Diff for /doc/build/Attic/install.html between versions 1.6 and 1.20

version 1.6, 2000/11/17 23:18:00 version 1.20, 2002/05/10 16:26:32
Line 1 Line 1
 <HTML>  <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
 <HEAD>   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
 <TITLE>LON-CAPA Installation</TITLE>  <!-- The LearningOnline Network with CAPA -->
 </HEAD>  <!-- $Id$ -->
 <BODY>  <html>
 <H1>LON-CAPA Installation</H1>  <head>
 <H3>Current Installation Procedure</H3>  <meta http-equiv="Content-Type" content="text/html; charset=utf-8"></meta>
 <P>  <title>LON-CAPA Installation</title>
 Scott Harrison  <!-- pdfahref install.pdf -->
 </P>  <!-- button INSTALL -->
 <P>  </head>
 Last updated: 11/01/2000  <body bgcolor='#ffffff'>
 </P>  <!-- preamble start -->
 <P>  <br />&nbsp;
 This is the current list of steps to support LON-CAPA installation.  These steps have  <p>
 been tested.  You will need to check all the following things to ensure proper
 <OL>  installation of your LON-CAPA system.
 <LI>Get Redhat 6.2 on a CD by  </p>
 <UL>  <ul>
 <LI>Using a RedHat 6.2 CD  <li><a href="#wwwuser">
 <LI>Downloading a RedHat 6.2 <A HREF="http://install.lon-capa.org/3.1/currentcdimage">CD image</A> and burning a CD  Creating a user 'www'</a></li>
 <LI>Or, alternatively do a network install from a <A HREF="http://install.lon-capa.org/3.1/currentcdsource">  <li><a href="#shadow">
 RedHat 6.2 CD source tree</A>.  You need to burn a boot floppy disk with a network boot image;  Make a LON-CAPA system work with shadow passwords</a></li>
 <A HREF="http://install.lon-capa.org/3.1/currentcdsource/images/bootnet-20000407.img">  <li><a href="#install">
 bootnet-20000407.img</A>.  (Download the image file; insert a blank floppy disk; and type a  Installing LON-CAPA files</a></li>
 command similar to: <TT>dd if=bootnet-20000407.img of=/dev/fd0</TT>).  For installation, you  <li><a href="#checkrpms">
 need to specify <TT>hobbes.lite.msu.edu/~loninst</TT> as your download URL, and <TT>/3.1/currentcdsource</TT>  Checking your Linux RPMs</a></li>
 as the source location.  <li><a href="#mysql">
 </UL>  Configuring the MySQL database</a></li>
 <LI>Install RedHat 6.2  <li><a href="#testing">
 <UL>  Testing to see if the LON-CAPA server is operational</a></li>
 <LI><B>Important: Do a "GNOME Workstation Install" and go with their default list of packages</B>  </ul>
 <LI><B>Important: Make sure you add a user "www"</B>  <br />&nbsp;
 </UL>  <!-- preamble end -->
 <LI>After installation, install extra RPMs/upgrades by downloading all files from  <!-- maintext start -->
 <A HREF="http://install.lon-capa.org/3.1/SupplementalRPMS/">  <a name="wwwuser" />
 http://install.lon-capa.org/3.1/SupplementalRPMS</A>.  <h3>Creating a user 'www'</h3>
 <UL>  <p>
 <LI>Use this command to install the RPMs you download: <TT>rpm -Uvh --force *.rpm</TT>.  Execute the following command to create a user named 'www' on your
 </UL>  LON-CAPA server:
 <LI>Remove extra RPMs by downloading and running the script   </p>
 <A HREF="http://install.lon-capa.org/3.1/scripts/remove_extra.sh">  <table bgcolor="#aaaaaa" border="1"><tr><td>
 http://install.lon-capa.org/3.1/scripts/remove_extra.sh</A> as root.  <tt>/usr/sbin/useradd www</tt>
 <LI>After installing the supplemental RPMS, install a final RPM set by downloading all files from  </td></tr></table>
 <A HREF="http://install.lon-capa.org/3.1/FinalRPMS/">  <a name="shadow" />
 http://install.lon-capa.org/3.1/FinalRPMS</A>.  <h3>Make a LON-CAPA system work with shadow passwords</h3>
 <UL>  <table border="1">
 <LI>Use this command to install the RPMs you download: <TT>rpm -Uvh --force *.rpm</TT>.  <tr><th>Step #</th><th>Description</th></tr>
 </UL>  <tr><td>
 <LI>Configure needed files.  <font size="+1">1</font>
 <UL>  </td><td>
 <LI>Currently, reconfiguration must be handled manually and involves an administrator  <p>Is your system using shadow passwords? (Note: LON-CAPA will
 altering configuration files present throughout the system.  For a list of these  work with either MD5/non-MD5 configured systems).  If your
 files and their descriptions, visit <A HREF="http://install.lon-capa.org/3.1/loncapafiles/loncapafiles.html">  system is not using shadow passwords, then do not perform
 http://install.lon-capa.org/3.1/loncapafiles/loncapafiles.html</A>.  any of the additional steps.  If your system is using shadow
 </UL>  passwords, then you will need to perform the additional steps below.
 <LI>Important files are /etc/httpd/conf/access.conf, /etc/ntp.conf, /etc/krb.conf,    </p>
 /home/httpd/lonTabs/spare.tab, /home/httpd/lonTabs/hosts.tab (if setting up a cluster different  <p>
 than MSU's).  <strong>How to detect:</strong>
 <LI>Unshadow passwords  <br />command: <tt>cat /etc/passwd | grep ':x:'</tt>
 <UL>  </p>
 <PRE>You can do this by these 5 steps:  <p>If there is output such as "<tt>root:x:0:0:root:/root:/bin/bash</tt>",
 1. enter the system command, as "root", pwunconv  then your system is using shadow passwords and you will need to continue with
 2. enter the system command, as "root", grpunconv  the steps below.
 3. Set the following to be the /etc/pam.d/login file on your system  </p>
 #%PAM-1.0  </td></tr>
