BioImage Wiki (internal)This page is obsolete - see ![[WWW]](/wiki/modern/img/moin-www.png){kind=small}
http://milos2.zoo.ox.ac.uk/ibrgtech/index.php/Milos_setup
Milos System Notes
This page contains technical notes about the Milos server system (milos1., milos2.zoo.ox.ac.uk).
Contents:
- Hardware configuration
- Software configuration
- Installation notes
- Links and more information
1. Hardware configuration
TransTEC server:
SuperMicro 370DL3 motherboard
Dual Pentium 6 866MHz processors
2Gb RAM
Onboard SCSI controller:
sda: 140Gb Seagate Cheetah, model ST3126707LW (68-pin connector)
sdb: 70Gb Seagate
sdc: 36Gb Maxtor Atlas 10k IV, model 8B036L0
IBM RAID controller with connection to EXP300 rack
Onboard ethernet controller (eth0) - Intel 82557/8/9 - 00:30:48:21:4D:3A
Second Ethernet controller card (eth1) - 3COM 3C980C - 00:01:02:74:26:96
2. Software configuration
Operating system: CentOS 5, clone of Redhat Enterprise Linux 5 (RHEL5)
Disks and volumes:
sda (140Gb)
/dev/sda1 - /boot
/dev/sda2 - VolGroup00 (136Gb)
/dev/VolGroup00/LogVol00 - / (8Gb)
/dev/VolGroup00/LogVol01 - swap (4Gb)
sdb (70Gb)
/dev/sdb1 - /storage1
sdc (36Gb)
/dev/sdc1 - /var
eth0 - 129.67.24.14 (milos1.zoo.ox.ac.uk)
eth1 - 129.67.24.15 (milos2.zoo.ox.ac.uk)
3. Installation notes
New operating system installation 10-Oct-2007.
Note: to run the system-config-securitylevel script in an SSH session using the SecureCRT (Van Dyke) SSH client, under Options > Session options > Emulation select Linux, and under Options > Session options > Emulation > Advanced select UTF-8 character encoding.
3.1. Base system
Initially ran into problems with installation of the system from CD. It was either hanging or running very slowly. This apears to be a problem with memory over 2Gb, which is fixed by adding mem=2047M@1M to the boot command line.
Network details:
subnet: 255.255.252.0 (/22)
gateway: 129.67.27.254
DNS: 129.67.1.1, 163.1.2.1, 129.67.1.180
WINS: 163.1.2.52, 129.67.1.52
NTP: ntp0.oucs.ox.ac.uk
Initial accounts: root, graham, zhaoj
Also added johnpybus for oucc
Note installation creates a "kickstart" file at /root/anaconda-ks.cfg
YUM update. (Twice.)
Edit /etc/grub.conf, to add mem= line to kernel command, thus:
[root@milos2 etc]# less grub.conf # grub.conf generated by anaconda # # Note that you do not have to rerun grub after making changes to this file # NOTICE: You have a /boot partition. This means that # all kernel and initrd paths are relative to /boot/ # default=0 timeout=10 splashimage=(hd0,0)/grub/splash.xpm.gz hiddenmenu title CentOS (2.6.18-8.1.14.el5) root (hd0,0) kernel /vmlinuz-2.6.18-8.1.14.el5 ro root=/dev/VolGroup00/LogVol00 rhgb quiet mem=2047M@1M initrd /initrd-2.6.18-8.1.14.el5.img title CentOS (2.6.18-8.el5) root (hd0,0) kernel /vmlinuz-2.6.18-8.el5 ro root=/dev/VolGroup00/LogVol00 rhgb quiet initrd /initrd-2.6.18-8.el5.img
Edit /etc/ssh/sshd_config to contain:
PermitRootLogin no
and
allowgroups remote
Create new group 'remote', and edit /etc/group to add remote login users to this group. e.g.
