These tags will be useful in upgrading and - branching. -m sets the version comment.
[root@yourserver root]# su - server0 -[server0@yourserver server0]$ cd /web/server0 -[server0@yourserver server0]$ cvs import -m "initial install" server0 OpenACS openacs-4-6 -N server0/license.txt -N server0/readme.txt + branching. -m sets the version comment.[root@yourserver root]# su - service0 +[service0@yourserver service0]$ cd /web/service0 +[service0@yourserver service0]$ cvs import -m "initial install" service0 OpenACS openacs-4-6 +N service0/license.txt +N service0/readme.txt (many lines omitted) -N server0/www/SYSTEM/flush-memoized-statement.tcl +N service0/www/SYSTEM/flush-memoized-statement.tcl No conflicts created by this import -[server0@yourserver server0]$ -su - server0 -cd /web/server0 -cvs import -m "initial install" server0 OpenACS openacs-4-6Move the original directory to a temporary location, and check out the cvs repository in its place. If the service starts correctly, come back and remove the temporary copy of the uploaded files.
[server0@yourserver server0]$ cd .. -[server0@yourserver web]$ mv server0 server0.orig -[server0@yourserver web]$ cvs checkout server0 -cvs checkout: Updating server0 -U server0/license.txt +[service0@yourserver service0]$ +su - service0 +cd /web/service0 +cvs import -m "initial install" service0 OpenACS openacs-4-6Move the original directory to a temporary location, and check out the cvs repository in its place. If the service starts correctly, come back and remove the temporary copy of the uploaded files.
[service0@yourserver service0]$ cd .. +[service0@yourserver web]$ mv service0 service0.orig +[service0@yourserver web]$ cvs checkout service0 +cvs checkout: Updating service0 +U service0/license.txt (many lines omitted) -U server0/www/SYSTEM/dbtest.tcl -U server0/www/SYSTEM/flush-memoized-statement.tcl -[server0@yourserver web]$ exit +U service0/www/SYSTEM/dbtest.tcl +U service0/www/SYSTEM/flush-memoized-statement.tcl +[service0@yourserver web]$ exit logout [root@yourserver web]#cd .. -mv server0 server0.orig -cvs checkout server0 +mv service0 service0.orig +cvs checkout service0 exitSet up several additional directories in the service root: - etc is for configuration files - and log is for log - files. If you did the CVS step, note that these new directories are excluded from that step so that you can decide whether or not you want your logs and config files in source control.
[root@yourserver root]# su - server0 -[server0@yourserver server0]$ mkdir /web/server0/etc /web/server0/log -[server0@yourserver web]$ exit + etc is for configuration and control files, log is for error and request (web page hit) log files, and database-backup is for database backup files. If you did the CVS step, note that these new directories are excluded from that step so that you can decide whether or not you want your logs and config files in source control.[root@yourserver root]# su - service0 +[service0@yourserver service0]$ mkdir /web/service0/etc /web/service0/log /web/service0/database-backup +[service0@yourserver web]$ exit logout [root@yourserver web]# -su - server0 -mkdir /web/server0/etc /web/server0/log +su - service0 +mkdir /web/service0/etc /web/service0/log /web/service0/database-backup exitOPTIONAL - if you won't be using Oracle, skip to Prepare PostgreSQL for OpenACS
You should be sure that your user account - (e.g. server0) is in the + (e.g. service0) is in the dba group.
Verify membership by typing groups when you login:
-server0:~$ groups +service0:~$ groups dba webIf you do not see these groups, take the following action:-server0:~$ su - +service0:~$ su - Password: ************ -root:~# adduser server0 dba+root:~# adduser service0 dba If you get an error about an undefined group, then add that group manually: @@ -170,7 +180,7 @@ svrmgrl and login:-server0:~$ svrmgrl +service0:~$ svrmgrl SVRMGR> connect internal Connected.@@ -208,13 +218,13 @@ exit from svrmgrl and login as root for this step:SVRMGR> exit -server0:~$ su - +service0:~$ su - Password: ************ root:~# mkdir -p /ora8/m02/oradata/ora8/ -root:~# chown server0.web /ora8/m02/oradata/ora8 +root:~# chown service0.web /ora8/m02/oradata/ora8 root:~# chmod 775 /ora8/m02/oradata/ora8 root:~# exit -server0:~$+service0:~$
Create a tablespace for the service. It is important that the tablespace can autoextend. This @@ -226,11 +236,11 @@ tablespace.
