Difference between revisions of "Haas PhD Server Configuration"
imported>Ed (New page: Haas PhD Students have two new servers and this page details their configuration. ==IP Addresses== During the configuration phase the servers will be on: *phd-pgsql: 128.32.66.163 *phd-l...) |
|||
(55 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
+ | [[category:McNair Admin]] | ||
+ | |||
Haas PhD Students have two new servers and this page details their configuration. | Haas PhD Students have two new servers and this page details their configuration. | ||
+ | |||
+ | '''NOTE THAT THE [[Posgres Server Configuration|CONFIGURATION OF POSTGRES2]] HAS ITS OWN PAGE''' | ||
==IP Addresses== | ==IP Addresses== | ||
− | + | The servers have been moved to a colo. Their new IP addresses are: | |
− | *phd- | + | *phd-wiki: 128.32.204.202 |
− | *phd- | + | *phd-postgres2: 128.32.204.203 |
+ | |||
+ | The domain names wiki.haas.berkeley.edu and postgres.haas.berkeley.edu should be mapped to these IP addresses shortly. | ||
==Base configurations== | ==Base configurations== | ||
− | Both servers are running CentOS release 5.5 (cat /etc/*release*), which uses the Yum package manager (yum list installed | more). Both have Gnome on Xwindows available, as well as the following common packages: | + | Both servers are running [http://wiki.centos.org/ CentOS] release 5.5 (cat /etc/*release*), which uses the Yum package manager (yum list installed | more). Both have Gnome on Xwindows available, as well as the following common packages: |
*cpp 4.1.2-48.el5. | *cpp 4.1.2-48.el5. | ||
*ftp 0.17-35.el5 | *ftp 0.17-35.el5 | ||
*httpd 2.2.3-43.el5.centos.3 | *httpd 2.2.3-43.el5.centos.3 | ||
*iptables 1.3.5-5.3.el5_4.1 | *iptables 1.3.5-5.3.el5_4.1 | ||
− | *mysql 5.0.77-4.el5_5.4 | + | *mysql 5.0.77-4.el5_5.4 (note that this is the client) |
*openssh 4.3p2-41.el5_5.1 | *openssh 4.3p2-41.el5_5.1 | ||
*pam 0.99.6.2-6.el5_5.2 | *pam 0.99.6.2-6.el5_5.2 | ||
Line 26: | Line 32: | ||
*postgresql.x86_64 8.1.22-1.el5_5.1 | *postgresql.x86_64 8.1.22-1.el5_5.1 | ||
− | ==Package additions | + | ==Before we start== |
+ | |||
+ | ===On Both Machines=== | ||
+ | |||
+ | ====Creating Users==== | ||
+ | |||
+ | Assuming that you have root, you can create user accounts and give them root too. The process is: | ||
+ | |||
+ | First great the users group, checking the last group number: | ||
+ | cat /etc/group | ||
+ | /usr/sbin/groupadd -g 515 username | ||
+ | |||
+ | Then add the user | ||
+ | /usr/sbin/useradd -g username -G root -s /bin/bash -p xxxx -d /home/username -m username | ||
+ | where g is the primary group, G is other groups, p sets a password, | ||
+ | d declares a home directory and m makes the directory | ||
+ | |||
+ | Change the user's password: | ||
+ | passwd username | ||
+ | |||
+ | And add the user to the sudoers file | ||
+ | echo 'username ALL=(ALL) ALL' >> /etc/sudoers | ||
+ | |||
+ | To delete a user: | ||
+ | /usr/sbin/userdel -r roger | ||
+ | where r removes the home directory | ||
+ | |||
+ | And to remove their group | ||
+ | /usr/sbin/groupdel username | ||
+ | |||
+ | ====Mounting bear==== | ||
+ | |||
+ | It is very useful to mount your R drive | ||
+ | |||
+ | mkdir /mnt/ed | ||
+ | mount -t cifs //bear/ed_egan/ /mnt/ed -o user=haas\\ed_egan | ||
+ | |||
+ | or: | ||
+ | mount -t cifs //bear/ed_egan/ /mnt/ed -o user=ed_egan | ||
+ | (which ever works) | ||
+ | |||
+ | for the inclusion into fstab or other more sophisticated approaches there is a [http://wiki.centos.org/TipsAndTricks/WindowsShares Centos help page]. | ||
+ | |||
+ | ==Package additions/upgrades/removals== | ||
On lamp: | On lamp: | ||
+ | *Upgrade PhP to 5.2.17+ | ||
+ | *Install MySQL (the server) | ||
+ | *Install Mediawiki | ||
