version 1.5, 2000/11/01 16:08:55
|
version 1.32, 2002/07/19 20:14:17
|
Line 1
|
Line 1
|
<HTML> |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" |
<HEAD> |
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> |
<TITLE>LON-CAPA Installation</TITLE> |
<!-- The LearningOnline Network with CAPA --> |
</HEAD> |
<!-- $Id$ --> |
<BODY> |
<html> |
<H1>LON-CAPA Installation</H1> |
<head> |
<H3>Current Installation Procedure</H3> |
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"></meta> |
<P> |
<title>LON-CAPA Installation</title> |
Scott Harrison |
<!-- pdfahref install.pdf --> |
</P> |
<!-- button INSTALL --> |
<P> |
</head> |
Last updated: 11/01/2000 |
<body bgcolor='#ffffff'> |
</P> |
<!-- preamble start --> |
<P> |
<br /> |
This is the current list of steps to support LON-CAPA installation. These steps have |
<p> |
been tested. |
You will need to check all the following things to ensure proper |
<OL> |
installation of your LON-CAPA system. |
<LI>Get Redhat 6.2 on a CD by |
</p> |
<UL> |
<ul> |
<LI>Using a RedHat 6.2 CD |
<li><a href="#wwwuser"> |
<LI>Downloading a RedHat 6.2 <A HREF="http://install.lon-capa.org/3.1/currentcdimage">CD image</A> and burning a CD |
Creating a user 'www'</a></li> |
<LI>Or, alternatively do a network install from a <A HREF="http://install.lon-capa.org/3.1/currentcdsource"> |
<li><a href="#shadow"> |
RedHat 6.2 CD source tree</A>. You need to burn a boot floppy disk with a network boot image; |
Make a LON-CAPA system work with shadow passwords</a></li> |
<A HREF="http://install.lon-capa.org/3.1/currentcdsource/images/bootnet-20000407.img"> |
<li><a href="#install"> |
bootnet-20000407.img</A>. (Download the image file; insert a blank floppy disk; and type a |
Installing LON-CAPA files</a></li> |
command similar to: <TT>dd if=bootnet-20000407.img of=/dev/fd0</TT>). For installation, you |
<li><a href="#checkrpms"> |
need to specify <TT>http://www.lon-capa.org</TT> as your download URL, and <TT>/install/3.1/currentcdsource</TT> |
Checking your Linux RPMs</a></li> |
as the source location. |
<li><a href="#mysql"> |
</UL> |
Configuring the MySQL database</a></li> |
<LI>Install RedHat 6.2 |
<li><a href="#testing"> |
<UL> |
Testing to see if the LON-CAPA server is operational</a></li> |
<LI><B>Important: Do a "GNOME Workstation Install" and go with their default list of packages</B> |
</ul> |
<LI><B>Important: Make sure you add a user "www"</B> |
<p> |
</UL> |
<strong>NOTE:</strong> |
<LI>After installation, install extra RPMs/upgrades by downloading all files from |
If you want to simultaneously install both RedHat 7.3 and LON-CAPA |
<A HREF="http://install.lon-capa.org/3.1/SupplementalRPMS/"> |
(to ensure 100% reliability), follow <a href="rh73.html">these |
http://install.lon-capa.org/3.1/SupplementalRPMS</A>. |
alternative directions</a>. |
<UL> |
</p> |
<LI>Use this command to install the RPMs you download: <TT>rpm -Uvh --force *.rpm</TT>. |
<br /> |
</UL> |
<!-- preamble end --> |
<LI>Remove extra RPMs by downloading and running the script |
<!-- maintext start --> |
<A HREF="http://install.lon-capa.org/3.1/scripts/remove_extra.sh"> |
<a name="wwwuser" /> |
http://install.lon-capa.org/3.1/scripts/remove_extra.sh</A> as root. |
<h3>Creating a user 'www'</h3> |
<LI>After installing the supplemental RPMS, install a final RPM set by downloading all files from |
<p> |
<A HREF="http://install.lon-capa.org/3.1/FinalRPMS/"> |
Execute the following command to create a user named 'www' on your |
http://install.lon-capa.org/3.1/FinalRPMS</A>. |
LON-CAPA server: |
<UL> |
</p> |
<LI>Use this command to install the RPMs you download: <TT>rpm -Uvh --force *.rpm</TT>. |
<table bgcolor="#aaaaaa" border="1"><tr><td> |
</UL> |
<tt>/usr/sbin/useradd www</tt> |
<LI>Configure needed files. |
</td></tr></table> |
<UL> |
<a name="shadow" /> |
<LI>Currently, reconfiguration must be handled manually and involves an administrator |
<h3>Make a LON-CAPA system work with shadow passwords</h3> |
altering configuration files present throughout the system. For a list of these |
<table border="1"> |
files and their descriptions, visit <A HREF="http://install.lon-capa.org/3.1/loncapafiles/loncapafiles.html"> |