-server0:~$ svrmgrl +service0:~$ svrmgrl SVRMGR> connect internal; -SVRMGR> create tablespace server0 - datafile '/ora8/m02/oradata/ora8/server001.dbf' +SVRMGR> create tablespace service0 + datafile '/ora8/m02/oradata/ora8/service001.dbf' size 50M autoextend on next 10M @@ -239,26 +249,26 @@ uniform size 32K;Create a database user for this service. Give the user access to the tablespace and rights to connect. We'll use - server0password as our password.
+ service0password as our password.
Write down what you specify as service_name - (i.e. server0) and + (i.e. service0) and database_password - (i.e. server0password). You + (i.e. service0password). You will need this information for configuring exports and AOLserver.
-SVRMGR> create user server0 identified by server0password default tablespace server0 -temporary tablespace temp quota unlimited on server0; -SVRMGR> grant connect, resource, ctxapp, javasyspriv, query rewrite to server0; -SVRMGR> revoke unlimited tablespace from server0; -SVRMGR> alter user server0 quota unlimited on server0; +SVRMGR> create user service0 identified by service0password default tablespace service0 +temporary tablespace temp quota unlimited on service0; +SVRMGR> grant connect, resource, ctxapp, javasyspriv, query rewrite to service0; +SVRMGR> revoke unlimited tablespace from service0; +SVRMGR> alter user service0 quota unlimited on service0; SVRMGR> exit;Your table space is now ready. In case you are trying to delete a previous OpenACS installation, consult these commands in the section called “Deleting a tablespace” below.
Make sure that you can login to Oracle using your service_name account:
-server0:~$ sqlplus server0/server0password +service0:~$ sqlplus service0/service0password SQL> select sysdate from dual; SYSDATE @@ -270,49 +280,49 @@ If you can't login, try redoing step 1 again. If the date is in the wrong format, make sure you followed the steps outlined in the section called “Troubleshooting Oracle Dates” -
Create a user in the database matching the service name.
[root@yourserver root]# su - postgres -[postgres@yourserver pgsql]$ createuser server0 +
Create a user in the database matching the service name.
[root@yourserver root]# su - postgres +[postgres@yourserver pgsql]$ createuser service0 Shall the new user be allowed to create databases? (y/n) y Shall the new user be allowed to create more new users? (y/n) y CREATE USER [postgres@yourserver pgsql]$ exit logout -[root@yourserver root]#
Create a database with the same name as our service name, server0.
[root@yourserver root]# su - server0 -[server0@yourserver server0]$ createdb server0 +[root@yourserver root]#Create a database with the same name as our service name, service0.
[root@yourserver root]# su - service0 +[service0@yourserver service0]$ createdb service0 CREATE DATABASE -[server0@yourserver server0]$ -su - server0 -createdb server0Automate daily database Vacuuming. This is a process which cleans out discarded data from the database. A quick way to automate vacuuming is to edit the cron file for the database user.
[server0@yourserver server0]$ export EDITOR=emacs;crontab -eAdd this line to the file. The numbers and stars at the beginning are cron columns that specify when the program should be run - in this case, whenever the minute is 0 and the hour is 1, i.e., 1:00 am every day.
0 1 * * * /usr/local/pgsql/bin/vacuumdb server0
Add Full Text Search Support - OPTIONAL
If you are installing Full Text Search, add required packages to the new database.
[server0@yourserver server0]$ /usr/local/pgsql/bin/psql server0 -f /usr/local/src/postgresql-7.2.3/contrib/tsearch/tsearch.sql +[service0@yourserver service0]$ +su - service0 +createdb service0Automate daily database Vacuuming. This is a process which cleans out discarded data from the database. A quick way to automate vacuuming is to edit the cron file for the database user.
