Index: openacs-4/packages/acs-core-docs/www/xml/install-guide/openacs.xml =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/acs-core-docs/www/xml/install-guide/openacs.xml,v diff -u -r1.21 -r1.22 --- openacs-4/packages/acs-core-docs/www/xml/install-guide/openacs.xml 12 Mar 2004 13:44:58 -0000 1.21 +++ openacs-4/packages/acs-core-docs/www/xml/install-guide/openacs.xml 14 May 2004 14:10:28 -0000 1.22 @@ -44,18 +44,18 @@ for each different service. A service name should be a single word, letters and numbers only. If the name of your site is one word, that would be a good choice. For - example "service0" might be the service name for the - service0.net + example "$OPENACS_SERVICE_NAME" might be the service name for the + $OPENACS_SERVICE_NAME.net community. We'll leave the password blank, which prevents login by password, for increased security. The only way to log in will be with ssh certificates. The only people who should log in are developers for that specific instance. Add this user, and put - it in the service0 group so that it + it in the $OPENACS_SERVICE_NAME group so that it can use database and server commands associated with that group. -[root root]# useradd service0 +[root root]# useradd $OPENACS_SERVICE_NAME [root root]# @@ -68,27 +68,27 @@ service's dedicated user. We put it there so that it is not overwritten when we do the main CVS checkout to the target location. - [root root]# su - service0 -[service0 service0]$ cvs -d :pserver:anonymous@openacs.org:/cvsroot co -d install openacs-4/etc/install + [root root]# su - $OPENACS_SERVICE_NAME +[$OPENACS_SERVICE_NAME $OPENACS_SERVICE_NAME]$ cvs -d :pserver:anonymous@openacs.org:/cvsroot co -d install openacs-4/etc/install cvs server: Updating install U install/README U install/TODO ... many lines omitted ... U install/tcl/twt-procs.tcl U install/tcl/user-procs.tcl -[service0 service0]$ cd install -[service0 install]$ emacs install.tcl +[$OPENACS_SERVICE_NAME $OPENACS_SERVICE_NAME]$ cd install +[$OPENACS_SERVICE_NAME install]$ emacs install.tcl - Edit the installation configuration file, /home/service0/install/install.tcl and update the site-specific values, such as the new service's IP address and name, which will be written into the new service's config.tcl file. If your system is different from the one described in the previous sections, check the file paths as well. Set do_checkout=yes to create a new OpenACS site directly from a CVS checkout, or =no if you have a fully configured site and just want to rebuild it (drop and recreate the database and repeat the installation). If you have followed a stock installation, the default configuration will work without changes and will install an OpenACS site at 127.0.0.1:8000. + Edit the installation configuration file, /home/$OPENACS_SERVICE_NAME/install/install.tcl and update the site-specific values, such as the new service's IP address and name, which will be written into the new service's config.tcl file. If your system is different from the one described in the previous sections, check the file paths as well. Set do_checkout=yes to create a new OpenACS site directly from a CVS checkout, or =no if you have a fully configured site and just want to rebuild it (drop and recreate the database and repeat the installation). If you have followed a stock installation, the default configuration will work without changes and will install an OpenACS site at 127.0.0.1:8000. Run the install script install.sh as root: - [service0 service0]$ exit -[root root]# sh /home/service0/install/install.sh -/home/service0/install/install.sh: Starting installation with config_file -/home/service0/install/install.tcl. Using serverroot=/var/lib/aolserver/ -service0, server_url=http://0.0.0.0:8000, do_checkout=yes, do_install=yes, + [$OPENACS_SERVICE_NAME $OPENACS_SERVICE_NAME]$ exit +[root root]# sh /home/$OPENACS_SERVICE_NAME/install/install.sh +/home/$OPENACS_SERVICE_NAME/install/install.sh: Starting installation with config_file +/home/$OPENACS_SERVICE_NAME/install/install.tcl. Using serverroot=/var/lib/aolserver/ +$OPENACS_SERVICE_NAME, server_url=http://0.0.0.0:8000, do_checkout=yes, do_install=yes, dotlrn=no, and database=postgres., use_daemontools=true ... many lines omitted ... -Tue Jan 27 11:50:59 CET 2004: Finished (re)installing /var/lib/aolserver/service0. +Tue