|
version 1.6, 2000/11/17 23:18:00
|
version 1.40, 2003/05/02 19:25:01
|
|
Line 1
|
Line 1
|
| <HTML> |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" |
| <HEAD> |
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> |
| <TITLE>LON-CAPA Installation</TITLE> |
<!-- The LearningOnline Network with CAPA --> |
| </HEAD> |
<!-- $Id$ --> |
| <BODY> |
<html> |
| <H1>LON-CAPA Installation</H1> |
<head> |
| <H3>Current Installation Procedure</H3> |
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"></meta> |
| <P> |
<title>LON-CAPA Installation</title> |
| Scott Harrison |
<!-- pdfahref install.pdf --> |
| </P> |
<!-- button INSTALL --> |
| <P> |
</head> |
| Last updated: 11/01/2000 |
<body bgcolor='#ffffff'> |
| </P> |
<!-- preamble start --> |
| <P> |
<br /> |
| This is the current list of steps to support LON-CAPA installation. These steps have |
<p> |
| been tested. |
You will need to check all the following things to ensure proper |
| <OL> |
installation of your LON-CAPA system. |
| <LI>Get Redhat 6.2 on a CD by |
</p> |
| <UL> |
<ul> |
| <LI>Using a RedHat 6.2 CD |
<li><a href="#wwwuser"> |
| <LI>Downloading a RedHat 6.2 <A HREF="http://install.lon-capa.org/3.1/currentcdimage">CD image</A> and burning a CD |
Creating a user 'www'</a></li> |
| <LI>Or, alternatively do a network install from a <A HREF="http://install.lon-capa.org/3.1/currentcdsource"> |
<li><a href="#shadow"> |
| RedHat 6.2 CD source tree</A>. You need to burn a boot floppy disk with a network boot image; |
Make a LON-CAPA system work with shadow passwords</a></li> |
| <A HREF="http://install.lon-capa.org/3.1/currentcdsource/images/bootnet-20000407.img"> |
<li><a href="#install"> |
| bootnet-20000407.img</A>. (Download the image file; insert a blank floppy disk; and type a |
Installing LON-CAPA files</a></li> |
| command similar to: <TT>dd if=bootnet-20000407.img of=/dev/fd0</TT>). For installation, you |
<li><a href="#checkrpms"> |
| need to specify <TT>hobbes.lite.msu.edu/~loninst</TT> as your download URL, and <TT>/3.1/currentcdsource</TT> |
Checking your Linux RPMs</a></li> |
| as the source location. |
<li><a href="#fixhosts"> |
| </UL> |
Fixing <tt>/etc/hosts</tt></a></li> |
| <LI>Install RedHat 6.2 |
<li><a href="#mysql"> |
| <UL> |
Configuring the MySQL database</a></li> |
| <LI><B>Important: Do a "GNOME Workstation Install" and go with their default list of packages</B> |
<li><a href="#testing"> |
| <LI><B>Important: Make sure you add a user "www"</B> |
Testing to see if the LON-CAPA server is operational</a></li> |
| </UL> |
</ul> |
| <LI>After installation, install extra RPMs/upgrades by downloading all files from |
<p> |
| <A HREF="http://install.lon-capa.org/3.1/SupplementalRPMS/"> |
<strong>NOTE:</strong> |
| http://install.lon-capa.org/3.1/SupplementalRPMS</A>. |
If you want to simultaneously install both RedHat 7.3 and LON-CAPA |
| <UL> |
(to ensure 100% reliability), follow <a href="rh73.html">these |
| <LI>Use this command to install the RPMs you download: <TT>rpm -Uvh --force *.rpm</TT>. |
alternative directions</a>. |
| </UL> |
</p> |
| <LI>Remove extra RPMs by downloading and running the script |
<br /> |
| <A HREF="http://install.lon-capa.org/3.1/scripts/remove_extra.sh"> |
<!-- preamble end --> |
| http://install.lon-capa.org/3.1/scripts/remove_extra.sh</A> as root. |
<!-- maintext start --> |
| <LI>After installing the supplemental RPMS, install a final RPM set by downloading all files from |
<a name="wwwuser" /> |
| <A HREF="http://install.lon-capa.org/3.1/FinalRPMS/"> |
<h3>Creating a user 'www'</h3> |