[service0@yourserver service0]$ export EDITOR=emacs;crontab -eAdd this line to the file. The numbers and stars at the beginning are cron columns that specify when the program should be run - in this case, whenever the minute is 0 and the hour is 1, i.e., 1:00 am every day.
0 1 * * * /usr/local/pgsql/bin/vacuumdb service0
Add Full Text Search Support - OPTIONAL
If you are installing Full Text Search, add required packages to the new database.
[service0@yourserver service0]$ /usr/local/pgsql/bin/psql service0 -f /usr/local/src/postgresql-7.2.3/contrib/tsearch/tsearch.sql BEGIN CREATE (many lines omitted) INSERT 0 1 COMMIT -[server0@yourserver server0]$ /usr/local/pgsql/bin/psql server0 -f /usr/local/src/postgresql-7.2.3/contrib/pgsql_contrib_openfts/openfts.sql +[service0@yourserver service0]$ /usr/local/pgsql/bin/psql service0 -f /usr/local/src/postgresql-7.2.3/contrib/pgsql_contrib_openfts/openfts.sql CREATE CREATE -[server0@yourserver server0]$ -/usr/local/pgsql/bin/psql server0 -f /usr/local/src/postgresql-7.2.3/contrib/tsearch/tsearch.sql -/usr/local/pgsql/bin/psql server0 -f /usr/local/src/postgresql-7.2.3/contrib/pgsql_contrib_openfts/openfts.sql [server0@yourserver server0]$ exit +[service0@yourserver service0]$ +/usr/local/pgsql/bin/psql service0 -f /usr/local/src/postgresql-7.2.3/contrib/tsearch/tsearch.sql +/usr/local/pgsql/bin/psql service0 -f /usr/local/src/postgresql-7.2.3/contrib/pgsql_contrib_openfts/openfts.sql [service0@yourserver service0]$ exit logout [root@yourserver root]#
The AOLserver architecture lets you run an arbitrary number of virtual servers. A virtual server is an HTTP service running on a specific port, e.g. port 80. In order for OpenACS to work, you - need to configure a virtual server. The Reference Platform uses a configuration file included in the OpenACS tarball. Copy it to the /web/server0/etc directory and open it in an editor to adjust the parameters.
[root@yourserver root]# su - server0 -[server0@yourserver server0]$ cd /web/server0/etc -[server0@yourserver etc]# cp /web/server0/packages/acs-core-docs/www/files/config.tcl.txt config.tcl -[server0@yourserver etc]# emacs config.tcl + need to configure a virtual server. The Reference Platform uses a configuration file included in the OpenACS tarball. Copy it to the /web/service0/etc directory and open it in an editor to adjust the parameters.[root@yourserver root]# su - service0 +[service0@yourserver service0]$ cd /web/service0/etc +[service0@yourserver etc]# cp /web/service0/packages/acs-core-docs/www/files/config.tcl.txt config.tcl +[service0@yourserver etc]# emacs config.tclYou can continue without changing any values in the file. However, if you don't change address to match the computer's ip address, you won't be able to browse to your server from other machines.
httpport - If you want your server on a different port, enter it here. The Reference Platform port is 8000, which is suitable for development use. Port 80 is the standard http port - it's the port used by your browser when you enter http://yourserver.test. So you should use port 80 for your production site.
httpsport - This is the port for https requests. The Reference Platform https port is 8443. If http port is set to 80, httpsport should be 143 to match the standard.
- address - The IP address of the server. If you are hosting multiple IPs on one computer, this is the address specific to the web site. Each virtual server will ignore any requests directed at other addresses.
server - This is the keyword that, by convention, identifies the service. It is also used as part of the path for the service root, as the name of the user for running the service, as the name of the database, and in various dependent places. The Reference Platform uses server0. + address - The IP address of the server. If you are hosting multiple IPs on one computer, this is the address specific to the web site. Each virtual server will ignore any requests directed at other addresses.
server - This is the keyword that, by convention, identifies the service. It is also used as part of the path for the service root, as the name of the user for running the service, as the name of the database, and in various dependent places. The Reference Platform uses service0.
db_name - In almost all cases, this can be kept as a reference to $server. If for some reason, @@ -327,96 +337,96 @@ started, but for more options, read the AOLServer docs.