remote:x:85:graham,zhaoj
Install sshblack per
http://wiki.oss-watch.ac.uk/InstallingSshblack, Edit /etc/fstab to include other disks:
/dev/VolGroup00/LogVol00 / ext3 defaults 1 1 /dev/sdb1 /mnt/sdb1 ext3 defaults 0 2 /dev/sdc1 /mnt/sdc1 ext3 defaults 0 2 LABEL=/boot /boot ext3 defaults 1 2 devpts /dev/pts devpts gid=5,mode=620 0 0 tmpfs /dev/shm tmpfs defaults 0 0 proc /proc proc defaults 0 0 sysfs /sys sysfs defaults 0 0 /dev/VolGroup00/LogVol01 swap swap defaults 0 0
Install and activate inetd:
yum install xindetd service xinetd start
Check xinetd is running:
service xinetd status
Configure yum for automatic daily updates. Edit file /etc/yum/yum-updatesd.conf and change the line do_update thus:
[main] # how often to check for new updates (in seconds) run_interval = 3600 # how often to allow checking on request (in seconds) updaterefresh = 600 # how to send notifications (valid: dbus, email, syslog) emit_via = dbus # should we listen via dbus to give out update information/check for # new updates dbus_listener = yes # automatically install updates do_update = yes # automatically download updates do_download = no # automatically download deps of updates do_download_deps = no
3.2. Apapche and PHP
Configure and start apache web server.
Edit /etc/httpd/conf/httpd.conf to add the following at the end (to allow virtual hosts configurations to be created separately, in similar fashion to web application .conf files):
# # Load virtual host files from the config directory "/etc/httpd/conf.d". # Include conf.d/*.host
Activate the HTTPD server, thus:
[root@milos2 conf]# chkconfig httpd on [root@milos2 conf]# chkconfig httpd --list httpd 0:off 1:off 2:on 3:on 4:on 5:on 6:off [root@milos2 conf]# service httpd start Starting httpd: [ OK ]
Server certificate checking
cd /etc/httpd grep -R SSLCertificate * conf.d/ssl.conf:# Point SSLCertificateFile at a PEM encoded certificate. If conf.d/ssl.conf:SSLCertificateFile /etc/pki/tls/certs/localhost.crt conf.d/ssl.conf:SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
This is the default setup, whose certificate contains localhost as its host name.
Create new server certificate (see
http://www.madboa.com/geek/openssl/#cert-self): openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout milos2.zoo.ox.ac.uk.key -out milos2.zoo.ox.ac.uk.crt
Update details of key anhd certificate files in /etc/httpd/conf.d/ssl.conf
Restart httpd
3.3. Mail server
Change mail handler to postfix:
yum install postfix yum remove sendmail
Edit /etc/aliases to redirect email for root:
# Person who should get root's mail root: graham,graham.klyne@zoo.ox.ac.uk
Then run:
[root@milos2 etc]# newaliases
Run postfix:
[root@milos2 etc]# service postfix start Starting postfix: [ OK ] [root@milos2 etc]# service postfix status master (pid 7463) is running...
3.3.1. Handling bioimage.org mail
The intent is that all mail for bioimage.org or mail.bioimage.org will be forwarded to a mailing list (![[MAILTO]](/wiki/modern/img/moin-email.png){kind=small}
bioimage-exteranal@mail.ontonet.org) on Antiparos. See http://www.postfix.org/VIRTUAL_README.html for more details.
Add this to file /etc/postfix/main.cf:
# POST-INSTALLATION (GK) # # See: http://www.postfix.org/VIRTUAL_README.html # virtual_alias_domains = bioimage.org, mail.bioimage.org virtual_alias_maps = hash:/etc/postfix/bioimage
Also in mail.cf, check that postfix is listening for external connections:
inet_interfaces = all
or
inet_interfaces = $myhostname, localhost
If this parameter is changed, restart postfix thus:
service postfix restart
Create a new file /etc/postfix/bioimage:
# Virtual mail host alias file for bioimage.org postmaster@bioimage.org postmaster postmaster@mail.bioimage.org postmaster @bioimage.org bioimage @mail.bioimage.org bioimage
Run command: postmap /etc/postfix/bioimage. This creates a file /etc/postfix/bioimage.db.
Add this to etc/aliases:
bioimage: bioimage, bioimage-external@mail.ontonet.org
Run these commands:
newaliases postfix reload
3.4. FastCGI
This is for use by TRAC (see later)
Install httpd-devel:
yum install http-devel
Retrieve FastCGI tow orking directory; note that the most recent non-snapshot release has some symbol definitions missing for use with Apache 2: see
http://www.fastcgi.com/archives/fastcgi-developers/2005-December/004060.html. wget http://www.fastcgi.com/dist/mod_fastcgi-SNAP-0709231442.tar.gz
Install FastCGI
tar xvfz mod_fastcgi-SNAP-0709231442.tar.gz cd mod_fastcgi-SNAP-0709231442 cp Makefile.AP2 Makefile make top_dir=/usr/lib/httpd make top_dir=/usr/lib/httpd install cd ..
