Server Setup

(Difference between revisions)
Jump to: navigation, search
(Extra Notes)
(Adding users)
Line 217: Line 217:
 
</syntaxhighlight>
 
</syntaxhighlight>
 
This will require everyone to re-enter their password when they login to have it hashed with the new algorithm.
 
This will require everyone to re-enter their password when they login to have it hashed with the new algorithm.
 
=== Adding users ===
 
There are currently two groups, TICC and TICCAdmins.  TICC admins has sudoers access, TICC does not.
 
 
<syntaxhighlight lang="text">useradd <username> -m -G TICCAdmins,TICC</syntaxhighlight>
 
The above will add a user, create the user's home directory, add them to the group TICCAdmins as default, and also add them to the group TICC.  Note that this must be run with sudoer privileges or as root and this will create a sudoer user.
 
 
Next, run <syntaxhighlight lang="text">passwd <usernname></syntaxhighlight> to activate the password on the account. <tt>su</tt> to that person's account, now that you've made it, and run <syntaxhighlight lang="text">echo 'export PATH=$PATH:/usr/sbin' >> $HOME/.bash_profile</syntaxhighlight>  This will add the <tt>sbin</tt> commands to your path, which is a requirement for sudoers.  Otherwise this probably does not need to be done. 
 
Running the next set will mean you won't have to log off and on, which, if you're creating the account for someone, is probably unnecessary.
 
<syntaxhighlight lang="text">
 
. $HOME/.bash_profile
 
echo $PATH</syntaxhighlight>
 
  
 
== External Links ==
 
== External Links ==

Revision as of 16:56, 10 August 2011

This page documents setting up the servers running TICC's wiki, forum, and InkSurvey.


Contents

Preliminaries (Definitions/Notes/etc.)

The KVM

The KVM switch in the server room at Mines is an APC KVM switch (I have no idea of the model and it doesn't matter). To switch to the server on the KVM console, do the following:

  1. Press and hold the Num Lock key.
  2. Press and release the '-' key on the number pad.
  3. Release the Num Lock key.

This should bring up a prompt so you can type in the number of the server. Oldticc's happened to be number 11.

Hardware

Software

Packages

Installed Packages

Name Package Name Reason
Apache Web Server httpd
Open SSL openssl mod_ssl Provide SSL support on Apache
Postfix Mail Server postfix
PHP php53 php53-mysql php53-common php53-cli php53-pdo php53-gd
SSH Server openssh Remote administration
Simple Network Management Protocol (SNMP) net-snmp
MySQL mysql
Perl perl Needed by Clonezilla
Perl Modules perl-Digest-SHA1 Needed by Clonezilla
Patch patch Merge diff changes with this program

Other programs

yum install sudo wget make mlocate nano zip unzip man

Configuration File Changes

Configuration Notes

All web accessible files should be put in /var/www/html/ and should be owned by the user nginx and the group web. If it has a password or anything that we do not want to be publicly accessible, then it should be put into /var/www/configs/ and should be owned by php, the user and the group. This will prevent our wonderfully awesome passwords from being thrown out to the world in the event of a web server screwing us over.

Setup

Configuring Nginx

The diff should take care of the configuration of nginx, but if it does not, then the steps to set it up are listed below.

  1. Make sure that there is a FastCGI server setup.
    1. Our current setup uses php-fpm and a script to launch it.
  2. Make sure that Nginx is passing the php pages to the FastCGI server.
    1. fastcgi_pass 127.0.0.1:9000
    2. For some reason that has not been explained to me, the $document_root variable in Nginx's configuration is hard-coded to a value. This variable should not be used as we do not use the Nginx default location. Therefore, your Nginx configuration should be passing the script name using the following line.
fastcgi_param SCRIPT_NAME PATH_TO_WEB_ROOT/$fastcgi_script_name

Setting up the Wiki

  1. Download the Mediawiki installation. Current stable release is 1.17.
  2. Browse to http://serveraddress/wiki/installation/folder/
  3. Click the "set up the wiki" link to start installation.
  4. Choose your language.
  5. The next page lists what Mediawiki has found out about your server. The following warnings were found on ours, followed by why we could ignore them.
    1. Warning: SQLite is compiled without the FTS3 module, search features will be unavailable on this backend.
      • We ignored this because we are not using SQLite for our backend. We simply use MySQL.
    2. Warning: Could not find eAccelerator, APC, XCache or WinCache. Object caching is not enabled.
      • This would speed up our installation, but is something we do not care to bother with at the moment.
    3. Warning: The intl PECL extension is not available to handle Unicode normalization, falling back to slow pure-PHP implementation.
      • Right now, we do not run a high enough traffic site to warrant my bothering with this for too long. At some point in the future, I may look into this, but for now, I'm ignoring it.
  6. Read the terms, accept them, and move on to database setup.
  7. On this page, we set it up as:
    1. Database host: localhost
    2. Database name: wiki
    3. Database table prefix: left blank
    4. Database username and password: We set these to something that made sense to us.
  8. On the next page for web access, we left it the same as the account created last page.
  9. We set the Storage Engine to InnoDB and the encoding to Binary.
  10. Name your wiki (ours is Physiki), leave the project namespace the same, and set up your initial Administrator account. Don't forget to set the e-mail.
  11. We then chose to keep going with configuration. On the next page, we chose to do "Account Creation Required," and "GNU Free Documentation License 1.3 or Later," although this comes down to personal preference or the needs of your site.
  12. We set the return e-mail address to webmaster@ticc.mines.edu, since we're going to set up e-mail services on our server, soon.
  13. File uploads is disabled for us for a moment until we change it through settings files. We did not enable the instant commons option since we do not use it.
  14. Click continue and then continue again to install.
  15. There's another step, I think it's copying the LocalSettings.php file over to the wiki directory, but I'm on a ssh tunnel, so I think it mucked up slightly, so I just downloaded it from the server and scp-ed it over.