Jan 27 11:50:59 CET 2004: Finished (re)installing /var/lib/aolserver/$OPENACS_SERVICE_NAME. ###################################################################### New site URL: http://127.0.0.1:8000 admin email : admin@yourserver.net @@ -107,27 +107,27 @@ /tmp and proceed: - Unpack the OpenACS tarball and rename it to service0. Secure the directory so that only the owner can access it. Check the permissions by listing the directory. - [root root]# su - service0 -[service0 service0]$ cd /var/lib/aolserver -[service0 aolserver]$ tar xzf /tmp/&tarballpath;.tgz -[service0 aolserver]$ mv &tarballpath; service0 -[service0 aolserver]$ chmod -R 775 service0 -[service0 aolserver]$ chown -R service0.service0 service0 -[service0 aolserver]$ ls -al + Unpack the OpenACS tarball and rename it to $OPENACS_SERVICE_NAME. Secure the directory so that only the owner can access it. Check the permissions by listing the directory. + [root root]# su - $OPENACS_SERVICE_NAME +[$OPENACS_SERVICE_NAME $OPENACS_SERVICE_NAME]$ cd /var/lib/aolserver +[$OPENACS_SERVICE_NAME aolserver]$ tar xzf /tmp/&tarballpath;.tgz +[$OPENACS_SERVICE_NAME aolserver]$ mv &tarballpath; $OPENACS_SERVICE_NAME +[$OPENACS_SERVICE_NAME aolserver]$ chmod -R 775 $OPENACS_SERVICE_NAME +[$OPENACS_SERVICE_NAME aolserver]$ chown -R $OPENACS_SERVICE_NAME.$OPENACS_SERVICE_NAME $OPENACS_SERVICE_NAME +[$OPENACS_SERVICE_NAME aolserver]$ ls -al total 3 drwxrwx--- 3 root web 1024 Mar 29 16:41 . drwxr-xr-x 25 root root 1024 Mar 29 16:24 .. -drwx------ 7 service0 web 1024 Jan 6 14:36 service0 -[service0 aolserver]$ exit +drwx------ 7 $OPENACS_SERVICE_NAME web 1024 Jan 6 14:36 $OPENACS_SERVICE_NAME +[$OPENACS_SERVICE_NAME aolserver]$ exit logout [root root]# -su - service0 +su - $OPENACS_SERVICE_NAME cd /var/lib/aolserver tar xzf /tmp/&tarballpath;.tgz -mv &tarballpath; service0 -chmod -R 755 service0 -chgrp -R service0.service0 service0 +mv &tarballpath; $OPENACS_SERVICE_NAME +chmod -R 755 $OPENACS_SERVICE_NAME +chgrp -R $OPENACS_SERVICE_NAME.$OPENACS_SERVICE_NAME $OPENACS_SERVICE_NAME exit @@ -144,22 +144,22 @@ You should be sure that your user account - (e.g. service0) is in the + (e.g. $OPENACS_SERVICE_NAME) is in the dba group. Verify membership by typing groups when you login: - [service0 ~]$ groups + [$OPENACS_SERVICE_NAME ~]$ groups dba web If you do not see these groups, take the following action: - [service0 ~]$ su - + [$OPENACS_SERVICE_NAME ~]$ su - Password: ************ -[root ~]# adduser service0 dba +[root ~]# adduser $OPENACS_SERVICE_NAME dba If you get an error about an undefined group, then add that group manually: @@ -176,7 +176,7 @@ Connect to Oracle using svrmgrl and login: - [service0 ~]$ svrmgrl + [$OPENACS_SERVICE_NAME ~]$ svrmgrl SVRMGR> connect internal Connected. @@ -220,13 +220,13 @@ SVRMGR> exit -[service0 ~]$ su - +[$OPENACS_SERVICE_NAME ~]$ su - Password: ************ [root ~]# mkdir -p /ora8/m02/oradata/ora8/ -[root ~]# chown service0:web /ora8/m02/oradata/ora8 +[root ~]# chown $OPENACS_SERVICE_NAME:web /ora8/m02/oradata/ora8 [root ~]# chmod 775 /ora8/m02/oradata/ora8 [root ~]# exit -[service0 ~]$ +[$OPENACS_SERVICE_NAME ~]$ @@ -241,10 +241,10 @@ tablespace. - [service0 ~]$ svrmgrl + [$OPENACS_SERVICE_NAME ~]$ svrmgrl SVRMGR> connect internal; -SVRMGR> create tablespace service0 - datafile '/ora8/m02/oradata/ora8/service001.dbf' +SVRMGR> create tablespace $OPENACS_SERVICE_NAME + datafile '/ora8/m02/oradata/ora8/$OPENACS_SERVICE_NAME01.dbf' size 50M autoextend on next 10M @@ -256,24 +256,24 @@ Create a database user for this service. Give the user access to the tablespace and rights to connect. We'll use - service0password as our password. + $OPENACS_SERVICE_NAMEpassword as our password. Write down what you specify as service_name - (i.e. service0) + (i.e. $OPENACS_SERVICE_NAME) and database_password - (i.e. service0password). You + (i.e. $OPENACS_SERVICE_NAMEpassword). You will need this information for configuring exports and AOLserver. -SVRMGR> create user service0 identified by service0password default tablespace service0 - temporary tablespace temp quota unlimited on service0; -SVRMGR> grant connect, resource, ctxapp, javasyspriv, query rewrite to service0; -SVRMGR> revoke unlimited tablespace from service0; -SVRMGR> alter user service0 quota unlimited on service0; +SVRMGR> create user $OPENACS_SERVICE_NAME identified by $OPENACS_SERVICE_NAMEpassword default tablespace $OPENACS_SERVICE_NAME + temporary tablespace temp quota unlimited on $OPENACS_SERVICE_NAME; +SVRMGR> grant connect, resource, ctxapp, javasyspriv, query rewrite to $OPENACS_SERVICE_NAME; +SVRMGR> revoke unlimited tablespace from $OPENACS_SERVICE_NAME; +SVRMGR> alter user $OPENACS_SERVICE_NAME quota unlimited on $OPENACS_SERVICE_NAME; SVRMGR> exit; @@ -286,7 +286,7 @@ Make sure that you can login to Oracle using your service_name account: - [service0 ~]$ sqlplus service0/service0password + [$OPENACS_SERVICE_NAME ~]$ sqlplus $OPENACS_SERVICE_NAME/$OPENACS_SERVICE_NAMEpassword SQL> select sysdate from dual; SYSDATE ---------- @@ -313,31 +313,31 @@ Create a user in the database matching the service name. With default PostgreSQL authentication, a system user connecting locally automatically authenticates as the postgres user of the same name, if one exists. We currently use postgres "super-users" for everything, which means that anyone with access to any of the openacs system accounts on a machine has full access to all postgresql databases on that machine. [root root]# su - postgres -[postgres pgsql]$ createuser -a -d service0 +[postgres pgsql]$ createuser -a -d $OPENACS_SERVICE_NAME CREATE USER [postgres pgsql]$ exit logout [root root]# - Create a database with the same name as our service name, service0. - [root root]# su - service0 -[service0 service0]$ createdb -E UNICODE service0 + Create a database with the same name as our service name, $OPENACS_SERVICE_NAME. + [root root]# su - $OPENACS_SERVICE_NAME +[$OPENACS_SERVICE_NAME $OPENACS_SERVICE_NAME]$ createdb -E UNICODE $OPENACS_SERVICE_NAME CREATE DATABASE -[service0 service0]$ -su - service0 -createdb -E UNICODE service0 +[$OPENACS_SERVICE_NAME $OPENACS_SERVICE_NAME]$ +su - $OPENACS_SERVICE_NAME +createdb -E UNICODE $OPENACS_SERVICE_NAME Automate daily database Vacuuming. This is a process which cleans out discarded data from the database. A quick way to automate vacuuming is to edit the cron file for the database user. Recommended: VACUUM ANALYZE every hour and VACUUM FULL ANALYZE every day. Postgres Vacuuming - [service0 service0]$ export EDITOR=emacs;crontab -e + [$OPENACS_SERVICE_NAME $OPENACS_SERVICE_NAME]$ export EDITOR=emacs;crontab -e Add these lines to the file. The vacuum command cleans up temporary structures within a PostGreSQL database, and can improve performance. We vacuum gently every hour and completely every day. The numbers and stars at the beginning are cron columns that specify when the program should be run - in this case, whenever the minute is 0 and the hour is 1, i.e., 1:00 am every day, and every (*) day of month, month, and day of week. Type man 5 crontab for more information. - 0 1-23 * * * /usr/local/pgsql/bin/vacuumdb --analyze service0 -0 0 * * * /usr/local/pgsql/bin/vacuumdb --full --analyze service0 + 0 1-23 * * * /usr/local/pgsql/bin/vacuumdb --analyze $OPENACS_SERVICE_NAME +0 0 * * * /usr/local/pgsql/bin/vacuumdb --full --analyze $OPENACS_SERVICE_NAME Depending on your distribution, you may receive email when the crontab items are executed. If you @@ -370,16 +370,16 @@ specific port, e.g. port 80. In order for OpenACS to work, you need to configure a virtual server. The Reference Platform uses a configuration file included in the OpenACS tarball, - /var/lib/aolserver/service0/etc/config.tcl. + /var/lib/aolserver/$OPENACS_SERVICE_NAME/etc/config.tcl. Open it in an editor to adjust the parameters. AOLserver configuration - [root root]# su - service0 -[service0 service0]$ cd /var/lib/aolserver/service0/etc -[service0 etc]$ emacs config.tcl + [root root]# su - $OPENACS_SERVICE_NAME +[$OPENACS_SERVICE_NAME $OPENACS_SERVICE_NAME]$ cd /var/lib/aolserver/$OPENACS_SERVICE_NAME/etc +[$OPENACS_SERVICE_NAME etc]$ emacs config.tcl You can continue without changing any values in the file. However, if you don't change address to match the computer's ip address, you won't be able to browse to your server from other machines. @@ -400,7 +400,7 @@ address - The IP address of the server. If you are hosting multiple IPs on one computer, this is the address specific to the web site. Each virtual server will ignore any requests directed at other addresses. - server - This is the keyword that, by