| http://install.lon-capa.org/3.1/FinalRPMS</A>. |
<p> |
| <UL> |
Execute the following command to create a user named 'www' on your |
| <LI>Use this command to install the RPMs you download: <TT>rpm -Uvh --force *.rpm</TT>. |
LON-CAPA server: |
| </UL> |
</p> |
| <LI>Configure needed files. |
<table bgcolor="#aaaaaa" border="1"><tr><td> |
| <UL> |
<tt>/usr/sbin/useradd www</tt> |
| <LI>Currently, reconfiguration must be handled manually and involves an administrator |
</td></tr></table> |
| altering configuration files present throughout the system. For a list of these |
<a name="shadow" /> |
| files and their descriptions, visit <A HREF="http://install.lon-capa.org/3.1/loncapafiles/loncapafiles.html"> |
<h3>Make a LON-CAPA system work with shadow passwords</h3> |
| http://install.lon-capa.org/3.1/loncapafiles/loncapafiles.html</A>. |
<table border="1"> |
| </UL> |
<tr><th>Step #</th><th>Description</th></tr> |
| <LI>Important files are /etc/httpd/conf/access.conf, /etc/ntp.conf, /etc/krb.conf, |
<tr><td> |
| /home/httpd/lonTabs/spare.tab, /home/httpd/lonTabs/hosts.tab (if setting up a cluster different |
<font size="+1">1</font> |
| than MSU's). |
</td><td> |
| <LI>Unshadow passwords |
<p>Is your system using shadow passwords? (Note: LON-CAPA will work |
| <UL> |
with either MD5/non-MD5 configured systems). It is strongly |
| <PRE>You can do this by these 5 steps: |
recommended to use shadow passwords. If your system is currently not |
| 1. enter the system command, as "root", pwunconv |
using shadow passwords, run the "pwconv" command (as root) in order to |
| 2. enter the system command, as "root", grpunconv |
convert to shadow passwords. If you choose not to use shadow |
| 3. Set the following to be the /etc/pam.d/login file on your system |
passwords, then do not perform any of the additional steps. If your |
| #%PAM-1.0 |
system is using shadow passwords, then you will need to perform the |
| auth required /lib/security/pam_securetty.so |
additional steps below. |
| auth required /lib/security/pam_pwdb.so shadow nullok |
</p> |
| auth required /lib/security/pam_nologin.so |
<p> |
| account required /lib/security/pam_pwdb.so |
<strong>How to detect:</strong> |
| password required /lib/security/pam_cracklib.so |
<br />command: <tt>cat /etc/passwd | grep ':x:'</tt> |
| password required /lib/security/pam_pwdb.so nullok use_authtok |
</p> |
| session required /lib/security/pam_pwdb.so |
<p>If there is output such as "<tt>root:x:0:0:root:/root:/bin/bash</tt>", |
| session optional /lib/security/pam_console.so |
then your system is using shadow passwords and you will need to continue with |
| 4. Set the following to be the /etc/pam.d/passwd file on your system |
the steps below. |
| #%PAM-1.0 |
</p> |
| auth required /lib/security/pam_pwdb.so shadow nullok |
</td></tr> |
| account required /lib/security/pam_pwdb.so |
<tr><td> |
| password required /lib/security/pam_cracklib.so retry=3 |
<font size='+1'>2</font> |
| password required /lib/security/pam_pwdb.so use_authtok nullok |
</td><td> |
| 5. Set/reset passwords. As "root" use 'passwd', and 'passwd www' |
<p><strong>Retrieve the mod_auth_external source</strong> by |
| to change the important passwords. This creates crypt-processible |
running the following command |
| passwords in /etc/passwd. |
</p> |
| </PRE> |
<p><tt> |
| </UL> |
wget http://www.unixpapa.com/software/mod_auth_external-2.1.15.tar.gz |
| <LI>Run, as root, <TT>ln -s /etc/mime.types /etc/httpd/conf/mime.types</TT> |
</tt> |
| <LI>Run, as root, <TT>/etc/rc.d/init.d/httpd start</TT>. |