Forum Setup

I'm going to assume you've already done a few things:

  • Created a database server
  • Created a database for the forum on the server (I'll call ours "forum")
  • Installed and configured a working web server, with php
  1. Navigate to your web folder on your server
  2. wget phpBB-3.0.8.zip, or current release.
    • If you wish, you can change the phpbb folder name to something like "forum"
  3. Navigate to your folder in your web browser (for us, ticc.mines.edu/forum/)
  4. Click on the Install tab and make sure you have all of the pre-reqs. Click Start-Install
  5. Fill in the database information. Example:
    1. Database Type: MySQL
    2. Database Server Hostname: localhost
    3. Database Server Port: blank
    4. Database Name: forum
    5. Database Username: forum
    6. Database Password: *****
    7. Prefix for tables...: blank (You will want to use this if the forum is sharing a database with other software, or another forum. However, for the single forum having it's own database, it's unnecessary)
  6. Click on next step. Hopefully your stuff worked with the test connection. Proceed and conquer.
  7. Put in the Forum Administrator's information (This can be changed later if need be)
  8. Continue Proceeding and Conquering!
  9. Delete the folder "install" in your forum directory
  10. Enjoy your new forum! Don't kiss it too much.

Installing InkSurvey

  1. Run
    git clone http://ticc.mines.edu/git/InkSurvey
    This should create a folder called InkSurvey on in the directory.
  2. cd into the InkSurvey directory, then run
    git clone http://ticc.mines.edu/git/InkWidget
  3. Open up your browser and go to http://servername/InkSurvey/survey.php and fill in the fields.
    1. Admin E-mail: webmaster@ticc.mines.edu
    2. MySQL Database Server: localhost
    3. Database Name: survey
    4. Database user: survey
    5. Database pass: *****
    6. For server name, on our test server we used the IP.
    7. For "Web Directory," we filled in /var/www/html/
    8. For "Web Sub-Directory," we used InkSurvey
  4. Hit Configure Installation

Installing Cacti

  1. Use yum to install RRDTool. There are WAY TOO MANY dependencies to do this by hand. Only attempt if you have a week to kill. Seriously, just don't do it!
  2. Navigate to your web directory and wget the latest version of Cacti
  3. Untar and gunzip and rename the folder created to cacti (or symbolicly link it)
  4. Set up permissions on the cacti folder
  5. Edit your cacti/includes/config.php file to work with your database server
  6. Put the sql template in your database (mysql cacti < cacti/cacti.sql)
  7. Access <server>/cacti/
  8. Follow the simple setup, then cackle maniacally when it works

Extra Notes

Making Bootable Media with a Kickstart file

mkisofs -o /home/fedora-kickstart.iso -b isolinux/isolinux.bin -c isolinux/boot.cat -no-emul-boot -boot-load-size 4 -boot-info-table -J -R -V “Fedora” .

Boot the right kernel (used for Kickstart)

Execute the following commands to get a copy of the installation kernel onto the server.

cd /boot/install
wget http://mirror.anl.gov/pub/centos/5/os/x86_64/isolinux/vmlinuz
wget http://mirror.anl.gov/pub/centos/5/os/x86_64/isolinux/initrd.img

Modify Grub (version < 1.99) to include the following menu item.

The commands included assume that the default OS is installed on the first partition of sda and that there is a boot partition. If there is not a boot partition, you will need to add "/boot" to the file paths that start with "/install". If the OS is not installed on the first partition of sda, you will need to modify the root line.

If, at any time, these instructions do not make sense, stop and make sure you understand what you are doing, as failure to do so will result in permanent data and hair loss.

title Install CentOS
    root (hd0,0)
    kernel /install/vmlinuz ks=http://ticc.mines.edu/ks.cfg ip=<ipaddr> netmask=<netmask> gw=<gateway>  dns=<dns server> ksdevice=<KickstartInterface>
    initrd /install/initrd.img

The menu items are a zero indexed array, and if you want the above menu item to be the default selected item, you will need to set the DEFAULT= line to be the zero-indexed location of this menu item. You need to pass the kernel the location of the kickstart file. You may also need to configure the system to recognize your static IP Address, mask, gateway, etc.

For Grub (version >= 1.99) Create a file called 06_CentOS in /etc/grub.d/, make it executable, and put the following content in it.

#!/bin/sh
exec tail -n +3 $0
# This file provides an easy way to add custom menu entries.  Simply type the
# menu entries you want to add after this comment.  Be careful not to change
# the 'exec tail' line above.
 
menuentry "CentOSKickstart" {
    set root=(hd0,1)
    linux   /install/vmlinuz ks=http://ticc.mines.edu/ks.cfg ip=<ipaddr> netmask=<netmask> gw=<gateway>  dns=<dns server> ksdevice=<KickstartInterface>
    initrd  /install/initrd.img
}

Note that this file has the first partition set as (hd0,1) rather than (hd0,0), as was used for older versions of GRUB.

You then need to run

sudo update-grub

This will modify the /boot/grub/grub.cfg file using the new values found in the file you just created. Verify that the changes were added to the file.

Also check that the DEFAULT value in /etc/default/grub points to the zero-number number of your menu entry, in the /boot/grub/grub.cfg file. If that does not make sense, stop.

Changing Hashing Algorithm

authconfig --passalgo=sha512 --update

This will require everyone to re-enter their password when they login to have it hashed with the new algorithm.

External Links

Personal tools
Namespaces
Variants
Actions
Navigation
Toolbox