Confirm module is present:
[root@milos2 kit]# find /usr/lib -name mod_fastcgi.so /usr/lib/httpd/modules/mod_fastcgi.so
The FastCGI installation suggests an httpd.conf directive like this:
LoadModule fastcgi_module modules/mod_fastcgi.so
3.5. MySQL
Activate MySQL daemon:
[root@milos2 etc]# chkconfig mysqld on [root@milos2 etc]# chkconfig --list mysqld mysqld 0:off 1:off 2:on 3:on 4:on 5:on 6:off [root@milos2 etc]# service mysqld start Initializing MySQL database: Installing all prepared tables Fill help tables To start mysqld at boot time you have to copy support-files/mysql.server to the right place for your system PLEASE REMEMBER TO SET A PASSWORD FOR THE MySQL root USER ! To do so, start the server, then issue the following commands: /usr/bin/mysqladmin -u root password 'new-password' /usr/bin/mysqladmin -u root -h milos2.zoo.ox.ac.uk password 'new-password' See the manual for more instructions. You can start the MySQL daemon with: cd /usr ; /usr/bin/mysqld_safe & You can test the MySQL daemon with the benchmarks in the 'sql-bench' directory: cd sql-bench ; perl run-all-tests Please report any problems with the /usr/bin/mysqlbug script! The latest information about MySQL is available on the web at http://www.mysql.com Support MySQL by buying support/licenses at http://shop.mysql.com [ OK ] Starting MySQL: [ OK ] [root@milos2 etc]# /usr/bin/mysqladmin -u root password '***' [root@milos2 etc]# /usr/bin/mysqladmin -u root -h milos2.zoo.ox.ac.uk password '***'
Check out MySQL:
[root@milos2 etc]# /usr/bin/mysqladmin -u root --password=*** version /usr/bin/mysqladmin Ver 8.41 Distrib 5.0.22, for redhat-linux-gnu on i686 Copyright (C) 2000 MySQL AB & MySQL Finland AB & TCX DataKonsult AB This software comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to modify and redistribute it under the GPL license Server version 5.0.22 Protocol version 10 Connection Localhost via UNIX socket UNIX socket /var/lib/mysql/mysql.sock Uptime: 10 min 38 sec Threads: 1 Questions: 16 Slow queries: 0 Opens: 0 Flush tables: 1 Open tables: 6 Queries per second avg: 0.025 [root@milos2 etc]# /usr/bin/mysql -u root --password=*** Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 12 to server version: 5.0.22 Type 'help;' or '\h' for help. Type '\c' to clear the buffer. mysql> show databases; +--------------------+ | Database | +--------------------+ | information_schema | | mysql | | test | +--------------------+ 3 rows in set (0.00 sec) mysql> quit Bye [root@milos2 etc]#
phpMySqlAdmin setup, starting in a wrokign directory:
wget http://kent.dl.sourceforge.net/sourceforge/phpmyadmin/phpMyAdmin-2.11.1-all-languages.tar.gz tar xfvz phpMyAdmin-2.11.1-all-languages.tar.gz mv phpMyAdmin-2.11.1-all-languages /var/www/html/ cd /var/www/html/ ln -s phpMyAdmin-2.11.1-all-languages/ phpMyAdmin cd /var/www/html/phpMyAdmin/
Create file /var/www/html/phpMyAdmin/config.inc.php to contain something like this:
-
<?php $cfg['blowfish_secret'] = '0123456789ABCDEF'; // use here a value of your choice $i=0; $i++; $cfg['Servers'][$i]['auth_type'] = 'cookie'; ?>
Now it is possible to browse to
http://milos1.zoo.ox.ac.uk/phpMyAdmin/.
3.6. Samba
Activate SAMBA:
chkconfig smb on chkconfig --list smb service smb start smbpasswd -a (username) : (etc.)
Edit file /etc/samba/smb.conf, to contain:
[global] workgroup = SHOTTON netbios name = MILOS server string = Milos server security = share hosts allow = 129.67.24.0/255.255.252.0 127. encrypt passwords = Yes debug level = 2 log file = /var/log/samba/%m.log max log size = 100 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 dns proxy = No cups options = raw [homes] comment = Home Directories browseable = no writable = yes [printers] comment = All Printers path = /usr/spool/samba browseable = no writable = no printable = yes [storage1] comment = Storage 1 path = /storage1 revalidate = Yes username = (list of usernames...) valid users = (list of usernames...) writeable = Yes
Bring /storage1 disk (sdb1) online. (This is mounted by /etc/fstab at /mnt/sdb1.)