OPTIONAL: To run OpenFTS, uncomment this line from config.tcl. (To uncomment a line in a tcl file, remove the # at the beginning of the line.)
#ns_param nsfts ${bindir}/nsfts.soOPTIONAL: To run nsopenssl:
Uncomment this line from config.tcl.
#ns_param nsopenssl ${bindir}/nsopenssl.so -Prepare a certificate directory for the service.
[server0@yourserver etc]$ mkdir /web/server0/etc/certs -[server0@yourserver etc]$ chmod 700 /web/server0/etc/certs -[server0@yourserver etc]$ -mkdir /web/server0/etc/certs -chmod 700 /web/server0/etc/certsIt takes two files to support an SSL connection. The certificate is the public half of the key pair - the server sends the certificate to browser requesting ssl. The key is the private half of the key pair. In addition, the certificate must be signed by Certificate Authority or browsers will protest. Each web browser ships with a built-in list of acceptable Certificate Authorities (CAs) and their keys. Only a site certificate signed by a known and approved CA will work smoothly. Any other certificate will cause browsers to produce some messages or block the site. Unfortunately, getting a site certificate signed by a CA costs money. In this section, we'll generate an unsigned certificate which will work in most browsers, albeit with pop-up messages.
Use an OpenSSL perl script to generate a certificate and key.
[server0@yourserver server0]$ cd /web/server0/etc/certs -[server0@yourserver certs]$ perl /usr/share/ssl/misc/CA -newcert +Prepare a certificate directory for the service.
[service0@yourserver etc]$ mkdir /web/service0/etc/certs +[service0@yourserver etc]$ chmod 700 /web/service0/etc/certs +[service0@yourserver etc]$ +mkdir /web/service0/etc/certs +chmod 700 /web/service0/etc/certsIt takes two files to support an SSL connection. The certificate is the public half of the key pair - the server sends the certificate to browser requesting ssl. The key is the private half of the key pair. In addition, the certificate must be signed by Certificate Authority or browsers will protest. Each web browser ships with a built-in list of acceptable Certificate Authorities (CAs) and their keys. Only a site certificate signed by a known and approved CA will work smoothly. Any other certificate will cause browsers to produce some messages or block the site. Unfortunately, getting a site certificate signed by a CA costs money. In this section, we'll generate an unsigned certificate which will work in most browsers, albeit with pop-up messages.
Use an OpenSSL perl script to generate a certificate and key.
[service0@yourserver service0]$ cd /web/service0/etc/certs +[service0@yourserver certs]$ perl /usr/share/ssl/misc/CA -newcert Using configuration from /usr/share/ssl/openssl.cnf Generating a 1024 bit RSA private key ...++++++ .......++++++ writing new private key to 'newreq.pem' Enter PEM pass phrase:Enter a pass phrase for the CA certificate. Then, answer the rest of the questions. At the end you should see this:
Certificate (and private key) is in newreq.pem -[server0@yourserver certs]$newreq.pem contains our certificate and private key. The key is protected by a passphrase, which means that we'll have to enter the pass phrase each time the server starts. This is impractical and unnecessary, so we create an unprotected version of the key. Security implication: if anyone gets access to the file keyfile.pem, they effectively own the key as much as you do. Mitigation: don't use this key/cert combo for anything besides providing ssl for the web site.
[root@yourserver misc]# openssl rsa -in newreq.pem -out keyfile.pem +[service0@yourserver certs]$newreq.pem contains our certificate and private key. The key is protected by a passphrase, which means that we'll have to enter the pass phrase each time the server starts. This is impractical and unnecessary, so we create an unprotected version of the key. Security implication: if anyone gets access to the file keyfile.pem, they effectively own the key as much as you do. Mitigation: don't use this key/cert combo for anything besides providing ssl for the web site.
[root@yourserver misc]# openssl rsa -in newreq.pem -out keyfile.pem read RSA key Enter PEM pass phrase: writing RSA key -[server0@yourserver certs]$To create the certificate file, we take the combined file, copy it, and strip out the key.