 auth       required     /lib/security/pam_securetty.so  <tr><td>
 auth       required     /lib/security/pam_pwdb.so shadow nullok  <font size='+1'>2</font>
 auth       required     /lib/security/pam_nologin.so  </td><td>
 account    required     /lib/security/pam_pwdb.so  <p><strong>Retrieve the mod_auth_external source</strong> by
 password   required     /lib/security/pam_cracklib.so  running the following command
 password   required     /lib/security/pam_pwdb.so nullok use_authtok  </p>
 session    required     /lib/security/pam_pwdb.so  <p><tt>
 session    optional     /lib/security/pam_console.so  wget http://www.wwnet.net/~janc/software/mod_auth_external-2.1.13.tar.gz
 4. Set the following to be the /etc/pam.d/passwd file on your system  </tt>
 #%PAM-1.0  </p>
 auth       required     /lib/security/pam_pwdb.so shadow nullok  </td></tr>
 account    required     /lib/security/pam_pwdb.so  <tr><td>
 password   required     /lib/security/pam_cracklib.so retry=3  <font size='+1'>3</font>
 password   required     /lib/security/pam_pwdb.so use_authtok nullok  </td><td>
 5. Set/reset passwords.  As "root" use 'passwd', and 'passwd www'  <p><strong>Unpack the mod_auth_external source</strong> by
 to change the important passwords.  This creates crypt-processible  running the following command
 passwords in /etc/passwd.  </p>
 </PRE>  <p>
 </UL>  <tt>tar xzvf mod_auth_external-2.1.13.tar.gz</tt>
 <LI>Run, as root, <TT>ln -s /etc/mime.types /etc/httpd/conf/mime.types</TT>  </p>
 <LI>Run, as root, <TT>/etc/rc.d/init.d/httpd start</TT>.  </td></tr>
 <LI>Run, as root, <TT>/etc/rc.d/init.d/loncontrol start</TT>.  <tr><td>
 <LI>After 10 minutes, you should be able to check the file <TT>/home/httpd/html/lon-status/index.html</TT>  <font size='+1'>4</font>
 to see if your machine has been successfully set up.  </td><td>
 </UL>  <p><strong>Go to the <tt>pwauth</tt> directory</strong> by
 </OL>  running the following command
 </P>  </p>
 <H3>Future Installation Procedure (not yet implemented)</H3>  <p>
 <P>  <tt>cd mod_auth_external-2.1.13/pwauth/</tt>
 In the future, LON-CAPA Installation will be distributed on a CD complete with a  </p>
 customized interface.  Many elements for doing this have been coded, and are in place, but  </td></tr>
 it awaits completion.  <tr><td>
 </P>  <font size='+1'>5</font>
 </BODY>  </td><td>
 </HTML>  <p><strong>Edit <tt>config.h</tt> and change SERVER_UIDS definition</strong>
   </p>
   <p>
   Determine the user id of 'www':
   <br /><tt>grep ^www /etc/passwd | cut -d':' -f3</tt>
   <br />
   Change the line
   <br /><tt>#define SERVER_UIDS 99       /* user "nobody" */</tt>
   <br />to be
   <br /><tt>#define SERVER_UIDS 513      /* user "www" */</tt>
   <br />where in this example 513 corresponds to the user id of 'www'.
   </p>
   </td></tr>
   <tr><td>
   <font size='+1'>6</font>
   </td><td>
   <p><strong>Compile the <tt>pwauth</tt> executable</strong> by
   running the following command
   </p>
   <p>
   <tt>make</tt>
   </p>
   </td></tr>
   <tr><td>
   <font size='+1'>7</font>
   </td><td>
   <p><strong>Install <tt>pwauth</tt></strong> by doing the following
   </p>
   <p>
   <tt>cp pwauth /usr/local/sbin/</tt>
   <br /><tt>chmod 6755 /usr/local/sbin/pwauth</tt>
   </p>
   <p>
   Edit (creating the file) /etc/pam.d/pwauth to have the contents:
   </p>
   <pre>
           auth       required     /lib/security/pam_pwdb.so shadow nullok
           auth       required     /lib/security/pam_nologin.so
           account    required     /lib/security/pam_pwdb.so
   </pre>
   </td></tr>
   </table>
   <a name="install" />
   <h3>Installing LON-CAPA files</h3>
   <p>
   Download the most current
   <a href="http://install.lon-capa.org/versions/current/loncapa.tar.gz">
   loncapa.tar.gz</a>.
   </p>
   <p>
   The <strong>UPDATE</strong> command will refresh your filesystem with all
   the latest LON-CAPA software.
   </p>
   <table bgcolor="#aaaaaa" border="1">
   <tr><td><tt>./UPDATE</tt></td></tr>
   </table>
   <a name="checkrpms" />
   <h3>Checking your Linux RPMs</h3>
   <p>
   The <strong>CHECKRPMS</strong> command will check the RPMs on your machine
   against an FTP repository.
   </p>
   <table bgcolor="#aaaaaa" border="1">
   <tr><td><tt>./CHECKRPMS</tt></td></tr>
   </table>
   <a name="mysql" />
   <h3>Configuring the MySQL database</h3>
   <p>
   The following commands describe how to configure the MySQL database
   on your LON-CAPA server.
   <br />Note:
   </p>
   <ul>
   <li>you should substitute 'WWWPASSWORD' with the value for 'lonSqlAccess'
   present inside <tt>/etc/httpd/conf/loncapa.conf</tt> <i>or in access.conf</i>
   </li>
   <li>you should substitute 'ROOTPASSWORD' with something very hard to guess
   (it does not have to be the Linux OS root password)
   </li>
   </ul>
   <p>Entering the mysql shell</p>
   <table bgcolor="#aaaaaa" border="1"><tr><td>
   <pre>
   mysql -u root -p mysql
   OR
   mysql -u root      (depending on whether you have set a root password)
   </pre>
   </td></tr></table>
   <p>Creating the mysql 'www' user (after entering mysql shell)</p>
   <table bgcolor="#aaaaaa" border="1"><tr><td>
   <pre>
   mysql> CREATE DATABASE loncapa;
   