ln -s /mnt/sdb1 /storage1
In /storage1/home, change file owners to match new user codes:
cd /storage1/home/ chown -R root: * chown -R (username): (directoryname) :
3.7. Printing
Set up printer using the graphical console interface - I'm not sure what files were actually created or modified, but these are the files that appear to have been changed:
/etc/printcap /etc/cups/printers.conf.O /etc/cups/printers.conf
3.8. TSM backup
Instructions at
http://www.oucs.ox.ac.uk/hfs/clients/supported/linux/ (note the dependencies listed here). Install Tivoli backup software, starting in working directory /root/kit:
wget ftp://ftp.hfs.ox.ac.uk/tsm/clients/v5r4/lnx/tsm-client-5.4.0.0-3.i386.rpm rpm -i tsm-client-5.4.0.0-3.i386.rpm /opt/tivoli/tsm/client/ba/bin/HFSsetup.sh
At this point, I'm getting errors about the HFS registration, so I can't progress further.
Although the installation appears to work, there is a dependency on module libstdc++.so.5, which was not installed by the standard CentOS installation, and whose absence is not detected by the TSM installation. This is rectified by:
yum install compat-libstdc++-33.i386
Re-running the TSM setup now works:
[root@milos2 ~]# /opt/tivoli/tsm/client/ba/bin/HFSsetup.sh Upgrading old TSM config... No Servername in dsm.sys Performing a new install Installing new TSM config... Please enter your TSM nodename NODENAME: milos2.zoo Please enter your TSM password... (Your input will not echo to the screen.) PASSWORD: Nodename and password validation. Attempting to find server... TCP probing dsmb5.ox.ac.uk 1700 ... success. Contacting TSM server: OX_HFS_B5 Attempting to store password... Attempting to connect to TSM server... TCP probing dsmb1.ox.ac.uk 1500 ... success. Contacting TSM server: OX_HFS_B1 Attempting to store password... Attempting to connect to TSM server... TCP probing dsmb4.ox.ac.uk 2600 ... success. Contacting TSM server: OX_HFS_B4 Attempting to store password... Attempting to connect to TSM server... TCP probing dsmb3.ox.ac.uk 1600 ... success. Contacting TSM server: OX_HFS_B3 Attempting to store password... Attempting to connect to TSM server... TCP probing dsmb2.ox.ac.uk 2500 ... success. Contacting TSM server: OX_HFS_B2 Attempting to store password... Attempting to connect to TSM server... Server found - password okay. Server found - TSM configured. You appear to be using: 65GB of total disk space. OX_HFS_B2 has a daily backup limit of 100GB Install TSM client scheduler [yes]: Installing the TSM client scheduler daemon: dsmcad. Starting TSM Scheduler (dsmcad)...done. Check /var/log/dsm*.log files in a couple of minutes. An installation log can be found in: /opt/tivoli/tsm/client/ba/bin/tsm-install.log
Initial backups:
dsmc incr / dsmc incr /mnt/
3.8.1. Updating TSM software
See: http://www.oucs.ox.ac.uk/hfs/clients/supported/linux/index.xml?ID=upgrade
* Check for installed TSM client:
rpm -qa | grep tsm
* Updating TSM software involves something like the following sequence of commands:
rpm -e tsm-client wget ftp://ftp.hfs.ox.ac.uk/tsm/clients/v5r4/lnx/tsm-client-5.4.1.2-1.i386.rpm rpm -i tsm-client-5.4.1.2-1.i386.rpm /opt/tivoli/tsm/client/ba/bin/HFSsetup.sh
3.9. VMWare server installation
Serial number: 90RH0-YAJ20-25Q44-48LA8
See also: http://www.vmware.com/pdf/server_admin_manual.pdf
Install and configure VMware from the rpm kit:
rpm -Uhv VMware-server-1.0.4-56528.i386.rpm
Accept defaults for all options except use of NAT networking, for which specify No. The normal default port for remote console access (902) was unavailable, and an alternative (904) was selected by the install script.
Configure VMWare. Ensure VMWare isn't running before doing this (running service vmware start before this appears to fail, but seems to leave a running servsion of VMWare.
service vware stop # precautionary /usr/bin/vmware-config.pl
Start VMware (first attempt):
[root@milos2 kit]# service vmware start Starting VMware services: Virtual machine monitor[FAILED] Virtual ethernet[FAILED] Bridged networking on /dev/vmnet0[FAILED]
The errors seen here, and also the remote console port selection, seem to have been caused by a previous running version of VMWare while performing the configuration. Stopping VMWare and running the configuration script as above seems to work.