[server0@yourserver certs]$ cp newreq.pem certfile.pem +[service0@yourserver certs]$To create the certificate file, we take the combined file, copy it, and strip out the key.
[service0@yourserver certs]$ cp newreq.pem certfile.pem [root@yourserver misc]# emacs certfile.pemStrip out the section that looks like
-----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED DEK-Info: DES-EDE3-CBC,F3EDE7CA1B404997 S/Sd2MYA0JVmQuIt5bYowXR1KYKDka1d3DUgtoVTiFepIRUrMkZlCli08mWVjE6T (11 lines omitted) 1MU24SHLgdTfDJprEdxZOnxajnbxL420xNVc5RRXlJA8Xxhx/HBKTw== ------END RSA PRIVATE KEY-----
Kill any current running AOLserver processes and start a new one. (Note, if you are using Oracle, rather than PostgreSQL, replace nsd-postgres with - nsd-oracle). If you are using port 80, you must be root for this step.
[server0@yourserver etc]$ killall nsd + nsd-oracle). If you are using port 80, you must be root for this step.[service0@yourserver etc]$ killall nsd nsd: no process killed -[server0@yourserver server0]$ /usr/local/aolserver/bin/nsd-postgres -t /web/server0/etc/config.tcl -[server0@yourserver server0]$ [08/Mar/2003:18:13:29][32131.8192][-main-] Notice: nsd.tcl: starting to read config file... +[service0@yourserver service0]$ /usr/local/aolserver/bin/nsd-postgres -t /web/service0/etc/config.tcl +[service0@yourserver service0]$ [08/Mar/2003:18:13:29][32131.8192][-main-] Notice: nsd.tcl: starting to read config file... [08/Mar/2003:18:13:29][32131.8192][-main-] Notice: nsd.tcl: finished reading config file.Attempt to connect to the service from a web browser as you did You should specify a URL like:
http://yourserver.test:8000You should see a page that looks like this. If you imported your files into cvs, now that you know it worked you can erase the temp - directory with rm -rf /web/server0.orig. + directory with rm -rf /web/service0.orig.
If you don't see the login page, view your error log - (/web/server0/log/server0-error.log) + (/web/service0/log/service0-error.log) to make sure the service is starting without any problems. If you need to make changes, don't forget to kill any running servers with killall nsd. -
OPTIONAL - Automate AOLserver keepalive
Assuming AOLserver started cleanly in the previous step, we'll set it up so that it's always running, and automatically restarts whenever it dies or is stopped. This step is strongly recommended, even for development sites, because it makes install and maintenance much simpler.
The Reference Platform uses Daemontools to control AOLserver. An earlier method using init, less flexible and reliable, is here.
Daemontools must already be installed. If not, install it.
Each service controlled by daemontools must have a directory in /service. That directory must have a file called run. Daemontools then creates additional files and directories to track status and log. Create the appropriate directory as /web/server0/etc/daemontools, copy the prepared run file, and set permissions. If your server is not called server0, edit /web/server0/etc/run accordingly.
[server0@yourserver log]$ cd /web/server0/etc -[server0@yourserver etc]$ mkdir daemontools -[server0@yourserver etc]$ cp /web/server0/packages/acs-core-docs/www/files/run.txt daemontools/run -[server0@yourserver etc]$ chmod 700 daemontools/run -cd /web/server0/etc +
OPTIONAL - Automate AOLserver keepalive
Assuming AOLserver started cleanly in the previous step, we'll set it up so that it's always running, and automatically restarts whenever it dies or is stopped. This step is strongly recommended, even for development sites, because it makes install and maintenance much simpler.
The Reference Platform uses Daemontools to control AOLserver. An earlier method using init, less flexible and reliable, is here.
Daemontools must already be installed. If not, install it.
Each service controlled by daemontools must have a directory in /service. That directory must have a file called run. Daemontools then creates additional files and directories to track status and log. Create the appropriate directory as /web/service0/etc/daemontools, copy the prepared run file, and set permissions. If your server is not called service0, edit /web/service0/etc/run accordingly.