+ | *Remove ftp | ||
+ | |||
+ | On pgsql: | ||
+ | *Remove httpd, mysql, ftp, sendmail, inn and other servers we don't need | ||
*Upgrade python to version 3.1 | *Upgrade python to version 3.1 | ||
− | * | + | *Install TrueCrypt |
+ | |||
+ | ===On the Wiki Server=== | ||
+ | |||
+ | ====Upgrading PhP==== | ||
+ | |||
+ | In order to upgrade PhP (or install a more recent version of MySQL) we will probably need access to a different repository. | ||
+ | |||
+ | You can automatically add the Atomicorp repository using: | ||
+ | wget -q -O - http://www.atomicorp.com/installers/atomic | sh | ||
+ | |||
+ | It has PhP version 5.2.17-1.el5.art and MySQL version 5.1.55-1.el5.art. Also install pgp-mysql. | ||
+ | |||
+ | yum list php #We were running 5.1.6-27.el5_5.3 | ||
+ | yum upgrade php | ||
+ | yum install php-mysql | ||
+ | |||
+ | ====Install MySQL==== | ||
+ | |||
+ | Install MySql (and update the client): | ||
+ | yum install mysql mysql-server | ||
+ | |||
+ | Start the server: | ||
+ | /etc/init.d/mysqld start | ||
+ | |||
+ | And make sure it starts automatically on reboot: | ||
+ | /sbin/chkconfig --levels 235 mysqld on | ||
+ | |||
+ | Set a root password for the database: | ||
+ | mysqladmin -u root password cheit | ||
+ | |||
+ | At this point you should configure and test the webserver and PhP, which is discussed below. | ||
+ | |||
+ | ====Install Mediawiki==== | ||
+ | |||
+ | There is no good version of mediawiki available from a yum repo. So you should do this manually. It isn't painful. Detailed instructions (you won't need them) are available from: | ||
+ | *[http://www.mediawiki.org/wiki/Installation MediaWiki's Installation Page] | ||
+ | *[http://www.mediawiki.org/wiki/Manual:Installing_MediaWiki Mediawiki's Installing MediaWiki Page] | ||
+ | |||
+ | First change to your home directory (or somewhere 'safe') then | ||
+ | |||
+ | wget http://download.wikimedia.org/mediawiki/1.16/mediawiki-1.16.2.tar.gz | ||
+ | |||
+ | Then untar the package, either using the --owner option or as a non-root user to force extracted file ownernship to be other than 1000 | ||
+ | |||
+ | su username | ||
+ | tar xvzf mediawiki-*.tar.gz | ||
+ | sudo su | ||
+ | |||
+ | Now copy the files into the 'right' location and change permissions | ||
+ | |||
+ | mkdir /var/www/html/w | ||
+ | cp -r mediawiki-1.16.2/* /var/www/html/w/ | ||
+ | chmod a+w /var/www/html/w/config | ||
+ | |||
+ | Install ImageMagick using Yum: | ||
+ | |||
+ | yum install glib glib2 libpng libjpeg libtiff ghostscript freetype ImageMagick ImageMagick-perl | ||
+ | |||
+ | ===On Postgres.Haas=== | ||
+ | |||
+ | ====Removing Unneeded Servers==== | ||
+ | |||
+ | Remove the web, mail, news and other unneeded servers. Consider removing MySQL (but leave it for now): | ||
+ | yum groupremove "Web Server" | ||
+ | yum groupremove "Mail Server" | ||
+ | yum groupremove "News Server" | ||
+ | |||
+ | ====Install and Configure PostgreSQL==== | ||
+ | |||
+ | To install Postgres with the PLs (Procedural Languages) do: | ||
+ | |||
+ | yum install postgresql postgresql-server postgresql-pl postgresql-libs | ||
+ | |||
+ | Start the service with: | ||
+ | |||
+ | /sbin/chkconfig postgresql on | ||
+ | /sbin/service postgresql start | ||
+ | |||
+ | Add the following to ''/etc/sysconfig/iptables'' to allow access through the firewall: | ||
+ | |||
+ | -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp -s 128.32.66.0/24 --dport 5432 -j ACCEPT | ||
+ | -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp -s 128.32.67.0/24 --dport 5432 -j ACCEPT | ||
+ | -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp -s 128.32.74.0/24 --dport 5432 -j ACCEPT | ||
+ | -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp -s 10.136.0.0/23 --dport 5432 -j ACCEPT | ||