Start VMWare (second attempt):
[root@milos2 kit]# service vmware start Starting VMware services: Virtual machine monitor[ OK ] Virtual ethernet[ OK ] Bridged networking on /dev/vmnet0[ OK ]
VMWare Management apparently requires libdb.so.3, which is provided by CentOS package compat-db.i386, thus:
yum install compat-db
Now try installing the management interface, starting in a working directory containing VMware-mui-1.0.4-56528.tar.gz, and no vmware-mui-distrib/ directory:
tar xvfz VMware-mui-1.0.4-56528.tar.gz cd vmware-mui-distrib/ ./vmware-install.pl
Accept default values for all prompts. Finally, expect to see:
Configuring httpd.conf to run Apache as: User: nobody and Group: nobody Set the number of minutes before a http session times out. (This is the length of time before someone connecting to VMware Management Interface will be logged out) [60] 150 Generating SSL Server Certificate Starting httpd.vmware:[ OK ] The configuration of VMware Management Interface completed successfully.
Open up ports 902, 8222 and 8333 for incoming TCP connections.
Access the VMWare console by browsing to milos2.zoo.ox.ac.uk and logging in with a system username and password.
Use the supplied link Download VMware Server Console, save the image file and run it to install the VMWare console program.
3.9.1. Transferring a virtual machine
Copy virtual machine files to a working location, e.g.:
[root@milos2 SL44-ImageWeb]# pwd /var/lib/vmware/Virtual Machines/SL44-ImageWeb [root@milos2 SL44-ImageWeb]# ls -al total 5162248 drwxr-xr-x 2 root root 4096 Oct 17 17:47 . drwxrwxrwt 3 root root 4096 Oct 17 17:47 .. -rw-r--r-- 1 root root 8664 Oct 17 15:30 Red Hat Enterprise Linux 4.nvram -rw-r--r-- 1 root root 0 Nov 21 2006 Red Hat Enterprise Linux 4.vmsd -rw-r--r-- 1 root root 2004 Oct 17 17:11 Red Hat Enterprise Linux 4.vmx -rw-r--r-- 1 root root 0 Sep 17 14:54 Red Hat Enterprise Linux 4.vmx.lck -rwxr--r-- 1 root root 5280890880 Oct 17 15:30 SL-44-root-000004-cl1.vmdk -rw-r--r-- 1 root root 18220 Oct 17 17:11 vmware.log
Ensure the .vmx file is executable (this is needed to view the console screen through VMWare server console:
chmod u+x "Red Hat Enterprise Linux 4.vmx"
Run the VMWare server console program installed previously (maybe on another machine).
Select open existing virtual machine and broewse to the directory containing the copied virtual machine files. Select the .vmx file.
Start the VM. A number of tweaks may be required.
Update VMWare tools...
3.10. Extending root file system
Display and extend LVM for root file system:
lvdisplay --- Logical volume --- LV Name /dev/VolGroup00/LogVol00 VG Name VolGroup00 LV UUID 6ZkGLD-UFN7-7OAP-LZcy-2k8m-H9CU-1acGuI LV Write Access read/write LV Status available # open 1 LV Size 16.00 GB Current LE 512 Segments 2 Allocation inherit Read ahead sectors 0 Block device 253:0 --- Logical volume --- LV Name /dev/VolGroup00/LogVol01 VG Name VolGroup00 LV UUID 3R1XZv-szem-JqdK-3qze-oVL3-Wu62-a9aByy LV Write Access read/write LV Status available # open 1 LV Size 4.00 GB Current LE 128 Segments 1 Allocation inherit Read ahead sectors 0 Block device 253:1 lvextend -L16G /dev/VolGroup00/LogVol00
This extends the underlying logical volume to 16Gb. In this configuration, /dev/VolGroup00/LogVol01 is the swap partition.
Extend the file system. This bit is trickier - apparently, attempting to extend a mounted volume is hazardous. ext2online is claimed to be OK, but is not part of the standard CentOS distribution.