</p> |
| <LI>Run, as root, <TT>/etc/rc.d/init.d/loncontrol start</TT>. |
</td></tr> |
| <LI>After 10 minutes, you should be able to check the file <TT>/home/httpd/html/lon-status/index.html</TT> |
<tr><td> |
| to see if your machine has been successfully set up. |
<font size='+1'>3</font> |
| </UL> |
</td><td> |
| </OL> |
<p><strong>Unpack the mod_auth_external source</strong> by |
| </P> |
running the following command |
| <H3>Future Installation Procedure (not yet implemented)</H3> |
</p> |
| <P> |
<p> |
| In the future, LON-CAPA Installation will be distributed on a CD complete with a |
<tt>tar xzvf mod_auth_external-2.1.15.tar.gz</tt> |
| customized interface. Many elements for doing this have been coded, and are in place, but |
</p> |
| it awaits completion. |
</td></tr> |
| </P> |
<tr><td> |
| </BODY> |
<font size='+1'>4</font> |
| </HTML> |
</td><td> |
| |
<p><strong>Go to the <tt>pwauth</tt> directory</strong> by |
| |
running the following command |
| |
</p> |
| |
<p> |
| |
<tt>cd mod_auth_external-2.1.15/pwauth/</tt> |
| |
</p> |
| |
</td></tr> |
| |
<tr><td> |
| |
<font size='+1'>5</font> |
| |
</td><td> |
| |
<p><strong>Edit <tt>config.h</tt> and change SERVER_UIDS definition</strong> |
| |
</p> |
| |
<p> |
| |
Determine the user id of 'www': |
| |
<br /><tt>id -u www</tt> |
| |
<br /> |
| |
Change the line |
| |
<br /><tt>#define SERVER_UIDS 99 /* user "nobody" */</tt> |
| |
<br />to be |
| |
<br /><tt>#define SERVER_UIDS 513 /* user "www" */</tt> |
| |
<br />where in this example 513 corresponds to the user id of 'www'. |
| |
</p> |
| |
</td></tr> |
| |
<tr><td> |
| |
<font size='+1'>6</font> |
| |
</td><td> |
| |
<p><strong>Compile the <tt>pwauth</tt> executable</strong> by |
| |
running the following command |
| |
</p> |
| |
<p> |
| |
<tt>make</tt> |
| |
</p> |
| |
</td></tr> |
| |
<tr><td> |
| |
<font size='+1'>7</font> |
| |
</td><td> |
| |
<p><strong>Install <tt>pwauth</tt></strong> by doing the following |
| |
</p> |
| |
<p> |
| |
<tt>cp pwauth /usr/local/sbin/</tt> |
| |
<br /><tt>chmod 6755 /usr/local/sbin/pwauth</tt> |
| |
</p> |
| |
<p> |
| |
Edit (creating the file) /etc/pam.d/pwauth to have the contents: |
| |
</p> |
| |
<pre> |
| |
auth required /lib/security/pam_pwdb.so shadow nullok |
| |
auth required /lib/security/pam_nologin.so |
| |
account required /lib/security/pam_pwdb.so |
| |
</pre> |
| |
</td></tr> |
| |
</table> |
| |
<a name="install" /> |
| |
<h3>Installing LON-CAPA files</h3> |
| |
<p> |
| |
Download the most current |
| |
<a href="http://install.lon-capa.org/versions/loncapa-current.tar.gz"> |
| |
loncapa-current.tar.gz</a>. |
| |
</p> |
| |
<table bgcolor="#aaaaaa" border="1"> |
| |
<tr><td><tt>wget http://install.lon-capa.org/versions/loncapa-current.tar.gz |
| |
</tt> |
| |
<br /> |
| |
<tt>tar xzvf loncapa-current.tar.gz</tt> |
| |
<br /> |
| |
<tt>cd loncapa-N.N</tt> (N.N is the version number)</td></tr> |
| |
</table> |
| |
<p> |
| |
The <strong>UPDATE</strong> command will refresh your filesystem with all |
| |
the latest LON-CAPA software. |
| |
</p> |
| |
<table bgcolor="#aaaaaa" border="1"> |
| |
<tr><td><tt>./UPDATE</tt></td></tr> |
| |
</table> |
| |
<a name="checkrpms" /> |
| |
<h3>Checking your Linux RPMs</h3> |
| |
<p> |
| |
The <strong>CHECKRPMS</strong> command will check the RPMs on your machine |
| |
against an FTP repository. |
| |
</p> |
| |
<table bgcolor="#aaaaaa" border="1"> |
| |
<tr><td><tt>./CHECKRPMS</tt></td></tr> |
| |
</table> |
| |
<p> |
| |
Also, please be sure to install the LON-CAPA-systemperl RPM as described on |