+ | |||
+ | Restart the IPtables so the changes take effect: | ||
+ | |||
+ | service iptables restart | ||
+ | |||
+ | Now create some users on the database server: | ||
+ | |||
+ | su postgres | ||
+ | createuser root | ||
+ | createuser -P ed_egan | ||
+ | exit | ||
+ | |||
+ | Check the version of Postgres and Perl installed: | ||
+ | |||
+ | psql -c "select version();" template1 | ||
+ | PostgreSQL 8.1.23 | ||
+ | perl -v | ||
+ | v5.8.8 | ||
+ | |||
+ | Now add the perl PL to the standard template so that all new databases will be perl enabled: | ||
+ | |||
+ | createlang plperl template1 | ||
+ | |||
+ | Check the specs on the machine for the configuration: | ||
+ | |||
+ | cat /proc/meminfo | ||
+ | MemTotal: 8181356 kB | ||
+ | cat /proc/cpuinfo | ||
+ | 2 x Quad core CPUs | ||
+ | cache size: 2048 KB | ||
+ | model name: Intel(R) Xeon(TM) CPU 2.80GHz | ||
+ | |||
+ | Review the performance tuning section on the [[Working with PostgreSQL]] page, and possibly on [http://wiki.postgresql.org/wiki/Tuning_Your_PostgreSQL_Server the official quick guide page] and make the following changes to ''/var/lib/pgsql/data/postgresql.conf'': | ||
+ | |||
+ | listen_addresses = '*' | ||
+ | port = 5432 | ||
+ | |||
+ | checkpoint_segments=32 | ||
+ | This is equivalent to every 512Mb | ||
+ | |||
+ | shared_buffers = 786432 | ||
+ | #1gig = 1073741824 => '''131072''' * 8 * 1024, currently trying 6gig | ||
+ | The recommendation is to use around 10-15% of RAM, | ||
+ | but for a single user db something higher seems better | ||
+ | This is in 8K blocks | ||
+ | |||
+ | work_mem = 2097152 | ||
+ | #In KB, so 1024 * 512=> 524288 = 512Mb, | ||
+ | Note that this might be a little too high for aggresively stacked queries | ||
+ | But this seems to be the bite point for performance. | ||
+ | |||
+ | maintenance_work_mem = 262144 | ||
+ | #786432 => 6 * 1073741824 => 6 * 131072 * 8 * 1024 | ||
+ | This is how much VACUUM will use - it doesn't make a huge difference | ||
+ | |||
+ | effective_cache_size = 1835008 | ||
+ | #In 8k blocks. This is the maximum memory that postgres will allocate. | ||
+ | It is currently set to 14Gb. | ||
+ | |||
+ | Alter ''/var/lib/pgsql/data/pg_hba.conf'' to include the lines (under IPv4): | ||
+ | |||
+ | host all all 128.32.74.0/24 md5 | ||
+ | host all all 128.32.66.0/24 md5 | ||
+ | host all all 128.32.67.0/24 md5 | ||
+ | host all all 10.136.0.0/23 md5 | ||
+ | |||
+ | Note that this will use encrypted database passwords, and that all accounts must have non-null passwords (i.e. be created with createuser -P username) | ||
+ | |||
+ | And restart Postgres: | ||
+ | |||
+ | /sbin/service postgresql restart | ||
+ | |||
+ | ====Upgrade Python?==== | ||
+ | Find out which version of Python is currently installed: | ||
+ | yum list python #lists version 2.4.3-27.el5_5.3 | ||
+ | |||
+ | There are tarballs of version 3.2 available from [http://www.python.org/download/ Python.org's download area], but it seems too recent to have got rpm/yum support as yet. | ||
+ | |||
+ | ==Configuration== | ||
+ | |||
+ | For both servers: | ||
+ | *Mount bear | ||
+ | *Configure Iptables | ||
+ | |||
+ | For lamp: | ||
+ | *Configure Apache | ||
+ | *Configure Mediawiki | ||
+ | *Add Mediawiki extensions | ||
+ | *Create new folder structure | ||
+ | |||
+ | For pgsql: | ||
+ | *Configure Postgre | ||
+ | |||
+ | ===On the Wiki Server=== | ||
+ | |||
+ | ====Configure Apache==== | ||
+ | |||
+ | Edit the main config file: | ||
+ | vi /etc/httpd/conf/httpd.conf | ||
+ | ... | ||
+ | ServerName 128.32.66.164:80 | ||
+ | ... | ||
+ | |||
+ | To start Apache (to restart use 'restart'): | ||
+ | /etc/init.d/httpd start | ||
+ | |||
+ | To set Apache to start at boot: | ||