<tr><th>Step #</th><th>Description</th></tr> |
http://install.lon-capa.org/3.1/loncapafiles/loncapafiles.html</A>. |
<tr><td> |
</UL> |
<font size="+1">1</font> |
<LI>Important files are /etc/httpd/conf/access.conf, /etc/ntp.conf, /etc/krb.conf, |
</td><td> |
/home/httpd/lonTabs/spare.tab, /home/httpd/lonTabs/hosts.tab (if setting up a cluster different |
<p>Is your system using shadow passwords? (Note: LON-CAPA will |
than MSU's). |
work with either MD5/non-MD5 configured systems). If your |
<LI>Unshadow passwords |
system is not using shadow passwords, then do not perform |
<UL> |
any of the additional steps. If your system is using shadow |
<PRE>You can do this by these 5 steps: |
passwords, then you will need to perform the additional steps below. |
1. enter the system command, as "root", pwunconv |
</p> |
2. enter the system command, as "root", grpunconv |
<p> |
3. Set the following to be the /etc/pam.d/login file on your system |
<strong>How to detect:</strong> |
#%PAM-1.0 |
<br />command: <tt>cat /etc/passwd | grep ':x:'</tt> |
auth required /lib/security/pam_securetty.so |
</p> |
auth required /lib/security/pam_pwdb.so shadow nullok |
<p>If there is output such as "<tt>root:x:0:0:root:/root:/bin/bash</tt>", |
auth required /lib/security/pam_nologin.so |
then your system is using shadow passwords and you will need to continue with |
account required /lib/security/pam_pwdb.so |
the steps below. |
password required /lib/security/pam_cracklib.so |
</p> |
password required /lib/security/pam_pwdb.so nullok use_authtok |
</td></tr> |
session required /lib/security/pam_pwdb.so |
<tr><td> |
session optional /lib/security/pam_console.so |
<font size='+1'>2</font> |
4. Set the following to be the /etc/pam.d/passwd file on your system |
</td><td> |
#%PAM-1.0 |
<p><strong>Retrieve the mod_auth_external source</strong> by |
auth required /lib/security/pam_pwdb.so shadow nullok |
running the following command |
account required /lib/security/pam_pwdb.so |
</p> |
password required /lib/security/pam_cracklib.so retry=3 |
<p><tt> |
password required /lib/security/pam_pwdb.so use_authtok nullok |
wget http://www.wwnet.net/~janc/software/mod_auth_external-2.1.13.tar.gz |
5. Set/reset passwords. As "root" use 'passwd', and 'passwd www' |
</tt> |
to change the important passwords. This creates crypt-processible |
</p> |
passwords in /etc/passwd. |
</td></tr> |
</PRE> |
<tr><td> |
</UL> |
<font size='+1'>3</font> |
<LI>Run, as root, <TT>ln -s /etc/mime.types /etc/httpd/conf/mime.types</TT> |
</td><td> |
<LI>Run, as root, <TT>/etc/rc.d/init.d/httpd start</TT>. |
<p><strong>Unpack the mod_auth_external source</strong> by |
<LI>Run, as root, <TT>/etc/rc.d/init.d/loncontrol start</TT>. |
running the following command |
<LI>After 10 minutes, you should be able to check the file <TT>/home/httpd/html/lon-status/index.html</TT> |
</p> |
to see if your machine has been successfully set up. |
<p> |
</UL> |
<tt>tar xzvf mod_auth_external-2.1.13.tar.gz</tt> |
</OL> |
</p> |
</P> |
</td></tr> |
<H3>Future Installation Procedure (not yet implemented)</H3> |
<tr><td> |
<P> |
<font size='+1'>4</font> |
In the future, LON-CAPA Installation will be distributed on a CD complete with a |
</td><td> |
customized interface. Many elements for doing this have been coded, and are in place, but |
<p><strong>Go to the <tt>pwauth</tt> directory</strong> by |
it awaits completion. |
running the following command |
</P> |
</p> |
</BODY> |
<p> |
</HTML> |
<tt>cd mod_auth_external-2.1.13/pwauth/</tt> |
|
</p> |
|
</td></tr> |
|
<tr><td> |
|
<font size='+1'>5</font> |
|
</td><td> |
|
<p><strong>Edit <tt>config.h</tt> and change SERVER_UIDS definition</strong> |
|
</p> |
|
<p> |
|
Determine the user id of 'www': |
|
<br /><tt>grep ^www /etc/passwd | cut -d':' -f3</tt> |
|
<br /> |
|
Change the line |
|
<br /><tt>#define SERVER_UIDS 99 /* user "nobody" */</tt> |
|
<br />to be |
|
<br /><tt>#define SERVER_UIDS 513 /* user "www" */</tt> |
|
<br />where in this example 513 corresponds to the user id of 'www'. |
|
</p> |
|
</td></tr> |
|
<tr><td> |
|
<font size='+1'>6</font> |
|
</td><td> |
|