convention, identifies the service. It is also used as part of the path for the service root, as the name of the user for running the service, as the name of the database, and in various dependent places. The Reference Platform uses service0. + server - This is the keyword that, by convention, identifies the service. It is also used as part of the path for the service root, as the name of the user for running the service, as the name of the database, and in various dependent places. The Reference Platform uses $OPENACS_SERVICE_NAME. @@ -452,23 +452,23 @@ Kill any current running AOLserver processes and start a new - one. The recommended way to start an AOLserver process is by running the included script, /var/lib/aolserver/service0/etc/daemontools/run. If you are not using the default file paths and names, you will need to edit run. + one. The recommended way to start an AOLserver process is by running the included script, /var/lib/aolserver/$OPENACS_SERVICE_NAME/etc/daemontools/run. If you are not using the default file paths and names, you will need to edit run. If you want to use port 80, there are complications. AOLserver must be root to use system ports such as 80, but refuses to run as root for security reasons. So, we call the run script as root and specify a non-root user ID and Group ID which AOLserver will switch to after claiming the port. To do so, find the UID and GID of the - service0 user via - grep service0 + $OPENACS_SERVICE_NAME user via + grep $OPENACS_SERVICE_NAME /etc/passwd and then put those numbers into the command line via -u 501 -g 502. In AOLserver 4, you must also send a -b flag. Do this by editing the run file as indicated in the comments. If you are root then killall will affect all OpenACS services on the machine, so if there's more than one you'll have to do ps -auxw | grep nsd and selectively kill by job number. - [service0 etc]$ killall nsd + [$OPENACS_SERVICE_NAME etc]$ killall nsd nsd: no process killed -[service0 service0]$ /usr/local/aolserver/bin/nsd-postgres -t /var/lib/aolserver/service0/etc/config.tcl -[service0 service0]$ [08/Mar/2003:18:13:29][32131.8192][-main-] Notice: nsd.tcl: starting to read config file... +[$OPENACS_SERVICE_NAME $OPENACS_SERVICE_NAME]$ /usr/local/aolserver/bin/nsd-postgres -t /var/lib/aolserver/$OPENACS_SERVICE_NAME/etc/config.tcl +[$OPENACS_SERVICE_NAME $OPENACS_SERVICE_NAME]$ [08/Mar/2003:18:13:29][32131.8192][-main-] Notice: nsd.tcl: starting to read config file... [08/Mar/2003:18:13:29][32131.8192][-main-] Notice: nsd.tcl: finished reading config file. @@ -480,13 +480,13 @@ url="files/openacs-start.html">this. If you imported your files into cvs, now that you know it worked you can erase the temp - directory with rm -rf /var/lib/aolserver/service0.orig. + directory with rm -rf /var/lib/aolserver/$OPENACS_SERVICE_NAME.orig. If you don't see the login page, view your error log - (/var/lib/aolserver/service0/log/service0-error.log) + (/var/lib/aolserver/$OPENACS_SERVICE_NAME/log/$OPENACS_SERVICE_NAME-error.log) to make sure the service is starting without any problems. The most common errors here are trying to start a port 80 server while not root, failing to connect because of @@ -579,7 +579,7 @@ AOLserver to restart itself (ie. inittab or daemontools), you'll need to manually restart your service. - [service0 service0]$ /usr/local/aolserver/bin/nsd-postgres -t /var/lib/aolserver/service0/config.tcl + [$OPENACS_SERVICE_NAME $OPENACS_SERVICE_NAME]$ /usr/local/aolserver/bin/nsd-postgres -t /var/lib/aolserver/$OPENACS_SERVICE_NAME/config.tcl @@ -634,8 +634,8 @@ database, because those environmental variables are set by the wrapper scripts nsd-postgres and nsd-oracle. - [root root]# su - service0 -[service0 service0]$ emacs .bashrc + [root root]# su - $OPENACS_SERVICE_NAME +[$OPENACS_SERVICE_NAME $OPENACS_SERVICE_NAME]$ emacs .bashrc Put in the appropriate lines for the database you are running. If you will use both databases, put in both sets of lines. @@ -660,11 +660,11 @@ Test this by logging out and back in as - service0 and checking the paths. - [service0 service0]$ exit + $OPENACS_SERVICE_NAME and checking the paths. + [$OPENACS_SERVICE_NAME $OPENACS_SERVICE_NAME]$ exit logout -[root src]# su - service0 -[service0 ~]$ env +[root src]# su - $OPENACS_SERVICE_NAME +[$OPENACS_SERVICE_NAME ~]$ env