+ | /sbin/chkconfig --levels 235 httpd on | ||
+ | |||
+ | First, confirm your IP address: | ||
+ | /sbin/ifconfig | ||
+ | |||
+ | ====Configure IP Tables==== | ||
+ | |||
+ | For lamp we need a hole for port 80 for the webserver. For pgsql we need a hole for our clientware. General documentation is available in [http://wiki.centos.org/HowTos/Network/IPTables iptables from Centos] | ||
+ | |||
+ | Check that iptables is running: | ||
+ | /sbin/lsmod | grep ip_tables | ||
+ | |||
+ | Backup the old rules: | ||
+ | cp /etc/sysconfig/iptables /etc/sysconfig/iptables.bak | ||
+ | |||
+ | Add a hole (or two): | ||
+ | vi /etc/sysconfig/iptables | ||
+ | ... | ||
+ | -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp -s 128.32.66.0/24 --dport 80 -j ACCEPT | ||
+ | -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp -s 128.32.67.0/24 --dport 80 -j ACCEPT | ||
+ | -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp -s 128.32.74.0/24 --dport 80 -j ACCEPT | ||
+ | -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp -s 10.136.0.0/23 --dport 80 -j ACCEPT | ||
+ | ... | ||
+ | |||
+ | Restart the service: | ||
+ | /etc/init.d/iptables restart | ||
+ | |||
+ | ====Test the webserver and PhP==== | ||
+ | |||
+ | Browse to http://128.32.66.164/ you should see the test page. Write the following text file to /var/www/html/Test.php: | ||
+ | |||
+ | <?php | ||
+ | phpinfo(); | ||
+ | ?> | ||
+ | |||
+ | Browse to http://128.32.66.164/Test.php and you should see the PhP version page. | ||
+ | |||
+ | ====Configure MediaWiki==== | ||
+ | |||
+ | Browse to http://128.32.66.164/w/config/index.php, and set the following setting: | ||
+ | WikiName: HaasPhDWiki | ||
+ | Contact: kimg@haas.berkeley.edu | ||
+ | Admin password and dbase password: cheit | ||
+ | All other settings as default (you do have superuser on the dbase so tick that box) | ||
+ | |||
+ | Now move the LocalSettings.php file, change the permissions, and remove the config directory. | ||
+ | |||
+ | cp config/LocalSettings.php LocalSettings.php | ||
+ | chmod 600 LocalSettings.php | ||
+ | chown apache LocalSettings.php | ||
+ | mkdir /mnt/ed/configbak | ||
+ | cp -r ./config /mnt/ed/configbak/ | ||
+ | rm -rf ./config | ||
+ | |||
+ | You can now view your Wiki at http://128.32.66.164/w/index.php | ||
+ | |||
+ | We will now do the extensions and fine detail configuration. | ||
+ | |||
+ | Change the following settings in LocalSettings.php | ||
+ | |||
+ | $wgEnableUploads = true; #Changed by Ed | ||
+ | $wgUseTeX = true; #Changed by Ed | ||
+ | $wgLogo = "/icons/wiki_logo.gif"; | ||
+ | $wgArticlePath = "/wiki/$1"; | ||
+ | $wgUsePathInfo = true; | ||
+ | $wgFavicon = "$wgScriptPath/favicon.ico"; | ||
+ | $wgGroupPermissions['*']['edit'] = false; #Stops editing without an account, globally | ||
+ | |||
+ | |||
+ | Change the permissions on the images directory: | ||
+ | |||
+ | chmod a+w /var/www/html/w/images | ||
+ | |||
+ | Add the info for the side bar (this might be restored from a backup): | ||
+ | |||
+ | Edit (or create): | ||
+ | http://wiki.haas.berkeley.edu/wiki/MediaWiki:Sidebar | ||
+ | |||
+ | * navigation | ||
+ | ** mainpage|mainpage-description | ||
+ | ** research_computing |Research Computing | ||
+ | ** portal-url|Community | ||
+ | ** currentevents-url|currentevents | ||
+ | ** recentchanges-url|recentchanges | ||
+ | ** randompage-url|randompage | ||
+ | ** helppage|help | ||
+ | * Group Pages | ||
+ | ** accounting|Accounting | ||
+ | ** bpp|BPP | ||
+ | ** finance|Finance | ||
+ | ** management_of_organizations|Management of Organizations | ||
+ | ** marketing|Marketing | ||
+ | ** operations_and_it_management|Operations and IT Management | ||
+ | ** real_estate|Real Estate | ||
+ | * SEARCH | ||