   mysql> INSERT INTO user (Host, User, Password)
   mysql> VALUES ('localhost','www',password('WWWPASSWORD'));
   
   mysql> GRANT ALL PRIVILEGES ON *.* TO www@localhost;
   
   mysql> FLUSH PRIVILEGES;
   </pre>
   </td></tr></table>
   <p>SECURITY: set a password for the mysql 'root' user</p>
   <table bgcolor="#aaaaaa" border="1"><tr><td>
   <pre>
   shell> mysql -u root mysql
   mysql> SET PASSWORD FOR root@localhost=PASSWORD('ROOTPASSWORD');
   </pre>
   </td></tr></table>
   <p>SECURITY: set a password for the mysql 'root' user</p>
   <table bgcolor="#aaaaaa" border="1"><tr><td>
   <pre>
   shell> mysql -u root mysql
   mysql> SET PASSWORD FOR root@localhost=PASSWORD('ROOTPASSWORD');
   </pre>
   </td></tr></table>
   <p>SECURITY: only allow access from localhost</p>
   <table bgcolor="#aaaaaa" border="1"><tr><td>
   <pre>
   shell> mysql -u root -p mysql
   mysql> DELETE * FROM user WHERE host<>'localhost';
   </pre>
   </td></tr></table>
   <a name="testing" />
   <h3>Testing to see if the LON-CAPA server is operational</h3>
   <p>
   The <strong>TEST</strong> command will check the installation software,
   the perl libraries on your system, the MySQL database, and
   will also automatically test the real-time operation of the 
   LON-CAPA Apache web server.
   </p>
   <table bgcolor="#aaaaaa" border="1">
   <tr><td><tt>./TEST</tt></td></tr>
   </table>
   <p>
   Using the <strong>TEST</strong> command will likely
   be an iterative process.
   It is normal to expect that the <strong>TEST</strong> command
   will recommend you perform various steps to ensure optimal
   performance of your LON-CAPA server.
   </p>
   <!-- maintext end -->
   <!-- validated -->
   </body>
   </html>

Removed from v.1.6  
changed lines
  Added in v.1.20


FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>