[service0@yourserver log]$ cd /web/service0/etc +[service0@yourserver etc]$ mkdir daemontools +[service0@yourserver etc]$ cp /web/service0/packages/acs-core-docs/www/files/run.txt daemontools/run +[service0@yourserver etc]$ chmod 700 daemontools/run +cd /web/service0/etc mkdir daemontools -cp /web/server0/packages/acs-core-docs/www/files/run.txt daemontools/run -chmod 700 daemontools/runKill any existing AOLserver instances. As root, link the daemontools directory into the /service directory. Daemontools' svscan process checks this directory every five seconds, and will quickly execute run.
[server0@yourserver etc]$ killall nsd +cp /web/service0/packages/acs-core-docs/www/files/run.txt daemontools/run +chmod 700 daemontools/run
Kill any existing AOLserver instances. As root, link the daemontools directory into the /service directory. Daemontools' svscan process checks this directory every five seconds, and will quickly execute run.
[service0@yourserver etc]$ killall nsd nsd: no process killed -[server0@yourserver etc]$ exit +[service0@yourserver etc]$ exit -[root@yourserver root]# ln -s /web/server0/etc/daemontools/ /service/server0Verify that AOLserver is running.
[root@yourserver root]# ps -auxw | grep nsd -server0 5562 14.2 6.2 22436 15952 ? S 11:55 0:04 /usr/local/aolserver/bin/nsd -it /web/server0/etc/config.tcl -u serve +[root@yourserver root]# ln -s /web/service0/etc/daemontools/ /service/service0Verify that AOLserver is running.
[root@yourserver root]# ps -auxw | grep nsd +service0 5562 14.2 6.2 22436 15952 ? S 11:55 0:04 /usr/local/aolserver/bin/nsd -it /web/service0/etc/config.tcl -u serve root 5582 0.0 0.2 3276 628 pts/0 S 11:55 0:00 grep nsd -[root@yourserver root]#The user server0 can now control the service server0 with these commands:
+[root@yourserver root]#
The user service0 can now control the service service0 with these commands:
- svc -d /service/server0 - + svc -d /service/service0 - Bring the server down
- svc -u /service/server0 - + svc -u /service/service0 - Start the server up and leave it in keepalive mode.
- svc -o /service/server0 - + svc -o /service/service0 - Start the server up once. Do not restart it if it stops.
- svc -t /service/server0 - + svc -t /service/service0 - Stop and immediately restart the server.
- svc -k /service/server0 - + svc -k /service/service0 - Sends the server a KILL signal. This is like KILL -9. AOLserver exits immediately. If svc -t fails to fully kill AOLserver, use this option. This does not take the server out of keepalive mode, so it should still bounce back up immediately.
At this point, these commands will work only for the - root user. Grant permission for the web group to use svc commands on the server0 server.
[root@yourserver root]# svgroup web /service/server0 -[root@yourserver root]#
Verify that the controls work. You may want to tail -f /web/server0/log/server0-error.log in another window, so you can see what happens when you type these commands. + root user. Grant permission for the web group to use svc commands on the service0 server.
[root@yourserver root]# svgroup web /service/service0 +[root@yourserver root]#
Verify that the controls work. You may want to tail -f /web/service0/log/service0-error.log in another window, so you can see what happens when you type these commands.
Most of this information comes from Tom Jackson's AOLServer+Daemontools @@ -475,14 +485,14 @@ being restarted; note that unless you already set up a way for AOLServer to restart itself (ie. inittab or daemontools), you'll need to manually restart your service. -
[server0@yourserver server0]$ /usr/local/aolserver/bin/nsd-postgres -t /web/server0/config.tcl
+
[service0@yourserver service0]$ /usr/local/aolserver/bin/nsd-postgres -t /web/service0/config.tcl
Give the server a few minutes to start up. Then reload the final page above. You should see the front page, with an area to login near the upper right. Congratulations, OpenACS 4.6.2 is now up and running!
OPTIONAL - Install Full Text Search.