+ | * TOOLBOX | ||
+ | * LANGUAGES | ||
+ | |||
+ | |||
+ | |||
+ | And populate the wiki using the Special:Import page. Note that you can get a list of all pages on a wiki using the API: | ||
+ | |||
+ | http://wiki.haas.berkeley.edu/w/api.php?action=query&list=allpages&aplimit=500 | ||
+ | |||
+ | Mount the Backup Directory: | ||
+ | mkdir /mnt/wiki | ||
+ | mount -t cifs //bear.haas.berkeley.edu/wiki/bulk/backup /mnt/wiki/ -o user=haas\\wiki | ||
+ | |||
+ | Mount the Images Directory: | ||
+ | mv /var/www/html/w/images /var/www/html/w/imagesorg | ||
+ | mkdir images | ||
+ | mount -t cifs //bear.haas.berkeley.edu/wiki/bulk/media /var/www/html/w/images -o user=haas\\wiki | ||
+ | mkdir /var/www/html/w/image/tmp | ||
+ | |||
+ | Change the max_upload_filesize to 8M in php.ini: | ||
+ | vi php.ini | ||
+ | #edit max_upload_filesize variable | ||
+ | |||
+ | Restart the webserver: | ||
+ | /etc/init.d/httpd restart | ||
+ | |||
+ | |||
+ | =====Do the extensions:===== | ||
+ | |||
+ | '''Simple security''' | ||
+ | Get it from: http://www.mediawiki.org/wiki/Extension:Simple_Security | ||
+ | |||
+ | tar -xzf /mnt/ed/HaasWiki/SimpleSecurity-MW1.16-r62389.tar.gz -C /var/www/html/w/extensions | ||
+ | |||
+ | '''UserMerge''' | ||
+ | Get it from: http://www.mediawiki.org/wiki/Extension:UserMerge | ||
+ | |||
+ | tar -xzf /mnt/ed/HaasWiki/UserMerge-MW1.16-r66255.tar.gz -C /var/www/html/w/extensions | ||
+ | |||
+ | '''RenameUser''' | ||
+ | Get it from: | ||
+ | http://www.mediawiki.org/wiki/Extension:Rename_user | ||
+ | |||
+ | tar -xzf /mnt/ed/HaasWiki/Renameuser-MW1.16-r66255.tar.gz -C /var/www/html/w/extensions | ||
+ | |||
+ | '''ImportUsers''' | ||
+ | Get it from: http://www.mediawiki.org/wiki/Extension:ImportUsers | ||
+ | |||
+ | tar -xzf /mnt/ed/HaasWiki/ImportUsers-MW1.16-r62790.tar.gz -C /var/www/html/w/extensions | ||
+ | |||
+ | '''UserRightsList''' | ||
+ | Get it from: http://www.mediawiki.org/wiki/Extension:UserRightsList | ||
+ | |||
+ | tar -xzf /mnt/ed/HaasWiki/UserRightsList.0.52.tgz -C /var/www/html/w/extensions | ||
+ | |||
+ | '''MultipleUpload''' | ||
+ | Get it from: http://www.mediawiki.org/wiki/Extension:MultiUpload | ||
+ | |||
+ | tar -xzf /mnt/ed/HaasWiki/MultiUpload-MW1.16-r78542.tar.gz -C /var/www/html/w/extensions | ||
+ | |||
+ | |||
+ | Add to LocalSettings.php | ||
+ | |||
+ | #SimpleSecurity | ||
+ | $wgSecurityUseDBHook = true; # Add this to enable the experimental DB hook for stronger security | ||
+ | include_once("{$IP}/extensions/SimpleSecurity/SimpleSecurity.php"); | ||
+ | # All other SimpleSecurity directives MUST be specified after the include or the defaults will override them. | ||
+ | $wgSecurityRenderInfo = true; | ||
+ | $wgSecurityAllowUnreadableLinks = false; | ||
+ | $wgPageRestrictions['Category:Servers']['read'] = 'sysop'; | ||
+ | $wgSecurityExtraGroups = array( | ||
+ | 'students' => 'Students', | ||
+ | 'faculty' => 'Faculty, | ||
+ | 'staff' => 'Staff', | ||
+ | ); | ||
+ | |||
+ | #UserMerge | ||
+ | require_once( "$IP/extensions/UserMerge/UserMerge.php" ); | ||
+ | $wgGroupPermissions['bureaucrat']['usermerge'] = true; | ||
+ | |||
+ | #RenameUser | ||
+ | require_once("$IP/extensions/Renameuser/Renameuser.php"); | ||
+ | |||
+ | #ImportUsers | ||
+ | require_once("$IP/extensions/ImportUsers/SpecialImportUsers.php"); | ||
+ | |||
+ | #UserRightsList | ||
+ | require_once("$IP/extensions/UserRightsList/UserRightsList.php"); | ||
+ | |||
+ | #MultipleUpload | ||
+ | require_once("$IP/extensions/MultiUpload/SpecialMultipleUpload.php"); | ||
+ | $wgMaxUploadFiles=10; | ||
+ | |||
+ | [[admin_classification::IT Build| ]] |
Latest revision as of 16:47, 21 June 2016
Haas PhD Students have two new servers and this page details their configuration.