<p><strong>Compile the <tt>pwauth</tt> executable</strong> by |
|
running the following command |
|
</p> |
|
<p> |
|
<tt>make</tt> |
|
</p> |
|
</td></tr> |
|
<tr><td> |
|
<font size='+1'>7</font> |
|
</td><td> |
|
<p><strong>Install <tt>pwauth</tt></strong> by doing the following |
|
</p> |
|
<p> |
|
<tt>cp pwauth /usr/local/sbin/</tt> |
|
<br /><tt>chmod 6755 /usr/local/sbin/pwauth</tt> |
|
</p> |
|
<p> |
|
Edit (creating the file) /etc/pam.d/pwauth to have the contents: |
|
</p> |
|
<pre> |
|
auth required /lib/security/pam_pwdb.so shadow nullok |
|
auth required /lib/security/pam_nologin.so |
|
account required /lib/security/pam_pwdb.so |
|
</pre> |
|
</td></tr> |
|
</table> |
|
<a name="install" /> |
|
<h3>Installing LON-CAPA files</h3> |
|
<p> |
|
Download the most current |
|
<a href="http://install.lon-capa.org/versions/current/loncapa.tar.gz"> |
|
loncapa.tar.gz</a>. |
|
</p> |
|
<table bgcolor="#aaaaaa" border="1"> |
|
<tr><td><tt>wget http://install.lon-capa.org/versions/current/loncapa.tar.gz |
|
</tt> |
|
<br /> |
|
<tt>tar xzvf loncapa.tar.gz</tt> |
|
<br /> |
|
<tt>cd loncapa</tt></td></tr> |
|
</table> |
|
<p> |
|
The <strong>UPDATE</strong> command will refresh your filesystem with all |
|
the latest LON-CAPA software. |
|
</p> |
|
<table bgcolor="#aaaaaa" border="1"> |
|
<tr><td><tt>./UPDATE</tt></td></tr> |
|
</table> |
|
<a name="checkrpms" /> |
|
<h3>Checking your Linux RPMs</h3> |
|
<p> |
|
The <strong>CHECKRPMS</strong> command will check the RPMs on your machine |
|
against an FTP repository. |
|
</p> |
|
<table bgcolor="#aaaaaa" border="1"> |
|
<tr><td><tt>./CHECKRPMS</tt></td></tr> |
|
</table> |
|
<a name="mysql" /> |
|
<h3>Configuring the MySQL database</h3> |
|
<p> |
|
The following commands describe how to configure the MySQL database |
|
on your LON-CAPA server. |
|
<br />Note: |
|
</p> |
|
<ul> |
|
<li>you should substitute 'ROOTPASSWORD' with something very hard to guess |
|
(it does not have to be the Linux OS root password) |
|
</li> |
|
<li>The MySQL www@localhost user must always have a password of 'localhostkey' |
|
in order for there to be correct operation of a standard LON-CAPA system. |
|
</li> |
|
</ul> |
|
<p> |
|
The following instructions assume you are logged in as 'root'. |
|
</p> |
|
<p>Entering the mysql shell</p> |
|
<table bgcolor="#aaaaaa" border="1"><tr><td> |
|
<pre> |
|
mysql -u root -p mysql |
|
OR |
|
mysql -u root mysql (depending on whether you have set a root password) |
|
</pre> |
|
</td></tr></table> |
|
<p>Creating the mysql 'www' user (after entering mysql shell)</p> |
|
<table bgcolor="#aaaaaa" border="1"><tr><td> |
|
<pre> |
|
mysql> CREATE DATABASE loncapa; |
|
|
|
mysql> INSERT INTO user (Host, User, Password) |
|
mysql> VALUES ('localhost','www',password('localhostkey')); |
|
|
|
mysql> GRANT ALL PRIVILEGES ON *.* TO www@localhost; |
|
|
|
mysql> FLUSH PRIVILEGES; |
|
</pre> |
|
</td></tr></table> |
|
<p>SECURITY: set a password for the mysql 'root' user</p> |
|
<table bgcolor="#aaaaaa" border="1"><tr><td> |
|
<pre> |
|
shell> mysql -u root mysql |
|
mysql> SET PASSWORD FOR root@localhost=PASSWORD('ROOTPASSWORD'); |
|
</pre> |
|
</td></tr></table> |
|
<p>SECURITY: only allow access from localhost</p> |
|
<table bgcolor="#aaaaaa" border="1"><tr><td> |
|
<pre> |
|
shell> mysql -u root -p mysql |
|
mysql> DELETE FROM user WHERE host<>'localhost'; |
|
</pre> |
|
</td></tr></table> |
|
<a name="testing" /> |
|
<h3>Testing to see if the LON-CAPA server is operational</h3> |
|
<p> |
|
The <strong>TEST</strong> command will check the installation software, |
|
the perl libraries on your system, the MySQL database, and |
|
will also automatically test the real-time operation of the |
|
LON-CAPA Apache web server. |
|
</p> |
|
<table bgcolor="#aaaaaa" border="1"> |
|
<tr><td><tt>./TEST</tt></td></tr> |
|
</table> |
|
<p> |
|
Using the <strong>TEST</strong> command will likely |
|
be an iterative process. |
|
It is normal to expect that the <strong>TEST</strong> command |
|
will recommend you perform various steps to ensure optimal |
|
performance of your LON-CAPA server. |
|
</p> |
|
<!-- maintext end --> |
|
<!-- validated --> |
|
</body> |
|
</html> |