| |
the <a href="/docs/downloads/index.html">Downloads</a> page. |
| |
</p> |
| |
<a name="fixhosts" /> |
| |
<h3>Fixing <tt>/etc/hosts</tt></h3> |
| |
<p> |
| |
A common RedHat glitch of new installations (RedHat's fault, not LON-CAPA) |
| |
is the generation of /etc/hosts. |
| |
</p> |
| |
<p> |
| |
It should look something like this (except the <tt>myschool</tt> line |
| |
should be replaced with settings specific to your machine): |
| |
</p> |
| |
<table bgcolor="#aaaaaa" border="1"> |
| |
<tr><td> |
| |
<pre> |
| |
127.0.0.1 localhost.localdomain localhost |
| |
12.34.56.78 www.myschool.edu myschool |
| |
</pre></td></tr> |
| |
</table> |
| |
<a name="mysql" /> |
| |
<h3>Configuring the MySQL database</h3> |
| |
<p> |
| |
The following commands describe how to configure the MySQL database |
| |
on your LON-CAPA server. |
| |
<br />Note: |
| |
</p> |
| |
<ul> |
| |
<li>you should substitute 'ROOTPASSWORD' with something very hard to guess |
| |
(it does not have to be the Linux OS root password) |
| |
</li> |
| |
<li>The MySQL www@localhost user must always have a password of 'localhostkey' |
| |
in order for there to be correct operation of a standard LON-CAPA system. |
| |
</li> |
| |
</ul> |
| |
<p> |
| |
The following instructions assume you are logged in as 'root'. |
| |
</p> |
| |
<p>Entering the mysql shell</p> |
| |
<table bgcolor="#aaaaaa" border="1"><tr><td> |
| |
<pre> |
| |
mysql -u root -p mysql |
| |
OR |
| |
mysql -u root mysql (depending on whether you have set a root password) |
| |
</pre> |
| |
</td></tr></table> |
| |
<p>Creating the mysql 'www' user (after entering mysql shell)</p> |
| |
<table bgcolor="#aaaaaa" border="1"><tr><td> |
| |
<pre> |
| |
mysql> CREATE DATABASE loncapa; |
| |
|
| |
mysql> INSERT INTO user (Host, User, Password) |
| |
mysql> VALUES ('localhost','www',password('localhostkey')); |
| |
|
| |
mysql> INSERT INTO db VALUES ('localhost','loncapa','www', |
| |
mysql> 'Y','Y','Y','Y','Y','Y','N','Y','Y','Y'); |
| |
|
| |
mysql> FLUSH PRIVILEGES; |
| |
</pre> |
| |
</td></tr></table> |
| |
<p>SECURITY: set a password for the mysql 'root' user</p> |
| |
<table bgcolor="#aaaaaa" border="1"><tr><td> |
| |
<pre> |
| |
shell> mysql -u root mysql |
| |
mysql> SET PASSWORD FOR root@localhost=PASSWORD('ROOTPASSWORD'); |
| |
</pre> |
| |
</td></tr></table> |
| |
<p>SECURITY: only allow access from localhost</p> |
| |
<table bgcolor="#aaaaaa" border="1"><tr><td> |
| |
<pre> |
| |
shell> mysql -u root -p mysql |
| |
mysql> DELETE FROM user WHERE host<>'localhost'; |
| |
</pre> |
| |
</td></tr></table> |
| |
<a name="testing" /> |
| |
<h3>Testing to see if the LON-CAPA server is operational</h3> |
| |
<p> |
| |
The <strong>TEST</strong> command will check the installation software, |
| |
the perl libraries on your system, the MySQL database, and |
| |
will also automatically test the real-time operation of the |
| |
LON-CAPA Apache web server. |
| |
</p> |
| |
<table bgcolor="#aaaaaa" border="1"> |
| |
<tr><td><tt>./TEST</tt></td></tr> |
| |
</table> |
| |
<p> |
| |
Using the <strong>TEST</strong> command will likely |
| |
be an iterative process. |
| |
It is normal to expect that the <strong>TEST</strong> command |
| |
will recommend you perform various steps to ensure optimal |
| |
performance of your LON-CAPA server. |
| |
</p> |
| |
<!-- maintext end --> |
| |
<!-- validated --> |
| |
</body> |
| |
</html> |
![[BACK]](/icons/back.gif){kind=icon}
Return to install.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [LON-CAPA] / doc / build