NOTE THAT THE CONFIGURATION OF POSTGRES2 HAS ITS OWN PAGE
Contents
IP Addresses
The servers have been moved to a colo. Their new IP addresses are:
- phd-wiki: 128.32.204.202
- phd-postgres2: 128.32.204.203
The domain names wiki.haas.berkeley.edu and postgres.haas.berkeley.edu should be mapped to these IP addresses shortly.
Base configurations
Both servers are running CentOS release 5.5 (cat /etc/*release*), which uses the Yum package manager (yum list installed | more). Both have Gnome on Xwindows available, as well as the following common packages:
- cpp 4.1.2-48.el5.
- ftp 0.17-35.el5
- httpd 2.2.3-43.el5.centos.3
- iptables 1.3.5-5.3.el5_4.1
- mysql 5.0.77-4.el5_5.4 (note that this is the client)
- openssh 4.3p2-41.el5_5.1
- pam 0.99.6.2-6.el5_5.2
- perl 4:5.8.8-32.el5_5.2
- python 2.4.3-27.el5_5.3
- php 5.1.6-27.el5_5.3
- samba 3.0.33-3.29.el5_5.1
- squid 7:2.6.STABLE21-6.el5
Notable additional packages on pgsql are:
- postgresql.x86_64 8.1.22-1.el5_5.1
Before we start
On Both Machines
Creating Users
Assuming that you have root, you can create user accounts and give them root too. The process is:
First great the users group, checking the last group number:
cat /etc/group /usr/sbin/groupadd -g 515 username
Then add the user
/usr/sbin/useradd -g username -G root -s /bin/bash -p xxxx -d /home/username -m username where g is the primary group, G is other groups, p sets a password, d declares a home directory and m makes the directory
Change the user's password:
passwd username
And add the user to the sudoers file
echo 'username ALL=(ALL) ALL' >> /etc/sudoers
To delete a user:
/usr/sbin/userdel -r roger where r removes the home directory
And to remove their group
/usr/sbin/groupdel username
Mounting bear
It is very useful to mount your R drive
mkdir /mnt/ed mount -t cifs //bear/ed_egan/ /mnt/ed -o user=haas\\ed_egan or: mount -t cifs //bear/ed_egan/ /mnt/ed -o user=ed_egan (which ever works)
for the inclusion into fstab or other more sophisticated approaches there is a Centos help page.
Package additions/upgrades/removals
On lamp:
- Upgrade PhP to 5.2.17+
- Install MySQL (the server)
- Install Mediawiki
- Remove ftp
On pgsql:
- Remove httpd, mysql, ftp, sendmail, inn and other servers we don't need
- Upgrade python to version 3.1
- Install TrueCrypt
On the Wiki Server
Upgrading PhP
In order to upgrade PhP (or install a more recent version of MySQL) we will probably need access to a different repository.
You can automatically add the Atomicorp repository using:
wget -q -O - http://www.atomicorp.com/installers/atomic | sh
It has PhP version 5.2.17-1.el5.art and MySQL version 5.1.55-1.el5.art. Also install pgp-mysql.
yum list php #We were running 5.1.6-27.el5_5.3 yum upgrade php yum install php-mysql
Install MySQL
Install MySql (and update the client):
yum install mysql mysql-server
Start the server:
/etc/init.d/mysqld start
And make sure it starts automatically on reboot:
/sbin/chkconfig --levels 235 mysqld on
Set a root password for the database:
mysqladmin -u root password cheit
At this point you should configure and test the webserver and PhP, which is discussed below.