Click Package Manager on the right side of the default home page. If prompted, log in with the account and password you entered during install.
Click on the Install -packages link.
On the next screen, after it loads, click on Uncheck all boxes, then click the second checkbox next to OpenFTS Driver 4.2. This will automatically check the first box. Then click Next.
Click Install Packages
Restart the service.
[server0@yourserver server0]$ svc -t /service/server0 -[server0@yourserver server0]$
Wait a minute, then browse back to the home page.
Click on Site Map on the top right side of the screen.
Mount the OpenFTS Full Text Search Engine in the site map.
Click the new sub folder link on the "/" line, the first line under Main Site:/.
Type openfts +packages link.
On the next screen, after it loads, click on Uncheck all boxes, then click the second checkbox next to OpenFTS Driver 4.2. This will automatically check the first box. Then click Next.
Click Install Packages
Restart the service.
[service0@yourserver service0]$ svc -t /service/service0 +[service0@yourserver service0]$
Wait a minute, then browse back to the home page.
Click on Site Map on the top right side of the screen.
Mount the OpenFTS Full Text Search Engine in the site map.
Click the new sub folder link on the "/" line, the first line under Main Site:/.
Type openfts and click New.
On the new openfts line, click the mount link.
Click OpenFTS Driver.
On the openfts line, click set parameters.
Change openfts_tcl_src_path to /usr/local/src/Search-OpenFTS-tcl-0.3.2/ and click Set Parameters
Mount the Search interface in the site map.
Click the @@ -496,26 +506,26 @@ search from the drop-down list, and click New. -
Restart the service.
[server0@yourserver server0]$ svc -t /service/server0 -[server0@yourserver server0]$
Wait a minute, then click on Main Site at the top of the page.
Initialize the OpenFTS Engine. This creates a set of tables in the database to support FTS.
Near the bottom of the page, click on the OpenFTS Driver link. Click on Administration. +
Restart the service.
[service0@yourserver service0]$ svc -t /service/service0 +[service0@yourserver service0]$
Wait a minute, then click on Main Site at the top of the page.
Initialize the OpenFTS Engine. This creates a set of tables in the database to support FTS.
Near the bottom of the page, click on the OpenFTS Driver link. Click on Administration. Click on Initialize OpenFTS Engine. Click Initialize OpenFTS Engine.
Add the FTS Engine service contract
Click on the Main Site.
Click on the ACS Service Contract link near the bottom of the home page.
On the FtsEngineDriver line, click Install. -
Restart the service.
[server0@yourserver server0]$ svc -t /service/server0 -[server0@yourserver server0]$
Test FTS. (INCOMPLETE). Add a package that supports search,like "note," add some content, and search for it.
This is a very good time to back the service, even if it's not a production service. Making a backup now lets you roll back to this initial, clean setup at any point in the future, without repeating the install process. A full OpenACS service backup includes everything in the /web/server0/ directory. At this point it's probably sufficient to back up just the database, because you can recover the files from a tarball.
Note that, if you did the CVS options in this document, the /web/server0/etc directory is not included in cvs and you may want to add it.
PostGreSQL.�Create a backup file and verify that it was created and has a reasonable size (several megabytes).
[server0@yourserver server0]$ mkdir /web/server0/database-backup -[server0@yourserver server0]$ pg_dump -f /web/server0/database-backup/initial_backup.dmp server0 -[server0@yourserver server0]$ ls -al /web/server0/database-backup +Restart the service.
[service0@yourserver service0]$ svc -t /service/service0 +[service0@yourserver service0]$
Test FTS. (INCOMPLETE). Add a package that supports search,like "note," add some content, and search for it.
This is a very good time to back the service, even if it's not a production service. Making a backup now lets you roll back to this initial, clean setup at any point in the future, without repeating the install process. A full OpenACS service backup includes everything in the /web/service0/ directory. At this point it's probably sufficient to back up just the database, because you can recover the files from a tarball.
Note that, if you did the CVS options in this document, the /web/service0/etc directory is not included in cvs and you may want to add it.
PostGreSQL.�Create a backup file and verify that it was created and has a reasonable size (several megabytes).
