--- doc/build/scientific7_install.frag 2019/12/03 00:36:47 1.2 +++ doc/build/scientific7_install.frag 2021/03/17 17:03:32 1.4 @@ -84,27 +84,50 @@ There are a few steps that require comme IP address. When configuring your network card, be sure to unselect the DHCP option and enter in your network information.
Software
-
Click the "Customize Now" radio button and for a minimal install uncheck all packages except "Base" in the Base System category. If you leave other packages checked in any of the other categories, you'll need additional ISO CDs.
+
Click the "Customize Now" radio button and select a minimal install.

Finish installing your server, reboot it, and log in as root.

Firewall and SELinux Configuration

-The first time you log-in, the Setup Agent will be displayed. (If you exit it early you can enter it again by running the command +Starting with LON-CAPA 2.11.3 you have the option of using either firewalld or iptables to +manage the Firewall on your CentOS 7 server/VM, as both are compatible with LON-CAPA's +port management.

+

Enable access to standard web server ports (i.e., http and https) as follows, if +using firewalld::

+
+systemctl enable firewalld
+systemctl start firewalld
+firewall-cmd --zone=public --permanent --add-service=http
+firewall-cmd --zone=public --permanent --add-service=https
+firewall-cmd --reload
+
+

If you prefer to use the traditional iptables package instead of the default firewalld, +you will need to install iptables-services, disable firewalld, enable iptables, and then +use the system-config-firewall-tui tool to configure the Firewall.

-setup
+yum install iptables-services
+systemctl mask firewalld
+systemctl enable iptables
+systemctl enable ip6tables
+systemctl stop firewalld
+systemctl start iptables
+systemctl start ip6tables
 

-This tool should be used to configure the Firewall and SELinux. +Install the system-config-firewall-tui package and configure the Firewall.

+
+yum install system-config-firewall-tui
+system-config-firewall-tui
+
  1. Select Security Level: Enabled, and Customize, to allow incoming: SSH (remote login), WWW (HTTP) and secure WWW (HTTPS).
  2. -
  3. Set SELinux to Disabled.
  4. Select OK, and then Quit
@@ -128,6 +151,7 @@ Reboot your system before continuing wit Retrieve the scientific_loncapa_yum.conf file from the LON-CAPA install site:

+yum install wget
 wget http://install.loncapa.org/versions/scientific/7/scientific7_loncapa_yum.conf
 

@@ -150,14 +174,32 @@ The list of enabled repos should be as f - + +
repo idrepo name
epel/x86_64Extra Packages for Enterprise Linux 7 - x86_64
loncapa-updates-basearca/7/x86_64Scientific Linux 7 LON-CAPA x86_64 Updates
loncapa-updates-basearch/7/x86_64Scientific Linux 7 LON-CAPA x86_64 Updates
loncapa-updates-noarch/7Scientific Linux 7 LON-CAPA noarch Updates
repos/x86_64Scientific Linux repos - x86_64
sl/x86_64Scientific Linux 7x - x86_64
sl-extras/x86_64Scientific Linux Extras- x86_64
sl-fastbugs/x86_64Scientific Linux 7x - x86_64 - bugfix updates
sl-security/x86_64Scientific Linux 7x - x86_64 - security updates
+

Configure SELinux

+

+The default Scientific Linux 7 installation includes SELinux enabled. Until such time as an SELinux security policy has been created for LON-CAPA, SELinux should be disabled. +Retrieve the loncapa_selinux_config file from the LON-CAPA install site: +

+
+wget http://install.loncapa.org/versions/scientific/7/loncapa_selinux_config
+
+

+Install the selinux config file +

+
+mv /etc/selinux/config /etc/selinux/config.backup
+mv loncapa_selinux_config /etc/selinux/config
+reboot
+
+

5. Installing LON-CAPA

Import the LON-CAPA encryption key

rpm --import http://install.loncapa.org/versions/scientific/RPM-GPG-KEY-loncapa
@@ -258,7 +300,7 @@ for it to function at all. Below is a l To configure and install LON-CAPA, execute the following commands:

-cd /root/loncapa-X.Y.Z     (X.Y.Z should correspond to a version number like '2.11.1')
+cd /root/loncapa-X.Y.Z  (X.Y.Z should correspond to a version number like '2.11.1')
 ./UPDATE
 

@@ -287,7 +329,7 @@ will be apparent at this step.

 /etc/init.d/loncontrol start
-/etc/init.d/httpd start
+systemctl start httpd
 

If you receive warnings when starting the httpd about missing perl modules,