Install Mediawiki
There is no good version of mediawiki available from a yum repo. So you should do this manually. It isn't painful. Detailed instructions (you won't need them) are available from:
First change to your home directory (or somewhere 'safe') then
wget http://download.wikimedia.org/mediawiki/1.16/mediawiki-1.16.2.tar.gz
Then untar the package, either using the --owner option or as a non-root user to force extracted file ownernship to be other than 1000
su username tar xvzf mediawiki-*.tar.gz sudo su
Now copy the files into the 'right' location and change permissions
mkdir /var/www/html/w cp -r mediawiki-1.16.2/* /var/www/html/w/ chmod a+w /var/www/html/w/config
Install ImageMagick using Yum:
yum install glib glib2 libpng libjpeg libtiff ghostscript freetype ImageMagick ImageMagick-perl
On Postgres.Haas
Removing Unneeded Servers
Remove the web, mail, news and other unneeded servers. Consider removing MySQL (but leave it for now):
yum groupremove "Web Server" yum groupremove "Mail Server" yum groupremove "News Server"
Install and Configure PostgreSQL
To install Postgres with the PLs (Procedural Languages) do:
yum install postgresql postgresql-server postgresql-pl postgresql-libs
Start the service with:
/sbin/chkconfig postgresql on /sbin/service postgresql start
Add the following to /etc/sysconfig/iptables to allow access through the firewall:
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp -s 128.32.66.0/24 --dport 5432 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp -s 128.32.67.0/24 --dport 5432 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp -s 128.32.74.0/24 --dport 5432 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp -s 10.136.0.0/23 --dport 5432 -j ACCEPT
Restart the IPtables so the changes take effect:
service iptables restart
Now create some users on the database server:
su postgres createuser root createuser -P ed_egan exit
Check the version of Postgres and Perl installed:
psql -c "select version();" template1 PostgreSQL 8.1.23 perl -v v5.8.8
Now add the perl PL to the standard template so that all new databases will be perl enabled:
createlang plperl template1
Check the specs on the machine for the configuration:
cat /proc/meminfo MemTotal: 8181356 kB cat /proc/cpuinfo 2 x Quad core CPUs cache size: 2048 KB model name: Intel(R) Xeon(TM) CPU 2.80GHz
Review the performance tuning section on the Working with PostgreSQL page, and possibly on the official quick guide page and make the following changes to /var/lib/pgsql/data/postgresql.conf:
listen_addresses = '*' port = 5432 checkpoint_segments=32 This is equivalent to every 512Mb shared_buffers = 786432 #1gig = 1073741824 => 131072 * 8 * 1024, currently trying 6gig The recommendation is to use around 10-15% of RAM, but for a single user db something higher seems better This is in 8K blocks work_mem = 2097152 #In KB, so 1024 * 512=> 524288 = 512Mb, Note that this might be a little too high for aggresively stacked queries But this seems to be the bite point for performance. maintenance_work_mem = 262144 #786432 => 6 * 1073741824 => 6 * 131072 * 8 * 1024 This is how much VACUUM will use - it doesn't make a huge difference effective_cache_size = 1835008 #In 8k blocks. This is the maximum memory that postgres will allocate. It is currently set to 14Gb.
Alter /var/lib/pgsql/data/pg_hba.conf to include the lines (under IPv4):
host all all 128.32.74.0/24 md5 host all all 128.32.66.0/24 md5 host all all 128.32.67.0/24 md5 host all all 10.136.0.0/23 md5
Note that this will use encrypted database passwords, and that all accounts must have non-null passwords (i.e. be created with createuser -P username)
And restart Postgres:
/sbin/service postgresql restart
Upgrade Python?
Find out which version of Python is currently installed:
yum list python #lists version 2.4.3-27.el5_5.3
There are tarballs of version 3.2 available from Python.org's download area, but it seems too recent to have got rpm/yum support as yet.
Configuration
For both servers:
- Mount bear
- Configure Iptables
For lamp:
- Configure Apache
- Configure Mediawiki
- Add Mediawiki extensions
- Create new folder structure
For pgsql:
- Configure Postgre
On the Wiki Server
Configure Apache
Edit the main config file:
vi /etc/httpd/conf/httpd.conf ... ServerName 128.32.66.164:80 ...
To start Apache (to restart use 'restart'):
/etc/init.d/httpd start
To set Apache to start at boot:
/sbin/chkconfig --levels 235 httpd on
First, confirm your IP address:
/sbin/ifconfig
Configure IP Tables
For lamp we need a hole for port 80 for the webserver. For pgsql we need a hole for our clientware. General documentation is available in iptables from Centos
Check that iptables is running:
/sbin/lsmod | grep ip_tables
Backup the old rules:
cp /etc/sysconfig/iptables /etc/sysconfig/iptables.bak
Add a hole (or two):
vi /etc/sysconfig/iptables ... -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp -s 128.32.66.0/24 --dport 80 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp -s 128.32.67.0/24 --dport 80 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp -s 128.32.74.0/24 --dport 80 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp -s 10.136.0.0/23 --dport 80 -j ACCEPT ...
Restart the service:
/etc/init.d/iptables restart
Test the webserver and PhP
Browse to http://128.32.66.164/ you should see the test page. Write the following text file to /var/www/html/Test.php:
<?php phpinfo(); ?>
Browse to http://128.32.66.164/Test.php and you should see the PhP version page.
Configure MediaWiki
Browse to http://128.32.66.164/w/config/index.php, and set the following setting:
WikiName: HaasPhDWiki Contact: kimg@haas.berkeley.edu Admin password and dbase password: cheit All other settings as default (you do have superuser on the dbase so tick that box)
Now move the LocalSettings.php file, change the permissions, and remove the config directory.
cp config/LocalSettings.php LocalSettings.php chmod 600 LocalSettings.php chown apache LocalSettings.php mkdir /mnt/ed/configbak cp -r ./config /mnt/ed/configbak/ rm -rf ./config
You can now view your Wiki at http://128.32.66.164/w/index.php
We will now do the extensions and fine detail configuration.