For CentOS 5, there is resize2fs:
[root@milos2 ~]# resize2fs /dev/VolGroup00/LogVol00 resize2fs 1.39 (29-May-2006) Filesystem at /dev/VolGroup00/LogVol00 is mounted on /; on-line resizing required Performing an on-line resize of /dev/VolGroup00/LogVol00 to 4194304 (4k) blocks. The filesystem on /dev/VolGroup00/LogVol00 is now 4194304 blocks long. [root@milos2 ~]# df -B G Filesystem 1G-blocks Used Available Use% Mounted on /dev/mapper/VolGroup00-LogVol00 16G 4G 12G 23% / /dev/sdb1 68G 54G 11G 85% /mnt/sdb1 /dev/sdc1 34G 8G 27G 23% /mnt/sdc1 /dev/sda1 1G 1G 1G 17% /boot tmpfs 1G 0G 1G 0% /dev/shm
See also:
- https://www.centos.org/modules/newbb/viewtopic.php?topic_id=8065&forum=37
- http://linuxlah.blogspot.com/2006/05/howto-extend-lvm-partition-at-rhel4.html
3.11. Subversion
Set up subversion repository. The installation for Centos provides subversion client and server software, so the requirement is to set up a repository with all the required features. The example used here is for a repository called FlyData. All repository files are owned by user svn.
useradd -r -s /bin/nologin svn mkdir /var/svn # base for all repositories svnadmin create /var/svn/FlyData chown -R svn: /var/svn
Alternatively, use sudo to create a repository with the desired user:
sudo -H -u svn svnadmin create /var/svn/newrepo
Enable SVN server: create file /etc/xinetd.d/svn:
# Begin /etc/xinetd.d/svn service svn { port = 3690 socket_type = stream protocol = tcp wait = no user = svn server = /usr/bin/svnserve server_args = -i -r /var/svn } # End /etc/xinetd.d/svn
Restart xinetd:
service xinetd restart
Test checkout to a local directory:
cd /tmp svn checkout svn://milos1.zoo.ox.ac.uk/FlyData # rm -rf FlyData/ to remove files
To access a repository via SVN, add the SVN users to group svn, and use a URI like svn+ssh://graham@milos1.zoo.ox.ac.uk/var/svn/FlyData (note, the full pathname to the repository is given, and the username is part of the URI authority field. Also, ensure the repository is group-writeable
groupadd svn
(It may be necessary to do some umask setting in a wrapper script to ensure new uploads are also group-writeable - so far, this has not been needed.)
To access a repository using Tortoise SVN (
http://tortoisesvn.tigris.org/) under windows, first create an empty directory to receive the repository content, then perform an SVN checkout in that directory. For example, using Tortoise SVN, specify: URL of repository
svn+ssh://graham@milos1.zoo.ox.ac.uk//var/svn/newrepo
Checkout directory
D:\Svn\Milos\newrepo
and enter the repository password when requested. (Unless an SSH password caching utility is being used, the password may be required twice.) Ways to avoid having to type a password each time include: use a keypair without pass phrase protection; use a keypair ion conjunction with SSH agent; create an SSH tunnel then use a simple svn: URI through that tunnel. See also:
http://www.tortoisecvs.org/faq.html#sshkeys. Set up access via HTTP:
yum install mod_dav_svn
Edit /etc/httpd/conf.d/subversion.conf, e.g.:
# Subversion configuration # See also: http://svnbook.red-bean.com/en/1.0/ch06s04.html LoadModule dav_svn_module modules/mod_dav_svn.so LoadModule authz_svn_module modules/mod_authz_svn.so <Location /svn> DAV svn SVNParentPath /var/svn SVNAutoversioning on ModMimeUsePathInfo on # Limit write permission to list of valid users. <LimitExcept GET PROPFIND OPTIONS REPORT> # Require SSL connection for password protection. SSLRequireSSL AuthType Basic AuthName "IBRG Subversion" AuthUserFile conf.d/svn-users Require valid-user </LimitExcept> </Location>
The file /etc/httpd/conf.d/svn-users is created and updated using htpasswd, e.g.:
cd /etc/httpd/conf.d/ htpasswd -c svn-users user1 # create new file and add user1; give password when prompted htpasswd svn-users user2 # add user2; give password when prompted
etc. This controls access to update the SVN repository via HTTP and WebDAV. SSH access is handled separately, as described above.
3.12. Install ClearSilver
ClearSilver is an HTML templating system used by TRAC. Details here are from http://www.madboa.com/geek/trac-centos/.