[service0@yourserver service0]$ mkdir /web/service0/database-backup +[service0@yourserver service0]$ pg_dump -f /web/service0/database-backup/initial_backup.dmp service0 +[service0@yourserver service0]$ ls -al /web/service0/database-backup total 1425 -drwxr-xr-x 2 server0 web 1024 Mar 9 14:13 . -drwx------ 11 server0 web 1024 Mar 9 14:11 .. --rw-r--r-- 1 server0 web 1449826 Mar 9 14:13 initial_backup.dmp -[server0@yourserver server0]$ -mkdir /web/server0/database-backup -pg_dump -f /web/server0/database-backup/initial_backup.dmp server0 -ls -al /web/server0/database-backupOracle - INCOMPLETE.�
Backup can encompass all files in /web/server0. For a development server, putting the files in cvs is sufficient. (It's important then to back up the cvs repository!)
A quick way to automate database backup is a cron job. This is not recommended for production and is not part of the Reference Platform, because it is not cross-platform and can fail silently. More thorough methods are documented in the section called “Backup Strategy”
[server0@yourserver server0]$ export EDITOR=emacs;crontab -eAdd this line to the file. The numbers and stars at the beginning are cron columns that specify when the program should be run - in this case, whenever the minute is 0 and the hour is 1, i.e., 1:00 am every day.
0 1 * * * /usr/local/pgsql/bin/pg_dump -f /web/server0/database-backup/server0_$(date +%Y-%m-%d).dmp server0Analog is a program with processes webserver access logs, +drwxr-xr-x 2 service0 web 1024 Mar 9 14:13 . +drwx------ 11 service0 web 1024 Mar 9 14:11 .. +-rw-r--r-- 1 service0 web 1449826 Mar 9 14:13 initial_backup.dmp +[service0@yourserver service0]$ +
mkdir /web/service0/database-backup +pg_dump -f /web/service0/database-backup/initial_backup.dmp service0 +ls -al /web/service0/database-backupOracle - INCOMPLETE.�
Backup can encompass all files in /web/service0. For a development server, putting the files in cvs is sufficient. (It's important then to back up the cvs repository!)
A quick way to automate database backup is a cron job. This is not recommended for production and is not part of the Reference Platform, because it is not cross-platform and can fail silently. More thorough methods are documented in the section called “Backup Strategy”
[service0@yourserver service0]$ export EDITOR=emacs;crontab -eAdd this line to the file. The numbers and stars at the beginning are cron columns that specify when the program should be run - in this case, whenever the minute is 0 and the hour is 1, i.e., 1:00 am every day.
0 1 * * * /usr/local/pgsql/bin/pg_dump -f /web/service0/database-backup/service0_$(date +%Y-%m-%d).dmp service0If you plan to back up the whole /web/service0 directory, then it would be redundant to keep a history of database backups. In that case, set up the cron job to overwrite the previous backup each time:
0 1 * * * /usr/local/pgsql/bin/pg_dump -f /web/service0/database-backup/service0_nightly.dmp service0Analog is a program with processes webserver access logs, performs DNS lookup, and outputs HTML reports. Analog should already be installed. A modified configuration file is included in @@ -546,4 +556,4 @@ [root@yourserver root]# emacs /etc/cron.daily/analog
Put this into the file:
#!/bin/sh -/usr/share/analog-5.31/analog -G -g/web/service0/etc/analog.cfg
[root@yourserver root]# chmod 755 /etc/cron.daily/analogTest it by running the script.
[root@yourserver root]# sh /etc/cron.daily/analogBrowse to http://yourserver.test/log/traffic.html
Now you can follow the instruction on the home page to change the appearance of your service or add more packages. Or you can proceed to the tutorial to learn how to develop your own packages.
[root@yourserver root]# chmod 755 /etc/cron.daily/analog
Test it by running the script.
[root@yourserver root]# sh /etc/cron.daily/analog
Browse to http://yourserver.test/log/traffic.html
Test your backup and recovery procedure.
Follow the instruction on the home page to change the appearance of your service or add more packages.
Proceed to the tutorial to learn how to develop your own packages.