Change the following settings in LocalSettings.php
$wgEnableUploads = true; #Changed by Ed $wgUseTeX = true; #Changed by Ed $wgLogo = "/icons/wiki_logo.gif"; $wgArticlePath = "/wiki/$1"; $wgUsePathInfo = true; $wgFavicon = "$wgScriptPath/favicon.ico"; $wgGroupPermissions['*']['edit'] = false; #Stops editing without an account, globally
Change the permissions on the images directory:
chmod a+w /var/www/html/w/images
Add the info for the side bar (this might be restored from a backup):
Edit (or create): http://wiki.haas.berkeley.edu/wiki/MediaWiki:Sidebar * navigation ** mainpage|mainpage-description ** research_computing |Research Computing ** portal-url|Community ** currentevents-url|currentevents ** recentchanges-url|recentchanges ** randompage-url|randompage ** helppage|help * Group Pages ** accounting|Accounting ** bpp|BPP ** finance|Finance ** management_of_organizations|Management of Organizations ** marketing|Marketing ** operations_and_it_management|Operations and IT Management ** real_estate|Real Estate * SEARCH * TOOLBOX * LANGUAGES
And populate the wiki using the Special:Import page. Note that you can get a list of all pages on a wiki using the API:
http://wiki.haas.berkeley.edu/w/api.php?action=query&list=allpages&aplimit=500
Mount the Backup Directory:
mkdir /mnt/wiki mount -t cifs //bear.haas.berkeley.edu/wiki/bulk/backup /mnt/wiki/ -o user=haas\\wiki
Mount the Images Directory:
mv /var/www/html/w/images /var/www/html/w/imagesorg mkdir images mount -t cifs //bear.haas.berkeley.edu/wiki/bulk/media /var/www/html/w/images -o user=haas\\wiki mkdir /var/www/html/w/image/tmp
Change the max_upload_filesize to 8M in php.ini:
vi php.ini #edit max_upload_filesize variable
Restart the webserver:
/etc/init.d/httpd restart
Do the extensions:
Simple security Get it from: http://www.mediawiki.org/wiki/Extension:Simple_Security
tar -xzf /mnt/ed/HaasWiki/SimpleSecurity-MW1.16-r62389.tar.gz -C /var/www/html/w/extensions
UserMerge Get it from: http://www.mediawiki.org/wiki/Extension:UserMerge
tar -xzf /mnt/ed/HaasWiki/UserMerge-MW1.16-r66255.tar.gz -C /var/www/html/w/extensions
RenameUser Get it from: http://www.mediawiki.org/wiki/Extension:Rename_user
tar -xzf /mnt/ed/HaasWiki/Renameuser-MW1.16-r66255.tar.gz -C /var/www/html/w/extensions
ImportUsers Get it from: http://www.mediawiki.org/wiki/Extension:ImportUsers
tar -xzf /mnt/ed/HaasWiki/ImportUsers-MW1.16-r62790.tar.gz -C /var/www/html/w/extensions
UserRightsList Get it from: http://www.mediawiki.org/wiki/Extension:UserRightsList
tar -xzf /mnt/ed/HaasWiki/UserRightsList.0.52.tgz -C /var/www/html/w/extensions
MultipleUpload Get it from: http://www.mediawiki.org/wiki/Extension:MultiUpload
tar -xzf /mnt/ed/HaasWiki/MultiUpload-MW1.16-r78542.tar.gz -C /var/www/html/w/extensions
Add to LocalSettings.php
#SimpleSecurity $wgSecurityUseDBHook = true; # Add this to enable the experimental DB hook for stronger security include_once("{$IP}/extensions/SimpleSecurity/SimpleSecurity.php"); # All other SimpleSecurity directives MUST be specified after the include or the defaults will override them. $wgSecurityRenderInfo = true; $wgSecurityAllowUnreadableLinks = false; $wgPageRestrictions['Category:Servers']['read'] = 'sysop'; $wgSecurityExtraGroups = array( 'students' => 'Students', 'faculty' => 'Faculty, 'staff' => 'Staff', ); #UserMerge require_once( "$IP/extensions/UserMerge/UserMerge.php" ); $wgGroupPermissions['bureaucrat']['usermerge'] = true; #RenameUser require_once("$IP/extensions/Renameuser/Renameuser.php"); #ImportUsers require_once("$IP/extensions/ImportUsers/SpecialImportUsers.php"); #UserRightsList require_once("$IP/extensions/UserRightsList/UserRightsList.php"); #MultipleUpload require_once("$IP/extensions/MultiUpload/SpecialMultipleUpload.php"); $wgMaxUploadFiles=10;