Update YUM configuration, creating a new file /etc/yum.repos/clearsilver.repo:
[dag] name=Dag RPM Repository for Red Hat Enterprise Linux baseurl=http://apt.sw.be/redhat/el$releasever/en/$basearch/dag gpgcheck=1 gpgkey=http://dag.wieers.com/rpm/packages/RPM-GPG-KEY.dag.txt enabled=0 includepkgs=clearsilver python-clearsilver trac [kbs-CentOS-Extras] name=CentOS.Karan.Org-EL$releasever - Stable gpgcheck=1 gpgkey=http://centos.karan.org/RPM-GPG-KEY-karan.org.txt enabled=0 baseurl=http://centos.karan.org/el$releasever/extras/stable/$basearch/RPMS/ includepkgs=python-docutils python-imaging
Install clearsilver and Python bindings:
yum --enablerepo=dag install clearsilver python-clearsilver
3.13. Install Trac
Assumes that FastCGI has been installed (see above). See also: http://www.madboa.com/geek/trac-centos/, http://trac.edgewall.org/wiki/TracFastCgi.
Download and unpack the tar file:
tar xvfz trac-0.10.4.tar.gz
From the tar file root:
cd trac-0.10.4 python ./setup.py install
Create a subversion repository for a Trac project:
svnadmin create /var/svn/ImageWeb
Create a TRAC project:
[root@milos2 trac-0.10.4]# mkdir /var/trac [root@milos2 trac-0.10.4]# trac-admin /var/trac/ImageWeb initenv Creating a new Trac environment at /var/trac/ImageWeb Trac will first ask a few questions about your environment in order to initalize and prepare the project database. Please enter the name of your project. This name will be used in page titles and descriptions. Project Name [My Project]> ImageWeb Please specify the connection string for the database to use. By default, a local SQLite database is created in the environment directory. It is also possible to use an already existing PostgreSQL database (check the Trac documentation for the exact connection string syntax). Database connection string [sqlite:db/trac.db]> Please specify the type of version control system, By default, it will be svn. If you don't want to use Trac with version control integration, choose the default here and don't specify a repository directory. in the next question. Repository type [svn]> Please specify the absolute path to the version control repository, or leave it blank to use Trac without a repository. You can also set the repository location later. Path to repository [/path/to/repos]> /var/svn/ImageWeb Please enter location of Trac page templates. Default is the location of the site-wide templates installed with Trac. Templates directory [/usr/share/trac/templates]> Creating and Initializing Project Installing default wiki pages /usr/share/trac/wiki-default/TracSupport => TracSupport /usr/share/trac/wiki-default/WikiHtml => WikiHtml /usr/share/trac/wiki-default/TracReports => TracReports /usr/share/trac/wiki-default/TracChangeset => TracChangeset /usr/share/trac/wiki-default/TracInterfaceCustomization => TracInterfaceCustomization /usr/share/trac/wiki-default/WikiProcessors => WikiProcessors /usr/share/trac/wiki-default/WikiNewPage => WikiNewPage /usr/share/trac/wiki-default/TracLinks => TracLinks /usr/share/trac/wiki-default/TracTimeline => TracTimeline /usr/share/trac/wiki-default/TracBrowser => TracBrowser /usr/share/trac/wiki-default/TracRss => TracRss /usr/share/trac/wiki-default/TracPlugins => TracPlugins /usr/share/trac/wiki-default/CamelCase => CamelCase /usr/share/trac/wiki-default/TracRoadmap => TracRoadmap /usr/share/trac/wiki-default/TracStandalone => TracStandalone /usr/share/trac/wiki-default/TracFastCgi => TracFastCgi /usr/share/trac/wiki-default/TracAccessibility => TracAccessibility /usr/share/trac/wiki-default/TracModPython => TracModPython /usr/share/trac/wiki-default/TracBackup => TracBackup /usr/share/trac/wiki-default/TracWiki => TracWiki /usr/share/trac/wiki-default/RecentChanges => RecentChanges /usr/share/trac/wiki-default/WikiRestructuredText => WikiRestructuredText /usr/share/trac/wiki-default/TracInstall => TracInstall /usr/share/trac/wiki-default/TracSearch => TracSearch /usr/share/trac/wiki-default/WikiMacros => WikiMacros /usr/share/trac/wiki-default/TracTicketsCustomFields => TracTicketsCustomFields /usr/share/trac/wiki-default/TracUnicode => TracUnicode /usr/share/trac/wiki-default/InterMapTxt => InterMapTxt /usr/share/trac/wiki-default/TracCgi => TracCgi /usr/share/trac/wiki-default/TracGuide => TracGuide /usr/share/trac/wiki-default/TracSyntaxColoring => TracSyntaxColoring /usr/share/trac/wiki-default/TitleIndex => TitleIndex /usr/share/trac/wiki-default/TracNotification => TracNotification /usr/share/trac/wiki-default/TracUpgrade => TracUpgrade /usr/share/trac/wiki-default/WikiPageNames => WikiPageNames /usr/share/trac/wiki-default/TracAdmin => TracAdmin /usr/share/trac/wiki-default/WikiFormatting => WikiFormatting /usr/share/trac/wiki-default/TracRevisionLog => TracRevisionLog /usr/share/trac/wiki-default/WikiRestructuredTextLinks => WikiRestructuredTextLinks /usr/share/trac/wiki-default/TracImport => TracImport /usr/share/trac/wiki-default/TracPermissions => TracPermissions /usr/share/trac/wiki-default/WikiDeletePage => WikiDeletePage /usr/share/trac/wiki-default/TracIni => TracIni /usr/share/trac/wiki-default/SandBox => SandBox /usr/share/trac/wiki-default/TracQuery => TracQuery /usr/share/trac/wiki-default/TracTickets => TracTickets /usr/share/trac/wiki-default/WikiStart => WikiStart /usr/share/trac/wiki-default/InterWiki => InterWiki /usr/share/trac/wiki-default/InterTrac => InterTrac /usr/share/trac/wiki-default/TracEnvironment => TracEnvironment /usr/share/trac/wiki-default/TracLogging => TracLogging Indexing repository --------------------------------------------------------------------- Project environment for 'ImageWeb' created. You may now configure the environment by editing the file: /var/trac/ImageWeb/conf/trac.ini If you'd like to take this new project environment for a test drive, try running the Trac standalone web server `tracd`: tracd --port 8000 /var/trac/ImageWeb Then point your browser to http://localhost:8000/ImageWeb. There you can also browse the documentation for your installed version of Trac, including information on further setup (such as deploying Trac to a real web server). The latest documentation can also always be found on the project website: http://trac.edgewall.org/ Congratulations!
Create configuration file for trac in /etc/http/conf.s/trac.conf:
# Configure access to TRAC via FastCGI # Use native Apache serving for static docs Alias /trac/chrome/common /usr/share/trac/htdocs <Directory "/usr/share/trac/htdocs"> Options Indexes MultiViews AllowOverride None Order allow,deny Allow from all </Directory> # Use Trac script for the rest ScriptAlias /trac /usr/share/trac/cgi-bin/trac.fcgi #<Location "/trac"> # SetEnv TRAC_ENV "/path/to/projectenv" #</Location> <Location "/trac"> SetEnv TRAC_ENV_PARENT_DIR "/var/trac" </Location> FastCgiConfig -initial-env TRAC_ENV_PARENT_DIR=/var/trac <LocationMatch /trac/[^/]+/login> # Redirect http: to https: for login RewriteEngine On RewriteCond %{HTTPS} !on ReWriteRule ^/(.*) https://%{SERVER_NAME}%{REQUEST_URI} [R] # Now force login login # SSLRequireSSL AuthType Basic AuthName "Trac" AuthUserFile conf.d/svn-users Require valid-user </LocationMatch>
Create new group for TRAC:
groupadd -r trac
Add user apache in the group trac, and make all files under /var/trac group-writeable:
cd /var/trac chgrp -R trac * chgrp -R trac . chmod -R g+w *
Now try Browsing to
http://milos1.zoo.ox.ac.uk/trac.
3.13.1. TRAC administration
The web administration interface has not been installed (yet). Thus, administration is performed using the trac-admin utility.
By default, all users have basic access to the system, but cannot do project administration activities like creating or editing milestones. In order to allow a user full access to the TRAC facilities, issue a command in the following form:
trac-admin /var/trac/ImageWeb/ permission add username MILESTONE_ADMIN MILESTONE_CREATE MILESTONE_DELETE MILESTONE_MODIFY REPORT_ADMIN REPORT_CREATE REPORT_DELETE REPORT_MODIFY ROADMAP_ADMIN TICKET_ADMIN TICKET_CHGPROP TRAC_ADMIN WIKI_ADMIN WIKI_DELETE
Logged in users for whom such permissions have been set will see additional controls on displayed web pages, providing access to the additional features.
To view current permission settings, use:
trac-admin /var/trac/ImageWeb/ permission list
3.14. Changes applied by John Pybus for OUCC
Created /etc/httpd/conf.d/oucc.host with all the configuration for OUCC
Added a symlink: /home/oucc -> /mnt/sdb1/home/oucc
Made changes to /etc/httpd/conf/httpd.conf to i) enable virtual hosts on the machine, and ii) change the log format to include the virtual host as well as requested path (matching the log format used in the old milos setup)
Changes is config files are all commented with JPNP.
4. Links and more information
-- GrahamKlyne 2007-10-10 17:09:45